Merge branch 'master' into sunanj/ipsec-documentation

docs/about_releases.mdx

@@ -27,13 +27,13 @@ Version `6.1.0` introduces changes to the SSR software release model. Every six
 | Release 6.2 | [6.2.0](release_notes_128t_6.2.md#release-620-39) | November 16, 2023 | [6.2.4](release_notes_128t_6.2.md#release-624-14r2) | August 16, 2024 | November 3, 2024 |
 | Release 6.1 | [6.1.0](release_notes_128t_6.1.md#release-610-55) | April 14, 2023 | [6.1.8](release_notes_128t_6.1.md#release-618-15) | September 22, 2025 | June 22, 2026 |
 | Release 5.6 | [5.6.7](release_notes_128t_5.6.md#release-567-4) | March 16, 2023 | [5.6.14](release_notes_128t_5.6.md#release-5614-7) | June 16, 2024 | December 16, 2024 |
-| Release 5.5 | [5.5.3](release_notes_128t_5.5.md#release-553-4)  | August 11, 2022 | [5.5.12](release_notes_128t_5.5.md#release-5512-9)  | November 19, 2023 | May 19, 2024 |
 
 ## Out of Support
 
 | Version     | FRS Date          | End of Software Engineering support | End of Support     |
 | ----------- | ----------------- | ----------------------------------- | ------------------ |
 | Release 6.0 | July 18, 2022     | November 30, 2023                   | November 30, 2023  |
+| Release 5.5 | August 11, 2022   | November 19, 2023                   | May 19, 2024       |
 | Release 5.4 | February 18, 2022 | December 18, 2022                   | June 18, 2023      |
 | Release 5.3 | August 6, 2021    | February 6, 2022                    | August 6, 2022     |
 | Release 5.2 | May 10, 2021      | November 10, 2021                   | May 10, 2022       |

docs/concepts_metrics.md

@@ -20,6 +20,10 @@ To view in-memory metrics, create a Metrics Profile containing the specific metr
 
 Care should be taken to avoid overloading the system with the metrics. Many metrics are currently in-memory because of the heavy load they introduce to the system if they were all persisted. 
 
+For in memory metrics, the `since` argument will only show the current value since in memory metrics do not have historic values.
+
+## `since` command 
+
 An Example of `show stats` command using a `since` argument is shown below:
 
 ```
@@ -45,6 +49,8 @@ IPFIX Stats
 Completed in 0.06 seconds
 ```
 
+The `since` argument is a general utility which performs a delta between the two values supplied by the arguments. The primary use is for cumulative metrics - ones that keep incrementing. Some stats are stored as a rate, which is a per 5 second view of the stat. A rate value in the past may be higher than the current rate (or rate at the selected time) and therefore a negative value may be returned.
+
 ## Session Establishment Metrics
 A key indicator of application performance is the time it takes to establish the TCP session between client and server. This is effectively the time it takes to get to the first data packet between endpoints. This metric is more telling than packet transmission rates because it is directional and end to end. Importantly, this information can be used as a measure of SLA to influence path selection.
 

docs/plugin_ipsec_client.md

@@ -922,7 +922,7 @@ exit
 
 ### Release 3.7.0
 
-**Release Date:** May 10, 2024
+**Release Date:** June 30, 2024
 
 **Router Version** 128T-ipsec-2.5.0-3
 
@@ -931,6 +931,34 @@ exit
 - **I95-51716** Common Criteria Certification - VPN Protection Profile
 The new version adds support for X.509 ceritifcate management for IPSec plugin, validating strength of VPN’s encryption algorithms, new Libreswan version update, and DH 21 groups.
 
+### Release 3.6.1
+
+**Release Date:** May 29, 2024
+
+**Router Version** 128T-ipsec-2.4.3-2
+
+#### Issues Fixed
+
+- **PLUGIN-2232** Configured and enabled tunnels remain down.
+
+  _**Resolution:**_ File corruption is now handled more gracefully, preventing IPSEC tunnels from going down.
+
+- **PLUGIN-2197** DNS resolution failure causes plugin to become stuck.
+
+  _**Resolution:**_ When FQDNs are defined in the `ipsec-client` > `remote` > `host` fields, the plugin will not start the tunnels if the FQDNs of the tunnels are unresolvable.
+
+- **WAN-1848** Tunnel monitoring failures did not cause traffic failover to other tunnels.
+
+  _**Resolution:**_ If tunnel monitoring is configured, the tunnel monitoring status will be tied into the ingress KNI's operational status which will cause traffic to failover.
+
+- **WAN-2648** Excessive logging in `ipsec-controller` journal.
+
+  _**Resolution:**_ Reduced logging to provide a simplified journal.
+
+- **WAN-2994** Port 500 sessions were stuck even with session deletion feature.
+
+  _**Resolution:**_ Delete the port 500 and 4500 sessions whenever the tunnel does not come up.
+
 ### Release 3.6.0
 
 **Release Date:** Oct 13, 2023

docs/release_notes_wan_assurance_plugin_3.8.md

@@ -0,0 +1,66 @@
+---
+title: WAN Assurance Plugin 3.8 Release Notes
+sidebar_label: '3.8'
+---
+## Release 3.8.0
+
+**Release Date:** June 04, 2024
+
+### New Features
+- **WAN-2632 Display the interface description on MIST UI**
+
+Any description configured under the `device-interface` will be displayed on the WAN Edge view on MIST UI.
+
+- **WAN-2309 Generate an alarm when device fails to register with MIST**
+
+A new alarm will be generated when a device is unable to register with the MIST cloud during initial onboarding and will include the failure reason.
+
+### Resolved Issues
+
+- **WAN-2839 The `show mist` command sometimes reports inaccurate status**
+
+  _**Resolution:**_ The logic to detect the connection down state and reason was made more robust to capture additional scenarios.
+
+- **WAN-2842 LTE interface missing tx/rx_bps**
+
+  _**Resolution:**_ The rx/tx bps for interfaces will now average the value across the 3 minute oc-stats window as opposed to sending a single snapshot at time of data collection.
+
+- **WAN-2853 Same interface is reported twice under different names**
+
+  _**Resolution:**_ For conductor managed devices runnning on Juniper branded hardware, the logic now accounts for custom user defined device names for HA sync and HA fabric interfaces.
+
+- **WAN-2991 DHCP pool exhaustion event not being generated**
+
+  _**Resolution:**_ The DHCP pool exhaustion event generation better accounts for the previous event status to accurately generate the event.
+
+- **WAN-3000 Process data collection spamming the logs**
+
+  _**Resolution:**_ The logs were updated to be less aggressive.
+
+- **WAN-3001 TSI collection times out on certain devices**
+
+  _**Resolution:**_ TSI collection is handled more efficiently by limiting the amount of CPU and memory the collection can consume and affording more time for the operation to complete.
+
+- **WAN-3003 For port errors, same value is being reported for both nodes in an HA pair**
+
+  _**Resolution:**_ Each node will report the local error counts for a given port.
+
+- **WAN-3049 Probe up/down events are generated even when the physical WAN port is down**
+
+  _**Resolution:**_ The probe up/down events are suppressed for a physical down port.
+
+- **WAN-3053 Duplicate path add/remove events being generated for HA interfaces**
+
+  _**Resolution:**_ The path add/remove events will be suppressed for fabric interfaces
+
+- **WAN-3072 Path Up events related to Application Path insights have incorrect reason**
+
+  _**Resolution:**_ Remove the reason code from path up events since the previous Path Down will always have the correct reason code.
+
+- **WAN-3077 DHCP pool events are missing the pool name**
+
+  _**Resolution:**_ Add the pool name for DHCP pool events in addition to the DHCP pool udpates.
+
+- **WAN-3104 Duplicate LTE interface with null stats being reported**
+
+  _**Resolution:**_ The logic to detect LTE interfaces for conductor managed whitebox devices was made more robust to handle user configured device names.

kb/2024-05-29-I95-56484.md

@@ -0,0 +1,93 @@
+---
+title: High Memory usage for application-director
+date: 2024-5-29
+tags: ['6.2.3', '6.2.4']
+hide_table_of_contents: false
+---
+
+Changes to use a new database in the app-id engine have introduced high memory utilization for the application-director.
+
+<!-- truncate -->
+
+**Issue ID:** I95-56484
+
+**Last Updated:** 2024-05-29
+
+**Introduced in SSR Version:** 6.2.3
+
+### Problem
+The application-director has a race condition that can occur during app-id module updates, app-id database reloads, and configuration changes.
+
+It is possible that stale connections to a database will utilize excessive memory over a long duration (application-director uptime).
+
+The administrator might notice alarms for high system memory and an Application Director alarm with the message `IP Database reload failed.`
+
+### Release Notes
+Resolve application-director stale database connection memory leak.
+
+### Severity
+<details>
+The potential impact of a software defect if encountered. Severity levels are:
+* Critical: Could severely affect service, capacity/traffic, and maintenance capabilities. May have a prolonged impact to the entire system.
+* Major: Could seriously affect system operation, maintenance, administration and related tasks.
+* Minor: Would not significantly impair the functioning or affect service.
+</details>
+Major
+
+### Status
+Resolved
+
+### Resolved In
+6.2.5
+
+### Product
+SSR
+
+### Functional Area
+System Health
+
+### Workaround
+<details>
+Juniper may provide a method to temporarily circumvent a problem; workarounds do not exist for all issues.
+</details>
+Utilizing SSR metrics data, custom charts can be used to view memory usage over time to identify processes that are increasing. Also, the PCLI provides a way to view current process memory utilization and a way to compare the current value a previous point in time.
+
+```
+admin@node.router# show stats process memory process-name application-director
+Thu 2024-05-30 20:38:03 UTC
+✔ Retrieving statistics...
+
+Process Memory Metrics
+----------------------
+
+======== ====== ====================== ============
+ Metric   Node   Process-name                Value
+======== ====== ====================== ============
+ rss      node   application-director     61681664
+ vsz      node   application-director   1589444608
+ ```
+
+The above values will appear as bytes. Shown below is comparing the current value to 10 days prior.
+
+```
+admin@node.router# show stats process memory process-name application-director since 10d
+Thu 2024-05-30 20:52:39 UTC
+✔ Retrieving statistics...
+
+Since: 2024-05-20 20:52:39
+
+Process Memory Metrics
+----------------------
+
+======== ====== ====================== =========
+ Metric   Node   Process-name             Value
+======== ====== ====================== =========
+ rss      node   application-director   1171456
+ vsz      node   application-director         0
+```
+
+In this case, the delta is 10Mb which is normal operating behavior.
+
+However, if the deltas over time are increasing significantly such that the current utilization has doubled or tripled, this is a good indicator that this issue is occurring.
+
+If you have confirmed the `application-director` has significant memory increases over time, the service can be restarted on the offending device using `systemctl restart application-director` as a privileged User.

sidebars.js

@@ -386,6 +386,7 @@ module.exports = {
         "type": "category",
         "label": "WAN Assurance",
         "items": [
+          "release_notes_wan_assurance_plugin_3.8",
           "release_notes_wan_assurance_plugin_3.7",
           "release_notes_wan_assurance_plugin_3.6",
           "release_notes_wan_assurance_plugin_3.5",