Versa Concerto Release Notes for Release 11.1
These release notes describe features, enhancements, fixes, and known issues in Concerto Release 11.1, for Release 11.1.1.
March 22, 2022
Revision 1
Product Documentation
The Versa Networks product documentation is located at https://docs.versa-networks.com.
Install Concerto
If you are installing new Concerto instances, follow the steps in Install Concerto.
Upgrade Concerto
To upgrade Concerto nodes from Releases 10.2.x to Release 11.1.1:
- Download the Concerto 10.2.1 bin file to the /var/versa/ecp/share/packages directory on any one of the nodes in the Concerto cluster. The bin file is automatically synced to all other nodes in the cluster.
- Before upgrading to Release 11.1.1 from Release 10.2.x, clear the flyway_schema_history in the Postgres database:
- Issue the vsh database connect portal CLI command.
- Enter the database password.
- Delete from "flyway_schema_history;".
- \q
- To upgrade to the new version of software, issue the vsh system package upgrade package bin file name command. This command triggers the upgrade process on all the nodes in the cluster. The upgrade debug logs are saved to the upgrade.log and install.log files in the /var/log/ecp directory.
- After the upgrade process completes, services start automatically on all the nodes. If the upgrade fails, the system automatically rolls back to the previous software image running on all the nodes.
- Check that the services are running, issue the vsh status command.
admin@concerto211:~$ vsh status admin@concerto211:~$ vsh status postgresql is Running zookeeper is Running kafka is Running solr is Running glances is Running mgmt-service is Running web-service is Running cache-service is Running core-service is Running monitoring-service is Running traefik is Running
- The docker service ls command also shows the status of the services:
Concerto 11.1.1 Enhancements
Concerto adds support for a Secure Access Services Edge (SASE) portal to SaaS services provided on a Versa Networks cloud-hosted SASE services infrastructure. See SASE Configuration.
The following table lists the Secure SD-WAN enhancements.
Feature ID | Description |
---|---|
70090 |
New configuration policy to configure following management services:
You configure all these server types in a single policy, and they become a reusable policy object. The Management Servers policy is in the Profile Elements > Policies > System folder. See Configure Management Servers.
|
71410 |
Improved experience for configuration change propagation and references from parent tenant to multiple levels of subtenants.
|
77218 |
Add the Speed Test Server option for WAN interfaces to enable selected appliances to act as speed-test servers on those WAN interfaces. Any SD-WAN device can run speed tests towards any SD-WAN device WAN interface address in the network on which the speed test is enabled.
Implicit configurations to enable all the WAN interfaces as speed-test clients towards internet speed-test servers such as Ookla are generated.
To perform speed tests from an appliance, select Monitor Appliance in the monitor screen of the appliance, and then select the Speed Test option under Tools.
|
75425 |
The AFFECTED PATHS monitor replaces the UNREACHABLE monitor. To drive the UNREACHABLE monitor, Concerto stores all the path information among all the appliances in the tenant. In large tenant networks with more than 1000 appliances, the number of paths can be many millions. Concerto polls periodically all the appliances for the information about all the paths in the tenant. The AFFECTED PATHS monitor is a more scalable solution, because it fetches only a summary of the Up and Down path counts from Versa Analytics for the top 100 appliances with down paths. You can drill down to any appliance to display all the Down paths for that appliance. The AFFECTED PATHS monitor displays information from appliances running VOS Releases 21.2.2 or later only. It is not backwards-compatible with earlier Versa Director and VOS releases.
The following is a view of tenant-level AFFECTED PATHS monitor.
The following is a view of an appliance with Down paths.
|
75143 |
Add support for aggregated Ethernet (AE) interfaces. To create an AE interface, select the Subcategory as AE on the interface create page.
|
72878 |
Add support for the creation of loopback interfaces in LAN VPNs. To create a loopback interface, select Type Virtual and Category Loopback.
|
71449 |
Add support for custom applications. Move the Application Groups folder from Elements > Endpoint to Elements > Application.
|
73679 |
Add tenant-level Settings Lifecycle to configure tenant global defaults. You can configure branch-to-branch IPsec Transform and DH Group values to overwrite the default values.
|
72401 | Integrate support for Prometheus and Grafana to monitor Concerto cluster health. For information about configuring Prometheus and Grafana, see Concerto Administration. |
Fixed Bugs
Fixed Bugs and Minor Enhancements in Concerto Release 11.1.1
Bug ID | Description |
---|---|
66144 |
Ability to see at a global tenant view where a particular policy/subprofile/element is being used. |
66145 |
Ability to search for an address object or IP address prefix from the address variable field input when configuring a security or other policy that requires an IP address. |
66148 |
Add support to publish from provider tenant to any tenant, not just child. |
66812 |
Separate “Delete Appliance” option in action menu. |
66888 |
Compress all log files generated on the disk. |
69178 |
Concerto does not display locked portal users correctly. |
69761 | Generating tech-support should gather logs from all cluster nodes. |
70056 | User is NOT able to see full site name and appliance name in honeycomb (when length of name < available space). |
71647 |
Add support to view tenants listing page hierarchically. |
72829 |
Reconcile appliance reachability state with periodic updates from Director node |
73499 |
Allow the reordering of security policies in a basic master profile. |
75696 |
Provide ability to not configure some WAN or LAN interfaces on device using bind variable vni-name with value “Not Present”. You do not need to configure a new master profile to not configure some WAN/LAN interfaces on the device it they are present in the profile. |
76208 |
Admin user force clear transaction occasionally does not work. |
76427 |
Remove usage of log4j2 library from all Concerto services. |
76470 |
Users shown as locked even though user is logged in. |
77204 |
Show proper error message when user login fails. |
77706 |
When services fail over to a secondary region, core services are becoming unreachable. |
77887 |
Link speed bind-data value sends incorrect value to the Director template. |
77907 |
Add option to turn off SLA path polling from Concerto to the appliances. This solution works with Analytics and appliances running Releases 21.2.3 and later. To disable SLA path polling in large networks, where optimized solution is not available through Analytics, issue the below command from a postgres shell.
To disable SLA path monitoring, insert into system_setting (uuid, config_group, property, value, create_date) values (gen_random_uuid(), 'MONITOR', 'EnablePathPolling', 'false', now());
To enable SLA path monitoring, delete from system_setting where config_group='MONITOR' and property='EnablePathPolling'; |
78008 |
Add the vsh database status and vsh database failover commands. The vsh database status command shows database cluster and LAG information.
admin@concerto-node1:~$ vsh database backup connect failover reset status
admin@concerto-node1:~$ vsh database status => Multi node patroni status + Cluster: versaecp (7025472584059707422) ---+----+-----------+ | Member | Host | Role | State | TL | Lag in MB | +-----------+------------+---------+---------+----+-----------+ | postgres1 | 10.0.10.29 | Replica | running | 9 | 0 | | postgres2 | 10.0.10.30 | Replica | running | 9 | 0 | | postgres3 | 10.0.10.31 | Leader | running | 9 | | +-----------+------------+---------+---------+----+-----------+ |
78009 |
Postgres log file rotation fails because of incorrect file permissions. |
78096 |
Bind data values are not preserved when attached service template name changes with same bind-data field names. The fix is to preserve the bind data value by name. |
78153 |
Publish task progress message times out randomly and then the progress bar remains at 0%. |
78355 |
Configuration published to the Director is sometimes merged incorrectly if the previous publish fails. When Concerto is performing a three-way merge, it was incorrectly using the previously failed configuration. |
78508 |
Updat the regulatory country code of WiFi radios does not take effect in the basic master profile. |
78739 |
Support gateway and remote destination monitoring even when ICMP is blocked on the WAN interfaces. |
79128 |
Null point error is thrown when an appliance is published if the traffic-steering rule has only custom SLA parameters configured. |
79132 |
System is slow to respond when adding/deleting and listing sites with large numbers of sites on the system. Multiple optimizations were made to the database queries to address the slowness issues. |
79142 |
Compress nightly database backup files. |
79755 |
Skip the QoS configurations on interfaces when the VNI name is set to Not Present in bind data value. |
Concerto Release 11.1 Director Version Compatibility
Concerto Release 11.1.1 is compatible with Versa Director versions 20.2.3 (patch version 5bfb269), 20.2.4, 21.1.2, 21.1.3, 21.2.1, 21.2.2.
For additional compatible patch versions of Release 20.2.3, contact Versa Networks Customer Support.
Request Technical Support
To request technical support, visit http://support.versa-networks.com. If you are contacting support for the first time, register and create an account. You can also send email to support@versa-networks.com or contact your Versa Networks sales account team.
Revision History
Revision 1—Release 11.1.1, March 22, 2022