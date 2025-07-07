Reference Description

4263035 Description: In L3 EVPN scenarios with 16k overlay and 4k underlay routes, OVS may get stuck or abnormally terminate.

Workaround: ovs-vsctl set Open_vSwitch . other_config:doca-congestion-threshold=60

Keywords: L3 EVPN, 16k overlay, 4k underlay, OVS

Reported in HBN version: 2.4.2

4333972 Description: In case of sudden power off of the host the nvue git repo goes into bad state and wont recover. It might happen but user ill not end up in this state every time.

Workaround: On the DPU: 1. cd /var/lib/hbn/var/lib/nvue/ 2. Remove all files from the directory 3. Goto container 4. Restart nvued (supervisorctl restart nvued) 5. Run: nv config apply empty -y 6. Copy the startup.yaml (Your old configuration) to /var/lib/hbn/etc/nvue.d 7. Run: nv config apply startup -y

Keywords: NVUE git, HBN

Reported in HBN version: 2.4.2

4193046 Description: When LLDP is enabled on BlueField, it may not work on uplink ports when HBN service is running. This might happen if LLDP is running without any interface filter configuration.

Workaround: Configure LLDP to run only on interfaces where LLDP is required to be run, using a configuration file, /etc/lldpd.d/ports.conf , for the lldpd daemon. The interfaces can be specified using a regular expression pattern, if needed. For example: To run LLDP only on the uplinks ( p0 and p1 ), the configuration can be done as follows: Copy Copied! $ cat /etc/lldpd.d/ports.conf Configure system interface pattern p[01] .

To run LLDP on the uplinks plus some host-facing PFs or VFs, the configuration can be done as follows: Copy Copied! $ cat /etc/lldpd.d/ports.conf Configure system interface pattern p[0-1],pf[0-1]hpf,pf[0-1]vf[0-12] . If this configuration file is changed while the LLDP service is running, it must be restarted using systemctl restart lldpd .

Keywords: LLDP

Reported in HBN version: 2.4.1

4200335 Description: Sometimes the DNS resolution may fail if resolv.conf is not updated with the proper name server, leading to loss of OOB connectivity.

Workaround: N/A

Keywords: DNS; OOB connectivity

Reported in HBN version: 2.4.1

4011688 Description: The following critical error message is generated during HBN POD reboot. It can be safely ignored. Copy Copied! Error message: "CRIT Server 'unix_http_server' running without any HTTP authentication checking"

Workaround: N/A

Keywords: Log

Reported in HBN version: 2.4.0

4098158 Description: When using default BGP timers, an OVS restart may lead to extended traffic loss due to BGP peering reset.

Workaround: N/A

Keywords: BGP; OVS

Reported in HBN version: 2.4.0

3743942 Description: HBN container may hang in init-sfs during container restart when the HBN YAML file (i.e., /etc/kubelet.d/doca_hbn.yaml ) is modified while container is running.

Workaround: If the container hangs in init-sfs for more than 1 minute, reload the DPU.

Keywords: Hang; container

Reported in HBN version: 2.3.0

3961387 Description: The changing of the port number for NVUE REST API using nv CLI/API is not supported. The following command should not be used to change the port number: Copy Copied! nv set system api port <port-no>

Workaround: On HBN, NVUE is accessible through 8765 (i.e., default port number).

Keywords: NVUE API; port number

Reported in HBN version: 2.3.0

3967748 Description: The command nv show system api connections does not return any data.

Workaround: N/A

Keywords: REST API; nginx

Reported in HBN version: 2.3.0

3769309 Description: A ping or other IP connectivity from a locally connected host in vrf-X to an interface IP address on the DPU/HBN itself in vrf-Y will not work, even if VRF route-leaking is enabled between these two VRFs.

Workaround: N/A

Keyword: IP

Reported in HBN version: 2.2.0

3835295 Description: Traffic entering HBN service on a host PF/VF main-interface and exiting on a sub-interface of the same PF/VF (and vice versa) is not hardware offloaded. Similarly, traffic entering HBN service on one sub-interface and exiting on another sub-interface of the same host PF/VF is also not hardware offloaded.

Workaround: N/A

Keyword: Hardware offload; interfaces

Reported in HBN version: 2.2.0

3772552 Description: The DHCP relay gateway-interface IP address does not automatically pick up the IP address assigned to the associated VRF.

Workaround: The gateway-interface IP address must be explicitly configured.

Keyword: DHCP relay gateway; IP

Reported in HBN version: 2.2.0

3891542 Description: If NVUE-based routing policy (route map) configuration is used to associated route target extended communities with a EVPN route, only one route target can be specified.

Workaround: N/A

Keyword: NVUE; route target

Reported in HBN version: 2.2.0

3757686 Description: When the HBN container is coming up and applying a large configuration through the NVUE-startup service which includes entities used by DHCP relay (e.g., interfaces, SVIs and VRFs), the DHCP relay service may go into FATAL state. It can be observed using the following command: Copy Copied! supervisorctl status | grep isc-dhcp-relay isc-dhcp-relay-vrf11 RUNNING pid 2069 , uptime 0 : 11 : 31 isc-dhcp-relay-vrf12 RUNNING pid 2071 , uptime 0 : 11 : 31 isc-dhcp-relay-vrf13 FATAL Exited too quickly (process log may have details) isc-dhcp-relay-vrf14 FATAL Exited too quickly (process log may have details)

Workaround: Restart the DHCP relay service which is in FATAL state using the command: Copy Copied! supervisorctl restart <relay-service-name>

Keyword: DHCP relay; fatal; container; restart

Reported in HBN version: 2.1.0

3605486 Description: When the DPU boots up after issuing a "reboot" command from the DPU itself, some host-side interfaces may remain down.

Workaround: Restart openibd: Copy Copied! systemctl restart openibd Recreate SR-IOV interfaces if they are needed. Replay interface config. For example: If using ifupdown2: Copy Copied! ifreload -a

If using Netplan: Copy Copied! netplan apply

Keyword: Reboot

Reported in HBN version: 1.5.0

3547103 Description: IPv6 stateless ACLs are not supported.

Workaround: N/A

Keyword: IPv6 ACL

Reported in HBN version: 1.5.0

3339304 Description: Statistics for hardware-offloaded traffic are not reflected on SFs inside an HBN container.

Workaround: Look up the stats using ip -s link show on PFs outside of the HBN container. PFs would show Tx/Rx stats for traffic that is hardware-accelerated in the HBN container.

Keyword: Statistics; container

Reported in HBN version: 1.4.0

3352003 Description: NVUE show, config, and apply commands malfunction if the nvued and nvued-startup services are not in the RUNNING and EXITED states respectively.

Workaround: N/A

Keyword: NVUE commands

Reported in HBN version: 1.3.0

3184745 Description: The command nv show interface <intf> acl does not show correct information if there are multiple ACLs bound to the interface.

Workaround: Use the command nv show interface <intf> to view the ACLs bound to an interface.

Keyword: ACLs

Reported in HBN version: 1.2.0

3158934 Description: Deleting an NVUE user by removing their password file and restarting the decrypt-user-add service on the HBN container does not work.

Workaround: Either respawn the container after deleting the file or delete the password file corresponding to the user by running userdel -r username .

Keyword: User deletion

Reported in HBN version: 1.2.0

3185003 Description: When a packet is encapsulated with a VXLAN header, it adds extra bytes which may cause the packet to exceed the MTU of link. Typically, the packet would be fragmented but its silently dropped and no fragmentation happens.

Workaround: Make sure that the MTU on the uplink port is always 50 bytes more than host ports so that even after adding VXLAN headers, ingress packets do not exceed the MTU.

Keyword: MTU; VXLAN

Reported in HBN version: 1.2.0

3184905 Description: On VXLAN encapsulation, the DF flag is not propagated to the outer header. Such a packet may be truncated when forwarded in the kernel, and it may be dropped when hardware offloaded.

Workaround: Make sure that the MTU on the uplink port is always 50 bytes more than host ports so that even after adding VXLAN headers, ingress packets do not exceed the MTU.

Keyword: VXLAN

Reported in HBN version: 1.2.0

3188688 Description: When stopping the container using the command crictl stop an error may be reported because the command uses a timeout of 0 which is not enough to stop all the processes in the HBN container.

Workaround: Pass a timeout value when stopping the HBN container by running: Copy Copied! crictl stop --timeout 60 <hbn-container>

Keyword: Timeout

Reported in HBN version: 1.2.0

3129749 Description: The same ACL rule cannot be applied in both the inbound and outbound direction on a port.

Workaround: N/A

Keyword: ACLs

Reported in HBN version: 1.2.0

3126560 Description: The system's time zone cannot be modified using NVUE in the HBN container.

Workaround: The time zone can be manually changed by symlinking the /etc/localtime file to a binary time zone's identifier in the /usr/share/zoneinfo directory. For example: Copy Copied! sudo ln -sf /usr/share/zoneinfo/GMT /etc/localtime

Keyword: Time zone; NVUE

Reported in HBN version: 1.2.0

3118204 Description: Auto-BGP functionality (where the ASN does not need to be configured but is dynamically inferred by the system based on the system's role as a leaf or spine device) is not supported on HBN.

Workaround: If BGP is configured and used on HBN, the BGP ASN must be manually configured.

Keyword: BGP