Skip to content

NewValidation: Validate Use of vnsRsCIfAtt for Upgrades Across 6.0(3) Boundary #371

New issue
New issue
Open
Open
NewValidation: Validate Use of vnsRsCIfAtt for Upgrades Across 6.0(3) Boundary#371
Labels
new_validation
@amitanilkulkarni

Description

@amitanilkulkarni
amitanilkulkarni
opened on Mar 25, 2026

Validation Type

[ ] - Fault

[✓] - Config

[ ] - Bug

[ ] - Other

What needs to be validated

Validate whether the fabric contains any user-configured vnsRsCIfAtt that does not have a corresponding vnsRsCIfAttN, and flag it for any upgrade path that crosses the 6.0(3) boundary.

The validation should detect:

  • vnsRsCIfAtt exists in user config
  • No matching vnsRsCIfAttN exists under the same vnsLIf with the same target DN
  • The upgrade crosses 6.0(3) version boundary

If all of the above are true, the script should report that the upgrade is affected and ask the user to configure the missing vnsRsCIfAttN before proceeding.

Optionally:

  • If the fabric is already on 6.2(3) or newer version and both -- vnsRsCIfAtt as well as corresponding vnsRsCIfAttN -- are present in user configuration, the script should inform the user to remove the deprecated vnsRsCIfAtt MO from the config. This MO cannot be created in 6.2(3). It will be implicitly created as needed when downgrading to an older version that depends on it.

Why it needs to be validated

vnsRsCIfAtt was deprecated in favor of vnsRsCIfAttN due to cardinality issues in 1.x release. However, it is still present in some user configurations.

If an upgrade crosses the 6.0(3) boundary and the user config contains only RsCIfAtt and not RsCIfAttN, user can end up in a misleading state where the graph still remains rendered due to stale/implicitly created vnsRsCIfAttN objects, even though the policy configuration is incomplete.

Deprecated vnsRsCIfAtt config may continue to exist in 6.2(3), where users should remove it and rely on vnsRsCIfAttN instead.

Additional context

vnsRsCIfAttN is used for attaching a concrete interface to a logical interface of an L4L7 device. Both, vnsRsCIfAtt as well as vnsRsCIfAttN, were considered valid user configs till version 6.0(3).

Risk exists specifically when only vnsRsCIfAtt is configured; not when either only vnsRsCIfAttN or both vnsRsCIfAtt and vnsRsCIfAttN relations are present under vnsLIf pointing to the same concrete interface.

Recommended action:

  • Before upgrade, add vnsRsCIfAttN under the same vnsLIf with the same tDn as each affected vnsRsCIfAtt
  • On 6.2(3) and newer versions, suggest the user to unconfigure the deprecated vnsRsCIfAtt MO if the corresponding vnsRsCIfAttN is present in the config.

Metadata

Metadata

Assignees

No one assigned

    Labels

    new_validation

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions