VMware NSX-T Data Center 3.1.3.3 | 2 November 2021 | Build 18844959 Check regularly for additions and updates to these release notes. |
What's in the Release Notes
NSX-T Data Center 3.1.3.3 is an express patch release that comprises bug fixes only. See "Resolved Issues" below for the list of issues resolved in this release. See the VMware NSX-T Data Center 3.1.3 Release Notes for the current known issues.
Document Revision History
November 2, 2021. First edition.
Resolved Issues
- Fixed Issue 2811190: The config option TeamPolicyUpDelay setting is not honored.
The uplink link up event is handled earlier than expected, which might cause network connectivity loss.
- Fixed Issue 2816137: In large networks, if the display name table is large enough, display name cleanup task will generate a large transaction that would either fail with a WriteSizeException or with an OOM Exception.
System might run out of memory.
- Fixed Issue 2828763: Excessive files /config/vmware/edge/frr/reload*.txt are being generated on Edge nodes.
Connectivity may be impacted if the edge is overloaded or VTEP goes down.
- Fixed Issue 2836038: After edge reboots or exits maintenance mode, configuration is not realized in datapath.
The edge remains down and cannot host any active services.
- Fixed Issue 2836820: Discover Agent could not get the inventory information from hostd, since the python process leveraged to talk to hostd was reset continuously by LLDP, which shares the python process and also maintains the process status.
Any service(s) sensitive to inventory data would be affected.
- Fixed Issue 2839285: The internal PVLAN configuration has conflict with vCenter.
Cannot use NSX and PVLAN at the same time.
- Fixed Issue 2844908: ESX TN PSOD during generation of ICMPv6 redirect pkts due to memory corruption.
PSOD on the ESX TN occurs when IPV4_AND_IPV6 L3 forwarding mode is turned on.
- Fixed Issue 2845535: There is no indication during an upgrade if a weak backup passphrase is set.
You won't be able to restore because the weak backup passphrase is not supported by the current release.
- Fixed Issue 2845940: T0 SR backplane IP doesn't move to peer SR when the SR failover because the pNIC that is backing the T0 uplink goes down.
Traffic from HV may be blackholed if traffic is forwarded to backplane IP that didn't move.
- Fixed Issue 2845942: Exhaustion of open fds on NSX-T Edge node after upgrade from 2.5.x.
Edge cannot process any new configuration. Some CLIs/APIs may not work for this Edge.
- Fixed Issue 2845977: Replaced Edge still has VTEP IP & Tunnel configuration to other transport nodes.
If the old Edge was not powered off, it will still send BFD packet using its original VTEP IP. If that VTEP IP is reused by other transport nodes, it will result in duplicated IP.
- Fixed Issue 2845979: Timeout of the neighbor entries and packet drop during neighbor resolution after reaching 1000 neighbor resolution.
Delay in connection establishment for new TCP connections. TCP segment drop by DR for existing flows.
- Fixed Issue 2846022: Migration from NSX for vSphere to NSX-T fails if the NSX-v environment has Security Groups with invalid Dynamic Membership criteria.
Migration from NSX for vSphere to NSX-T using migration coordinator can fail.
- Fixed Issue 2845933: The 'rx_misses' counter for datapath interfaces using Mellanox NICs always shows a value of 0.
Packet drop by the NIC is not observable. This makes it hard to diagnose problems that are caused by packet drop in hardware due to the datapath software's inability to process all packets received by the NIC.
- Fixed Issue 2847151: VM loses N-S traffic following vMotion to an NSX for vSphere host after NSX-v to NSX-T Edge migration cutover was done.
Workload VM loses N-S networking, which may cause service outage.
- Fixed Issue 2847436: NSService and NSServiceGroup update API honors the identifier provided in the payload of the PUT API instead of honoring the identifier provided in the PUT API URL.
If the wrong identifier is provided in the payload, either the object will not be present in the system, or if the identifier provided in the payload is of another object, that particular object will be updated provided the revision number matches with the one that is present in the system.
- Fixed Issue 2848147: North-South connectivity loss for workload VMs running on ESX host hosting the Edge VM under same hostswitch (collapsed mode deployment).
No North-South L3 connectivity for overlay workload VMs placed on the same hosts as the Edge VMs.
- Fixed Issue 2848882: In multiple VTEP configurations, the edge may use the mac of local vtep1 for local vtep2 as ICMP reply’s src IP.
Packets with incorrect MAC addresses may be dropped by neighboring router.
- Fixed Issue 2850005: ESX TN PSOD during generation of ICMPv6 redirect pkts due to memory corruption.
When IPV4_AND_IPV6 L3 forwarding mode is turned on, this leads to PSOD on the ESX TN.
- Fixed Issue 2849294: BGP/BFD is configured on user defined VRF as well on default-VRF in Active-Active Edge Cluster. Though BGP/BFD state on default VRF is down on one Edge, that edge-node will act as Active Edge-node and that Edge-node can still attract the traffic from South (e.g., VM connected to T0-DR) and can potentially black hole the traffic from South.
Traffic blackhole and HA activity is not triggered.
- Fixed Issue 2856458: After exiting maintenance mode, Edge node went up before tunnels are realized on remote TNs.
N-S traffic dropped.
- Fixed Issue 2840552: After upgrade, "l3_forwarding_mode" reset to "IPV4_ONLY", impacting IPv6 traffic.
IPv6 is not supported in routing and datapath, which leads to IPv6 connectivity disruption.
- Fixed Issue 2841035: Error message shown when attempting to check capacity for Network, Security, Inventory and System on NSX-T UI.
On NSX-T UI, "General error has occurred" message displays when checking capacity. Unable to check the status for maximum capacity, current counts and thresholds of the objects such as VM, policy, rules, and hosts that are used.
- Fixed Issue 2845944: Packets that should be coming back from the VDPI engine to VSIP are dropped in dvFilter channel and never reach the VSIP module.
When packets hit a firewall rule that has FQDN enabled, the VSIP module intercepts the DNS packets and redirects the packets to the L7 inspection engine (VDPI process) to inspect the packets for IP and FQDN mapping. The packets that should be coming back from VDPI to VSIP are dropped in the dvFilter channel and never reach the VSIP module due. As the DNS packets are dropped in between, VMs do not complete the IP translation and the connection goes not further.
The FQDN feature does not work in this case and the VDPI process must be restarted.
- Fixed Issue 2848170: In some cases, LDAP authentication can stop working after a period of time.
Login operations using LDAP accounts fail.
- Fixed Issue 2848334: Bare metal Edge datapath performance is lower than expected.
Edge datapath forwarding performance for some flows is significantly reduced.
- Fixed Issue 2848364: NSX for vSphere to NSX-T host migration fails if there is any standalone host present in the system.
NSX for vSphere to NSX-T migration fails.
- Fixed Issue 2858893: Service Deployment cleanup fails for Clustered-based deployment.
No functional impact. Failure to clean up Service if trying to unregister ServiceDefinion with dangling ServiceDeployment or Instances. Have to manually/forcefully clean up from db.
- Fixed Issue 2859809: There is no provision in the UI to view the maintenance mode status of instance runtime on service instance page.
For debugging purposes, you may have to use the API to check the maintenance mode of the service instance.
- Fixed Issue 2859869: Duplicate IP address in Service Instance view if an IpPool is used to configure MGMT nic.
No datapath impact. Access to MGMT nic is impacted.
- Fixed Issue 2862971: Error displays when trying to create an Endpoint Rule from the UI.
Unable to create an Endpoint Rule.
- Fixed Issue 2862098: SVM has a zero mac address causing cfg-agent component to core-dump.
Coredump and failure to redirect traffic to partner SVM.