Aspen Mesh Carrier-Grade 1.11.8-am1.3 release notes

Introduction

These release notes describe the differences between Aspen Mesh Carrier-Grade 1.11.8-am1.2 and 1.11.8-am1.3.

Supported platforms

This release is officially supported on these platforms and versions:

Platform	Version	Recommended Helm version
OpenShift	4.7	3.8

Istio proxy (Envoy) version

1.19

Related Packet Inspector IDD versions

The following version of the interface design description (IDD) specifies the behavior of Packet Inspector 1 included in this release:

Product	IDD version
Packet Inspector 1	v1.6

Security updates

Istio

(No security updates)

Aspen Mesh features

(No security updates)

Other changes

Istio

(No changes)

Aspen Mesh features

• ASM-4137: In Packet Inspector 1, reduced the default amount of memory allocated to the aggregator service’s circular buffer (daemonSetBufferMemoryPercent) to 30 percent.

• ASM-4136: Fixed an issue that caused the Packet Inspector 1 aggregator service to run slowly when under load.

• ASM-4162: Fixed a Packet Inspector 1 issue where malformed Diameter packets could cause the Istio proxy (Envoy) to crash. Malformed Diameter packets are now indicated by new filter metrics.

• ASM-4138: Fixed an issue where Packet Inspector 1 attempted to capture Diameter packets from ingress and egress gateways.

• ASM-4143: In Packet Inspector 1, added Prometheus Go memory metrics for the aggregator service to facilitate memory tuning. These memory metrics are prefixed with aspenmesh_ like the other aggregator metrics.

• ASM-4155: Aspen Mesh now enables the Packet Inspector 1 filter metrics by default, and Metrics Collector now scrapes the Packet Inspector 1 aggregator metrics by default (you don’t need to change the scrape configuration). Note that Metrics Collector is deprecated, which means it may be removed in a later release.

• ASM-4158: In Packet Inspector 1, added the ability to exclude one or more namespaces or pods when capturing HTTP packets. Learn how to exclude one or more namespaces or pods.

Known issues

• AM-3069: OpenShift clusters using either the Multi-Primary or the Multi-Primary on different networks configuration for multicluster connectivity fail to create the remote secret with the following error:

  $ istioctl x create-remote-secret --name=cluster1
  
  error: could not get access token to read resources from local kube-apiserver: wrong number of secrets (2) in serviceaccount istio-system/istio-reader-service-account
  
  error: could not get access token to read resources from local kube-apiserver: wrong number of secrets (2) in serviceaccount istio-system/istio-reader-service-account
  

• AM-3547: Pods with Istio sidecars get evicted when a node runs low on storage because they don’t request ephemeral storage.

• ASM-4213: Packet Inspector 1 comments in the istiod values file indicate that you can exclude one or more namespaces or pods when capturing Diameter workloads, but only HTTP workloads are supported.

Download

Use either of the following methods to download the release archive file:

• Script: Learn how to download Aspen Mesh using a script.

• Manual download: Use the link for your operating system:

  • Linux (hash)

  • macOS (hash)

  • Windows (hash)