Skip to content

Added validation for CFD CSCwq28721 #315

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sudharson-soundrapandiyan wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Added validation for CFD CSCwq28721 #315

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
6a56948
check for CSCwq28721
sudharson-soundrapandiyan Dec 24, 2025
c61b927
Update aci-preupgrade-validation-script.py
sudharson-soundrapandiyan Jan 5, 2026
274b9d5
Update affected version in aci-preupgrade-validation-script.py
sudharson-soundrapandiyan Jan 12, 2026
e5e5f22
Merge branch 'master' into sudharson-CSCwq28721
sudharson-soundrapandiyan Jan 20, 2026
e3bbb54
updated version check as per cco version
sudharson-soundrapandiyan Feb 18, 2026
3be1893
updated Pytest
sudharson-soundrapandiyan Feb 18, 2026
8db926d
resolved merge conflicts after pulling recent merge and removed tvers…
sudharson-soundrapandiyan Mar 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions aci-preupgrade-validation-script.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6053,6 +6053,39 @@ def auto_firmware_update_on_switch_check(cversion, tversion, **kwargs):

return Result(result=result, headers=headers, data=data, recommended_action=recommended_action, doc_url=doc_url)


@check_wrapper(check_title='NTP sync issue in Leaf as NTP server')
def leaf_ntp_sync_check(cversion, tversion, **kwargs):
result = PASS
headers = ['policy dn', 'pod group name', 'policy name']
data = []
recommended_action = 'NTP wont sync between leaf as NTP server and host. makesure to use in-band ip for NTP server in leaf or checkout the bug CSCwp92030 for fixed version details'
doc_url = 'https://datacenter.github.io/ACI-Pre-Upgrade-Validation-Script/validations/#ntp-sync-issue-in-leaf-as-ntp-server'

fabricRsTimePol_api = 'fabricRsTimePol.json'

if tversion.newer_than('6.1(4h)') or tversion.same_as('6.0(9e)'):
return Result(result=NA, msg=VER_NOT_AFFECTED)

if (cversion.newer_than('6.0(9e)') and cversion.older_than('6.1(4h)')) or (tversion.newer_than('6.0(9e)') and tversion.older_than('6.1(4h)')):
fabricRsTimePol = icurl('class', fabricRsTimePol_api)
for rstimepol in fabricRsTimePol:
rstimepol_attr = rstimepol['fabricRsTimePol']['attributes']
pol_dn = rstimepol_attr['tDn']
pol_name = rstimepol_attr['tnDatetimePolName']
match = re.search(r'podpgrp-([^/]+)', rstimepol_attr['dn'])
pod_group = match.group(1) if match else None
pol_res = icurl('mo', pol_dn + '.json')
pol_attr = pol_res[0]['datetimePol']['attributes']
if pol_attr['serverState'] == 'enabled':
data.append([pol_attr['dn'], pod_group, pol_name])

if data:
result = FAIL_O

return Result(result=result, headers=headers, data=data, recommended_action=recommended_action, doc_url=doc_url)


# ---- Script Execution ----


Expand Down Expand Up @@ -6216,6 +6249,7 @@ class CheckManager:
isis_database_byte_check,
configpush_shard_check,
auto_firmware_update_on_switch_check,
leaf_ntp_sync_check,

]
ssh_checks = [
Expand Down
18 changes: 17 additions & 1 deletion docs/docs/validations.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,6 +194,7 @@ Items | Defect | This Script
[ISIS DTEPs Byte Size][d27] | CSCwp15375 | :white_check_mark: | :no_entry_sign:
[Policydist configpushShardCont Crash][d28] | CSCwp95515 | :white_check_mark: | :no_entry_sign:
[Auto Firmware Update on Switch Discovery][d29] | CSCwe83941 | :white_check_mark: | :no_entry_sign:
[NTP sync issue in Leaf as NTP server][d30] | CSCwq28721 | :white_check_mark: | :no_entry_sign:

[d1]: #ep-announce-compatibility
[d2]: #eventmgr-db-size-defect-susceptibility
Expand Down Expand Up @@ -224,6 +225,7 @@ Items | Defect | This Script
[d27]: #isis-dteps-byte-size
[d28]: #policydist-configpushshardcont-crash
[d29]: #auto-firmware-update-on-switch-discovery
[d30]: #NTP-sync-issue-in-Leaf-as-NTP-server

## General Check Details

Expand Down Expand Up @@ -2668,6 +2670,19 @@ To avoid this risk, consider disabling Auto Firmware Update before upgrading to
This issue occurs because older switch firmware versions are not compatible with switch images 6.0(3) or newer. The APIC version is not a factor.


### NTP sync issue in Leaf as NTP server

RCA:
After the ACI fabric upgraded to affected version, In setup which has leaf switch as NTP server, Destination Ip of NTP request coming from Host(NTP client) is not stored and resused as Source when reply back from leaf side.
Details information => Sendpkt in NTP(3rd party) code supports only the immediate source interface ip.Mechanism to store the starting source ip address must be present so that packets can be send to the starting source ip addr.

IMPACT:
After the upgrade, NTP stopped working correctly between the endpoints and the master node (leaf switches). NTP request is being sent with the BD SVI IP as expected, but the leaf switch is responding with a different BD IP in the same VRF, leading to NTP response rejected from the endpoints.

Suggestion:
Use IP address from a VRF which only has one IP address on the switch, example would be inband VRF(in-band ip) which would usually have only one IP address or move to fixed version refer [CSCwp92030][64].


[0]: https://github.com/datacenter/ACI-Pre-Upgrade-Validation-Script
[1]: https://www.cisco.com/c/dam/en/us/td/docs/Website/datacenter/apicmatrix/index.html
[2]: https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-release-notes-list.html
Expand Down Expand Up @@ -2731,4 +2746,5 @@ To avoid this risk, consider disabling Auto Firmware Update before upgrading to
[60]: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-743951.html#Inter
[61]: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-743951.html#EnablePolicyCompression
[62]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe83941
[63]: https://www.cisco.com/c/en/us/td/docs/dcn/aci/apic/all/apic-installation-aci-upgrade-downgrade/Cisco-APIC-Installation-ACI-Upgrade-Downgrade-Guide/m-auto-firmware-update.html
[63]: https://www.cisco.com/c/en/us/td/docs/dcn/aci/apic/all/apic-installation-aci-upgrade-downgrade/Cisco-APIC-Installation-ACI-Upgrade-Downgrade-Guide/m-auto-firmware-update.html
[64]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp92030
29 changes: 29 additions & 0 deletions tests/checks/leaf_ntp_sync_check/datetimePol_ntp_sync_issue.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
[
{
"datetimePol": {
"attributes": {
"StratumValue": "8",
"adminSt": "enabled",
"annotation": "",
"authSt": "disabled",
"childAction": "",
"configIssues": "",
"descr": "",
"dn": "uni/fabric/time-default",
"extMngdBy": "",
"lcOwn": "local",
"masterMode": "enabled",
"modTs": "2024-12-20T07:45:21.917+00:00",
"monPolDn": "",
"name": "default",
"nameAlias": "",
"ownerKey": "",
"ownerTag": "",
"serverState": "enabled",
"status": "",
"uid": "0",
"userdom": "all"
}
}
}
]
29 changes: 29 additions & 0 deletions tests/checks/leaf_ntp_sync_check/datetimePol_ntp_sync_issue_2.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
[
{
"datetimePol": {
"attributes": {
"StratumValue": "8",
"adminSt": "enabled",
"annotation": "",
"authSt": "disabled",
"childAction": "",
"configIssues": "",
"descr": "",
"dn": "uni/fabric/time-NEW1",
"extMngdBy": "",
"lcOwn": "local",
"masterMode": "enabled",
"modTs": "2024-12-20T07:45:21.917+00:00",
"monPolDn": "",
"name": "NEW1",
"nameAlias": "",
"ownerKey": "",
"ownerTag": "",
"serverState": "enabled",
"status": "",
"uid": "15374",
"userdom": ":all:"
}
}
}
]
29 changes: 29 additions & 0 deletions tests/checks/leaf_ntp_sync_check/datetimePol_ntp_sync_no_issue.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
[
{
"datetimePol": {
"attributes": {
"StratumValue": "8",
"adminSt": "enabled",
"annotation": "",
"authSt": "disabled",
"childAction": "",
"configIssues": "",
"descr": "",
"dn": "uni/fabric/time-default",
"extMngdBy": "",
"lcOwn": "local",
"masterMode": "disabled",
"modTs": "2024-12-20T07:45:21.917+00:00",
"monPolDn": "",
"name": "default",
"nameAlias": "",
"ownerKey": "",
"ownerTag": "",
"serverState": "disabled",
"status": "",
"uid": "0",
"userdom": "all"
}
}
}
]
29 changes: 29 additions & 0 deletions tests/checks/leaf_ntp_sync_check/datetimePol_ntp_sync_no_issue_2.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
[
{
"datetimePol": {
"attributes": {
"StratumValue": "8",
"adminSt": "enabled",
"annotation": "",
"authSt": "disabled",
"childAction": "",
"configIssues": "",
"descr": "",
"dn": "uni/fabric/time-NEW1",
"extMngdBy": "",
"lcOwn": "local",
"masterMode": "disabled",
"modTs": "2024-12-20T07:45:21.917+00:00",
"monPolDn": "",
"name": "NEW1",
"nameAlias": "",
"ownerKey": "",
"ownerTag": "",
"serverState": "disabled",
"status": "",
"uid": "15374",
"userdom": ":all:"
}
}
}
]
1 change: 1 addition & 0 deletions tests/checks/leaf_ntp_sync_check/fabricRsTimePol_no_podgroup.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
[]
28 changes: 28 additions & 0 deletions tests/checks/leaf_ntp_sync_check/fabricRsTimePol_ntp_sync_1pod.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
[
{
"fabricRsTimePol": {
"attributes": {
"annotation": "",
"childAction": "",
"dn": "uni/fabric/funcprof/podpgrp-default/rsTimePol",
"extMngdBy": "",
"forceResolve": "yes",
"lcOwn": "local",
"modTs": "2025-12-23T07:43:09.740+00:00",
"monPolDn": "",
"rType": "mo",
"state": "formed",
"stateQual": "none",
"status": "",
"tCl": "datetimePol",
"tContextDn": "",
"tDn": "uni/fabric/time-default",
"tRn": "time-default",
"tType": "name",
"tnDatetimePolName": "default",
"uid": "0",
"userdom": "all"
}
}
}
]
54 changes: 54 additions & 0 deletions tests/checks/leaf_ntp_sync_check/fabricRsTimePol_ntp_sync_2pod.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
[
{
"fabricRsTimePol": {
"attributes": {
"annotation": "",
"childAction": "",
"dn": "uni/fabric/funcprof/podpgrp-default/rsTimePol",
"extMngdBy": "",
"forceResolve": "yes",
"lcOwn": "local",
"modTs": "2025-12-23T07:43:09.740+00:00",
"monPolDn": "",
"rType": "mo",
"state": "formed",
"stateQual": "none",
"status": "",
"tCl": "datetimePol",
"tContextDn": "",
"tDn": "uni/fabric/time-default",
"tRn": "time-default",
"tType": "name",
"tnDatetimePolName": "default",
"uid": "0",
"userdom": "all"
}
}
},
{
"fabricRsTimePol": {
"attributes": {
"annotation": "",
"childAction": "",
"dn": "uni/fabric/funcprof/podpgrp-TESt2/rsTimePol",
"extMngdBy": "",
"forceResolve": "yes",
"lcOwn": "local",
"modTs": "2025-12-23T07:41:09.236+00:00",
"monPolDn": "",
"rType": "mo",
"state": "formed",
"stateQual": "none",
"status": "",
"tCl": "datetimePol",
"tContextDn": "",
"tDn": "uni/fabric/time-NEW1",
"tRn": "time-NEW1",
"tType": "name",
"tnDatetimePolName": "NEW1",
"uid": "0",
"userdom": ":all:"
}
}
}
]
Loading