Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Issues with leap second to be added in June 2015?

This thread has been viewed 0 times

  • 1.  Issues with leap second to be added in June 2015?

    Posted Jan 28, 2015 05:03 AM

    Can anyone tell me if Aruba has issued a statement regarding potential problems with any of its products when the leap second is added in June 2015?



  • 2.  RE: Issues with leap second to be added in June 2015?

    Posted May 13, 2015 06:19 AM

    I have been informed that deactivating NTP service 24 hours prior to 30th June 2015 is a good idea and it shall only been activated again after that day (1st of July).



  • 3.  RE: Issues with leap second to be added in June 2015?

    Posted May 13, 2015 08:07 AM

    To mitigate the issue, disable NTP services at least 24 hours prior to June 30, 2015 and then re-enable NTP services afterwards.
    Note: The controller will not require a reboot when NTP is disabled and re-enabled.
    Q. What happens if NTP is not disabled on the controller?
    A. There is a high chance that the controller will reboot.
    Q. Do I need to worry about this if NTP is not enabled?
    A. The controller is not affected if NTP is not enabled.



  • 4.  RE: Issues with leap second to be added in June 2015?
    Best Answer

    Posted May 13, 2015 08:11 AM
      |   view attached

    The International Earth Rotation and Reference Systems Service has decided to insert a one-second adjustment known as Leap Second to ensure the Coordinated Universal Time (UTC) is in sync with the solar/astronomical time. These Leap Seconds are irregularly timed in response to changes in the Earth’s rotation. Such a leap second adjustment is expected to occur on June 30th, 2015. For more information on Leap Second, you may refer to http://www.nist.gov/pml/div688/leapseconds.cfm

     

    This advisory is to notify which Aruba products and software releases may be affected by this time adjustment and provide guidance on workarounds or software patches. This is an initial advisory and will be updated as additional/relevant information becomes available. It is posted on the Aruba Support Site under the "Announcements" tab.

     

    AFFECTED PRODUCTS

                    - Aruba Mobility Controllers – All Versions

                    - Aruba Instant – All Versions

                    - AirWave Management Platform – All Versions

                    - ClearPass Policy Manager – All Versions

                    - Analytics and Location Engine – All Versions

     

     

    WHAT PRODUCTS ARE NOT AFFECTED?

                    - Aruba Mobility Access Switches

                    - Aruba AirMesh Routers

     

     

    CALL TO ACTION

     

    • Aruba Mobility Controllers

                    ====================

                    The fixes require making significant changes to the ArubaOS kernel which we have elected not to do at this time. To mitigate the issue, disable NTP services at least 24 hours prior to June 30, 2015 and then re-enable NTP services afterwards.

                   

                    Note: The controller will not require a reboot when NTP is disabled and re-enabled.

     

    1. What happens if NTP is not disabled on the controller?
    2. There is a high chance that the controller will reboot.

     

    1. Do I need to worry about this if NTP is not enabled?
    2. The controller is not affected if NTP is not enabled.

     

     

    • Aruba Instant

                    ===============       

                    To mitigate the issue, disable NTP services at least 24 hours prior to June 30, 2015 and then re-enable NTP services afterwards.

     

    1. What happens if NTP is not disabled on the IAP?
    2. There is a high chance that the IAP will reboot.

     

    1. Do I need to worry about this if NTP is not enabled?
    2. The IAP is not affected if NTP is not enabled.

     

    1. How to disable NTP service on IAP?
    2. Configure the NTP server to an unreachable IP/domain

     

     

    • AirWave Management Platform

                    ========================

                    - Airwave 8.0.8 is available for download and will address the leap second.

                    - Customers who are using NTP will not be affected.

                    - Customers with older versions of Airwave who do not use NTP can update the tzdata package with this command:

                      # yum update tzdata\*

                    - Customers who don't use NTP and don't update the tzdata package will end up with the clock off by a second (assuming it was correct in the first place). We do not anticipate any other side effects.

     

     

    • Analytics and Location Engine

                    ========================               

                    Customers should use the following command to update

     

                    # yum update tzdata\*

     

     

    • ClearPass Policy Manager

                    =====================

                    An out-of-cycle patch, the ClearPass Leap Second Update, will be provided for both actively supported releases as well as End of Development/Support releases on May 12th by 5:00pm PDT. It will be available for the following releases:

                    - ClearPass Policy Manager 6.2.6

                    - ClearPass Policy Manager 6.3.6

                    - ClearPass Policy Manager 6.4.x

                    - ClearPass Policy Manager 6.5.0/6.5.1

                   

                    Please use any of the methods listed below to install the patch.

     

    1. Installing the Patch Online Using the Software Updates Portal:
    2. Open ClearPass Policy Manager and go to Administration > Agents and Software Updates > Software Updates.
    3. In the Firmware and Patch Updates area, find the ClearPass Leap Second Update patch and click the Download button in its row.
    4. Click Install.
    5. When the installation is complete and the status is shown as Needs Restart, proceed to restart ClearPass. After reboot, the status for the patch will be shown as Installed. The ClearPass Policy Manager version number will not change.

     

    1. Installing the Patch Offline Using the Patch File from support.arubanetworks.com and HTTP:
    2. Download the appropriate ClearPass Leap Second Update from the Support site.
    3. Post the patch file to a local HTTP server.
    4. Open an SSH session to the ClearPass appliance using the ‘appadmin’ account.
    5. Type 'system update –i <http location of the file>’
    6. When the installation is complete, issue ’system restart'. After reboot, the status for the patch will be shown as Installed. The ClearPass Policy Manager version number will not change.

     

    1. Installing the Patch Offline Using the Patch File from support.arubanetworks.com and SCP:
    2. Download the appropriate ClearPass Leap Second Update from the Support site.
    3. Post the patch file to a local SCP server.
    4. Open an SSH session to the ClearPass appliance using the ‘appadmin’ account.
    5. Type 'system update –i < user@<scp location of the file>'
    6. When the installation is complete, issue ’system restart'. After reboot, the status for the patch will be shown as Installed. The ClearPass Policy Manager version number will not change.

     

    1. Installing the Patch Offline Using the Patch File from support.arubanetworks.com:
    2. Download the appropriate ClearPass Leap Second Update from the Support site.
    3. Open the ClearPass Policy Manager Admin UI and go to Administration > Agents and Software Updates > Software Updates.
    4. At the bottom of the Firmware and Patch Updates area, click Import Updates and browse to the downloaded patch file.
    5. Click Install.
    6. When the installation is complete and the status is shown as Needs Restart, proceed to restart ClearPass. After reboot, the staus for the patch will be shown as Installed. The ClearPass Policy Manager version number will not change.


  • 5.  RE: Issues with leap second to be added in June 2015?

    Posted May 13, 2015 02:09 PM

    You can also find the above mentioned bulletin posted on Aruba Networks support site under the “Announcements” tab which is accessible to Aruba customers and partners with a valid Support Portal account. 



  • 6.  RE: Issues with leap second to be added in June 2015?

    Posted May 15, 2015 02:51 PM

    for all products the expected effect is provided except for ClearPass, only four ways to patch it. what exactly is expected if ClearPass isn't patched?

     

    would be disabling NTP for a day also be enough for ClearPass?



  • 7.  RE: Issues with leap second to be added in June 2015?

    Posted Jun 01, 2015 09:22 PM
      |   view attached

    Hi,

     

    Please check attached file!

     

    ClearPass Policy Manager
    ClearPass versions 6.2 and higher include updates to address potential leap second related issues. However, recent test scripts supplied by RedHat indicate that ClearPass is still susceptible and not fully compliant to handle the upcoming leap second, irrespective of whether NTP is enabled or not. Disabling NTP is also not a recommended practice for ClearPass installations as it can create severe authentication-related issues.
    To ensure system stability and avoid any unforeseen system hang or crash, we encourage customers to install the “Leap Second Update Patch for ClearPass 6.x.x” which was released on May 12th, at the earliest opportunity before June 30th, 2015. This out-of-cycle patch is being provided for the following actively supported releases as well as End of Development/Support releases:
    o ClearPass Policy Manager 6.2.6
    o ClearPass Policy Manager 6.3.6
    o ClearPass Policy Manager 6.4.x
    o ClearPass Policy Manager 6.5.0/6.5.1
    This patch will also be included in future software releases such as ClearPass 6.5.2.

     

    Thank you.



  • 8.  RE: Issues with leap second to be added in June 2015?

    Posted Jun 18, 2015 04:04 PM
    Please note that the file that MKS and kosuke are of different revisions.
    kosuke's file is newer and reduces the amount of devices that are affected such as M3 blades.

    Can anyone confirm this?


  • 9.  RE: Issues with leap second to be added in June 2015?

    Posted Jun 20, 2015 05:44 AM

    i got that version 4 document on my corperate account also and some employees hinted the scope was smaller after the first version. not sure why Aruba hasn't it published on the website.



  • 10.  RE: Issues with leap second to be added in June 2015?

    Posted Jun 25, 2015 04:02 PM

    Here is the latest list of impacted products:

     

    Affected Products
    - Aruba Mobility Controllers – 7200 Series and 7000 Series Controllers
    - Aruba Instant – IAP-134/135, RAP-155/155P, IAP-114/115, IAP-103, IAP-204/205,
    IAP-214/215, IAP-224/225, IAP-274/275
    - ClearPass Policy Manager – All Versions
    - AirWave Management Platform – All Versions
    - Analytics and Location Engine – All Versions

     

    What Products Are NOT Affected?
    - Aruba Mobility Controllers – M3Mk1, 3000 series and 600 series
    - Aruba Instant – IAP-92/93, IAP-104/105, RAP-3WN/3WNP, IAP-175, RAP/IAP-108, RAP/IAP-109 running InstantOS 4.0.0.10 or above release
    - Aruba Mobility Access Switches
    - Aruba AirMesh Routers