NVIDIA Cumulus NetQ 4.1 Release Notes

Download 4.1 Release Notes xls    Download all 4.1 release notes as .xls

4.1.1 Release Notes

Open Issues in 4.1.1

Issue IDDescriptionAffectsFixed
3015875
NetQ trace might report incomplete route information when there are multiple default routes in a VRF in the path between the source and destination.4.1.0-4.3.0
3011307
NetQ Agent: The NetQ Agent fails to start in Cumulus Linux on switches with ARM CPUs. The log files show the following message:
systemd: netq-agent.service: Main process exited, code=exited, status=1/FAILURE
4.1.14.2.0-4.3.0
2896825
WJH monitoring fails to start with netq-agent on Cumulus Linux 5.0. To work around this issue, reinstall the netq-agent package and configure the netq agent to start monitoring:1. Add the gpg key for the repository:wget -qO - https://apps3.cumulusnetworks.com/setup/cumulus-apps-deb.pubkey | sudo apt-key add -2. Add the repository to /etc/apt/sources.list:echo ‘deb https://apps3.cumulusnetworks.com/repos/deb CumulusLinux-4 netq-latest’ | sudo tee -a /etc/apt/sources.list3. Reinstall the netq-agent package:sudo apt-get update && sudo apt-get install –reinstall netq-agent4.1.0-4.1.14.2.0-4.3.0
2885440
After upgrading to NetQ 4.1.0, validation checks might show intermittent errors that are not valid while the validation application processess pending messages after upgrade. This condition will clear once all messages are processed.4.1.0-4.1.14.2.0-4.3.0
2885312
EVPN Validation Type 2 checks might show false Duplicate MAC events for MAC addresses that are not duplicated. An example of this is shown below:
EVPN Type 2 Test details:
Hostname Peer Name Peer Hostname Reason Last Changed
—————– —————– —————– ——————————————— ————————-
torc-11 - - Duplicate Mac 00:02:00:00:00:55 VLAN 1249 at Sun Dec 5 18:26:14 2021
torc-21:vx-282 and torc-11:peerlink-3
4.1.0-4.3.0
2843640
In NetQ clustered environments, the network snapshot feature may fail.4.0.0-4.1.14.2.0-4.3.0
2817749
If you configure an event suppression rule with is_active false, the event will no longer be displayed with the netq show events-config command.4.0.1-4.2.04.3.0
2815596
The NetQ Cloud VM for KVM hypervisors installer and opta-check fail because the minimum disk requirements do not meet the default image settings. To work around this issue, increase the disk space from 32GB to 64GB before you run the netq bootstrap command
1. Check the size of the existing hard disk in the VM to confirm it is 32 GB. In this example, the number of 1 MB blocks is 31583, or 32 GB
cumulus@netq-401-cloud:~$ df -hm /	Filesystem     1M-blocks  Used Available Use% Mounted on	/dev/vda1          31583  1192     30375   4% /
2. Shutdown the VM

3. Check the size of the existing disk on the server hosting the VM to confirm it is 32 GB. In this example, the size appears in the virtual size field:
root@server:/var/lib/libvirt/images# qemu-img info netq-4.0.1-ubuntu-18.04-tscloud-qemu.qcow2	image: netq-4.0.1-ubuntu-18.04-tscloud-qemu.qcow2	file format: qcow2	virtual size: 32G (34359738368 bytes)	disk size: 1.3G	cluster_size: 65536	Format specific information:	    compat: 1.1	    lazy refcounts: false	    refcount bits: 16	    corrupt: false
4. Add 32 GB to the image:
root@server:/var/lib/libvirt/images# qemu-img resize netq-4.0.1-ubuntu-18.04-tscloud-qemu.qcow2 +32G	Image resized.
5. Verify the change
root@server:/var/lib/libvirt/images# qemu-img info netq-4.0.1-ubuntu-18.04-tscloud-qemu.qcow2	image: netq-3.1.0-ubuntu-18.04-tscloud-qemu.qcow2	file format: qcow2	virtual size: 64G (68719476736 bytes)	disk size: 1.3G	cluster_size: 65536	Format specific information:	    compat: 1.1	    lazy refcounts: false	    refcount bits: 16	    corrupt: false
6. Start the VM and log back in
7. Run the following commands on the partition, referencing the filesystem /dev/vda1 obtained in step 1:
cumulus@netq-401-cloud:~$ sudo growpart /dev/vda 1	CHANGED: partition=1 start=227328 old: size=66881503 end=67108831 new: size=133990367,end=134217695	cumulus@netq-401-cloud:~$ sudo resize2fs /dev/vda1	resize2fs 1.44.1 (24-Mar-2018)	Filesystem at /dev/vda1 is mounted on /; on-line resizing required	old_desc_blocks = 4, new_desc_blocks = 8	The filesystem on /dev/vda1 is now 16748795 (4k) blocks long.
8. Verify the disk is now configured with 64 GB. In this example, the number of 1 MB blocks is now 63341, or 64 GB:
cumulus@netq-401-cloud:~$ df -hm /	Filesystem     1M-blocks  Used Available Use% Mounted on	/dev/vda1          63341  1193     62132   2% /
4.0.1-4.1.14.2.0-4.3.0
2711101
When RoCE (RDMA over Converged Ethernet) data collection is enabled in Cumulus Linux 4.3.z and 4.4.z, you can experience high dual uplink convergence times
To work around this issue, disable RoCE monitoring:1. Edit ‘/etc/netq/commands/cl4-netq-commands.yml’ and comment out the following lines:
#- period: “60”
# key: “roce”
# isactive: true
# command: “/usr/lib/cumulus/mlxcmd –json roce counters”
# parser: “local"2. Delete the ‘/var/run/netq/netq_commands.yml’ file:
$ sudo rm /var/run/netq/netq_commands.yml3. Restart the NetQ agent:
$ netq config agent restart
4.0.0-4.1.14.2.0-4.3.0
2663534
Validation check filtering is only applied to errors in validation results and is not applied to warnings in validation results.4.0.0-4.3.0
2555854
NETQ-8245
NetQ Agent: If a NetQ Agent is downgraded to the 3.0.0 version from any higher release, the default commands file present in the /etc/netq/commands/ also needs to be updated to prevent the NetQ Agent from becoming rotten.3.0.0-3.3.1, 4.0.0-4.3.0
2549649
NETQ-5737
NetQ UI: Warnings might appear during the post-upgrade phase for a Cumulus Linux switch upgrade job. They are caused by services that have not yet been restored by the time the job is complete. Cumulus Networks recommend waiting five minutes, creating a network snapshot, then comparing that to the pre-upgrade snapshot. If the comparison shows no differences for the services, the warnings can be ignored. If there are differences, then troubleshooting the relevant service(s) is recommended.3.0.0-3.3.1, 4.0.0-4.3.0

Fixed Issues in 4.1.1

Issue IDDescriptionAffects
2921628
CVE-2021-45046: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations
CVE-2021-45105: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.

4.1.0 Release Notes

Open Issues in 4.1.0

Issue IDDescriptionAffectsFixed
3015875
NetQ trace might report incomplete route information when there are multiple default routes in a VRF in the path between the source and destination.4.1.0-4.3.0
2896825
WJH monitoring fails to start with netq-agent on Cumulus Linux 5.0. To work around this issue, reinstall the netq-agent package and configure the netq agent to start monitoring:1. Add the gpg key for the repository:wget -qO - https://apps3.cumulusnetworks.com/setup/cumulus-apps-deb.pubkey | sudo apt-key add -2. Add the repository to /etc/apt/sources.list:echo ‘deb https://apps3.cumulusnetworks.com/repos/deb CumulusLinux-4 netq-latest’ | sudo tee -a /etc/apt/sources.list3. Reinstall the netq-agent package:sudo apt-get update && sudo apt-get install –reinstall netq-agent4.1.04.2.0-4.3.0
2885440
After upgrading to NetQ 4.1.0, validation checks might show intermittent errors that are not valid while the validation application processess pending messages after upgrade. This condition will clear once all messages are processed.4.1.04.2.0-4.3.0
2885312
EVPN Validation Type 2 checks might show false Duplicate MAC events for MAC addresses that are not duplicated. An example of this is shown below:
EVPN Type 2 Test details:
Hostname Peer Name Peer Hostname Reason Last Changed
—————– —————– —————– ——————————————— ————————-
torc-11 - - Duplicate Mac 00:02:00:00:00:55 VLAN 1249 at Sun Dec 5 18:26:14 2021
torc-21:vx-282 and torc-11:peerlink-3
4.1.0-4.3.0
2843640
In NetQ clustered environments, the network snapshot feature may fail.4.0.0-4.1.04.2.0-4.3.0
2817749
If you configure an event suppression rule with is_active false, the event will no longer be displayed with the netq show events-config command.4.0.1-4.2.04.3.0
2815596
The NetQ Cloud VM for KVM hypervisors installer and opta-check fail because the minimum disk requirements do not meet the default image settings. To work around this issue, increase the disk space from 32GB to 64GB before you run the netq bootstrap command
1. Check the size of the existing hard disk in the VM to confirm it is 32 GB. In this example, the number of 1 MB blocks is 31583, or 32 GB
cumulus@netq-401-cloud:~$ df -hm /	Filesystem     1M-blocks  Used Available Use% Mounted on	/dev/vda1          31583  1192     30375   4% /
2. Shutdown the VM

3. Check the size of the existing disk on the server hosting the VM to confirm it is 32 GB. In this example, the size appears in the virtual size field:
root@server:/var/lib/libvirt/images# qemu-img info netq-4.0.1-ubuntu-18.04-tscloud-qemu.qcow2	image: netq-4.0.1-ubuntu-18.04-tscloud-qemu.qcow2	file format: qcow2	virtual size: 32G (34359738368 bytes)	disk size: 1.3G	cluster_size: 65536	Format specific information:	    compat: 1.1	    lazy refcounts: false	    refcount bits: 16	    corrupt: false
4. Add 32 GB to the image:
root@server:/var/lib/libvirt/images# qemu-img resize netq-4.0.1-ubuntu-18.04-tscloud-qemu.qcow2 +32G	Image resized.
5. Verify the change
root@server:/var/lib/libvirt/images# qemu-img info netq-4.0.1-ubuntu-18.04-tscloud-qemu.qcow2	image: netq-3.1.0-ubuntu-18.04-tscloud-qemu.qcow2	file format: qcow2	virtual size: 64G (68719476736 bytes)	disk size: 1.3G	cluster_size: 65536	Format specific information:	    compat: 1.1	    lazy refcounts: false	    refcount bits: 16	    corrupt: false
6. Start the VM and log back in
7. Run the following commands on the partition, referencing the filesystem /dev/vda1 obtained in step 1:
cumulus@netq-401-cloud:~$ sudo growpart /dev/vda 1	CHANGED: partition=1 start=227328 old: size=66881503 end=67108831 new: size=133990367,end=134217695	cumulus@netq-401-cloud:~$ sudo resize2fs /dev/vda1	resize2fs 1.44.1 (24-Mar-2018)	Filesystem at /dev/vda1 is mounted on /; on-line resizing required	old_desc_blocks = 4, new_desc_blocks = 8	The filesystem on /dev/vda1 is now 16748795 (4k) blocks long.
8. Verify the disk is now configured with 64 GB. In this example, the number of 1 MB blocks is now 63341, or 64 GB:
cumulus@netq-401-cloud:~$ df -hm /	Filesystem     1M-blocks  Used Available Use% Mounted on	/dev/vda1          63341  1193     62132   2% /
4.0.1-4.1.04.2.0-4.3.0
2711101
When RoCE (RDMA over Converged Ethernet) data collection is enabled in Cumulus Linux 4.3.z and 4.4.z, you can experience high dual uplink convergence times
To work around this issue, disable RoCE monitoring:1. Edit ‘/etc/netq/commands/cl4-netq-commands.yml’ and comment out the following lines:
#- period: “60”
# key: “roce”
# isactive: true
# command: “/usr/lib/cumulus/mlxcmd –json roce counters”
# parser: “local"2. Delete the ‘/var/run/netq/netq_commands.yml’ file:
$ sudo rm /var/run/netq/netq_commands.yml3. Restart the NetQ agent:
$ netq config agent restart
4.0.0-4.1.04.2.0-4.3.0
2663534
Validation check filtering is only applied to errors in validation results and is not applied to warnings in validation results.4.0.0-4.3.0
2555854
NETQ-8245
NetQ Agent: If a NetQ Agent is downgraded to the 3.0.0 version from any higher release, the default commands file present in the /etc/netq/commands/ also needs to be updated to prevent the NetQ Agent from becoming rotten.3.0.0-3.3.1, 4.0.0-4.3.0
2549649
NETQ-5737
NetQ UI: Warnings might appear during the post-upgrade phase for a Cumulus Linux switch upgrade job. They are caused by services that have not yet been restored by the time the job is complete. Cumulus Networks recommend waiting five minutes, creating a network snapshot, then comparing that to the pre-upgrade snapshot. If the comparison shows no differences for the services, the warnings can be ignored. If there are differences, then troubleshooting the relevant service(s) is recommended.3.0.0-3.3.1, 4.0.0-4.3.0

Fixed Issues in 4.1.0

Issue IDDescriptionAffects
2893000
CVE-2021-44228: Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.2.4.0-4.0.1
2690469
While upgrading an on-premises deployment from version 2.4.x to 3.x.y then to 4.x, the upgrade fails during the NetQ application stage
To work around this issue, run the following command on the NetQ telemetry server, then start the upgrade again:‘netq install opta activate-job config-key EhVuZXRxLWVuZHBvaW50LWdhdGV3YXkYsagDIiw3T2sweW9kR3Y4Wk9sTHU3MkwrQTRjNkhhQkU3bVpBNVlZVjEvWWgyZGJBPQ==’
3.2.1-4.0.1