Skip to content

check for CSCwq28721 #315

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sudharson-soundrapandiyan wants to merge 1 commit into
base: master
Choose a base branch
from
Open

check for CSCwq28721 #315

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions aci-preupgrade-validation-script.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6007,6 +6007,42 @@ def apic_vmm_inventory_sync_faults_check(**kwargs):
recommended_action=recommended_action,
doc_url=doc_url)


@check_wrapper(check_title='NTP sync issue in Leaf as NTP server')
def leaf_ntp_sync_check(cversion, tversion, **kwargs):
result = PASS
headers = ['policy dn', 'pod group name', 'policy name']
data = []
recommended_action = 'NTP wont sync between leaf as NTP server and host. makesure to use in-band ip for NTP server in leaf or checkout the bug CSCwp92030 for fixed version details'
doc_url = 'https://datacenter.github.io/ACI-Pre-Upgrade-Validation-Script/validations/#ntp-sync-issue-in-leaf-as-ntp-server'

fabricRsTimePol_api = 'fabricRsTimePol.json'

if not tversion:
return Result(result=MANUAL, msg=TVER_MISSING)

if tversion.newer_than('6.1(4.28)'):
return Result(result=NA, msg=VER_NOT_AFFECTED)

if (cversion.newer_than('1.1(1a)') and cversion.older_than('6.1(4.20)')) or (tversion.newer_than('1.1(1a)') and tversion.older_than('6.1(4.20)')):
fabricRsTimePol = icurl('class', fabricRsTimePol_api)
for rstimepol in fabricRsTimePol:
rstimepol_attr = rstimepol['fabricRsTimePol']['attributes']
pol_dn = rstimepol_attr['tDn']
pol_name = rstimepol_attr['tnDatetimePolName']
match = re.search(r'podpgrp-([^/]+)', rstimepol_attr['dn'])
pod_group = match.group(1) if match else None
pol_res = icurl('mo', pol_dn + '.json')
pol_attr = pol_res[0]['datetimePol']['attributes']
if pol_attr['serverState'] == 'enabled' and pol_attr['masterMode'] == 'enabled':
Copy link

@kahande kahande Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to look for masterMode

data.append([pol_attr['dn'], pod_group, pol_name])

if data:
result = FAIL_O

return Result(result=result, headers=headers, data=data, recommended_action=recommended_action, doc_url=doc_url)


# ---- Script Execution ----


Expand Down Expand Up @@ -6168,6 +6204,7 @@ class CheckManager:
standby_sup_sync_check,
isis_database_byte_check,
configpush_shard_check,
leaf_ntp_sync_check,

]
ssh_checks = [
Expand Down
16 changes: 15 additions & 1 deletion docs/docs/validations.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,7 @@ Items | Defect | This Script
[Stale pconsRA Object][d26] | CSCwp22212 | :warning:{title="Deprecated"} | :no_entry_sign:
[ISIS DTEPs Byte Size][d27] | CSCwp15375 | :white_check_mark: | :no_entry_sign:
[Policydist configpushShardCont Crash][d28] | CSCwp95515 | :white_check_mark: |
[NTP sync issue in Leaf as NTP server][d29] | CSCwq28721 | :white_check_mark: |

[d1]: #ep-announce-compatibility
[d2]: #eventmgr-db-size-defect-susceptibility
Expand Down Expand Up @@ -220,7 +221,7 @@ Items | Defect | This Script
[d26]: #stale-pconsra-object
[d27]: #isis-dteps-byte-size
[d28]: #policydist-configpushshardcont-crash

[d29]: #NTP-sync-issue-in-Leaf-as-NTP-server

## General Check Details

Expand Down Expand Up @@ -2614,6 +2615,18 @@ Due to [CSCwp95515][59], upgrading to an affected version while having any `conf
If any instances of `configpushShardCont` are flagged by this script, Cisco TAC must be contacted to identify and resolve the underlying issue before performing the upgrade.


### NTP sync issue in Leaf as NTP server

RCA:
After the ACI fabric upgraded to affected version, In setup which has leaf switch as NTP server, Destination Ip of NTP request coming from Host(NTP client) is not stored and resused as Source when reply back from leaf side.
Details information => Sendpkt in NTP(3rd party) code supports only the immediate source interface ip.Mechanism to store the starting source ip address must be present so that packets can be send to the starting source ip addr.

IMPACT:
After the upgrade, NTP stopped working correctly between the endpoints and the master node (leaf switches). NTP request is being sent with the BD SVI IP as expected, but the leaf switch is responding with a different BD IP in the same VRF, leading to NTP response rejected from the endpoints.

Suggestion:
Use IP address from a VRF which only has one IP address on the switch, example would be inband VRF(in-band ip) which would usually have only one IP address or move to fixed version refer [CSCwp92030][62].

[0]: https://github.com/datacenter/ACI-Pre-Upgrade-Validation-Script
[1]: https://www.cisco.com/c/dam/en/us/td/docs/Website/datacenter/apicmatrix/index.html
[2]: https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-release-notes-list.html
Expand Down Expand Up @@ -2676,3 +2689,4 @@ If any instances of `configpushShardCont` are flagged by this script, Cisco TAC
[59]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp95515
[60]: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-743951.html#Inter
[61]: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-743951.html#EnablePolicyCompression
[62]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp92030
29 changes: 29 additions & 0 deletions tests/checks/leaf_ntp_sync_check/datetimePol_ntp_sync_issue.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
[
{
"datetimePol": {
"attributes": {
"StratumValue": "8",
"adminSt": "enabled",
"annotation": "",
"authSt": "disabled",
"childAction": "",
"configIssues": "",
"descr": "",
"dn": "uni/fabric/time-default",
"extMngdBy": "",
"lcOwn": "local",
"masterMode": "enabled",
"modTs": "2024-12-20T07:45:21.917+00:00",
"monPolDn": "",
"name": "default",
"nameAlias": "",
"ownerKey": "",
"ownerTag": "",
"serverState": "enabled",
"status": "",
"uid": "0",
"userdom": "all"
}
}
}
]
29 changes: 29 additions & 0 deletions tests/checks/leaf_ntp_sync_check/datetimePol_ntp_sync_issue_2.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
[
{
"datetimePol": {
"attributes": {
"StratumValue": "8",
"adminSt": "enabled",
"annotation": "",
"authSt": "disabled",
"childAction": "",
"configIssues": "",
"descr": "",
"dn": "uni/fabric/time-NEW1",
"extMngdBy": "",
"lcOwn": "local",
"masterMode": "enabled",
"modTs": "2024-12-20T07:45:21.917+00:00",
"monPolDn": "",
"name": "NEW1",
"nameAlias": "",
"ownerKey": "",
"ownerTag": "",
"serverState": "enabled",
"status": "",
"uid": "15374",
"userdom": ":all:"
}
}
}
]
29 changes: 29 additions & 0 deletions tests/checks/leaf_ntp_sync_check/datetimePol_ntp_sync_no_issue.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
[
{
"datetimePol": {
"attributes": {
"StratumValue": "8",
"adminSt": "enabled",
"annotation": "",
"authSt": "disabled",
"childAction": "",
"configIssues": "",
"descr": "",
"dn": "uni/fabric/time-default",
"extMngdBy": "",
"lcOwn": "local",
"masterMode": "disabled",
"modTs": "2024-12-20T07:45:21.917+00:00",
"monPolDn": "",
"name": "default",
"nameAlias": "",
"ownerKey": "",
"ownerTag": "",
"serverState": "disabled",
"status": "",
"uid": "0",
"userdom": "all"
}
}
}
]
29 changes: 29 additions & 0 deletions tests/checks/leaf_ntp_sync_check/datetimePol_ntp_sync_no_issue_2.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
[
{
"datetimePol": {
"attributes": {
"StratumValue": "8",
"adminSt": "enabled",
"annotation": "",
"authSt": "disabled",
"childAction": "",
"configIssues": "",
"descr": "",
"dn": "uni/fabric/time-NEW1",
"extMngdBy": "",
"lcOwn": "local",
"masterMode": "disabled",
"modTs": "2024-12-20T07:45:21.917+00:00",
"monPolDn": "",
"name": "NEW1",
"nameAlias": "",
"ownerKey": "",
"ownerTag": "",
"serverState": "disabled",
"status": "",
"uid": "15374",
"userdom": ":all:"
}
}
}
]
1 change: 1 addition & 0 deletions tests/checks/leaf_ntp_sync_check/fabricRsTimePol_no_podgroup.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
[]
28 changes: 28 additions & 0 deletions tests/checks/leaf_ntp_sync_check/fabricRsTimePol_ntp_sync_1pod.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
[
{
"fabricRsTimePol": {
"attributes": {
"annotation": "",
"childAction": "",
"dn": "uni/fabric/funcprof/podpgrp-default/rsTimePol",
"extMngdBy": "",
"forceResolve": "yes",
"lcOwn": "local",
"modTs": "2025-12-23T07:43:09.740+00:00",
"monPolDn": "",
"rType": "mo",
"state": "formed",
"stateQual": "none",
"status": "",
"tCl": "datetimePol",
"tContextDn": "",
"tDn": "uni/fabric/time-default",
"tRn": "time-default",
"tType": "name",
"tnDatetimePolName": "default",
"uid": "0",
"userdom": "all"
}
}
}
]
54 changes: 54 additions & 0 deletions tests/checks/leaf_ntp_sync_check/fabricRsTimePol_ntp_sync_2pod.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
[
{
"fabricRsTimePol": {
"attributes": {
"annotation": "",
"childAction": "",
"dn": "uni/fabric/funcprof/podpgrp-default/rsTimePol",
"extMngdBy": "",
"forceResolve": "yes",
"lcOwn": "local",
"modTs": "2025-12-23T07:43:09.740+00:00",
"monPolDn": "",
"rType": "mo",
"state": "formed",
"stateQual": "none",
"status": "",
"tCl": "datetimePol",
"tContextDn": "",
"tDn": "uni/fabric/time-default",
"tRn": "time-default",
"tType": "name",
"tnDatetimePolName": "default",
"uid": "0",
"userdom": "all"
}
}
},
{
"fabricRsTimePol": {
"attributes": {
"annotation": "",
"childAction": "",
"dn": "uni/fabric/funcprof/podpgrp-TESt2/rsTimePol",
"extMngdBy": "",
"forceResolve": "yes",
"lcOwn": "local",
"modTs": "2025-12-23T07:41:09.236+00:00",
"monPolDn": "",
"rType": "mo",
"state": "formed",
"stateQual": "none",
"status": "",
"tCl": "datetimePol",
"tContextDn": "",
"tDn": "uni/fabric/time-NEW1",
"tRn": "time-NEW1",
"tType": "name",
"tnDatetimePolName": "NEW1",
"uid": "0",
"userdom": ":all:"
}
}
}
]
Loading