7.2.5090 Release Notes
Release Date: 19 May 2025
Release Notes Last Updated: 02 June 2025
Corrected Issues in Aviatrix Release 7.2.5090
Issue |
Description |
||
AVX-61310 |
In an Aviatrix multi-transit design with Transit Peering, where one of the Transit Gateways has BGP S2C enabled and learns a default route (0.0.0.0/0), an issue occurs following a controller upgrade where incorrect metrics are applied to PeerS2c routes. |
||
AVX-61702 |
Resolved an issue where Azure gateway image upgrades failed when customer-provided public IPs were used. The Controller was expecting a specific naming convention (av-ip-[gateway-name]) and could not locate custom-named IPs, resulting in upgrade errors. The upgrade logic has been fixed to support any naming convention for public IPs. |
||
AVX-61803 |
Fixed an issue where the Controller did not correctly tag resources created through CFT and Lambda. It now tags all associated resources, including Lambda functions, Lambda roles, Launch Templates, Auto Scaling Groups, and SNS topics. |
||
AVX-61981 |
When using RFC6598 Shared Address Space (100.64.0.0/10) in VPC/VNet CIDRs, traffic from these addresses to the public internet may have been incorrectly matched by the Public Internet security group. This could result in 100.64.0.0/10 being mistakenly classified as internet traffic. The 100.64.0.0/10 is commonly used for Kubernetes deployments. The Public Internet security group CIDR ranges have been updated to correctly exclude the shared address space. This enhancement improves the Kubernetes experience. |
||
AVX-62067 |
The following issue has been fixed in this release.
Aviatrix Transit Gateways with large number of tunnels and running for a long time could encounter an issue where in the IPSec process becomes unresponsive leading to all IPsec tunnels going into a DOWN state. The cause of this is an internal counter reaching its maximum value and overflowing. To recover, the transit gateway needs to be rebooted. While it is not possible to specify the exact number of tunnels and length of time it would take for the internal counter to overflow, the few customers who encountered this issue had greater than 800 ipsec tunnels on the transit gateway and took three to four months to encounter this issue. The number of ipsec tunnels on the gateway can be seen from Copilot UI under Diagnostics > Cloud Routes > Gateway Routes. |
||
AVX-62269 |
Fixed an issue where GRPC traffic could be dropped when routed through Distributed Cloud Firewall (DCF) web filters using SNI-based web groups. The fix improves support for HTTP/2-based traffic in scenarios where only H2 is present in the ALPN list, resolving a limitation in the Traffic Server tunneling logic. |
||
AVX-62619 |
Fixed an issue where Aviatrix Gateways could experience memory buildup and restarts during prolonged Layer 7 (L7) traffic. The system now properly clears outdated web filter data to prevent excessive memory usage. |
Known Issues in Aviatrix Release 7.2.5090
Issue |
Description |
AVX-62506 |
During a gateway software upgrade, traffic matching DCF WebGroup rules may be briefly dropped during the upgrade. This impacts both Layer 7 (HTTP/HTTPS) and Layer 4 traffic and occurs across all supported cloud providers (AWS, Azure, and GCP). The disruption typically lasts a few seconds but may vary depending on gateway load and policy complexity. Workaround: None Recommendations:
|
AVX-62712 |
When recreating a policy-based Site-to-Cloud (S2C) VPN connection after deleting a previous one with the same remote CIDR, the system may incorrectly report a CIDR overlap error, even though the original connection has been removed. This occurs because the system does not fully clean up the remote CIDR information, causing it to believe the CIDR is still in use. Affected Scenario:
Workaround: Contact Aviatrix Support to manually clear the cached CIDR information. |
AVX-63334 |
Aviatrix Edge Gateways deployed on Equinix Network Edge and certain VMware environments may experience issues with root disk resizing during initial setup. The root filesystem might not expand to utilize the full allocated disk space. This can prevent essential cloud-init modules from executing properly. Affected Versions:
Workaround: Customers running Aviatrix Edge Gateways on Equinix Edge or VMware environments with version 7.1.4191 should contact Aviatrix Support for assistance. |
AVX-63846 |
In the CoPilot UI, Groups > SmartGroups and Groups > ExternalGroups with multiple filters may not appear as originally configured after being saved. This issue occurs when creating groups with multiple sets of any resource type. While policy enforcement is correct, the UI may display missing or merged filter sets, leading to ambiguity and confusion during review or editing. Affected Scenario:
Workaround: There is no workaround at this time. If possible, avoid using multiple filter sets in a single group until the issue is resolved. |
AVX-64015 |
Jumbo Frame support cannot be enabled on BGPoLAN (BGP over LAN) connections for AWS HPE gateways. Attempts to enable this feature may result in an error indicating that Jumbo Frames are not supported. This affects environments where high-throughput performance is critical, such as large-scale or latency-sensitive deployments. Affected Scenario:
Limitation: In version 8.0.0, Jumbo Frame support can only be enabled when creating a new BGPoLAN connection on AWS HPE gateways. Editing an existing connection to enable Jumbo Frames is not supported. Workaround: None. To enable Jumbo Frame support, delete the existing connection and recreate it with the setting enabled. |
AVX-64196 |
IPSec diagnostics in the Controller UI do not display logs for non-Equinix Edge Gateways (such as AEP or self-managed Edge Gateways). When accessing the diagnostics page for these gateways, the IPSec log section may appear empty, even if IPSec tunnels are operating correctly. This issue affects visibility into tunnel-level logs and may complicate troubleshooting efforts. Affected Scenario:
Workaround: Use tunnel status and statistics to verify IPSec operation. Note: This is a UI diagnostic issue only. IPSec tunnel functionality is not impacted. |
AVX-64213 |
When deploying Edge Gateways using images This may lead to insufficient storage for certain workloads or during upgrades. Affected Scenario:
Workaround: Manual resizing of the root partition and filesystem is required. Please contact Aviatrix Support for assistance, as this step cannot be performed independently. |
AVX-64397 |
Auto-migration between Aviatrix Controller builds within version 7.2.5090 fails on both AWS and Azure platforms. During the migration process, the new Controller is unable to connect to the old Controller, and the operation times out. As a result, the migration does not complete successfully. This issue is specific to Controller-to-Controller migrations within the same 7.2.5090 release family and does not affect upgrades to newer versions. Affected Scenario:
Workaround: Use manual backup and restore instead of auto-migration: - Launch a new Controller with the target 7.2.5090 build. - Create a backup from the existing Controller. - Restore the backup on the new Controller. - Transition operations to the new Controller. Note: This issue does not impact migrations from version 7.2.5090 to version 8.0 or later. Aviatrix encourages you to upgrade directly to version 8.0 or newer, where auto-migration works as expected. |
AVX-64767 |
Customers using the Site-to-Cloud (S2C) mapped NAT feature at scale may encounter a performance regression and higher than normal packet drops after upgrading their gateways to version 7.1.4208, 7.2.5090 or 8.0.0. Contact Aviatrix Support before proceeding with the upgrade. |