Release Date: 26 August 2023

Before initiating the upgrade to version 30.1.1, see the Checklist for Upgrade to understand the considerations and prerequisites for upgrade.

What's New in 30.1.1

Cloud Connector

NSX:

  • Integration with NSX Multi-tenancy for Project and VPC.

  • Support for Enhanced Datapath mode for NSX is GA with version 30.1.1: Enhanced Datapath mode must be selected while preparing the ESXi hosts as Transport Nodes. NSX Advanced Load Balancer seamlessly adapts to the Enhanced Datapath mode in NSX. It is recommended to use the ENS interrupt mode for better performance.

    For more information, see NSX documentation for different modes and pre-requisites.

Issues Resolved in 30.1.1

  • AV-127214: SE failure due to incompatibility in hardware versions for LSC deployments on VMware ESXi VMs.

  • AV-161092: In a VMware Cloud, the Service Engine creation fails when the content library is shared between the NSX Cloud and the vCenter cloud configured in the same Controller.

  • AV-163964: A virtual service that utilizes a TCP Fast Path profile and has a Service Engine MTU smaller than the MTU of both clients and servers can experience issues with connectivity.

  • AV-166544: The X-Forwarded-For header is not passed when the client sends a CONNECT HTTP request.

  • AV-168400: vCenter Cloud: If the NSX Advanced Load Balancer SE folder name in the SE Group configuration contains a backslash ("\), the first SE is created successfully but all subsequent attempts to create an SE fail.

  • AV-169286: Custom DNS Profile does not support the usable domains feature.

  • AV-171793: Intermittently, virtual service logs may not load or exhibit delay in loading.

  • AV-173603: SAML authentication does not work on an EVH child virtual service if the request body buffering is not configured explicitly on the child or parent virtual service or if associated features like SAML or WAF are not enabled in the parent virtual service.

  • AV-178650: Parallel creation of VS VIPs using the same subnet can result in the allocation of the same IP from Infoblox leading to duplicate IPs.

  • AV-179018: Service Engines might not get placed in configured datastore in Service Engine Group if content lib is enabled in cloud configuration.

  • AV-179105: Attaching an L4 override profile while the pool has HTTP cookie persistence configured, can lead to SE failure.

  • AV-179167: False alerts stating, “100% of total licensed Service Engine service cores used.”, displayed when license consumption is greater than the license capacity of the recently added license unit.

  • AV-179893: A discrepancy between the timeline of federated queue and the timeline used during the subscribe operation, triggers the repetitive cycle of Sync and Subscribe operations, resulting in high bandwidth utilization.

  • AV-179869: When a GSLB service is configured to return all the records if it is down, if this GSLB service has multiple CNAME records in it, only one of CNAME records will be included in the 'down' response.

  • AV-179916: Replication from the leader site to follower site stalls when a file fails to download even if the subsequent downloads are successful.

  • AV-180062: The IP Address/ FQDN field under Client Logs in Analytics Profile does not accept hostnames as valid input through the UI.

  • AV-180173: When HTTP Cookie Persistence is used, and there are longstanding connections, and if the virtual service configuration is changed, then for the subsequent requests over the connection, the persistent cookies are not honored, and a different backend server can get selected.

  • AV-180535: In virtual service logs, the location of origin of the Client IP address is unavailable through the UI and DataScripts.

  • AV-180654: WAF PSM duplicate Rule ID generated owing to the number of URI parameters restricted to 10000.

  • AV-180744: The Controller does not reject content type with a single quote (') in the content type mapping for a WAF Profile and the SE fails to load this WAF Profile. All virtual services using this WAF Profile will go into a fault state.

  • AV-181710: If a virtual service is in a fault state due to issues with a WAF policy, and if this WAF policy has Positive Security Model (PSM) groups configured, and if these groups were updated after the WAF policy entered the fault state, then deleting the WAF policy can cause SE failure.

  • AV-181723: Unable to assign an SNAT IP to an SNI parent virtual service that is attached to a content switching rule pool.

  • AV-181805: Issue with accounting related to memory management in the Controller for memory held in buffers and caches.

  • AV-182499: In the DPDK mode, NSX Advanced Load Balancer does not support the NIC model used by the host. As a result, the traffic for the VLAN interface configured with the Mellanox interface fails to work.

  • AV-182827: Updating credentials in vCenter Cloud through the UI fails.

  • AV-182830: L4 SSL DataScripts with collect API in the request or response events may cause SE failure.

  • AV-183138: Long requests with SAML authentication can cause SE failure.

  • AV-183885: If an HTTP/1.0 header arrives without a host header, which is NULL (permissible in HTTP/1.0), and this header is internally processed for comparison with GS domain names, it results in SE failure.

  • AV-184284: Duplicated network names in the UI cause inability to uniquely identify a network.

  • AV-184809: Pool groups with pools displaying, "No pools configured" in the UI.

  • AV-184622: The virtual service inventory endpoint eliminates unpopulated configuration fields from the response data, rather than including them with an empty string value.

  • AV-184897: When Controller LDAP authentication is configured, modifying the administrator bind password will result in subsequent login failures unless the Avi portal is restarted.

  • AV-185279: Unable to edit a Cloud of type GCP in the UI if the optional Routes field is missing.

Key Changes in 30.1.1

  • The memory requirement per Service Engine across all ecosystems must be set to a minimum of 2 GB.

  • The memory of the Controller flavor of type CONTROLLER_SMALL has been increased from 24 GB to 32 GB.

  • Starting 08 May 2023, some NSX editions include NSX Advanced Load Balancer Enterprise with a ratio of 1 NSX Advanced Load Balancer unit per 250 NSX CPU cores. Starting with version 30.1.1, the license keys generated as part of the specified entitlements will be recognized and decoded natively by the Controller. To learn more about the specific editions in which these entitlements are included, see NSX Editions and Feature Guide.

  • Starting with version 30.1.1, NSX Advanced Load Balancer follows the Enterprise Network Policy (ENP). To know more about VMware Lifecycle Policies, see VMware Lifecycle Policies.

  • Support for Enhanced Datapath mode for NSX is GA with version 30.1.1. Enhanced Datapath mode must be selected while preparing the ESXi hosts as Transport Nodes. NSX Advanced Load Balancer seamlessly adapts to the Enhanced Datapath mode in NSX. It is recommended to use the ENS interrupt mode for better performance. See NSX documentation for different modes and pre-requisites for more information.

  • Remote users cannot be assigned roles with permissions to Controller, Roles, Tenants, and User objects in a non-admin tenant. The existing remote users will not be able to login if the above constraint is violated.

  • Support to Use IDP Metadata Url in a SAML authentication profile is introduced.

  • If a GSLB service member is monitored by multiple sites through a health monitor proxy, in the sites that rely on remote status from the health monitor proxy sites, the member will be marked UP if at least one health monitor proxy site reports the status as UP.

  • Patch versions of the Controllers being formed into a cluster must be consistent (along with the base version).

  • Input validation added to ensure requests to comply with the Swagger spec. Field value types and reference formats need to adhere to our published Swagger API spec. Deviation from the specs will results to BAD Request.

  • In case of LSC deployments on VMware ESXi VMs, the hardware compatibility version is 11 or earlier.

API Changes

Request Headers Alignment

Request headers must be aligned with the guidelines outlined in the SDK/UI/CLI references, particularly in terms of distinguishing between dashes and underscores. Previously, interchangeability was permitted between underscores and dashes. For instance, utilizing x_avi_tenant instead of x-avi-tenant will now result in an error.

Increased Occurrence of 502 Bad Gateway Errors

Anticipate a higher frequency of encountering Bad Gateway errors as 502 errors, as opposed to 504 errors. This proactive adjustment aims to enhance overall system stability.

JSON Request Payload Standardization

To avoid payload parsing errors, ensure that the JSON request payload adheres meticulously to the standard format.

Payload Field Type Constraints

The different types of payload fields cannot be interchangeably used. For instance, substituting a string for a Boolean type of field is not supported.

Ecosystem Changes

Starting with NSX Advanced Load Balancer version 30.1.1, the following ecosystems are no longer supported:

Cisco CSP

Cisco announced End of Support for Cisco CSP 5000 platform on June 15, 2021. See End-of-Sale and End-of-Life Announcement for more information.

If you are using NSX Advanced Load Balancer in Cisco CSP environments, it is recommended that you transition to a supported environment. For a full list of environments supported, see VMware NSX Advanced Load Balancer Installation Guide.

Nutanix

Until version 22.1.4, NSX Advanced Load Balancer was being validated with the Nutanix AHV community edition, in a No-Orchestrator deployment. See Installing NSX Advanced Load Balancer inNutanix Acropolis Based Environments in the VMware NSX Advanced Load Balancer Installation Guide.

Starting with version 30.1.1, NSX Advanced Load Balancer will no longer be validated with Nutanix community edition. It is recommended transitioning to another supported environment. For a full list of environments supported, see VMware NSX Advanced Load Balancer Installation Guide.

Contact your VMware account representative to know more.

Known Issues in 30.1.1

  • AV-186241: Metrics for some virtual services may be affected for a brief interval of 5 - 10 seconds during service engine disconnect / scale-in events.

  • AV-187095: In the Virtual Services screen of the NSX Advanced Load Balancer UI, the total count of DNS records progressively increases when navigating to the subsequent pages. This causes an incorrect representation of the actual number of records present.

    • Workaround: Increase the page size to view more number of items per page.

  • AV-186468: DNS log streaming rate is restricted to 10K logs per core. This is achieved only when max_logs_per_second is set to zero. Any other user-provided value is disregarded and translates to 1K logs per second.

  • AV-187931: When System-SCTP-ProxyTCP/UDP Profile is selected as network profile for virtual services, a port range cannot be specified under Service Ports. If a port range is configured, only the first port within the specified range handles traffic.

  • AV-188824: LDAPS authentication fails when the LDAP server does not have a valid certificate.

  • AV-187841: SAML users are directed to the CSP in VMware cloud services to re-initiate the login process on user-logout and session-timeout, instead of navigating to the login page [https://controller/#!/login].

  • AV-187842: SAML authentication fails if the IDP configuration does not include the email-ID and UID attributes i.e. assertion coming from IDP to NSX Advanced Load Balancer does not include the email-ID and UID attributes by default.

    • Workaround: Include the email-ID and UID attributes in the IDP configuration.

  • AV-192220: LDAP user authentication fails when the attributes defined in NSX Advanced Load Balancer do not exactly match with the values returned by the server.

  • AV-191821: User creation fails when the option Passwordless is set to true through the CLI/ API. As a consequence, NSX Advanced Load Balancer deployment through NSX fails.

Checklist for Upgrade to NSX Advanced Load Balancer Version 30.1.1

  • Upgrade to NSX Advanced Load Balancer to 30.1.1 is only supported from the following versions:

    • Version 20.1.1 through 20.1.9

    • Version 21.1.1 through 21.1.6

    • Version 22.1.1 through 22.1.4

  • Use the following table to configure Controller and Service Engine resource requirements before upgrading:

    Upgrade from Version

    Minimum Requirement

    (In the lower versions)

    Minimum Requirement

    (In version 30.1.x)

    22.1.1

    Essentials

    12 GB

    Essentials:

    4 vCPU / 24 GB

    Small:

    6 vCPU / 32 GB

    Small

    24 GB

    22.1.2

    Essentials

    16 GB

    Small

    24 GB

    22.1.3/ 22.1.4

    Essentials

    24 GB

    Small

    24 GB
    Upgrade Recommendation

    Upgrade the Controller resources to meet the new requirements before upgrade.

    Service Engines are mandated to have 2 GB memory starting with version 30.1.1. Upgrade the SE memory prior to upgrade if you are running service engines with less than 2 GB memory.

    Even when opting for for a Controller-only upgrade, it's necessary to increase the SE memory to 2 GB. Otherwise, the upgrade will not succeed.