HBN Service Release Notes

Limit

BlueField-2

BlueField-3

Comments

Reference

Description

4263035

Description: In L3 EVPN scenarios with 16k overlay and 4k underlay routes, OVS may get stuck or abnormally terminate.

Workaround: ovs-vsctl set Open_vSwitch . other_config:doca-congestion-threshold=60

Keywords: L3 EVPN, 16k overlay, 4k underlay, OVS

Reported in HBN version: 2.4.2

4333972

Description: In case of sudden power off of the host the nvue git repo goes into bad state and wont recover. It might happen but user ill not end up in this state every time.

Workaround: On the DPU:

1. cd /var/lib/hbn/var/lib/nvue/

2. Remove all files from the directory

3. Goto container

4. Restart nvued (supervisorctl restart nvued)

5. Run: nv config apply empty -y

6. Copy the startup.yaml (Your old configuration) to /var/lib/hbn/etc/nvue.d

7. Run: nv config apply startup -y

Keywords: NVUE git, HBN

Reported in HBN version: 2.4.2

4193046

Description: When LLDP is enabled on BlueField, it may not work on uplink ports when HBN service is running. This might happen if LLDP is running without any interface filter configuration.

Workaround: Configure LLDP to run only on interfaces where LLDP is required to be run, using a configuration file, /etc/lldpd.d/ports.conf, for the lldpd daemon. The interfaces can be specified using a regular expression pattern, if needed. For example:

• To run LLDP only on the uplinks (p0 and p1), the configuration can be done as follows:

  Copy

  Copied!

              
  
              
  $ cat /etc/lldpd.d/ports.conf
          

  Configure system interface pattern p[01].

• To run LLDP on the uplinks plus some host-facing PFs or VFs, the configuration can be done as follows:

  Copy

  Copied!

              
  
              
  $ cat /etc/lldpd.d/ports.conf
          

  Configure system interface pattern p[0-1],pf[0-1]hpf,pf[0-1]vf[0-12].

If this configuration file is changed while the LLDP service is running, it must be restarted using systemctl restart lldpd.

Keywords: LLDP

Reported in HBN version: 2.4.1

4200335

Description: Sometimes the DNS resolution may fail if resolv.conf is not updated with the proper name server, leading to loss of OOB connectivity.

Workaround: N/A

Keywords: DNS; OOB connectivity

Reported in HBN version: 2.4.1

4197067

Description: The management VRF does not have an IPv6 address configured, resulting in the absence of a default IPv6 route in the management VRF. Consequently, IPv6 connectivity on the management port is unavailable, and only IPv4 connectivity is supported.

Workaround: N/A

Keywords: IPv6 OOB connectivity

Reported in HBN version: 2.4.1

4011688

Description: The following critical error message is generated during HBN POD reboot. It can be safely ignored.

            

            
Error message: "CRIT Server 'unix_http_server' running without any HTTP authentication checking"
        

Workaround: N/A

Keywords: Log

Reported in HBN version: 2.4.0

4098158

Description: When using default BGP timers, an OVS restart may lead to extended traffic loss due to BGP peering reset.

Workaround: N/A

Keywords: BGP; OVS

Reported in HBN version: 2.4.0

4155959

Description: With uplinks in the br-sfc bridge, IPv6 traffic in uplink-to-uplink direction results in OVS crash resulting in complete traffic drop.

Workaround: Restart the SFC service:

            

            
systemctl restart sfc
        

Keywords: OVS restart; traffic drop

Reported in HBN version: 2.4.0

3743942

Description: HBN container may hang in init-sfs during container restart when the HBN YAML file (i.e., /etc/kubelet.d/doca_hbn.yaml) is modified while container is running.

Workaround: If the container hangs in init-sfs for more than 1 minute, reload the DPU.

Keywords: Hang; container

Reported in HBN version: 2.3.0

3961387

Description: The changing of the port number for NVUE REST API using nv CLI/API is not supported. The following command should not be used to change the port number:

            

            
nv set system api port <port-no>
        

Workaround: On HBN, NVUE is accessible through 8765 (i.e., default port number).

Keywords: NVUE API; port number

Reported in HBN version: 2.3.0

3967748

Description: The command nv show system api connections does not return any data.

Workaround: N/A

Keywords: REST API; nginx

Reported in HBN version: 2.3.0

3769309

Description: A ping or other IP connectivity from a locally connected host in vrf-X to an interface IP address on the DPU/HBN itself in vrf-Y will not work, even if VRF route-leaking is enabled between these two VRFs.

Workaround: N/A

Keyword: IP

Reported in HBN version: 2.2.0

3835295

Description: Traffic entering HBN service on a host PF/VF main-interface and exiting on a sub-interface of the same PF/VF (and vice versa) is not hardware offloaded. Similarly, traffic entering HBN service on one sub-interface and exiting on another sub-interface of the same host PF/VF is also not hardware offloaded.

Workaround: N/A

Keyword: Hardware offload; interfaces

Reported in HBN version: 2.2.0

3772552

Description: The DHCP relay gateway-interface IP address does not automatically pick up the IP address assigned to the associated VRF.

Workaround: The gateway-interface IP address must be explicitly configured.

Keyword: DHCP relay gateway; IP

Reported in HBN version: 2.2.0

3891542

Description: If NVUE-based routing policy (route map) configuration is used to associated route target extended communities with a EVPN route, only one route target can be specified.

Workaround: N/A

Keyword: NVUE; route target

Reported in HBN version: 2.2.0

3757686

Description: When the HBN container is coming up and applying a large configuration through the NVUE-startup service which includes entities used by DHCP relay (e.g., interfaces, SVIs and VRFs), the DHCP relay service may go into FATAL state. It can be observed using the following command:

            

            
supervisorctl status | grep isc-dhcp-relay
isc-dhcp-relay-vrf11 RUNNING pid 2069, uptime 0:11:31
isc-dhcp-relay-vrf12 RUNNING pid 2071, uptime 0:11:31
isc-dhcp-relay-vrf13 FATAL Exited too quickly (process log may have details)
isc-dhcp-relay-vrf14 FATAL Exited too quickly (process log may have details)
        

Workaround: Restart the DHCP relay service which is in FATAL state using the command:

            

            
supervisorctl restart <relay-service-name>
        

Keyword: DHCP relay; fatal; container; restart

Reported in HBN version: 2.1.0

3605486

Description: When the DPU boots up after issuing a "reboot" command from the DPU itself, some host-side interfaces may remain down.

Workaround:

1. Restart openibd:

   Copy

   Copied!

               
   
               
   systemctl restart openibd
           

2. Recreate SR-IOV interfaces if they are needed.

3. Replay interface config. For example:

   • If using ifupdown2:

     Copy

     Copied!

                 
     
                 
     ifreload -a 
             

   • If using Netplan:

     Copy

     Copied!

                 
     
                 
     netplan apply
             

Keyword: Reboot

Reported in HBN version: 1.5.0

3547103

Description: IPv6 stateless ACLs are not supported.

Workaround: N/A

Keyword: IPv6 ACL

Reported in HBN version: 1.5.0

3339304

Description: Statistics for hardware-offloaded traffic are not reflected on SFs inside an HBN container.

Workaround: Look up the stats using ip -s link show on PFs outside of the HBN container. PFs would show Tx/Rx stats for traffic that is hardware-accelerated in the HBN container.

Keyword: Statistics; container

Reported in HBN version: 1.4.0

3352003

Description: NVUE show, config, and apply commands malfunction if the nvued and nvued-startup services are not in the RUNNING and EXITED states respectively.

Workaround: N/A

Keyword: NVUE commands

Reported in HBN version: 1.3.0

3184745

Description: The command nv show interface <intf> acl does not show correct information if there are multiple ACLs bound to the interface.

Workaround: Use the command nv show interface <intf> to view the ACLs bound to an interface.

Keyword: ACLs

Reported in HBN version: 1.2.0

3158934

Description: Deleting an NVUE user by removing their password file and restarting the decrypt-user-add service on the HBN container does not work.

Workaround: Either respawn the container after deleting the file or delete the password file corresponding to the user by running userdel -r username.

Keyword: User deletion

Reported in HBN version: 1.2.0

3185003

Description: When a packet is encapsulated with a VXLAN header, it adds extra bytes which may cause the packet to exceed the MTU of link. Typically, the packet would be fragmented but its silently dropped and no fragmentation happens.

Workaround: Make sure that the MTU on the uplink port is always 50 bytes more than host ports so that even after adding VXLAN headers, ingress packets do not exceed the MTU.

Keyword: MTU; VXLAN

Reported in HBN version: 1.2.0

3184905

Description: On VXLAN encapsulation, the DF flag is not propagated to the outer header. Such a packet may be truncated when forwarded in the kernel, and it may be dropped when hardware offloaded.

Workaround: Make sure that the MTU on the uplink port is always 50 bytes more than host ports so that even after adding VXLAN headers, ingress packets do not exceed the MTU.

Keyword: VXLAN

Reported in HBN version: 1.2.0

3188688

Description: When stopping the container using the command crictl stop an error may be reported because the command uses a timeout of 0 which is not enough to stop all the processes in the HBN container.

Workaround: Pass a timeout value when stopping the HBN container by running:

            

            
crictl stop --timeout 60 <hbn-container>
        

Keyword: Timeout

Reported in HBN version: 1.2.0

3129749

Description: The same ACL rule cannot be applied in both the inbound and outbound direction on a port.

Workaround: N/A

Keyword: ACLs

Reported in HBN version: 1.2.0

3126560

Description: The system's time zone cannot be modified using NVUE in the HBN container.

Workaround: The time zone can be manually changed by symlinking the /etc/localtime file to a binary time zone's identifier in the /usr/share/zoneinfo directory. For example:

            

            
sudo ln -sf /usr/share/zoneinfo/GMT /etc/localtime
        

Keyword: Time zone; NVUE

Reported in HBN version: 1.2.0

3118204

Description: Auto-BGP functionality (where the ASN does not need to be configured but is dynamically inferred by the system based on the system's role as a leaf or spine device) is not supported on HBN.

Workaround: If BGP is configured and used on HBN, the BGP ASN must be manually configured.

Keyword: BGP

Reported in HBN version: 1.2.0

Reference

Description

4299341

Description: After booting, DPU might lose DNS connectivity, /etc/resolv.conf being empty, and/or hostname might be set to localhost without out-of-band management access.

Fixed in HBN version: 2.4.2

4303575

Description: If the BGP instance is deleted, FRR service needs to be restarted. The restarting mechanism was not compatible with HBN, leading to config not being applied until user restarts the FRR manually.

Fixed in HBN version: 2.4.2

4309839

Description: If NVUE git datastore gets corrupted and the backup.tar is corrupted, NVUE is not able to recover or start.

Fixed in HBN version: 2.4.2