Cisco Cisco Intelligent Automation for Cloud 4.2
4
Cisco Intelligent Automation for Cloud 4.2 Release Notes
Known Issues
Unexpected OpenStack Network Connectivity When Provisioning Network via APIC
Problem
Unexpected network connectivity will be allowed between multiple networks under the same VDC when multiple APIC
Network Policies are created.
Network Policies are created.
Symptom
APIC Network Policy is created per network pair that share a contract through a provider/consumer relationship. In Cisco
IAC 4.2, all networks under the same VDC can only use one default contract. This results in networks which have an APIC
network policy already created on them having connectivity to other networks that get configured with an APIC network
policy using the default contract. This may result in what would normally be considered unexpected inter-network
connectivity within the VDC.
IAC 4.2, all networks under the same VDC can only use one default contract. This results in networks which have an APIC
network policy already created on them having connectivity to other networks that get configured with an APIC network
policy using the default contract. This may result in what would normally be considered unexpected inter-network
connectivity within the VDC.
Reason
In Cisco IAC 4.2 we have limited support for APIC Network Policy functionality.
A single default contract is available to connect a source and destination network. The default action supported is
to allow all bidirectional traffic. There is no filtering between the source and destination networks.
to allow all bidirectional traffic. There is no filtering between the source and destination networks.
Multiple APIC network policies are supported per VDC. The network policies will use the default contract to define
connectivity between network pairs, a source and a destination network.
connectivity between network pairs, a source and a destination network.
Example
Network Policy 1: Net1 provides Default contract and Net2 consumes it.
Network Policy 2: Net3 provides Default contract and Net4 consumes it.
Result
Net1, Net2, Net3, and Net4 are all connected.
Net2 and Net4 both have network connectivity to Net1 because they are associated with (or consume) the same
contract.
contract.
Note
: Regardless of whether a network provides or consumes the contract, there will be connectivity due to the
association with the default contract.
Cisco Support Required for Chef Users Conducting Environment Upgrades
The size of the following parameters in the Service Item “Chef Roles” has changed to "STRING(Max)". If you are using
Chef and are planning to conduct an upgrade of Cisco IAC on your environment, we recommended that you contact
Cisco Support for assistance.
Chef and are planning to conduct an upgrade of Cisco IAC on your environment, we recommended that you contact
Cisco Support for assistance.
Default Attributes
Override Attributes
Run List
Environment Run List