4 Known Issues - SD-WAN Edge
The following tables list the known issues in version 8.2 and unresolved known issues from previous releases. You can reference known issues by ID number and you can identify the issue, any workaround, when the issue was found, and when it was fixed using this table. Issues not carried forward in this table from previous Release Notes are not relevant to this release. You can review delivery information, including defect fixes in this release's Build Notes.
ID | Description | Severity | Found In |
---|---|---|---|
30783830 | SD-WAN Edge does not support GRE wrapped packets that are fragmented before being encapsulated into the GRE wrapper. | 2 | 8.1.0.2.0 |
33702817 |
Some log files, like dynamic_routing.log, are not recreated after deleting them. Workaround: Restarting the BIRD process recreates dynamic_routing.log |
3 | 8.2.1.7.0 |
33806764 | Performance reports showing incorrect information. | 4 | 8.2.1.8.0 |
33577521 | Edge is sending a NAS-IP-Address of 127.0.0.1 instead of its real IP address. | 3 | 8.2.1.7.0 |
32986534 | VT800/VT800_128 Standby Excessive Messages in Common Log. | 3 | 8.2.1.6.0 |
33690699 | Management IP DHCP inconsistent on different OS. | 2 | 8.2.1.7.0 |
34214504 | Not able to make configuration changes due to issues with configuration editor. | 2 | 8.2.1.8.0 |
34281045 | TCP term cause memory dump. | 2 | 8.2.1.9.0 |
34214917 | Diagnostic causes HA flip. | 3 | 8.2.1.9.0 |
30654905 | A service impacting memory dump may happen due to MySQL corruption during reboot. | 2 | 8.2.1.0.0 |
33271781 | Internet Route still reachable in routing table after internet link is disabled. | 2 | 8.2.1.5.1 |
33592310 | Incorrect conduit status information on landing dashboard after upgrade. | 2 | 8.2.1.7.0 |
Resolved Issues
The following table provides a list of previous Known Issues that are now resolved.
ID | Description | Found In | Fixed In |
---|---|---|---|
33470576 | NCN drops Conduits to all Sites and shows deadman timeouts. | 8.2.1.7.0 | 8.2.1.10.0 |
33206028 | Customers will not get any warning from the UI if NTP goes out of sync. | 8.2.1.6.0 | 8.2.1.9.0 |
33754018 | Return traffic from internet and intranet services may get dropped. | 8.2.1.8.0 | 8.2.1.9.0 |
33646521 | If the customer tries to download packet capture while the packet view is still loading, the page will be unusable to take other packet captures. | 8.2.1.8.0 | 8.2.1.9.0 |
33789188 | Duplicate Ethernet port numbers may get displayed on the packet capture screen. | 8.2.1.8.0 | 8.2.1.9.0 |
33600230 | SNMP commands can be executed even though it is disabled from the UI. | 8.2.1.7.0 | 8.2.1.9.0 |
33391550 | Service impacting core dump can occur when DNS proxy is configured and DNS over TCP is used by the customer. | 8.2.1.6.1 | 8.2.1.9.0 |
33748973 | Dynamic Conduit may form only in one direction in a high traffic scenario. | 8.2.1.7.0 | 8.2.1.9.0 |
33699816 | The /etc/crontab file may be missing under certain scenarios causing any scheduled tasks not to run. | 8.2.1.7.0 | 8.2.1.9.0 |
33541816 | Coredump on a regular basis. | 8.2.1.7.0 | 8.2.1.9.0 |
33495032 | Removal of PA service chain can result in high disk usage which may cause service to clean/service restart continuously. | 8.2.1.5.1 | 8.2.1.9.0 |
33532181 | IPSec Tunnel not coming up. | 8.2.1.5.1 | 8.2.1.9.0 |
33286234 | Munin logging not included in diagnostics | 8.2.1.7.0 | 8.2.1.9.0 |
33618327 | All HTTP/HTTPS traffic between certain sites & the NCN was significantly degraded. A forced HA swap improves the performance. | 8.2.1.7.0 | 8.2.1.10.0 |
33585765 |
D2000 Interface 9 and 10 not working after trying different SFP+ transceivers, cabling and peer devices. Workaround: Firmware upgrade of the SFP+ interfaces. |
8.2.1.7.0 | 8.2.1.10.0 |
33775603 | Client site and NCN temporarily detected a config mismatch, but no config changes seen at either site. | 8.2.1.5.1 | 8.2.1.10.0 |
33911839 | Client Sites Core dump on Routine Configuration Change. | 8.2.1.7.0 | 8.2.1.10.0 |
33115106 | Even if the Internet/Intranet service at a site goes down, the routes for that service will still be exported out to the client sites via WAN to WAN forwarding. | 8.2.1.5.1 | 8.2.1.10.0 |
32903493 |
While staging new config with client site up but before activation if client site goes down (WAN Links not available or power issue at site) and it is activated while that site doesn't have a conduit to NCN. When site comes back up, it can't get new configuration, nor can it initiate a conduit to the NCN. Workaround: Creating a diagnostic causing the Conduit to come back up |
8.2.1.5.0 | 8.2.1.8.0 |
32982027 | E100 Reboot Needed to Restart Oracle SD-WAN Edge Service | 8.2.1.6.0 | 8.2.1.6.1 |
32733443 | init.log file that's under /home/talariuser/log is growing too big | 8.2.1.5.1 | 8.2.1.7.0 |
32726896 | Flows matching wrong application. | 7.3.0.13.0 | 8.2.1.7.0 |
32908507 |
Fail to Wire Not Functioning on Standby in Serial HA with OS 7.0.4 Workaround: SSH into the device and type "t2_init -b", however workaround doesn't stick after a reboot. |
8.2.1.4.0 | 8.2.1.7.0 |
32902434 | Reports > Performance : Archive Option Missing from Web UI | 8.2.1.5.0 | 8.2.1.7.0 |
32892722 | Management Packet Capture Option Missing. | 8.2.1.5.1 | 8.2.1.7.0 |
33058963 | init.log filling up with snmpd status messages | 8.2.1.6.0 | 8.2.1.7.0 |
32962206 | E100 core dumps upon taking a diagnostic. | 8.2.1.6.0 | 8.2.1.7.0 |
33308258 | NCN connection table fills up and stops processing traffic. | 8.2.1.6.1 | 8.2.1.8.0 |
32320166 | Packet captures missing from diagnostic dump. | 8.2.1.4.0 | 8.2.1.8.0 |
33396849 | Customer may not be able to achieve the full permitted traffic rate as 2% of bandwidth is reserved for control traffic. This can cause high utilization on links over 100Mbps. Changes have been made so that links having bandwidth below 100Mbps still reserve 2% and links above 100Mbps reserve a flat 2Mbps for control traffic. | 8.2.1.4.0 | 8.2.1.8.0 |
32920548 | Failed OS Upload Filling up Storage | 8.2.1.5.1 | 8.2.1.8.0 |
33408166 | Ingress and Egress Max Packet Size different. | 8.2.1.4.0 | 8.2.1.8.0 |
33038291 | SNMPD is constantly restarting. | 8.2.1.6.0 | 8.2.1.8.0 |
33073913 | Some log files not rotating. | 8.2.1.6.0 | 8.2.1.8.0 |
33149923 | Restart Routing does not work. | 8.2.1.5.1 | 8.2.1.8.0 |
33205561 | Device stall impacting performance. | 8.2.1.6.1 | 8.2.1.8.0 |
33293258 | HA Flip when customer tries to create a diagnostic. | 8.2.1.1.0 | 8.2.1.8.0 |
32367198 | As the disc space utilization exceeds 70% there is a warning alert being shown in the UI | 8.2.1.4.0 | 8.2.1.6.0 |
32166708 |
Slowness observed in UI, some values in dashboard screen was not displayed. Workaround steps: First verify if storage directory for T2_Config is missing. If yes, initiate reinitializing database which lost the storage directory due to system crash or other unexpected activity. {code:java} // recreates T2_Config database sudo /usr/bin/perl /home/talariuser/bin/t2_config_db.pl // httpd restart sudo service httpd restart // restart Oracle service from UI {code} |
8.2.1.2.0 | 8.2.1.6.0 |
32604032 | Firewall logs will have connection is invalid logs and TCP Connections will times out after upgrading to 8.2.1.5.0 | 8.2.1.5.0 | 8.2.1.5.1 |
32624685 | Service impacting memory dump occurs when DNS server sends a response with greater than 100 records (qnames) | 8.2.1.5.0 | 8.2.1.5.1 |
32078428 | Override to Internet service no longer works when there is a flow or route mismatch | 8.2.1.2.0 | 8.2.1.5.0 |
32063657 |
When Active OS partition storage hits the storage limit, SNMPD service restart happens. This causes removal of the configured SNMP user file and leads to continuous SNMP restart Workaround: Reconfigure the SNMP user |
8.2.1.2.0 | 8.2.1.5.0 |
31901062 |
Service impacting Memory dump may happen in case of high traffic resulting in high number of events.
|
8.2.1.2.0 | 8.2.1.4.0 |
31866536 | Last Resort WAN Link with Heart beat disabled is still letting traffic pass through it when regular wan links are available. | 8.2.1.2.0 | 8.2.1.4.0 |
31821629 |
Intermittent issues connecting to services may occur in case of memory leak in high traffic scenario. Workaround: Rebooting the device clears the memory leak. |
8.2.1.2.0 | 8.2.1.4.0 |
31774798 |
When more than one WAN link with the same public IP address ("public IP learning" config is enabled) and different ports are configured, it keeps flipping between those WAN links. |
7.3.0.12.0 | 8.2.1.4.0 |
31352442 | On a D2000/D6000, when taking a motherboard (port 9 or 10) port down and up, the second port on motherboard is taken down and up | 8.2.1.0.0 | 8.2.1.4.0 |
31294261 | A service impacting memory dump may happen in D6000 when heavily used via 4X1G port in a network containing over 200 sites. | 8.2.1.1.0 | 8.2.1.3.0 |
31019111 | There may be a service impacting memory dump if the database archive takes a long time or hangs | 8.2.0.1.0 | 8.2.1.3.0 |
31104344 | Maximum Dynamic Conduit is shown under View Configuration, even though it is not configured | 8.2.1.0.0 | 8.2.1.2.0 |
31019107 | There may be a service impacting memory dump during a configuration change like adding a local route in the configuration | 7.3.0.10.0 | 8.2.0.1.0 |
30801448 | Service impacting memory dump will occur if the client IP and Gateway IP is same in the DHCP ACK response. | 7.3.0.5.0 | 8.2.1.2.0 |
30850275 | OS swap from OS_7.0.0.0.0_GA_11122019 to OS 5.1 may fail for Virtual appliance (KVM). | 7.0.0_OS | 7.0.1_OS |
30792564 | A service impacting memory dump may happen when dynamic conduit between two sites is enabled and a config change happens where auto-path group has different DSCP value than the previous config file. | 8.2.1.0.0 | 8.2.1.1.0 |
30781290 | A service impacting memory dump may happen on the D6000 platform during a reboot or disable/enable of services. | 8.2.1.0.0 | 8.2.1.1.0 |
30701124 | A service impacting memory dump may happen when a configuration is uploaded that has dynamic NAT policy configured for Intranet service utilizing multiple MPLS Queues in a primary, secondary configuration. | 8.2.0.0.0 | 8.2.1.0.0 |
30777788 | If the total WAN links available to a Conduit exceed 4Gbps, the Link Share value will wrap, resulting in a low Upper Limit provisioning. | 8.2.0.0.0 | 8.2.1.0.0 |
30292834 | When stopping a VT800 VM in Hyper-V environment, it might get stuck in the Stopping (0%) state. Workaround: reboot the host machine. | NA | 8.2.0.1.0 |
30340596 |
Adding whitelisted management interfaces in with the Configure --> Local Network Settings --> Management Interface Whitelist option does not work. Workaround: Add whitelisted management interfaces with the CLI:
#: t2_mgt_acl --allow 172.17.200.172/32
|
SD-WAN OS7.0 | 8.2.0.1.0 |
30361515 |
When SSHing into Oracle SD-WAN Edge 8.2 running on OS7 with a RADIUS or TACACS+ username, users are incorrectly prompted to enter the "talariuser" password in the CLI and shell. Workaround: Log in as a local user or use the web console for SD-WAN Edge administration. |
8.2.0.0.0 | 8.2.0.1.0 |
30214096 | The functionality of "Autonegotiate" checkbox in "Ethernet Interface Settings" is automatically changing the Speed and Duplex to 1000Mb/s and Full respectively for a particular mac address. | NA | 8.2.0.0.0 |
30214104 | T5200 CPU profile optimizations as well as general packet scheduler enhancements have been made to significantly improve performance and stability during heavy load across large networks. | NA | 8.2.0.0.0 |
30214110 | Help text referencing "Classification:" is updated | NA | 8.2.0.0.0 |
30214176 | User-defined application which includes DSCP tag as a match criteria. This fix address the scenario if the DSCP value differs with in a flow, then the correct application match should happen based on the new DSCP value, instead of always matching the old DSCP value. | NA | 8.2.0.0.0 |
30214328 | From web UI, stats for rule, the WAN egress kbps may show number bigger than actual throughput. No impact to other functions. | NA | 8.2.0.0.0 |
30038195 | Internet/intranet traffic may not be able to fully use the bandwidth available when its fair share is set relatively low compared to conduit service on the WAN link with high bandwidth. | 8.1.0.1.0 | 8.2.0.0.0 |
30214140 | When using ZTP to bring up the secondary site with a package size greater than max file upload and post size , ZTP Web UI continuously appears to upload the package. Secondary site never receives the package. | NA | 8.2.0.0.0 |
30214128 | When doing config update to remove internet/intranet service and its corresponding NAT rule with port forwarding, it may cause service impacting memory dump. | NA | 8.2.0.0.0 |
30203564 | The count of Application Live Sessions may be off after reducing the number of application match. | NA | 8.2.0.0.0 |
30141581 | Multiple config changes localized in rules and classes may result in rules not getting applied. | NA | 8.2.0.0.0 |
Customer Build Notes
The following table reflects bugs fixed through the latest release.
Table 4-1 Customer Build Notes for 8.2p1
Bug ID | Description |
---|---|
30715656 | Refresh option in flow page was redirecting to home page. |
3062867 | On a D2000 or D6000 running release 8.2.0.0.0 and OS 7.0, setting the management IP from the ILOM management console can fail when the management port is connected to a live network. There is no reliable workaround, but updating the management port with the management port cable disconnected can get the IP address set on the management port, then when finished re-connect the management port cable. |
30620337 | If there are different VLAN¿s set on WAN and LAN ports under ¿Interface Groups¿ and the field ¿Access Interface Failover¿ is not checked under ¿Internet/Intranet¿ section, then the user is not shown any warning with appropriate message to alert him/her regarding VLAN mismatch and recommend the user to enable ¿Access Interface Failover¿ (Internet/Intranet service). |
30620119 | The instructions for filtering flows by DSCP tag on the Monitor > Flows page are incorrect. |
30614673 | If the route and service type for a flow changes, it may cause a service impacting memory dump. |
30586032 | When viewing Statistics > WAN > WAN Link Usage, the "Usage %" column sorts inconsistently. |
30573737 | Clicking on the ¿Refresh Page¿ icon while viewing the Event Management > Insert/View Events page will redirect the user to the appliance home page. |
30696711 | The option to ping from the Talari appliance (Troubleshoot > Ping) is incorrectly enabled on the standby appliance in an HA pair. |
30554939 | The Palo Alto Firewall XML file provided for Service Chaining has a static UUID field. |
30546157 | When a user filters for CONDUIT events under Event Management > Insert/View Events, CONDUIT_CLASS_POLICING_THRESHOLD events are shown instead. |
30514819 | If Microsoft Extensions are enabled for a VT800 in Azure, a large number of Microsoft log files are generated and cause disk usage alerts on the appliance. |
30513588 | Automatically generated firewall rules are removed without warning the user. |
30495818 | Turning on Netflow on a D6000 on 8.2 release may cause periodic jitter on data traffic. |
30473467 | When change config to remove/disable an application when the session is still running, it may cause service impact memory dump. |
30457955 | The ifconfig stats files in Diagnostic dumps contain empty files on SDWAN 8.2 software running on OS 7.0. |
30438063 | Periodic status reports preview page is displaying blank page and unable to send email notifications for the reports on scheduled time. |
30431299 | Enabling Dynamic Conduits may cause a service impacting memory dump. |
30426767 | Empty DNS AAAA Response packets are dropped by the APN when DNS snooping is enabled. |
30421465 | There may be a service impacting memory dump when the application statistics for the conduits are updated after a configuration update. |
30418787 | For E1000/D2000, there can be latency spike for some internet/intranet traffic. |
3041877 | For config update, it may cause service impacting memory dump. |
30418064 | In the Firefox browser, it is unable to create a client access interface with a DHCP client virtual interface. |
30417955 | Till now we don't have the cloud service/ cloud conduit option in Static NAT, Dynamic NAT and Firewall Policies sections. Now we have enabled the cloud services to them. |
30401856 | Using Easy Install [ZTP] to install a client site running 8.1 P1 or earlier when the secondary OS is OS 7.0 or newer may result in the ZTP process getting stuck while attempting to swap to the OS 7.0 partition. The workaround is to use Local Change Management on the client appliance to bring up the site. |
30400984 | There may be a service impacting memory dump when TCP termination is enabled. |
30361515 | When logging in via SSH an SDWAN-EDGE device running OS 7 and OS 8.2 using a RADIUS or TACACS+ username, the user will be improperly prompted for the 'talariuser' password when running commands in tcon or doing a sudo command from the shell. The workaround is to log in as a local user or use the Web console for SDWAN-EDGE administration. |
30355117 | When configuring WAN link usage for a conduit under Connections > [Site] > Conduits > [Conduit Name] > Remote Site > WAN Links for a site with one or more MPLS WAN links, it is possible to get into a state where ¿Use¿ is checked for an MPLS WAN Link but is not checked for its component queues. The MPLS paths are not created in this case. |
3035509 | Error messages in the Configuration Editor may disappear before users can see and act on them. |
3035492 | When enabling e-mail alerts either under Configure Alarms or Configure Alerts/Events, if a section that has a required field (such as a password) is enabled but not filled in, all pending changes will be cleared when the Apply button is clicked. |
30354436 | Service Chaining with Palo Alto does not work as expected. |
30354453 | If a Firewall Policy Template is applied under Global > APN Settings and the name of the applied Firewall Policy Template is changed under Global > Firewall > Firewall Policy Templates, the applied Firewall Policy Template will be changed to <none> and Configuration Editor will produce an audit error. |
30354274 | Disk usage is calculated incorrectly on appliances running Service Chaining. |
30353908 | When WAN-to-WAN Forwarding is enabled and the NCN is acting as an intermediate site, a service impacting memory dump way occur while the NCN statistics are updating. |
30353887 | When using the Configuration Editor in Google Chrome, it takes multiple clicks to select an Ethernet Interface to add to an Interface Group after creating a Virtual Interface. |
30353858 | When disabling an application which is referenced by a rule, an audit error is displayed which cannot be cleared. |
30353832 | When configuring a WAN Link in the Basic View of the Configuration Editor, setting the Physical Rate does not also set the Permitted Rate. |
30353516 | The help text and tool tip text in the Configuration Editor for the Custom Silence Period incorrectly states the default as 150ms even though the default silence time threshold is based on 3 nags, which are a dynamic variable depending on the trending network conditions. |
303533 | If OSPF Route Learning is enabled and a route is withdrawn from OSPF, a service impacting memory dump may occur. |
3035325 | All the DNS request over TCP from the client get dropped in APN. |
30352992 | DHCP relay request gets dropped if there is already connection entry exists but in the invalid state. The proposed fix should avoid the delete the invalid connection entry as soon as possible. |
3035269 | When APN sends out TCP SYN with timestamp option TSval having non zero value, but the server responds with Time stamp echo option Tsecr with 0 value, which leads wrong RTT calculation. |
30340596 | When running OS 7 and R8_2_GA, a Management Interface Whitelist created on the Configuration -> Local Network Settings: Managmeent Interface Whitelist will not persist across a restart and will have to be manually re-applied either via the GUI or by running some commands at the shell prompt upon a reboot. This workaround is : If there's an existing ACL from when the appliance was running OS 5.x, then you can run the following command at the shell and it should set up the ACl under OS 7: /sbin/iptables-restore < /home/talariuser/bin/t2_mgt_acl_iptables_up_rules This command will need to be manually run on every reboot. For adding new rules from CLI: t2_mgt_acl --allow <network> (example: t2_mgt_acl --allow 172.17.200.172/32) For removing rules: t2_mgt_acl --clear |