Skip to main content
Versa Networks

Versa Analytics Release Notes for Release 21.1

This document describes features, enhancements, fixes, and known issues in Versa Analytics Software Release 21.1, for Releases 21.1.0 through 21.1.4. Release 21.1.1 and later are general available (GA) releases and are supported for use in production networks.

April 27, 2022
Revision 5

Install the Versa Analytics Software

To install the Versa Analytics software, see the Deployment and Initial Configuration articles.

Upgrade to Release 21.1

You can upgrade Versa Analytics nodes to Release 21.1 from any service release of Release 16.1R2, that is, from Releases 16.1R2(Sx).

Before You Upgrade

Before you upgrade the Analytics software to Releases 21.1 or later, upgrade the OS SPack on all Analytics nodes to the version in the latest subfolder at https://versanetworks.app.box.com/v/osspack or https://upload.versa-networks.com/index.php/s/nEkF9xOO3e7BA9Z. If you do not upgrade the OS SPack, the Analytics upgrade may fail.

Upgrade to Release 21.1

To upgrade to Release 21.1:

  1. Copy the appropriate binary package file to the /home/versa/packages/ directory on the Versa Analytics node. Ensure that the file has +x execute permission. Alternatively, use the following command, which copies the file to the /home/versa/packages directory:
    versa@versa-Analytics> request system package fetch uri uri
    
  2. Install the new software package:
    versa@Versa-Analytics> request system package upgrade filename.bin
    
  3. Check the status of the services from the shell:
     % vsh status
    
  4. If the Versa services have not started, start them from the shell:
     % vsh start
    
  5. After the upgrade completes, a message may display indicating that you should reboot the system. Even if a message does not display, it is recommended that you reboot the system to account for any GRUB or kernel parameter changes. To reboot the system:
     % sudo reboot
    

    After the reboot completes, the Versa services automatically restart.

Prerequisites for Upgrade to Releases 21.1.1 and  Later

Before you upgrade to Releases 21.1.1 and later from Releases 16.1R2 or 20.2.x, check for the following:

  1. The database must be DataStax Enterprise (DSE) 4.8 or Fusion.
  2. To check whether the database uses the DSE or Fusion package, go to Administration > Version. If the Database Version string ends with F, the database is Fusion. If it ends with E or does not display any character, the database is DSE.

    DB_Version.PNG
     
  3. If the database is DSE, SSH to any of the analytics/search nodes and issue the following command:
    versa@versa-analytics:~$ dse -v
    4.5.2
    
  4. If the database is DSE 4.5.x, upgrade to DSE 4.8 using the DSE migration scripts at the following link:
    https://support.versa-networks.com/support/solutions/articles/23000019690
  5. After you successfully upgrade to DSE 4.8, upgrade the Versa Analytics application to Release 21.1.1, as described in Upgrade to Release 21.1.

After the upgrade, ensure the following:

  • Search node IP addresses are listed under Search Hosts
  • Analytics node IP addresses are listed under Analytics Hosts
  • All log collector or forwarder IP addresses are listed under Driver Hosts

Checks To Perform after Upgrading to Releases 21.1.1 or Later

If you are upgrading your system from Release 20.2.4 to Releases 21.1.1 or later, issue the following commannds from the shell:

% sudo rm -rf /opt/versa_van/apps/apache-tomcat/webapps/versa*
% vsh restart

In Releases 21.1.1 and later, you cannot access the Versa Analytics application using port 8080. This is to avoid any security vulnerabilities. By default, only secure ports 443/8443 are enabled in Analytics. For Director-to-Analytics communication, port 8443 is used. The upgrade on Director nodes ensures that the northbound interface port automatically changes from 8080 to 8443. Certificates required for SSL communication from Analytics to Director nodes are also automatically synched.

If there is no communication between Versa Director and Versa Analytics nodes, perform the following steps:

  1. Check whether any firewall rule is blocking Versa Director to Versa Analytics communication on port 8443.
  2. Connect to Versa Analytics directly at the URL https://analytics-ip-address to determine whether the portal is accessible. This ensures that the application is reachable using a secure port and that SSL certificate is valid.
  3. Log in to the Analytics node using the same username and password as the Director node. If the login is successful, this means that RBAC between the Analytics and Director nodes is working using a secure connection. If the login is not successful, install the Director certificate on the Analytics node, as described in
    https://support.versa-networks.com/a/solutions/articles/23000010418
  4. Log in to the Director shell and issue the following command to check whether the Analytics truststore has been created on the Director node:
    admin@versa-director:/var/versa/vnms/data/certs$ ls -tlr versa_analytics_truststore.ts
    -rw-rw---- 1 versa versa 1274 Jul 30 05:42 versa_analytics_truststore.ts
    
  5. If the truststore file does not exist or if the Versa Analytics certificates were regenerated, resynchronize and import the Analytics certificates by running the vd-van-cert-upgrade.sh script in the active Director shell This script transfers the Analytics certificates from each of the Analytics nodes configured under the connectors and then imports them. You must restart the Director node for the certificate to take effect.
    admin@versa-director:~$ sudo su – versa
    versa@versa-director:~$ /opt/versa/vnms/scripts/vd-van-cert-upgrade.sh --pull
    

For example:

versa@versa-director:.../vnms/scripts$ ./vd-van-cert-upgrade.sh --pull
Pulling Analytics certificates to Director key store
Checking previous version config path
Changing port for [Analytics]
No modifications to commit.
Port Migration completed
VAN Clusters IPs: [ 10.48.189.23 ]
Removing previous analystics cert store
Getting Certificate for : 10.48.189.23
depth=0 C = US, ST = California, L = Santa Clara, O = versa-networks, OU = VersaAnalytics, CN = versa-analytics
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = California, L = Santa Clara, O = versa-networks, OU = VersaAnalytics, CN = versa-analytics
verify return:1
DONE
Importing Certificate for : 10.48.189.23
Certificate was added to keystore
Certificates Imported... Requires restart.. Do you want to post pone restart (y/N): N
[sudo] password for versa:
Stopping VNMS service
------------------------------------
Stopping TOMCAT................[Stopped]
Stopping REDIS.................[Stopped]
Stopping NETBOX-IPAM...........[Stopped]
Stopping POSTGRE...............[Stopped]
Stopping SPRING-BOOT...........[Stopped]
Stopping SPACKMGR..............[Stopped]
Stopping NCS...................[Stopped]
* Stopping daemon monitor monit
Starting VNMS service
------------------------------------
Starting NCS...................[Started]
Starting POSTGRE...............[Started]
Starting NETBOX-IPAM...........[Started]
Starting SPRING-BOOT.......... [Started]
Starting REDIS.................[Started]
Starting TOMCAT................[Started]

Fusion Database Upgrade Information

In Releases 20.x and later, Versa Analytics supports a new database platform called Fusion, which is based on open source technology. When you freshly install an Analytics cluster using a Release 20.x or Release 21.x ISO/QCOW2/OVA image, the Fusion database is automatically enabled. If you are upgrading from Release 16.1R2 to Release 20.x or Release 21.x, you must run additional scripts after you upgrade the software to install Fusion database and migrate the data.

The following are some of the frequently asked questions related to this database upgrade:

  • Why should we upgrade the database to Fusion?
    • The Fusion database uses the latest version of database software that provides better scaling and performance, and fixes many security vulnerabilities. The DSE database used in Release 16.1R2 has reached its end of life.
    • Although currently there currently is feature compatibility between the DSE Analytics database and the Fusion database, it will soon be required to diverge to take advantage of newer capabilities in the Fusion database, and so newer features may be available only in Fusion database.
  • Will there be any impact on reports and features after the upgrade?
    • All reports and features available in Release 16.1R2 are also available in Releases 20.2 and later Releases 21.1 and later. Additionally, the new releases provide many new reports and features and vulnerability fixes.
  • I am using Versa Analytics Release 16.1R2. I want to upgrade to Release 20.2 and later or Release 21.1 or later. Which image do I download and how do I upgrade?
    • The first step is to upgrade the software version to Release 20.2.2 or 21.1.1, as described in Upgrade to Release 21.1, above. The software update does not automatically upgrade the database to Fusion. The underlying DSE database remains, and all functions work using DSE.
    • Then upgrade the database to Fusion. To do this, you can use a cluster upgrade script to uninstall the DSE packages and install Fusion packages. This script upgrades one node at a time. Historical data is preserved and real-time search data is truncated. The upgrade scripts and related documentation are available here:
      https://versanetworks.box.com/s/8pdi9ppyjzfq8cx53s10l3zbwt6k2kbw
    • If you are upgrading a large database or have issues while running the upgrade scripts, contact the Versa Support team.
  • Is it possible to upgrade only Versa Analytics to Release 20.x or Release 21.x to use the Fusion database?
    • Release 20.2.2 of Versa Analytics is backward compatible with Releases16.1R2S10 and 16.1R2S11 of Versa Director and Versa Operating SystemTM (VOSTM ) (previousy called FlexVNF).
    • Release 21.1.1 of Versa Analytics is backward compatible with Releases 16.1R2S10 and 16.1R2S11, and with Release 20.2.2 of VOS. However, Versa Director and Versa Analytics must be running Release 21.1.1.
  • Will there be downtime during upgrade to Release 21.1.1?
    • The upgrade from Release 16.1R2 to Release 20.2.x or 21.1.x is like any other upgrade in that only the Versa application software is upgraded. During the upgrade process, data is not lost. When you upgrade the database from DSE to Fusion using the upgrade script, there will be some downtime for the database operations (approximately 1-2 hours), depending on the size of the cluster. You will not lose any logs, and streaming to third-party collectors will not be interrupted. To reduce the downtime, you can bring up a new cluster that is running Release 20.2.x or 21.1.x, and then configure the Controller to use server IP addresses of the new cluster so that logs start flowing to the new cluster. If data stored in older cluster must be migrated to the new cluster, use one of these options:
      • Export the archived data from the old cluster to the new cluster, and then restore it. Depending on the number of days and size of the data, this can take some time because archive logs do not differentiate between the type of data. All the data for the specified interval is transferred and restored. The scripts to trigger log transfer and restore are available here:
        https://support.versa-networks.com/a/solutions/articles/23000008970
      • Export the processed data from the old cluster to the new cluster, and then restore it. Here, you can specify the type of data you want to export and restore. The script is available here:
        https://versanetworks.box.com/s/vryjpluuv18dfat03hxb5a49pgws0cx5

For more information, see Migrate the Versa Analytics Database from DSE to Fusion.

New Features

This section describes the new Versa Analytics features in Release 21.1.

  • Alarm settings enhancements—(In Releases 21.1.3 and later.) You can set alarms for CPU utilization, disk utilization, memory utilization, and Analytics driver stuck. You can override the low-threshold and high-threshold severities for threshold alarms. You can configure the severity for setting and clearing alarms.

    add-alarm-settings.png

  • APM statistics—(In Releases 21.1.3 and later.) You can display the APM statistics for an application. To do so, drill down on the application. For example:

    apm-statistics.png

  • Appliance log activity report—You can find a log activity summary for all appliances at Dashboards > System > Appliance Activity tab. For example:

    appliance-log-activity-report.png

    Drill down to view historic appliance log activity for the configured interval. For example:

    appliance-log-activity-over-time.png

  • Application performance monitoring (APM)—(In Releases 21.1.1 and later.) If you enable TCP performance monitoring on sites running SD-WAN, statistics corresponding to TCP sessions are exported to Analytics. Statistics are aggregated per tenant, appliance, application, source, destination prefix, and WAN link. The metrics include round-trip time, aborted and refused counts, session and packet counts, and retransmission counts. These metrics are used to calculate the quality of the application. The application rank is computed as a value from 1 through 100, where 1 is the best performing application and 100 is the worst. The application rank is displayed on the SD-WAN dashboard:

    application-performance-monitoring.png

    The following example drilldown shows that there is poor performance on some SSL sessions because of high retransmissions.

    apm-drilldown.png
     
  • Application uptime—(In Releases 21.1.1 and later.) You can display the amount time that has elapsed since an application started at the Administration > Version tab:

    application-uptime.png
     
  • DIA traffic rules statistics—(In Releases 21.1.3 and later.) The SD-WAN site dashboard shows statistics for DIA rules on the following screens.
    dia-rules-1.png

    dia-rules-2.png
  • DNS proxy report enhancements—You can store DNS proxy parent and child session logs in the search engine. You can display the DNS proxy logs at Logs > DNS Proxy, and you can search one or more fields of the logs and drill down to related logs and to the parent session log. To find the parent session log, click the icon under the Parent Log column. You can view predefined reports at Logs > DNS Proxy > Charts. For example:

    DNS-proxy-support-enhancements.png

    Drill down on the parent icon to view details about the parent session log. For example:

    DNS-proxy-support-enhancements-drilldown.png
     
  • GUI support for log collector exporter configuration—(In Releases 21.1.2 and later.) Log collector exporter configuration page has been enhanced to support additional configuration options:
    • Configure remote collector with destination FQDN instead of destination IP address—In the remote collector, you can configure destination IP address or Fully Qualified Domain Name (FQDN). If you configure FQDN, the DNS server listed in the /etc/resolv.conf file must be reachable from the log collector to perform the name resolution. Alternately, /etc/hosts can be configured with the hostname and IP address

      remote-collector.PNG
    • Configure primary collector in remote collector group—This configuration ensures that when multiple collectors in a collector group are in the Established state, the primary collector is marked as the active collector.

      remote-collector-group-primary-collector.PNG
    • Configure exporter rules with matching log subtypes—In the exporter rules, apart from log types, you can specify subfields for a granular match. For example, to export only severity cleared, critical, or major, select the following log types:

      exporter-rules-log-types.PNG
      You can match various log types with subfields as listed below:
       
      Field Subfields Description

      alarm-log

      alarm-type

      severity

      List of alarm types

      List of alarm severity

      bw-mon-log

      sub-type

      List of bandwidth monitoring statistics types

      dos-log

      Threattype

      List of threat values

      idp-log

      Threattype

      List of threat values

      urlfLog

      reputationLevel

      List of URL values

      mon-log

      Subtype

      List of monitoring statistics types

    • Configure system settings—You can configure system settings for NTP and alarm from the the Analytics > Administration > Configuration > Log Collector Exporter in the left menu, then in the Log Collector Configuration window, select the System tab for the host.

      log-collector-config-system-tab.PNG
  • “is not equal to” log filter—You can filter for logs by specifying “is not equal to” for any fields, as shown here:

    not-equal-to.png
     
  • Kafka third-party log collector and log email notification—(In Releases 21.1.1 and later.) You can configure the Analytics log collector and exporter to send the logs to one or more third-party collectors in syslog format using TCP/UDP/SSL transport. In Releases 21.1.1 and later, you can stream logs and events to the the following interfaces:
    • Apache Kafka cluster—You can configure the log collector to send the logs to a customer’s Kafka cluster. To do this, you configure the Kafka cluster as a remote collector in the log collector exporter configuration. Logs are streamed in structured syslog format to Kafka cluster. See Configure Log Collectors and Log Exporter Rules.
    • Email notification service—For critical security events, e-mail alerts/notifications can be sent to users from the log collectors using a new email notification service called van-notif-agent. It can be configured to run on the log collector nodes and can send emails with summary of the events and/or detailed log information at configured intervals. See Configure Log Collectors and Log Exporter Rules.
  • Log collector exporter enhancements—(In Releases 21.1.1 and later.)
    • GUI support for log collector exporter configuration—Log collector exporter configuration page has been enhanced to use a new framework to add/delete/modify/clone local collector, remote template/collector/collector group, exporter rules configuration:

      log-collector-exporter-local-collector.png
       
    • GUI support for log collector exporter status and statistics display—You can display log collector status and statistics information at a global level, for a local collector, for a remote collector, or for a rule, for all log collectors or for a specific log collector:

      log-collector-exporter-local-collector-2.png
       
    • Alarm configuration—To generate alarms for a remote collector down event or when the queue utilization exceeds the threshold, you can enable the following configuration settings. Note that you can configure alarms only from the CLI. The generated alarms are stored in the /var/log/alarms.log file.

      versa@Search1% show
      [edit log-collector-exporter settings alarms]
      remote-collector-queue-utilization {
          low-threshold 75;
          high-threshold 90;
          soak-time      5;
      }
      remote-collector-down {
          soak-time ;
      }


      Examples of the generated alarms are:

      tail -f /var/log/alarms.log
      Aug 19 09:07:57 Analytics1 versa-lced: [rem-coll] [rem-coll-down] [2020-08-19T09:07:56-0700] Remote collector RC2 down
      Aug 19 09:08:01 Analytics1 versa-lced: [rem-coll] [rem-coll-down] [2020-08-19T09:08:01-0700] Remote collector RC2 up
      Aug 19 09:14:28 Analytics1 versa-lced: [rem-coll] [rem-coll-q-util] [2020-08-19T09:14:27-0700] Remote collector RC1 queue has exceeded threshold value (utilization: 60%)
      Aug 19 09:14:28 Analytics1 versa-lced: [rem-coll] [rem-coll-q-util] [2020-08-19T09:14:28-0700] Remote collector RC1 queue is now available (utilization: 23%)
      Aug 19 09:15:26 Analytics1 versa-lced: [rem-coll] [rem-coll-q-util] [2020-08-19T09:15:25-0700] Remote collector RC1 queue near exhaustion (utilization: 75%)
      Aug 19 09:15:26 Analytics1 versa-lced: [rem-coll] [rem-coll-q-util] [2020-08-19T09:15:26-0700] Remote collector RC1 queue is now available (utilization: 45%)
    • Exporter rules support for match on more granular types and subtypes—Exporter rules define which logs received by the local collector to stream to a remote collector. Match criteria has been enhanced to include more log types listed, and you can match based on specific values inside the logs by configuring features with matching criteria. See Configure Log Collectors and Log Exporter Rules.

    • Operational commands to log restore and clear archive jobs—You can restore and delete archive logs from the CLI, using the request system storage archive restore and request system storage archive delete commands. See Manage Analytics Logs.

  • Network prefix in SD-WAN application subscriber report—The SD-WAN application subscriber report displays information about applications and their users. You can determine a username by configuring an IP address-to-user mapping. If you do not configure a mapping, the source IP address of the traffic flow is used as the username. The SD-WAN application subscriber report has been enhanced to display the network prefix, which is the destination address prefix of the traffic flow, if this information is received in the logs from the VOS devices. By default, VOS devices to not send network prefix information. To enable the sending of network prefix information, issue the following command:
admin@branch-cli(config)% set system parameters lef usage-stats-logging sdwan app-user-inc-dest-ip-prefix true

To view the network prefix information, drill down from the Application page. For example:

network-prefix-in-SD-WAN-app-subscriber-report.png
 

  • Operational commands to log restore and clear archive jobs (In Releases 21.1.2 and later.)
    • Logs are archived after they are processed by the log collector—You can view, restore or delete the logs from the Administration > Maintenance > Log Archives menu:

      log-archives.PNG
    • Delete archive logs—You can delete archived files for a specific tenant or appliance within a time range to help free disk space on log collector nodes.
    • Restore archive logs—Extracts archived files for a specific tenant or appliance and time range to a destination directory. If the destination directory is /var/tmp/log, the data is added back to the database.
    • View archive log details—Locates the specified number of archived files and file names of the oldest and newest files per tenant or appliance and per log collector.
  • Per-tenant Analytics data settings—For each tenant, you can define the data retention time, data granularity, and other data-related settings. See Analytics Datastore Limits in Versa Analytics Scaling Recommendations.

  • Primary and secondary log collectors—You can configure primary and backup log collectors. From a collector group, you can choose a specific collector to be the active, or primary, collector. If the primary collector is down, the next active collector is chosen from the group. When the primary collector comes back up and remains up for a configurable interval, it becomes the active collector again. See Configure Log Export Functionality.
  • Reporting enhancements—(In Releases 21.1.1 and later.) The following enhancements have been made to reporting framework:
    • You can create a per-site report using a report template and apply it to other sites.

      site-report-create.png
      When you save the report, you can choose to copy the settings to other sites so that same report can be generated for the chosen sites.

      site-report-save.png

      You can view the generated reports as follows:

      generated-reports.png
       
    • You can combine data from multiple sites and appliances into a single time series chart. For example:

      combined-sites.png
       
    • You can generate reports about available bandwidth for SD-WAN access circuits. SD-WAN branches periodically export to Analytics the total available uplink and downlink bandwidth for each WAN link. If you enable a speed test to the branches, the uplink and downlink bandwidth that is reported by the speed test utility is exported. If you do not enable a speed test, the configured uplink and downlink bandwidth is exported.

      available-bandwith.png
       
  • Retention configuration per Analytics report type—You can set different retention values for daily and hourly time-to-live (TTL) data, as shown here:

    retention-configuration.png
     
  • SD-WAN site and link availability—(In Releases 21.1.1 and later.)
    • Site availability, a feature available before Release 21.1, indicated the reachability of a site from the controller point of view. If the controller lost connectivity to a branch, it sent a site disconnect message that was used to compute the availability. If all controllers lost connectivity to the branch, the site was marked down. Otherwise, it was marked up. This implementation did not work as expected in some scenarios, causing the availability computation to be inaccurate. Release 21.1.1 implements a new logic that relies on combination of SLA metrics between sites and controllers and log activity from the site to determine site availability. In addition to up/down state, a new degraded state is determined using the SLA loss metrics that indicates brownout conditions. If no SLA metrics are received for a site and if there is no log activity from the site for more than 10 minutes, the site is marked down.
    • Link availability is a new feature that provides the health of the link based on the SLA metrics received from the site and controller for each WAN link of the site. SLA metric values are used to determine whether the state is up, down, degraded. If no SLA metrics logs are received for more than 10 minutes, the link is marked down. Drill down on a site to display site and link availability charts. In the charts, green represents the up state when availability is >= 98 percent, orange represents a degraded state when availability is < 98 percent, and red represents the down state when availability is < 5 percent.

      link-availability.png

      You can use the reporting framework to generate site and link availability reports for a tenant or a specific appliance:

      availability-for-specific-tenant-appliance.png

      See SD-WAN Dashboard.
  • Note: If you upgrade an Analytics cluster from Release 16.1R2 or Release 20.2 to Release 21.1, availability data that was displayed before the upgrade is not available after the upgrade because of changes in the software implementation. To keep track of the previous information, use the reporting tool to create and download the availability reports before you perform the upgrade.

  • Site availability summary table—You can generate a report for percentage site availability for all a tenant's sites. For example:

    site-availability-summary-table.png
     
  • Site tag report—(In Releases 21.1.1 and later.) In Versa Director, you can set one or more site tags for a VOS device, and a filter has been added to the SD-WAN dashboard that allows you to drill down to a site or a site tag. If you choose a site tag, the dashboard displays data only for sites that match the site tag, thus providing a consolidated view for all sites matching the tag.

    You set the site tags in Versa Director. For example:

    site-tags-director.png
    You choose the site tabs from the SD-WAN dashboard:

    site-tag.png

    Drill down on a site tag to display a dashboard for sites matching the site tag. The following example is for site tag “Controller”:

    site-tag-drilldown.png

  • Statistics in SD-WAN dashboard—(In Releases 21.1.1 and later.) The SD-WAN dashboard has been enhanced to include statistics blocks that provide a high-level overview of the tenant.

    sd-wan-statistics.png

    Drill down support is available for some of the reports to display information about sites with errors and anomalous conditions. For example:

    sd-wan-statistics-drilldown.png
  • Subscription lifecycle updates—(In Releases 21.1.1 and later.) A number of changes have been made to the subscription lifecycle, including the following. See Subscription Lifecyle.
    • Licenses are valid for 1, 3, or 5 years.
    • License subscriptions do not support the Created and Suspended states
    • A license is immediately activated after the device performs ZTP.
    • Manual license activation is not required.
  • TACACS+ support for Analytics nodes—You can use TACACS+-based authentication, authorization, and accounting (AAA) to provide access to Analytics nodes. You can configure up to four TACACS+ servers on each Analytics node. See Configure TACACS+.

  • Ubuntu Release 18.04—You can use Ubuntu Release 18.04 (Bionic Beaver) as the base Linux platform for running the Versa Analytics database, log collectors, and application. The release supports .iso file, which you can install on bare-metal platforms or virtual machines (VMs). Releases 21.1.1 and later support the Release 18.04.04 host OS for VOS devices.

  • Usage and session logging control default settings—In Release 20.2.2, Versa introduced system settings for usage monitoring logging control (send top-n firewall source and destination statistics and send top-n SD-WAN application user statistics) and for session monitoring logging control (include session ID in firewall logs and include session ID in SD-WAN logs). In Releases 21.1.1 and later, default values are set for the top-N values. Also, including session ID parameters in logs is enabled by default. See Configure Firewall and SD-WAN Usage Monitoring Controls.

Fixed Bugs

The following are the critical and major defects fixed in Release 21.1.

Fixed Bugs in Release 21.1

Note that fixes for all bugs found in Release 16.1R2 through Release 16.1R2S11 and in Release 20.2.0 are available in Release 21.1.

Bug ID

Summary

37786 When you export security logs from the Analytics tab in Director, filenames are the same for all types of logs.
38936 Upgrade bootstrap library used by Analytics UI to 4.1.3, to fix security vulnerabilities.
42207 Reporting framework issue: Editing a report with different chart type does not take effect.
42470 Empty data shown in Logs > Alarms > Summary screen when you drill down on some of the data points in the chart.
42471 During log filtering, if multiple search criteria are present, deleting a field in the middle removes all subsequent fields.
44354 Upgrading from Release 16.1R2 to Release 20.2 should preserve TTL global settings.
46355 Session count on the grid were incorrectly for larger values. Values were divided by 1024 instead of 1000.

Fixed Bugs in Release 21.1.1

Note that fixes for all bugs found in Release 16.1R2 through Release 16.1R2S11, Release 20.2.0, and Release 21.1 are available in Release 21.1.1.

Bug ID

Summary

50744

Allow Analytics SMTP password settings to use special characters.

52559

Display LTE interface bandwidth in the System > Interfaces > Hierarchy tab, which is consistent with what is reported in the Interfaces tab for WAN interfaces of type LTE.

55976

Application crashes because of memory exhaustion when queries retrieve large amount of data. Fix removes time series reports from the firewall source/destination tabs.

56485

Fix for uCPE guest VNF system memory load calculation error.

57010

Fix for invalid color coding for some LTE signal strength values.

57210

Breadcrumbs may not display the correct page.

58071

Add support for filtering IDP logs using signature identifier.

58597

Remove live data monitoring icon from SLA and QOS screens, because the feature is not supported.

58852

Add support for TLS v1.2 in Analytics SMTP configurations

58894

Fix display of charts and table data for paths from local site to remote site and not to both directions, because important data is not displayed at the top.

Fixed Bugs in Release 21.1.2

Note that fixes for all bugs found in Release 16.1R2 through Release 16.1R2S11, Release 20.2.0, and Release 21.1.1 are available in Release 21.1.2.

Bug ID

Summary

57948

Fix to Secure Access Map icon when clustering is required. 

59084

Support for special characters in Analytics local user password.

61878

Time series chart in dashboards must aggregate per hour for last 7 days instead of using 5 or 15 minutes of data.

61960

Fix for negative availability value shown in some scenarios after upgrade to Release 21.1 if branches are still running previous releases.

62280

In log hierarchy, rename SD-WAN SLA Violation to Traffic Steering.

62427

Fix to show MOS value in time series charts in correct range. In Release 21.1.1, the value shown was divided by 100.

Fixed Bugs in Release 21.1.3

Note that fixes for all bugs found in Release 16.1R2 through Release 16.1R2S11, Release 20.2.0, and Release 21.1.2 are available in Release 21.1.3.

Bug ID

Summary

40495

Add support to display possible values for forwarding class filter under SD-WAN SLA metrics reporting.

55976

Fix application crash caused when too many queries led to heap exhaustion. Set a maximum limit of 200,000 records for a query.

56635

Fix for site filter not displaying all the sites and unable to set a filter when there are a large number of sites.

58314

PDF file generated from data tables does not show all columns because space issue. Fix to use appropriate zoom level to fit all the table columns.

59218

On the Reporting page, metrics limit was applied for time series, table data, and summary data. Fix to display only appliance metrics limit for summary data.

62308

Log collector exporter process in busy state when there are a large number of TACACS+ CLI accounting logs. Fix to process the logs in a staggered manner to avoid process overload.

63044

Fix for SD-WAN QoE chart displaying 50% score when path is completely down.

63264

Fix for breadcrumb when a page has multiple drill-downs.

63516

Site and link availability fixes:

  • When there is a loss of SLA monitoring data, display accurate state when Analytics node is running Release 21.x and VOS devices are running Release 16.1R2 release.
  • Display availability percentage as non-negative value.
  • Display availability percentage with 1 decimal place.
  • Display link availability even if Controller connectivity is not available for the links.
  • Add availability computation to handle logs that are received a few seconds after the sampling interval to avoid incorrect computation.

63892

Allow one metric selection for summary data using pie chart in reporting and dashboard. For metrics such as Volume Tx Rx, two pie charts are displayed side by side. This causes labels to overlap because of lack of space. In such cases, you can choose column or bar chart. Fora pie chart, you can select only one metric.

64384

When tenant operator logs into Analytics node, administration page hides all tabs except for version.

64398

Add vsh command vsh monit [start | stop] to start or stop the Versa monitor service. The older command, sudo service monit start/stop, is deprecated for Ubuntu 18.04 (Bionic).

64567

Fix for setting the same tab position when user drills down with WAN link in SD-WAN site view.

64582

Fix for APM report drill-down with network prefix not working because of an incorrect field type.

64762

Add support for From User filter for all relevant logs such as firewall, SD-WAN, and threat filtering and detection.

64985

Once the admin unlocks a locked user configured through TACACS+, the unlocked user is not listed in the show system locked-users command output.

65108

Add support for offline map under Logs > Firewall > Charts if offline map is selected as the map provider.

65562

Editing a chart under reporting tab was not allowing change of chart type from PIE to LINE. Fixed to support updating chart types to any type.

66575

Vulnerability fix in Analytics application to prevent access to page with insufficient authorization.

66787

Add OS version in the show system package-info CLI command output.

66837

When you upgrade to Release 21.1.2, NTP server configuration is overwritten. This issue has been fixed.

67323

When there are multiple data tables, search filter is not showing the correct filter options. This issue has been fixed.

67399

Add missing metrics for various charts, and fix labels for the metrics to make them consistent.

68687

In Ubuntu 18.04 (Bionic), alarms raised by lced are flooding the console. This issue has been fixed.

68800

Fix for Show Domain Names setting not taking effect when the time range is changed under Logs > Firewall, SD-WAN, Threat Filtering, and Threat Detection when this option is enabled.

68986

Add support to display TCP APM table data sorted by Versa application rank.

68997

Include filters for SD-WAN rule-related table data.

69280

ETL monitoring under Administration > System Status is not displaying data for all hosts. This issue has been fixed.

Fixed Bugs in Release 21.1.4

Note that fixes for all bugs found in Release 16.1R2 through Release 16.1R2S11, Release 20.2.0, Release 21.1.2, and Release 21.1.3 are available in Release 21.1.4.

Bug ID Summary

64119

Under Administration > Configuration > Settings > System Monitoring tab, fix to reduce the input box size for various fields.

66573

Solr account password vulnerability fix.

70026

Under reporting, graph selection is not clear for the report type. Fix to highlight the selected graph.

70580

Fix to return a generic error message when Analytics portal request parameters have invalid characters.

71310

Vty command to display lced memory statistics shows negative values for used bytes for memory type LCED VMEM_ID_LCED_STOR_BUF when PCAP logging is enabled. Fix to avoid showing such values.

74842

Logs exported from log collector exporter using syslog CEF format were missing explicit applianceName field. Fix to add appliance name in logs sent using CEF format.

77477

Under Administration > System Status page, the disk load, memory used, and CPU load are sometimes not displayed. Fix to always display them.

78104

If a log connection is flapping, the logs are buffered until the connection is established. The id2Name log used for tenant/appliance identification needs to be sent before any other log after the connection is established. If logs are buffered, they are sent before the id2Name log, resulting in these buffered logs not having a tenant and appliance name. Fix is to send the id2Name log in a separate high-priority queue so that it is received before any other logs.

78900

Fix for performing autorefresh of Analytics page when configured with some interval.

80432

Fix to load all charts saved for the tenant under reporting when Load Report is enabled for users logged in with the tenant user role.

Known Issues

The following are the known issues in Release 21.1.

Known Issues in Release 21.1

Bug ID

Summary

41534 Custom role creation view box and log filter drop box closes automatically if you click outside the box.
42468 Solr collection creation failure during installation if hostname is not bound to the IP address on which solr is listening (interconnect IP address). As a workaround, place the solr interconnect IP address first in /etc/hosts.
42469 If you select an appliance is selected in a map filter, to change the appliance name, you must erase the name and then choose another appliance name.
42555 Standby Director not responding to REST API calls, and you cannot register the standby Director until a failover is performed.
46001 Maintaining accounting records stops working, but results after you restart the auditd process.
46694 Collapse functionality is not working in Analytics dashboards. It is always in expanded state.
46722, 46723

Able to access Analytics from an AAA admin user who is not registered in the local user list.

Able to access Analytics with a aaauser who is not registered in the local user list and TACACS server. For remote authentication mechanisms, such as TACACS, two users are created by default on Analytics, aaaadmin and aaauser. User may be able to ssh into the Analytics node using these two users and default password. Need to block access for these users.

46730 Filter with port is not working if you add two port fields with 'is not equal to' operator.

Known Issues in Release 21.1.1

Bug ID

Summary

41534

Custom role creation view box and log filter drop box closes automatically if you click outside the box.

42468

Creation of search collection fails during installation if the hostname is not bound to the IP address to which the search node is listening (interconnect IP address). As a workaround, use the interconnect IP address of the search node as the first IP address in the /etc/hosts file.

42469

If an appliance is selected in the map filter to change the appliance name, it has to be erased to choose another appliance name.

42555

Standby Versa Director does not respond to REST API calls. You cannot register the standby Director until a failover is performed.

46001

Maintaining accounting records might stop working. To start it again, restart auditd.

54713

Users Map in the Secure Access dashboard works only if Google map is selected as the map provider in Administrator > Settings > Display Settings >. Open Street Map is not supported.

58311

On bionic systems, the versa-lced process may not start when versa-confd does not start fully. To fix this problem, issue the vsh restart command.

58931

SD-WAN map might show all sites even when you select a site tag filter.

58938

Use sudo to run the cluster installation script from Versa Director running bionic image.

Known Issues in Release 21.1.2

Bug ID

Summary

41534 

Custom role creation view box and log filter drop box closes automatically when you click outside the box.

42468

Search collection creation fails during installation if hostname is not bound to the IP address in which the search node is listening (interconnect IP address). Workaround is to use the interconnect IP address of the Search node as the first IP address in /etc/hosts.

42469

If an appliance is selected in the map filter, to change the appliance name, it needs to be erased to choose another appliance name.

42555

Standby Director not responding to REST API calls. It is not possible to register the Standby Director until you perform a failover.

46001

Maintaining accounting records stops working and starts working after you restart the auditd process.

54713

User Map on the Secure access dashboard works only if you select Google Maps as the map provider under Administrator > Settings> Display Settings. Support for Open Street Map is not yet available.

58311

On bionic systems, the versa-lced process might not start because confd does not start fully. To fix the issue, issue the vsh restart CLI command.

58931

SD-WAN map displays all sites even when you choose the Site Tag filter.

58938

Use sudo to run the cluster installation script from a Versa Director running a bionic image.

62610

Quality of Experience between a pair of sites after SD-WAN optimization does not display correct values if there are no logs for the specific intervals.

Known Issues in Release 21.1.3

Bug ID

Summary

41534

Custom role creation view box and log filter drop box closes automatically if you click outside of the box.

42468

Search collection creation fails during installation if hostname is not bound to the IP address on which search node is listening (interconnect IP address). As a workaround, use the search node’s interconnect IP address as the first IP address in the /etc/hosts file.

42469

If you select a VOS device in the map filter, to change the appliance name, you must erase it and then choose another name.

42555

Standby Director node not responding to REST API calls. Cannot register standby Director node until a failover is performed.

46001

Maintaining accounting records stops working and and then restarts after you restart auditd.

54713

Secure access dashboard Users Map works only if you select Google Maps as the map provider under Administrator > Settings > Display Settings.

58311

On Ubuntu 18.04 (Bionic) systems, in some cases, the versa-lced process does not start because versa-confd does not fully start. To correct this problem, issue the vsh restart CLI command.

58931

SD-WAN map displays all sites even when you choose a site tag filter.

58938

Use sudo to run the cluster installation script from a Director node that is running an Ubuntu 18.04 (Bionic) image.

66297

SD-WAN site, link availability, and QOE metrics can take up to 15 minutes for to display accurate information for the latest time block, because it relies on arrival of SLA and other logs to determine the state. There may be latency during log arrival or logs may be lost. To determine the state more accurately, analyze more log data over time.

Known Issues in Release 21.1.4

Bug ID Summary

41534

Custom role creation view box and log filter drop box closes automatically if you click outside of the box.

42468

Search collection creation fails during installation if the hostname is not bound to the IP address on which the search node is listening (interconnect IP address). As a workaround, use the Search node’s interconnect IP address as the first IP address in the /etc/hosts file.

42469

If you select an appliance in map filter, to change the appliance name, you need to erase the name and then choose another appliance name.

42555

The standby Director node not responding to REST API calls, so the standby Director node cannot be registered until a failover is performed

46001

Maintaining accounting records stops working and then starts working again after an auditd restart.

54713

The Users Map on the secure access dashboard works only if you select Google map as the map provider under Administrator > Settings > Display Settings.

58311

On Ubuntu Bionic systems, in some corner cases, the versa-lced process does not start because the versa-confd has not fully started. To fix the problem, issue the vsh restart command.

58931

The SD-WAN map shows all sites even when you choose a site tag filter.

58938

Use sudo to run the cluster installation script from a Versa Director node that is running an Ubuntu Bionic image.

66297

SD-WAN site, link availability, and QoE metrics can take up to 15 minutes for the latest time block to show accurate information, because they rely on the arrival of SLA and other logs to determine the state. There could be latency during log arrival, or logs could be lost. For accurate state determination, analyze more log data over time.

Request Technical Support

To request technical support, visit http://support.versa-networks.com. If you are contacting support for the first time, register and create an account. You can also send email to support@versa-networks.com or contact your Versa Networks sales account team.

Additional Information

Deployment and Initial Configuration

Revision History

Revision 1—Release 21.1, December 20, 2019
Revision 2—Release 21.1.1, August 21, 2020
Revision 3—Release 21.1.2, December 1, 2020
Revision 4—Release 21.1.3, June 6, 2021
Revision 5—Release 21.1.4, April 27, 2022

  • Was this article helpful?