Release Notes for Cisco Application Policy Infrastructure Controller Enterprise Module
This document describes the features, limitations, and bugs for this Cisco APIC-EM controller release.
Introduction
The Cisco Application Policy Infrastructure Controller Enterprise Module (Cisco APIC-EM) is a network controller that helps you manage and configure your network.
The Cisco APIC-EM can support up to the following total number of devices, hosts, and access points:
-
Network devices (routers, switches, wireless LAN controllers): 10,000
-
Hosts: 100,000
-
Access Points: 10,000
What's New in Cisco APIC-EM
In Cisco APIC-EM the root CA certificate that is used to sign the device certificates (sdn-network-infra-iwan) expires after 5 years from the installation date, with no mechanism to renew or roll over. After the certificate expires, all DMVPN tunnels in the entire IWAN environment go down, causing an outage.
This release of Cisco APIC-EM resolves the root CA certificate expiration problem.
This is not a standalone release. Cisco APIC-EM 1.6.4.60027 is a hot patch containing bug fixes, which is to be installed on top of Cisco APIC-EM 1.6.4.
To verify whether the patch has been installed in Cisco APIC-EM, navigate to the Updates page, and confirm that the version is 1.6.4.60027.
For the list of resolved bugs with this hot patch, see Resolved Bugs.
Supported Platforms and Software Requirements
For more information about the network devices and software versions supported for this release, see the Supported Platforms for the Cisco Application Policy Infrastructure Controller Enterprise Module.
Install the Hot Fix Patch
Before you begin
Review the following before installing the Cisco APIC-EM 1.6.4.60027 hot fix patch:
-
In a three-node setup, you only need to install the patch on one of the three nodes.
-
If the reset_grapevine command is used and all virtual disks are deleted, you must reinstall the patch.
-
The patch installation takes approximately 15 to 20 minutes to complete. Administrators can monitor the running services to verify the progress of the installation.
-
A tunnel flap might occur during the activation of the rollover certificate (both the CA certificate and the ID certificate). Tunnel connectivity resumes automatically without manual intervention.
Procedure
Step 1 |
From the Software Download site on cisco.com, download the .zip file that corresponds to your Cisco APIC-EM version. |
Step 2 |
Move the .zip file to a /tmp directory. |
Step 3 |
Enter the following command to unzip the .zip file:
|
Step 4 |
Enter the following command to run the patch installation script:
|
Step 5 |
Wait until the install.py script finishes successfully. |
Step 6 |
Enter the following command to monitor the status of apic-em-pki-broker-service, apic-em-jboss-service, and reverse-proxy:
|
Open Bugs
The following table lists the open bugs for the Cisco APIC-EM controller for this release.
Note |
For information about open and resolved bugs for a specific application, refer to the release notes for that application. |
Bug ID | Headline | ||||
---|---|---|---|---|---|
Any Cisco APIC-EM users who have been authenticated/authorized by an external server and who are locked out of the controller for whatever reason, cannot be manually unlocked.
Workaround:
|
|||||
A get VLAN and get Topology by VLAN does not work for the Cisco Catalyst 5000 and the Cisco Catalyst 3850. Workaround: There is no workaround at this time. |
|||||
Details of an application remains visible in the controller even after the application has been deleted. Workaround: There is no workaround at this time. |
|||||
When pushing a policy to 2000 devices under a full scale of 10,000 devices, the CPU utilization rises to between 98 and 100 percent. Workaround: There is no workaround at this time. |
|||||
While installing the ISO image, the installation fails with the error message below. The mapping to the drive to image is also disassociated and unmounted. Error message: Finish the Installation Failed to run preseeded command Workaround: Unmount the ISO image and mount it again. Next, try to reload the image and install it again. This issue may also occur due to an image corruption, so be sure to verify the checksum as well. |
|||||
Reset grapevine local needs to be performed multiple times to remove the node in MN. Workaround: In this case, |
|||||
When upgrading from 1.5.0.1368 to 1.5.11037 on a single node, some of the services do not come up, even though the cluster is accessible. The error, "Page Temporarily Unavailable. This page is temporarily unavailable because task-service is in the process of starting, please try again at a later time." Workaround: Disable the REO, upgrade the cluster to 1.5.1, and then enable REO after all the services are up. |
|||||
If multiple devices have the same Unique Serial Number, then APIC-EM will consider only the first device, and ignore other devices with the same number. Workaround: There is no workaround at this time. |
|||||
Unable to grow any services on the node after power on/off on the node in 3N Nic-bonding cluster. Workaround: There are two approaches to restore:
The second approach may require additional steps to harvest the clients with service instances stuck in "unresponsive" state.
To check the service instance status, use the command |
|||||
Services struck in starting state on a scaled 3N NIC-bonding cluster. Workaround: Need to harvest the client on which the service instances were placed manually, after which the services grows on a new client and it goes to running state. To check the service instance status, use command |
|||||
While trying to issue Workaround: Rebuild the cluster from scratch and restore the last backup data. |
|||||
APIC-WAB: Downloaded Troubleshooting CSV file does not contain any packet information. |
|||||
Tradition model, mdns-sd gateway under SVI, cache servc records A, AAAA, SRV TTL value has to be 120sec.
|
|||||
For 17.3.1 image for Routed access when TCP comes up with WAB and SDG sends resync multiple times.
|
Resolved Bugs
The following table lists the resolved bugs for this release.
Note |
For a list of bugs resolved in an earlier software release, see the Cisco APIC-EM release notes for the specific release. |
Bug ID | Headline |
---|---|
In APIC-EM, the root CA certificate is set to expire after 5 years from the original installation date. As there is no mechanism to renew this certificate, any device that has a certificate signed by APIC-EM CA is impacted after the certificate expires. |
|
The HTTP connection redirects for the network devices EJBCA service. |
Using the Bug Search Tool
Use the Bug Search tool to search for a specific bug or to search for all bugs in this release.
Procedure
Step 1 | |||
Step 2 |
At the Log In screen, enter your registered cisco.com username and password; then, click Log In. The Bug Search page opens.
|
||
Step 3 |
To search for a specific bug, enter the bug ID in the Search For field and press Return. |
||
Step 4 |
To search for bugs in the current release:
|
Service and Support
Troubleshooting
See the Cisco Application Policy Infrastructure Controller Enterprise Module Troubleshooting Guide for troubleshooting procedures.
Related Documentation
The following publications are available for the Cisco APIC-EM:
Cisco APIC-EM Controller Documentation
For this type of information... |
See this document... |
---|---|
Release information, including new features, system requirements, and open and resolved caveats |
Cisco Application Policy Infrastructure Controller Enterprise Module Release Notes |
Installation and configuration of the controller, including post-installation tasks |
Cisco Application Policy Infrastructure Controller Enterprise Module Installation Guide |
Introduction to the Cisco APIC-EM GUI and its applications |
Cisco Application Policy Infrastructure Controller Enterprise Module Quick Start Guide |
Configuration of user accounts, RBAC scope, security certificates, authentication and password policies, and global discovery settings. Monitoring and managing Cisco APIC-EM services. Backup and restore. Cisco APIC-EM APIs. |
Cisco Application Policy Infrastructure Controller Enterprise Module Administrator Guide |
Troubleshooting the controller, including the installation, services, and passwords. Developer console. How to contact the Cisco Technical Assistance Center (TAC). |
Cisco Application Infrastructure Controller Enterprise Module Troubleshooting Guide |
Tasks to perform before updating the controller to the latest version. Software update instructions. Tasks to perform after an update. |
Cisco Application Infrastructure Controller Enterprise Module Upgrade Guide |
Cisco Network Visibility Application Documentation
For this type of information... |
See this document... |
---|---|
Release information, including open and resolved caveats for the Cisco Network Visibility application |
Cisco Network Visibility Application for APIC-EM Release Notes |
Supported platforms and software releases. |
Cisco Network Visibility Application for APIC-EM Supported Platforms |
Installation of the application. (This application is installed as part of the Cisco APIC-EM controller software.) |
Cisco Application Policy Infrastructure Controller Enterprise Module Installation Guide |
Network discovery, device and host management, topology maps. |
Cisco Network Visibility Application for APIC-EM User Guide |
Cisco EasyQoS Application Documentation
For this type of information... |
See this document... |
---|---|
Release information, including open and resolved caveatsfor the Cisco EasyQoS application |
Cisco EasyQoS Application for APIC-EM Release Notes |
Supported platforms and software releases |
Cisco EasyQoS Application for APIC-EM Supported Platforms |
Installation of the application (this application is installed as part of the Cisco APIC-EM controller software) |
Cisco Application Policy Infrastructure Controller Enterprise Module Installation Guide |
Configuration of quality of service policies on the network devices in your network |
Cisco EasyQoS Applicatioin for APIC-EM User Guide |
Cisco Path Trace Application Documentation
For this type of information... |
See this document... |
---|---|
Release information, including open and resolved caveats for the Path Trace application. |
Cisco Path Trace Application for APIC-EM Release Notes |
Supported platforms and software releases |
Cisco Path Trace Application for APIC-EM Supported Platforms |
Installation of the application (this application is installed as part of the Cisco APIC-EM controller software). |
Cisco Application Policy Infrastructure Controller Enterprise Module Installation Guide |
Procedures for performing path traces and informatiion about how to unuderstand the path trace results |
Cisco Path Trace Application for APIC-EM User Guide |
Cisco IWAN Application Documentation
For this type of information... |
See this document... |
---|---|
Release Information, including open and resolved caveats for the Cisco IWAN application. |
Cisco IWAN Application on APIC-EM Release Notes |
Using the Cisco IWAN application |
Cisco IWAN Application on APIC-EM User Guide |
Cisco Integrity Verification Application Documentation
For this type of information... |
See this document... |
---|---|
Release information, including open and resolved caveats for the Cisco Integrity Verification application. |
Cisco Integrity Verification Application (Beta) on APIC-EM Release Notes |
Using the Cisco Integrity Verification application |
Cisco Integrrity Verification Application (Beta) on APIC-EM User Guide |
Cisco Remote Troubleshooter Application Documentation
For this type of information... |
See this document... |
---|---|
Release information, including open and resolved caveats for the Cisco Remote Troubleshooter application |
Cisco Remote Troubleshooter Application on Cisco APIC-EM Release Notes |
Using the Cisco Remote Troubleshooter Application. |
Cisco Remote Troubleshooter Application on APIC-EM User Guide |
Cisco Active Advisor Application Documentation
For this type of information... |
See this document... |
---|---|
Release information, including open and resolved caveats for the Cisco Active Advisor application. |
Cisco Active Advisor for APIC-EM Releaese Notes |
Cisco Wide Area Bonjour Application Documentation
For this type of information... |
See this document... |
---|---|
Release information, including open and resolved caveats for the Cisco Wide Area Bonjour application. |
Cisco Wide Area Bonjour Application for APIC-EM Release Notes |
Installation, configuration, troubleshooting, and usage of the application. |
Cisco Wide Area Bonjour Application for Bonjour APIC-EM User Guide |
Cisco Network Plug and Play Application Documentation
For this type of information... |
See this document... |
---|---|
Release information, including open and resolved caveats for the Cisco Plug and Play application. Supported Cisco devices for Cisco Network Plug and Play. |
Release Notes for Cisco Network Plug and Play |
Configuration of devices using Cisco Network Plug and Play. |
Configuration Guide for Cisco Network Plug and Play on Cisco APIC-EM Cisco Network Plug and Play Agent Configuration Guide or Cisco Open Plug-n-Play Agent Configuration Guide (depending on the Cisco IOS XE release) |
Cisco Network Plug and Play solution overview. Main workflows used with the Cisco Network Plug and Play solution. Deployment of the Cisco Network Plug and Play solution. Tasks for using proxies with the Cisco Network Plug and Play solution. Configuration of a DHCP server for APIC-EM controller auto-discovery. Troubleshooting procedures for the Cisco Network Plug and Play solution. |
Solution Guide for Cisco Network Plug and Play |
Information about using the Cisco Plug and Play Mobile App. |
Mobile Application User Guide for Cisco Network Plug and Play (also accessible in the app through Help) |
Cisco APIC-EM Developer Documentation
The Cisco APIC-EM developer website is located on the Cisco DevNet website.
For this type of information... |
See this document... |
---|---|
API functions, parameters, and responses. |
|
Tutorial introduction to controller GUI, DevNet sandboxes and APIC-EM NB REST API. |
Getting Started with Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) |
Hands-on coding experience calling APIC-EM NB REST API from Python. |
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at:
http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation as an RSS feed and delivers content directly to your desktop using a reader application. The RSS feeds are a free service.