8.0.50 Release Notes

Release Date: 05 March 2026

Release Notes Last Updated: 11 May 2026

Corrected Issues in Aviatrix Release 8.0.50

Issue Description

Issue	Description
AVX-71630	Resolved an issue where incorrect eBPF filters could be applied to the `eth1` interface on Azure gateways with Accelerated Networking enabled during upgrades from versions earlier than 7.2.2994. The upgrade process now properly handles interface filter configuration to prevent unintended traffic drops.
AVX-72847	Resolved an issue where the `avx-gw-state-sync` service leaked D-Bus connections on gateways. The implementation has been updated to use a shared D-Bus connection that is properly managed and cleaned up, preventing connection exhaustion during gateway operations.
AVX-73036	Resolved an issue where duplicate iptables mangle table MARK rules and remote gateway route tables were not properly cleaned up during Site-to-Cloud mapped tunnel failover, gateway image upgrade, or rollback scenarios. This issue could occur when migrating environments between releases or during tunnel role transitions. The cleanup logic has been corrected to ensure redundant rules are removed and route tables are properly maintained.
AVX-73589	Resolved an issue where the NFQ process could stall due to a deadlock when flushing IP data nightly. The implementation has been updated to prevent the deadlock condition and ensure the `avx-nfq` process continues to process traffic normally under high load.

AVX-71630

Resolved an issue where incorrect eBPF filters could be applied to the eth1 interface on Azure gateways with Accelerated Networking enabled during upgrades from versions earlier than 7.2.2994.

The upgrade process now properly handles interface filter configuration to prevent unintended traffic drops.

AVX-72847

Resolved an issue where the avx-gw-state-sync service leaked D-Bus connections on gateways.

The implementation has been updated to use a shared D-Bus connection that is properly managed and cleaned up, preventing connection exhaustion during gateway operations.

AVX-73036

Resolved an issue where duplicate iptables mangle table MARK rules and remote gateway route tables were not properly cleaned up during Site-to-Cloud mapped tunnel failover, gateway image upgrade, or rollback scenarios.

This issue could occur when migrating environments between releases or during tunnel role transitions. The cleanup logic has been corrected to ensure redundant rules are removed and route tables are properly maintained.

AVX-73589

Resolved an issue where the NFQ process could stall due to a deadlock when flushing IP data nightly.

The implementation has been updated to prevent the deadlock condition and ensure the avx-nfq process continues to process traffic normally under high load.

Known Issues in Aviatrix Release 8.0.50

None

Issue Description

Issue	Description
AVX-62003	Azure gateway image upgrades may fail when the Controller does not have the required Azure image subscription access. During the upgrade, the system deletes the existing gateway before validating subscription availability, which can result in gateway deletion without a replacement being created. This leaves dangling gateways in the Controller and can cause potential service outages. Impact: Existing gateways may be deleted during image upgrade Replacement gateway creation fails due to missing subscription Customers may experience connectivity loss and dangling gateway entries in the Controller Manual intervention required, leading to support escalations Workaround: None. To avoid outages, ensure the Controller subscription includes access to the required Azure image before attempting upgrades.
AVX-62299	When upgrading from Controller version 7.1 to 7.2 or 8.0, Spoke Gateways with routing through a Public Subnet Filtering (PSF) Gateway may fail to upgrade and become unreachable if the PSF Gateway has not been upgraded first. This issue affects AWS environments where Spoke Gateway route tables are configured to point to a PSF Gateway. To avoid this issue, follow the correct upgrade sequence: Upgrade the PSF Gateway first. Wait for the PSF Gateway upgrade to complete successfully. Then upgrade the dependent Spoke Gateways.
AVX-62506	During a gateway software upgrade, traffic matching DCF WebGroup rules may be briefly dropped during the upgrade. This impacts both Layer 7 (HTTP/HTTPS) and Layer 4 traffic and occurs across all supported cloud providers (AWS, Azure, and GCP). The disruption typically lasts a few seconds but may vary depending on gateway load and policy complexity. Workaround: None Recommendations: Schedule gateway upgrades during maintenance windows or low-traffic periods. Use HA deployments and upgrade gateways one at a time in HA pairs. Monitor logs for "Failed to load policy" messages to confirm when policies are reloaded.
AVX-63224	In Controller release 8.0, gateway software upgrades take longer to complete compared to earlier versions. On average, the upgrade rate drops from approximately 14 gateways per minute in version 7.2 to approximately 11 gateways per minute in 8.0, which is an increase of about 20% in execution time. Affected Scenarios: Upgrading from version 7.2.x to 8.0.x Upgrading between 8.0.x versions Impact: Only the upgrade duration is affected. Gateway functionality remains unaffected after a successful upgrade. Recommendations: Allocate approximately 20% more time for gateway upgrades. For large environments (for example, 1,000+ gateways), plan for 90–120 minutes of upgrade time. Schedule upgrades during maintenance windows to accommodate the longer duration.
AVX-64868	In some scenarios involving rapid VRRP state transitions, the keepalived VRRP state may not be reported accurately to the Controller. This can result in temporary discrepancies between the actual VRRP status and what is displayed in the Controller UI, leading to confusion and difficulties during troubleshooting. Impact: Controller UI may show incorrect VRRP status such as both peers reporting `Primary` or `Initializing` No impact on actual VRRP traffic handling or failover behavior. Workaround: Use diagnostic logs to verify actual VRRP state
AVX-65016	In some environments, the Firewall state may not recover from Unaccessible after the first vendor integration failure. This issue has been observed when integrating with third-party firewall vendors, leaving the gateway firewall state stuck even after the environment stabilizes. Impact: Firewall integration appears stuck in Unaccessible state Recovery does not occur automatically after initial failure May require manual intervention to restore proper firewall state reporting Workaround: Contact Aviatrix Support for manual correction.
AVX-66631	When performing image upgrades on Transit gateways with a large number of tunnels (1300+ tunnels), traffic loss occurs after the upgrade completion. Affected Scenario: Transit gateways with scale number of tunnels during image upgrade operations. Impact: Traffic disruption lasting approximately 9 minutes after upgrade completion Affects high-scale Transit gateway deployments Service interruption during critical upgrade windows Workaround: Schedule image upgrades during maintenance windows to minimize business impact. Consider upgrading Transit gateways with fewer tunnels first to reduce exposure time.
AVX-66696	When DCF processes high volumes of logging messages, rsyslogd rate-limiting may cause message loss. The system drops messages exceeding 500 per 5-second interval, with rsyslogd logging "messages lost due to rate-limiting" notifications. Affected Scenario: High-traffic environments generating intensive logging activity Impact: Log messages may be dropped during peak traffic periods Potential gaps in audit trails and monitoring data Reduced visibility into network events and troubleshooting information Workaround: Monitor rsyslogd logs for rate-limiting messages and consider implementing log aggregation strategies to distribute message processing load across multiple collection points.
AVX-67126	Dry-run validation may fail when upgrading the Controller from version 8.0.10 to 8.1.0 due to a gateway version mismatch error. This occurs when the upgrade path starts from 8.0.0, progresses to 8.0.10 successfully, but encounters a dry-run failure when proceeding to 8.1.0.
AVX-67571	In Oracle Cloud Infrastructure (OCI) environments, OpenVPN clients cannot connect to VPN gateways configured with DUO multi-factor authentication (MFA). Connection attempts fail with `ECONNREFUSED` errors during tunnel establishment, preventing authentication from completing. Impact: VPN tunnels cannot be established to DUO-enabled OCI gateways Only affects OCI deployments with DUO MFA Other authentication methods (OKTA, LDAP) work normally Workaround: No current workaround. Users may temporarily switch to OKTA or LDAP authentication if feasible.
AVX-68561	When DCF S2C is enabled in large scale deployments with 1300+ gateways, all gateway configurations become out of sync with the Controller. Affected Scenario: Large scale environments with DCF S2C enabled and high gateway counts (1300+ gateways). Impact: Gateway configurations show as out of sync in the Controller UI Controller CPU utilization increases significantly Conduit process consumes high CPU resources Workaround: Disable DCF S2C feature in large scale deployments until the issue is resolved. Monitor gateway sync status and Controller CPU usage when re-enabling the feature.
AVX-68606	During Gateway Software Upgrade operations involving large numbers of gateways, AEP EaS gateways may experience Charon service restarts that cause temporary traffic disruption. The strongSwan Charon process stops and restarts during the upgrade window, creating connectivity gaps for IPsec tunnels. Affected Scenario: Large-scale gateway upgrades (1000+ gateways) in testbed environments with AEP EaS configurations. Impact: Temporary traffic loss through AEP EaS during upgrade operations IPsec tunnel connectivity interruption during Charon restart Service disruption lasting approximately 30-60 seconds per affected gateway Workaround: Schedule gateway upgrades during maintenance windows and upgrade gateways in smaller batches to minimize simultaneous impact across the network infrastructure.
AVX-68726	On Azure Controllers with Controller Security Group Management enabled, gateway deployments may fail when multiple gateways or HA gateways are created. In this scenario, network security group rules may be overwritten or duplicated, which can cause Azure to return duplicate rule name errors. As a result, new gateways may fail to launch, and the Controller may automatically disable Security Group Management. Impact: Gateway deployments may fail in Azure Security group rules may not be updated correctly Controller Security Group Management may be disabled unexpectedly Workaround: Disable Controller Security Group Management and manage Azure network security group rules manually, or contact Aviatrix Support for assistance.
AVX-68887	When attaching VPN users to profiles using the `attach_vpn_user_to_profile` API, the CoPilot or Controller UI may continue to display the user profile as N/A even though the attachment operation completes successfully. In some cases, users later reappear as active but still show no profile association in the UI. This results in a display inconsistency between the UI and the backend state. Impact: VPN user profile assignments may appear unsuccessful in the UI, which can cause confusion during profile management. There is no functional impact: the VPN profile is correctly assigned in the backend, and users can connect to the VPN as expected. Affected Scenario: OpenVPN profile management operations that use API-based user-to-profile attachment. Workaround: None.
AVX-71672	When upgrading the Controller to version 8.1, the database migration may fail if the tunnel `rtt_avg` field contains `None` values. The migration logic expects either a numeric value or the string `"N/A"`, and encountering a `None` value causes the upgrade to stop. Impact: Upgrade to 8.1 cannot complete Controller remains on the previous version Workaround: Contact Aviatrix Support for assistance in correcting the database values before retrying the upgrade.
AVX-71820	When deploying a load balancer–enabled VPN gateway with an overlapping VPN CIDR on Controller versions 8.0, 8.1, or 8.2, the gateway creation fails. Impact: VPN gateway deployment fails Error message does not clearly indicate the root cause Affected Scenario: Load balancer–enabled VPN gateway deployments on Controller versions 8.0, 8.1, and 8.2. Workaround: Ensure that the VPN CIDR does not overlap with existing gateways behind the load balancer before deployment. Contact Aviatrix Support for assistance.
AVX-73836	In environments where Duo Authentication is enabled for Client VPN, Duo-authenticated users may intermittently fail to connect to the VPN Gateway. The gateway may log the following error message: `Duo OpenVPN: Received 403 Client duo_openvpn version 2.4 is deprecated and no longer supported` This occurs because the gateway uses an older Duo OpenVPN client library version that is no longer supported by the Duo service. Impact: Users configured with Duo authentication may fail to establish VPN connections. In some cases, bypass users may connect intermittently. Workaround: Update the Duo OpenVPN client version on the gateway by modifying the version in the `duo_openvpn.py` file from `2.4` to `3.0`.
AVX-74988	On Edge-as-a-Transit (EaT) gateways with HPE peering to transit using many-to-one IP addressing (multiple source private IPs peering to a single transit IP), the tunnel status monitoring job may raise an exception due to duplicate tunnel ping IP pairs. This causes the tunnel status report to fail periodically. Impact: Tunnel status reports may not be sent to the Controller Controller and CoPilot may show stale or missing tunnel status for affected gateways No impact on actual tunnel connectivity or data plane traffic Workaround: None. This is a monitoring-only issue with no traffic impact.
AVX-75256	After upgrading the Aviatrix Controller from version 7.2.x to 8.0 or later, gateways with FQDN tags attached may no longer be visible in the Egress FQDN Gateway View tab. The `list_fqdn_gateways` API returns an empty list despite the gateways being present and properly associated with their FQDN tags. Impact: Egress FQDN-enabled gateways are not displayed in the Controller UI after upgrade The `list_fqdn_gateways` API returns an empty list Gateways remain operational and FQDN tag associations are intact Workaround: Contact Aviatrix Support for assistance.
AVX-75301	Certain license types are unable to enable Distributed Cloud Firewall (DCF). A license validation check that was removed in 8.1 and later versions has not been applied to the 8.0.x branch, causing a controller error when users with affected license types attempt to enable DCF. Workaround: Contact Aviatrix Support for assistance.
AVX-75872	A locking race condition between initial setup and post-upgrade actions may cause gateway configuration issues after upgrade. Impact: Gateway may not complete post-upgrade configuration correctly Manual intervention may be required Workaround: Contact Aviatrix Support for assistance.
AVX-75944	When migrating an existing Controller to a new Controller VM, a database migration issue can cause configuration changes to be applied to gateways too early during the migration process. Impact: Gateways with NAT configured may experience a temporary datapath disruption during Controller migration. Workaround: There is no workaround. Upgrade to a version that includes the fix (8.0.60, 8.1.30, 8.2.10, or 9.0.0). Contact Aviatrix Support for assistance.
AVX-76296	During routine gateway operations (such as resize or image upgrade) in GCP global VPC environments, traffic may be blackholed due to incorrect route handling. Impact: Traffic through the affected gateway may be dropped during operations GCP global VPC routing may be temporarily disrupted Workaround: Schedule gateway operations during maintenance windows. Contact Aviatrix Support for assistance.
AVX-76413	After a Controller restart or recovery, gateways that were temporarily unreachable may not be given sufficient time to reconnect before being marked as permanently down. Impact: Gateways that are temporarily unreachable during a Controller restart may be incorrectly treated as permanently down Unnecessary gateway replacement or failover actions may be triggered for gateways that would have reconnected given more time Workaround: None.

AVX-62003

Azure gateway image upgrades may fail when the Controller does not have the required Azure image subscription access. During the upgrade, the system deletes the existing gateway before validating subscription availability, which can result in gateway deletion without a replacement being created. This leaves dangling gateways in the Controller and can cause potential service outages.

Impact:

Existing gateways may be deleted during image upgrade
Replacement gateway creation fails due to missing subscription
Customers may experience connectivity loss and dangling gateway entries in the Controller
Manual intervention required, leading to support escalations

Workaround:

None. To avoid outages, ensure the Controller subscription includes access to the required Azure image before attempting upgrades.

AVX-62299

When upgrading from Controller version 7.1 to 7.2 or 8.0, Spoke Gateways with routing through a Public Subnet Filtering (PSF) Gateway may fail to upgrade and become unreachable if the PSF Gateway has not been upgraded first. This issue affects AWS environments where Spoke Gateway route tables are configured to point to a PSF Gateway.

To avoid this issue, follow the correct upgrade sequence:

Upgrade the PSF Gateway first.
Wait for the PSF Gateway upgrade to complete successfully.
Then upgrade the dependent Spoke Gateways.

AVX-62506

During a gateway software upgrade, traffic matching DCF WebGroup rules may be briefly dropped during the upgrade. This impacts both Layer 7 (HTTP/HTTPS) and Layer 4 traffic and occurs across all supported cloud providers (AWS, Azure, and GCP). The disruption typically lasts a few seconds but may vary depending on gateway load and policy complexity.

Workaround:

None

Recommendations:

Schedule gateway upgrades during maintenance windows or low-traffic periods.
Use HA deployments and upgrade gateways one at a time in HA pairs.
Monitor logs for "Failed to load policy" messages to confirm when policies are reloaded.

AVX-63224

In Controller release 8.0, gateway software upgrades take longer to complete compared to earlier versions. On average, the upgrade rate drops from approximately 14 gateways per minute in version 7.2 to approximately 11 gateways per minute in 8.0, which is an increase of about 20% in execution time.

Affected Scenarios:

Upgrading from version 7.2.x to 8.0.x
Upgrading between 8.0.x versions

Impact:

Only the upgrade duration is affected. Gateway functionality remains unaffected after a successful upgrade.

Recommendations:

Allocate approximately 20% more time for gateway upgrades.
For large environments (for example, 1,000+ gateways), plan for 90–120 minutes of upgrade time.
Schedule upgrades during maintenance windows to accommodate the longer duration.

AVX-64868

In some scenarios involving rapid VRRP state transitions, the keepalived VRRP state may not be reported accurately to the Controller. This can result in temporary discrepancies between the actual VRRP status and what is displayed in the Controller UI, leading to confusion and difficulties during troubleshooting.

Impact:

Controller UI may show incorrect VRRP status such as both peers reporting Primary or Initializing
No impact on actual VRRP traffic handling or failover behavior.

Workaround:

Use diagnostic logs to verify actual VRRP state

AVX-65016

In some environments, the Firewall state may not recover from Unaccessible after the first vendor integration failure. This issue has been observed when integrating with third-party firewall vendors, leaving the gateway firewall state stuck even after the environment stabilizes.

Impact:

Firewall integration appears stuck in Unaccessible state
Recovery does not occur automatically after initial failure
May require manual intervention to restore proper firewall state reporting

Workaround:

Contact Aviatrix Support for manual correction.

AVX-66631

When performing image upgrades on Transit gateways with a large number of tunnels (1300+ tunnels), traffic loss occurs after the upgrade completion.

Affected Scenario: Transit gateways with scale number of tunnels during image upgrade operations.

Impact:

Traffic disruption lasting approximately 9 minutes after upgrade completion
Affects high-scale Transit gateway deployments
Service interruption during critical upgrade windows

Workaround: Schedule image upgrades during maintenance windows to minimize business impact. Consider upgrading Transit gateways with fewer tunnels first to reduce exposure time.

AVX-66696

When DCF processes high volumes of logging messages, rsyslogd rate-limiting may cause message loss. The system drops messages exceeding 500 per 5-second interval, with rsyslogd logging "messages lost due to rate-limiting" notifications.

Affected Scenario: High-traffic environments generating intensive logging activity

Impact:

Log messages may be dropped during peak traffic periods
Potential gaps in audit trails and monitoring data
Reduced visibility into network events and troubleshooting information

Workaround: Monitor rsyslogd logs for rate-limiting messages and consider implementing log aggregation strategies to distribute message processing load across multiple collection points.

AVX-67126

Dry-run validation may fail when upgrading the Controller from version 8.0.10 to 8.1.0 due to a gateway version mismatch error. This occurs when the upgrade path starts from 8.0.0, progresses to 8.0.10 successfully, but encounters a dry-run failure when proceeding to 8.1.0.

AVX-67571

In Oracle Cloud Infrastructure (OCI) environments, OpenVPN clients cannot connect to VPN gateways configured with DUO multi-factor authentication (MFA). Connection attempts fail with ECONNREFUSED errors during tunnel establishment, preventing authentication from completing.

Impact:

VPN tunnels cannot be established to DUO-enabled OCI gateways
Only affects OCI deployments with DUO MFA
Other authentication methods (OKTA, LDAP) work normally

Workaround:

No current workaround. Users may temporarily switch to OKTA or LDAP authentication if feasible.

AVX-68561

When DCF S2C is enabled in large scale deployments with 1300+ gateways, all gateway configurations become out of sync with the Controller.

Affected Scenario: Large scale environments with DCF S2C enabled and high gateway counts (1300+ gateways).

Impact:

Gateway configurations show as out of sync in the Controller UI
Controller CPU utilization increases significantly
Conduit process consumes high CPU resources

Workaround: Disable DCF S2C feature in large scale deployments until the issue is resolved. Monitor gateway sync status and Controller CPU usage when re-enabling the feature.

AVX-68606

During Gateway Software Upgrade operations involving large numbers of gateways, AEP EaS gateways may experience Charon service restarts that cause temporary traffic disruption. The strongSwan Charon process stops and restarts during the upgrade window, creating connectivity gaps for IPsec tunnels.

Affected Scenario: Large-scale gateway upgrades (1000+ gateways) in testbed environments with AEP EaS configurations.

Impact:

Temporary traffic loss through AEP EaS during upgrade operations
IPsec tunnel connectivity interruption during Charon restart
Service disruption lasting approximately 30-60 seconds per affected gateway

Workaround: Schedule gateway upgrades during maintenance windows and upgrade gateways in smaller batches to minimize simultaneous impact across the network infrastructure.

AVX-68726

On Azure Controllers with Controller Security Group Management enabled, gateway deployments may fail when multiple gateways or HA gateways are created.

In this scenario, network security group rules may be overwritten or duplicated, which can cause Azure to return duplicate rule name errors. As a result, new gateways may fail to launch, and the Controller may automatically disable Security Group Management.

Impact:

Gateway deployments may fail in Azure
Security group rules may not be updated correctly
Controller Security Group Management may be disabled unexpectedly

Workaround:

Disable Controller Security Group Management and manage Azure network security group rules manually, or contact Aviatrix Support for assistance.

AVX-68887

When attaching VPN users to profiles using the attach_vpn_user_to_profile API, the CoPilot or Controller UI may continue to display the user profile as N/A even though the attachment operation completes successfully.

In some cases, users later reappear as active but still show no profile association in the UI. This results in a display inconsistency between the UI and the backend state.

Impact: VPN user profile assignments may appear unsuccessful in the UI, which can cause confusion during profile management. There is no functional impact: the VPN profile is correctly assigned in the backend, and users can connect to the VPN as expected.

Affected Scenario: OpenVPN profile management operations that use API-based user-to-profile attachment.

Workaround: None.

AVX-71672

When upgrading the Controller to version 8.1, the database migration may fail if the tunnel rtt_avg field contains None values. The migration logic expects either a numeric value or the string "N/A", and encountering a None value causes the upgrade to stop.

Impact:

Upgrade to 8.1 cannot complete
Controller remains on the previous version

Workaround: Contact Aviatrix Support for assistance in correcting the database values before retrying the upgrade.

AVX-71820

When deploying a load balancer–enabled VPN gateway with an overlapping VPN CIDR on Controller versions 8.0, 8.1, or 8.2, the gateway creation fails.

Impact:

VPN gateway deployment fails
Error message does not clearly indicate the root cause

Affected Scenario: Load balancer–enabled VPN gateway deployments on Controller versions 8.0, 8.1, and 8.2.

Workaround:

Ensure that the VPN CIDR does not overlap with existing gateways behind the load balancer before deployment. Contact Aviatrix Support for assistance.

AVX-73836

In environments where Duo Authentication is enabled for Client VPN, Duo-authenticated users may intermittently fail to connect to the VPN Gateway.

The gateway may log the following error message:

Duo OpenVPN: Received 403 Client duo_openvpn version 2.4 is deprecated and no longer supported

This occurs because the gateway uses an older Duo OpenVPN client library version that is no longer supported by the Duo service.

Impact:

Users configured with Duo authentication may fail to establish VPN connections. In some cases, bypass users may connect intermittently.

Workaround:

Update the Duo OpenVPN client version on the gateway by modifying the version in the duo_openvpn.py file from 2.4 to 3.0.

AVX-74988

On Edge-as-a-Transit (EaT) gateways with HPE peering to transit using many-to-one IP addressing (multiple source private IPs peering to a single transit IP), the tunnel status monitoring job may raise an exception due to duplicate tunnel ping IP pairs. This causes the tunnel status report to fail periodically.

Impact:

Tunnel status reports may not be sent to the Controller
Controller and CoPilot may show stale or missing tunnel status for affected gateways
No impact on actual tunnel connectivity or data plane traffic

Workaround:

None. This is a monitoring-only issue with no traffic impact.

AVX-75256

After upgrading the Aviatrix Controller from version 7.2.x to 8.0 or later, gateways with FQDN tags attached may no longer be visible in the Egress FQDN Gateway View tab. The list_fqdn_gateways API returns an empty list despite the gateways being present and properly associated with their FQDN tags.

Impact:

Egress FQDN-enabled gateways are not displayed in the Controller UI after upgrade
The list_fqdn_gateways API returns an empty list
Gateways remain operational and FQDN tag associations are intact

Workaround:

Contact Aviatrix Support for assistance.

AVX-75301

Certain license types are unable to enable Distributed Cloud Firewall (DCF). A license validation check that was removed in 8.1 and later versions has not been applied to the 8.0.x branch, causing a controller error when users with affected license types attempt to enable DCF.

Workaround:

Contact Aviatrix Support for assistance.

AVX-75872

A locking race condition between initial setup and post-upgrade actions may cause gateway configuration issues after upgrade.

Impact:

Gateway may not complete post-upgrade configuration correctly
Manual intervention may be required

Workaround:

Contact Aviatrix Support for assistance.

AVX-75944

When migrating an existing Controller to a new Controller VM, a database migration issue can cause configuration changes to be applied to gateways too early during the migration process.

Impact:

Gateways with NAT configured may experience a temporary datapath disruption during Controller migration.

Workaround:

There is no workaround. Upgrade to a version that includes the fix (8.0.60, 8.1.30, 8.2.10, or 9.0.0). Contact Aviatrix Support for assistance.

AVX-76296

During routine gateway operations (such as resize or image upgrade) in GCP global VPC environments, traffic may be blackholed due to incorrect route handling.

Impact:

Traffic through the affected gateway may be dropped during operations
GCP global VPC routing may be temporarily disrupted

Workaround:

Schedule gateway operations during maintenance windows. Contact Aviatrix Support for assistance.

AVX-76413

After a Controller restart or recovery, gateways that were temporarily unreachable may not be given sufficient time to reconnect before being marked as permanently down.

Impact:

Gateways that are temporarily unreachable during a Controller restart may be incorrectly treated as permanently down
Unnecessary gateway replacement or failover actions may be triggered for gateways that would have reconnected given more time

Workaround:

None.