issue NewValidation: CSCwq28721

Fixes #316 fixed

Author: jeestr4d

aci-preupgrade-validation-script.py

@@ -6025,6 +6025,41 @@ def apic_downgrade_compat_warning_check(cversion, tversion, **kwargs):
 
     return Result(result=result, headers=headers, data=data, recommended_action=recommended_action, doc_url=doc_url)
 
+@check_wrapper(check_title="NTP Server BD SVI Check")
+def ntp_server_bd_svi_check(cversion, tversion, **kargs):
+    result = FAIL_UF
+    headers = ["Fabric Time Pol", "NTP Pol Name"]
+    data = []
+    recommended_action = 'Use the in-band or out-of-band management IP address of the leaf switch as the NTP server IP address.'
+    doc_url = "https://datacenter.github.io/ACI-Pre-Upgrade-Validation-Script/validations/#ntp-server-bd-svi"
+
+    if not tversion:
+        return Result(result=MANUAL, msg=TVER_MISSING)
+
+    if cversion.older_than("6.1(1f)") or cversion.newer_than("6.1(5e)"):
+        return Result(result=NA, msg='Version not affected')
+
+    if tversion.older_than("6.1(1f)") or tversion.newer_than("6.1(5e)"):
+        return Result(result=NA, msg='Version not affected')
+    
+    fabric_time_pols = icurl('class', 'fabricRsTimePol.json')
+    datetime_pols = icurl('class', 'datetimePol.json') 
+
+    fabric_time_pol_regex = r'uni/fabric/funcprof/podpgrp-(?P<podgroup>[^/]+)/rsTimePol'
+    for datetime_pol in datetime_pols:
+        for fabric_time_pol in fabric_time_pols:
+            if (
+                datetime_pol['datetimePol']['attributes']['dn'] == fabric_time_pol['fabricRsTimePol']['attributes']['tDn']
+                ) and(
+                datetime_pol['datetimePol']['attributes']['serverState'] == 'enabled'
+                ):
+                fp = re.search(fabric_time_pol_regex, fabric_time_pol['fabricRsTimePol']['attributes']['dn'])
+                data.append([fp.group("podgroup"), datetime_pol['datetimePol']['attributes']['name']])
+
+    if not data:
+        result = PASS
+    return Result(result=result, headers=headers, data=data, recommended_action=recommended_action, doc_url=doc_url)
+
 
 # ---- Script Execution ----
 
@@ -6188,6 +6223,7 @@ class CheckManager:
         standby_sup_sync_check,
         isis_database_byte_check,
         configpush_shard_check,
+        ntp_server_bd_svi_check,
 
     ]
     ssh_checks = [

docs/docs/validations.md

@@ -193,6 +193,8 @@ Items                                           | Defect       | This Script
 [Stale pconsRA Object][d26]                     | CSCwp22212   | :warning:{title="Deprecated"} | :no_entry_sign:
 [ISIS DTEPs Byte Size][d27]                     | CSCwp15375   | :white_check_mark: | :no_entry_sign:
 [Policydist configpushShardCont Crash][d28]     | CSCwp95515   | :white_check_mark: | 
+[NTP Server BD SVI][d25]                        | CSCwp92030   | :white_check_mark: | :no_entry_sign:
+
 
 [d1]: #ep-announce-compatibility
 [d2]: #eventmgr-db-size-defect-susceptibility
@@ -222,6 +224,7 @@ Items                                           | Defect       | This Script
 [d26]: #stale-pconsra-object
 [d27]: #isis-dteps-byte-size
 [d28]: #policydist-configpushshardcont-crash
+[d29]: #ntp-server-bd-svi
 
 
 ## General Check Details
@@ -2648,6 +2651,15 @@ Due to [CSCwp95515][59], upgrading to an affected version while having any `conf
 If any instances of `configpushShardCont` are flagged by this script, Cisco TAC must be contacted to identify and resolve the underlying issue before performing the upgrade.
 
 
+#### NTP Server BD SVI
+
+In ACI, Leaf Switches can be configured as NTP servers, allowing Endpoints in ACI to act as NTP clients and sync their datetime with the Fabric. The Leaf switch uses it's BD SVI IP address to send NTP traffic.
+
+Due to [CSCwp92030][62], after a policy upgrade NTP can stop working between Endpoint clients and NTP Server (ACI Leaf),  Client reach the NTP server by it's BD SVI IP address, but the server replies on a Loopback address. 
+
+If you see the check alerting about Datetime Policies, apply the workaround to prevent NTP issues post-upgrade.
+
+
 [0]: https://github.com/datacenter/ACI-Pre-Upgrade-Validation-Script
 [1]: https://www.cisco.com/c/dam/en/us/td/docs/Website/datacenter/apicmatrix/index.html
 [2]: https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-release-notes-list.html
@@ -2710,3 +2722,4 @@ If any instances of `configpushShardCont` are flagged by this script, Cisco TAC
 [59]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp95515
 [60]: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-743951.html#Inter
 [61]: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-743951.html#EnablePolicyCompression
+[62]: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwp92030

tests/checks/ntp_server_bd_svi_check/datetimePol-neg.json

@@ -0,0 +1,86 @@
+[
+    {
+        "datetimePol": {
+            "attributes": {
+                "StratumValue": "8",
+                "adminSt": "disabled",
+                "annotation": "",
+                "authSt": "disabled",
+                "childAction": "",
+                "configIssues": "",
+                "descr": "",
+                "dn": "uni/fabric/time-default",
+                "extMngdBy": "",
+                "lcOwn": "local",
+                "masterMode": "disabled",
+                "modTs": "2026-02-03T15:12:35.361-06:00",
+                "monPolDn": "uni/fabric/monfab-default",
+                "name": "default",
+                "nameAlias": "",
+                "ownerKey": "",
+                "ownerTag": "",
+                "rn": "time-default",
+                "serverState": "disabled",
+                "status": "",
+                "uid": "0",
+                "userdom": ""
+            }
+        }
+    },
+    {
+        "datetimePol": {
+            "attributes": {
+                "StratumValue": "8",
+                "adminSt": "enabled",
+                "annotation": "",
+                "authSt": "disabled",
+                "childAction": "",
+                "configIssues": "",
+                "descr": "NTP for fabric in Vercruz",
+                "dn": "uni/fabric/time-fabric_ntp",
+                "extMngdBy": "",
+                "lcOwn": "local",
+                "masterMode": "disabled",
+                "modTs": "2026-02-03T15:12:35.361-06:00",
+                "monPolDn": "uni/fabric/monfab-default",
+                "name": "fabric_ntp",
+                "nameAlias": "",
+                "ownerKey": "",
+                "ownerTag": "",
+                "rn": "time-fabric_ntp",
+                "serverState": "disabled",
+                "status": "",
+                "uid": "23653",
+                "userdom": ""
+            }
+        }
+    },
+    {
+        "datetimePol": {
+            "attributes": {
+                "StratumValue": "8",
+                "adminSt": "enabled",
+                "annotation": "",
+                "authSt": "disabled",
+                "childAction": "",
+                "configIssues": "",
+                "descr": "",
+                "dn": "uni/fabric/time-calo-NTP",
+                "extMngdBy": "",
+                "lcOwn": "local",
+                "masterMode": "disabled",
+                "modTs": "2023-01-02T10:36:19.837-06:00",
+                "monPolDn": "uni/fabric/monfab-default",
+                "name": "calo-NTP",
+                "nameAlias": "",
+                "ownerKey": "",
+                "ownerTag": "",
+                "rn": "time-calo-NTP",
+                "serverState": "disabled",
+                "status": "",
+                "uid": "15374",
+                "userdom": ":all:"
+            }
+        }
+    }
+]

tests/checks/ntp_server_bd_svi_check/datetimePol-pos.json

@@ -0,0 +1,86 @@
+[
+    {
+      "datetimePol": {
+        "attributes": {
+          "StratumValue": "8",
+          "adminSt": "disabled",
+          "annotation": "",
+          "authSt": "disabled",
+          "childAction": "",
+          "configIssues": "",
+          "descr": "",
+          "dn": "uni/fabric/time-default",
+          "extMngdBy": "",
+          "lcOwn": "local",
+          "masterMode": "disabled",
+          "modTs": "2026-02-03T15:12:35.361-06:00",
+          "monPolDn": "uni/fabric/monfab-default",
+          "name": "default",
+          "nameAlias": "",
+          "ownerKey": "",
+          "ownerTag": "",
+          "rn": "time-default",
+          "serverState": "disabled",
+          "status": "",
+          "uid": "0",
+          "userdom": ""
+        }
+      }
+    },
+    {
+      "datetimePol": {
+        "attributes": {
+          "StratumValue": "8",
+          "adminSt": "enabled",
+          "annotation": "",
+          "authSt": "disabled",
+          "childAction": "",
+          "configIssues": "",
+          "descr": "NTP for fabric in Vercruz",
+          "dn": "uni/fabric/time-fabric_ntp",
+          "extMngdBy": "",
+          "lcOwn": "local",
+          "masterMode": "disabled",
+          "modTs": "2026-02-03T15:12:35.361-06:00",
+          "monPolDn": "uni/fabric/monfab-default",
+          "name": "fabric_ntp",
+          "nameAlias": "",
+          "ownerKey": "",
+          "ownerTag": "",
+          "rn": "time-fabric_ntp",
+          "serverState": "enabled",
+          "status": "",
+          "uid": "23653",
+          "userdom": ""
+        }
+      }
+    },
+    {
+      "datetimePol": {
+        "attributes": {
+          "StratumValue": "8",
+          "adminSt": "enabled",
+          "annotation": "",
+          "authSt": "disabled",
+          "childAction": "",
+          "configIssues": "",
+          "descr": "",
+          "dn": "uni/fabric/time-calo-NTP",
+          "extMngdBy": "",
+          "lcOwn": "local",
+          "masterMode": "disabled",
+          "modTs": "2023-01-02T10:36:19.837-06:00",
+          "monPolDn": "uni/fabric/monfab-default",
+          "name": "calo-NTP",
+          "nameAlias": "",
+          "ownerKey": "",
+          "ownerTag": "",
+          "rn": "time-calo-NTP",
+          "serverState": "disabled",
+          "status": "",
+          "uid": "15374",
+          "userdom": ":all:"
+        }
+      }
+    }
+  ]

tests/checks/ntp_server_bd_svi_check/fabricRsTimePol.json

@@ -0,0 +1,56 @@
+[
+    {
+        "fabricRsTimePol": {
+            "attributes": {
+                "annotation": "",
+                "childAction": "",
+                "dn": "uni/fabric/funcprof/podpgrp-calo-d-polGrp/rsTimePol",
+                "extMngdBy": "",
+                "forceResolve": "yes",
+                "lcOwn": "local",
+                "modTs": "2023-01-02T10:36:41.882-06:00",
+                "monPolDn": "uni/fabric/monfab-default",
+                "rType": "mo",
+                "rn": "rsTimePol",
+                "state": "formed",
+                "stateQual": "none",
+                "status": "",
+                "tCl": "datetimePol",
+                "tContextDn": "",
+                "tDn": "uni/fabric/time-calo-NTP",
+                "tRn": "time-calo-NTP",
+                "tType": "name",
+                "tnDatetimePolName": "calo-NTP",
+                "uid": "0",
+                "userdom": "all"
+            }
+        }
+    },
+    {
+        "fabricRsTimePol": {
+            "attributes": {
+                "annotation": "",
+                "childAction": "",
+                "dn": "uni/fabric/funcprof/podpgrp-PodPolicy-Fabric/rsTimePol",
+                "extMngdBy": "",
+                "forceResolve": "yes",
+                "lcOwn": "local",
+                "modTs": "2026-02-03T15:12:35.361-06:00",
+                "monPolDn": "uni/fabric/monfab-default",
+                "rType": "mo",
+                "rn": "rsTimePol",
+                "state": "formed",
+                "stateQual": "none",
+                "status": "",
+                "tCl": "datetimePol",
+                "tContextDn": "",
+                "tDn": "uni/fabric/time-fabric_ntp",
+                "tRn": "time-fabric_ntp",
+                "tType": "name",
+                "tnDatetimePolName": "fabric_ntp",
+                "uid": "0",
+                "userdom": ""
+            }
+        }
+    }
+]