Release 4.0.0 Orchestrators, Gateways, and Hub Edges supports all previous VMware SD-WAN Edge versions greater than or equal to Release 3.0.0 (Note: this means releases prior to 3.0.0 are not supported, please consult the warning below for additional details).
Radius Manager 4.0.0 32
This will impact customers who deploy VMware SD-WAN Edges which use a 2.x Release. This impact begins after VMware SD-WAN upgrades its hosted Orchestrators and Gateways to 4.0.0 or higher. The exact dates will be announced on the Orchestrator two weeks prior.
When an Orchestrator and Gateways are upgraded to Release 4.0.0, all SD-WAN control plane and data plane overlay services will be unavailable for a VMware SD-WAN Edge using 2.x software. The Gateways will be unable to accept VCMP tunnels from Edges running Release 2.x. With no control plane connection with the Gateway, Edges will not be able to form tunnels with other Edges.
Release 3.x did not properly support AES-256-GCM, which meant that customers using AES-256 were always using their Edges with GCM disabled (AES-256-CBC). If a customer is using AES-256, they must explicitly disable GCM from the Orchestrator prior to upgrading their Edges to Release 4.0.0. Once all their Edges are running 4.0.0, the customer may choose between AES-256-GCM and AES-256-CBC.
Through Release 3.x, the VMware SD-WAN BGPv4 filter configuration for AS-PATH prepending supported both comma and space based delimiters. However, beginning in Release 4.0.0 and forward, VMware SD-WAN will only support a space based delimiter in an AS-Path prepending configuration. Customers upgrading from 3.x to 4.x need to edit their AS-PATH prepending configurations to "replace commas with spaces" prior to upgrade to avoid incorrect BGP best route selection.
When a VMware SD-WAN Orchestrator is upgraded to Release 4.0.0, all customer enterprises will have a Alternate Super Gateway automatically assigned to their enterprise if they do not already have one.
VMware SD-WAN always recommends Operators use the latest Application Map that is made available with each new software release to ensure the most consistent and correct application identification. A new flag has been added to the Application Map with Release 4.0.0: mustNotPerformDpi, which prevents VMware SD-WAN's Deep Application Recognition from overwriting a custom application decision (e.g. when matching by IP address and port). This flag need not be set for custom applications with an Application ID >= 4000.
Beginning in Release 4.0.0, VMware SD-WAN Orchestrator support for the browser Microsoft Internet Explorer is deprecated. VMware SD-WAN fully supports the Internet Explorer replacement, Microsoft Edge.
Beginning in Release 4.0.0, Edge Licensing is enabled by default and it is mandatory for a user to assign an Edge license type when creating a new VMware SD-WAN Edge. This requirement helps VMware SD-WAN to track customer subscriptions and simplifies and standardizes the Edge activation report sent by partners. VMware does not enforce the license parameters and assigning an Edge license type does not change the behavior of the Edge in any way.
Beginning in Release 4.0.0, Non-VeloCloud Sites (IPsec tunnels to third-party destinations) are renamed as "Non SD-WAN Destinations". Customers with existing Non-VeloCloud Sites from 3.x would see their site called a "Non SD-WAN Destinations via Gateway" as this is how a 3.x Non-VeloCloud Site connected to a third-party destination. Newly added Edge-based instances are called "Non SD-WAN Destinations via Edge".
The VMware SD-WAN Orchestrator User Interface (UI) is being modernized using the Clarity Design System for a clean, consistent, and responsive user experience. The full UI will be migrated over the course of multiple releases. Release 4.0.0 includes a partial set of Monitoring Sections in the new UI. Note: The QoE tab is not yet present in the new UI and will be added in an upcoming release. QoE is still visible in the legacy UI.
In environments where VMware SD-WAN Edges communicate with a VMware SD-WAN Orchestrator which is placed behind a NAT, a user may observe that when attempting to access Remote Diagnostics for an Edge which uses Release 4.0.0 software, that this page seems inaccessible. This is corrected by configuring the System Property network.portal.websocket.address to the actual IP/hostname used to access the Orchestrator UI in the browser.
When the VMware SD-WAN Gateway initiates tunnels to non SD-WAN sites, the security association (SA) involves a source and destination port. Once there is an SA, both these ports need to be populated correctly to ensure that IKE Phase 1 SA is recreated properly. As referenced in the VMware SD-WAN Release 4.0.0 Release Notes, VMware SD-WAN Release 4.0.0 replaced the IPsec libraries with FIPS 140-2 compliant IPsec libraries. As part of this replacement, the SA destination port was inadvertently set incorrectly on the second and subsequent negotiation attempts for a given peer.
All routing protocol daemons (bgpd, ospfd, pimd) restart if any one of those daemons restarts or fails. This is true of any Release 3.4.x or earlier build due to the routing architecture those builds used. Release 4.0.0 and later include an improved routing architecture which resolves this issue as a failure or restart of one routing daemon will not affect the others.
The user would encounter this issue on Configure > Edge > Device, in the Cloud Security Service section. This issue impacts a customer because the user is unable to change the CSS provider. This issue is the result of an added UI validation on 4.0.0 that is designed to prevent a user from changing an Edge-overridden CSS provider if that CSS is being used for any Edge-level business policy of the same Edge. However, instead of limiting the check to business policies of the configured Edge, the Orchestrator checks all of the Edges in the customer's enterprise.
Release 4.0.0 changes the way statistical data is stored, from MySQL to ClickHouse. As a result of this change, part of the DR-based-upgrade procedure includes a data migration. Once DR has been setup, the pre-4.0.0 Orchestrator will remain as active and the newly upgraded 4.0.0 Orchestrator will be in STANDBY_RUNNING mode waiting to be promoted. While the 4.0.0 Orchestrator is in STANDBY_RUNNING mode, any new data that is uploaded to the Active Orchestrator will continue to get migrated to the 4.0.0 Standby Orchestrator. The migration for the historic data was using an inefficient query issued to the Active Orchestrator which could potentially lead to increased MySQL load on the Active Orchestrator running pre-4.0.0 code. The increased load will manifest itself as API slowness, UI sluggishness and time out errors.
Release 4.0.0 changes the way statistical data is stored, from MySQL to ClickHouse. As a result of this change, part of the DR-based-upgrade procedure includes a data migration. Once DR has been setup, the pre-4.0.0 Orchestrator will remain as active and the newly upgraded 4.0.0 Orchestrator will be in STANDBY_RUNNING mode waiting to be promoted. While the 4.0.0 Orchestrator is in STANDBY_RUNNING mode, any new data that is uploaded to the Active Orchestrator will continue to get migrated to the 4.0.0 Standby Orchestrator. However, the migration for the new data was using an inefficient query issued to the Active Orchestrator, leading to increased MySQL load on the Active Orchestrator running pre-4.0.0 code. The increased load will manifest itself as API slowness, UI sluggishness and time out errors.
Release 4.0.0 changes the way statistical data is stored, from MySQL to ClickHouse. As a result of this change, part of the DR-based-upgrade procedure includes a data-migration. Once DR has been setup, the pre-4.0.0 Orchestrator will remain as active and the newly upgraded 4.0.0 Orchestrator will be in STANDBY_RUNNING mode waiting to be promoted. While the 4.0.0 Orchestrator is in STANDBY_RUNNING mode, any new data that is uploaded to the Active Orchestrator will continue to get migrated to the 4.0.0 Standby Orchestrator. However, the migration for the new data can end-up copying the same data that has already been migrated as part of the DR-setup phase, leading to data duplication and increased MySQL load on the Active Orchestrator running pre-4.0.0 code. The increased load will manifest itself as API slowness, UI sluggishness and time out errors.
On a VMware SD-WAN Orchestrator which is using the Release 4.0.0 new user interface, If a user is on a Monitor page and changes the Start & End time interval and then navigates between tabs, the Orchestrator does not update Start & End interval time to the new values.
When two Operators of differing privileges use the same browser window when accessing the New UI on a 4.0.0 Release version of the VMware SD-WAN Orchestrator, and the Operator with lesser privileges tries to login after the Operator with higher privileges, that lesser privileged Operator will observe multiple errors stating that the "user does not have privilege".
version 6.3.1.0-4.0.0virtual-controller-country ITvirtual-controller-key ***name VC_***virtual-controller-ip 10.1.0.1syslog-server 10.1.3.210terminal-accessntp-server 10.1.1.92clock timezone Rome 01 00rf-band alldynamic-radius-proxy
wlan ssid-profile AGUFFCOMMenableindex 0type employeeessid AGUFFCOMMopmode wpa2-aesmax-authentication-failures 0vlan 3auth-server srvradius01auth-server SRVPRI02rf-band allcaptive-portal disabledtim-period 1inactivity-timeout 1000broadcast-filter noneradius-reauth-interval 240dmo-channel-utilization-threshold 90local-probe-req-thresh 0max-clients-threshold 64
WC Database Version: 4.0.0WC Database Prefix: wp_Datenbank-Gesamtgröße: 8.83MBDatenbank-Datengröße: 6.97MBDatenbank-Indexgröße: 1.86MBwp_woocommerce_sessions: Daten: 0.70MB + Index: 0.02MB + Engine MyISAMwp_woocommerce_api_keys: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_woocommerce_attribute_taxonomies: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_woocommerce_downloadable_product_permissions: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_woocommerce_order_items: Daten: 0.02MB + Index: 0.02MB + Engine MyISAMwp_woocommerce_order_itemmeta: Daten: 0.19MB + Index: 0.15MB + Engine MyISAMwp_woocommerce_tax_rates: Daten: 0.00MB + Index: 0.01MB + Engine MyISAMwp_woocommerce_tax_rate_locations: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_woocommerce_shipping_zones: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_woocommerce_shipping_zone_locations: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_woocommerce_shipping_zone_methods: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_woocommerce_payment_tokens: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_woocommerce_payment_tokenmeta: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_woocommerce_log: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_actionscheduler_actions: Daten: 0.05MB + Index: 0.03MB + Engine MyISAMwp_actionscheduler_claims: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_actionscheduler_groups: Daten: 0.00MB + Index: 0.01MB + Engine MyISAMwp_actionscheduler_logs: Daten: 0.04MB + Index: 0.03MB + Engine MyISAMwp_commentmeta: Daten: 0.00MB + Index: 0.01MB + Engine MyISAMwp_comments: Daten: 0.08MB + Index: 0.04MB + Engine MyISAMwp_ens_subscribers: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_failed_jobs: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_imagify_files: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_imagify_folders: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_links: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_mailchimp_carts: Daten: 0.01MB + Index: 0.00MB + Engine MyISAMwp_mailchimp_jobs: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_options: Daten: 2.04MB + Index: 0.09MB + Engine MyISAMwp_postmeta: Daten: 0.99MB + Index: 0.41MB + Engine MyISAMwp_posts: Daten: 1.77MB + Index: 0.09MB + Engine MyISAMwp_queue: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_revslider_css: Daten: 0.09MB + Index: 0.00MB + Engine MyISAMwp_revslider_css_bkp: Daten: 0.01MB + Index: 0.00MB + Engine MyISAMwp_revslider_layer_animations: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_revslider_layer_animations_bkp: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_revslider_navigations: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_revslider_navigations_bkp: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_revslider_sliders: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_revslider_sliders_bkp: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_revslider_slides: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_revslider_slides_bkp: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_revslider_static_slides: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_revslider_static_slides_bkp: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_ta_link_clicks: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_ta_link_clicks_meta: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_termmeta: Daten: 0.01MB + Index: 0.02MB + Engine MyISAMwp_terms: Daten: 0.01MB + Index: 0.04MB + Engine MyISAMwp_term_relationships: Daten: 0.01MB + Index: 0.02MB + Engine MyISAMwp_term_taxonomy: Daten: 0.01MB + Index: 0.01MB + Engine MyISAMwp_trp_gettext_de_de: Daten: 0.47MB + Index: 0.57MB + Engine MyISAMwp_usermeta: Daten: 0.07MB + Index: 0.05MB + Engine MyISAMwp_users: Daten: 0.00MB + Index: 0.01MB + Engine MyISAMwp_wc_admin_notes: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wc_admin_note_actions: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wc_category_lookup: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wc_customer_lookup: Daten: 0.01MB + Index: 0.01MB + Engine MyISAMwp_wc_download_log: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wc_order_coupon_lookup: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wc_order_product_lookup: Daten: 0.02MB + Index: 0.02MB + Engine MyISAMwp_wc_order_stats: Daten: 0.01MB + Index: 0.02MB + Engine MyISAMwp_wc_order_tax_lookup: Daten: 0.00MB + Index: 0.01MB + Engine MyISAMwp_wc_product_meta_lookup: Daten: 0.00MB + Index: 0.01MB + Engine MyISAMwp_wc_tax_rate_classes: Daten: 0.00MB + Index: 0.01MB + Engine MyISAMwp_wc_webhooks: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wpam_actions: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wpam_affiliates: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wpam_affiliates_fields: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wpam_creatives: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wpam_events: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wpam_impressions: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wpam_messages: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wpam_paypal_logs: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wpam_tracking_tokens: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wpam_tracking_tokens_purchase_logs: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_wpam_transactions: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_yith_wcaf_affiliates: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_yith_wcaf_clicks: Daten: 0.24MB + Index: 0.02MB + Engine MyISAMwp_yith_wcaf_commissions: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_yith_wcaf_commission_notes: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_yith_wcaf_payments: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_yith_wcaf_payment_commission: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_yith_wcaf_payment_notes: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_yith_wcwl: Daten: 0.00MB + Index: 0.00MB + Engine MyISAMwp_yith_wcwl_lists: Daten: 0.00MB + Index: 0.01MB + Engine MyISAMwp_yoast_seo_links: Daten: 0.03MB + Index: 0.01MB + Engine MyISAMwp_yoast_seo_meta: Daten: 0.09MB + Index: 0.11MB + Engine MyISAM 2ff7e9595c
Comments