"Frustrations" does not begin to describe it....

Cisco does have representatives monitoring these discussions.  These discussions are linked back to respective Bug IDs.  TAC has already gotten more than a keyboard-full of rhetoric on the subject.  We are pursuing escalation and resolution through the appropriate channels (including TAC) and will continue do so outside of this discussion forum.

But I digress with the 'bug experience':

Total chaos.  ESXi hosts experiencing sporadic total storage connectivity loss across multiple storage devices.  Spontaneous VM workload failures and reboots.  Impartial VMware HA recoveries.  Disruption to internally-hosted load balancing services.  Impacts to costly enterprise Oracle RAC environments.  The flapping of storage connectivity was so intermittent and erratic that ESXi hosts had to rate-limit their own event generation in their logs.  To make matters worse, much of the alerting/alarming that would have clued one into an issue resulting from the upgrade process was masked by the problem impacting services supporting email and SNMP.  OH...and what bug experience would be complete without reliving it twice because it occurred in two waves of the firmware upgrade process.  Not to mention the thousands of dollars in after-hours human efforts for recovery of systems and chasing a root cause for a sudden cataclysmic event, which was the result of an otherwise routine and successful infrastructure firmware upgrade.

The best bug experience of all is the irreparable damage to trust and reputation.  For over a decade, I, "System Administrator" have held pride in performing UCS firmware upgrade after UCS firmware upgrade, seamlessly at infrastructure level, across multiple UCS domains.  Our internal team has earned a reputation of dependable infrastructure maintenance without impacts to workloads.  We sell the promise to leadership that UCS is a system worth the cost because of the flexibility, stability, and redundancy it provides.  We invest in local, robust, on-prem cloud constructs with the idea that we have the capability because of systems like UCS providing the foundation to do so.

However, our 'bug experience' has shattered that trust and reputation.  We now need to answer to our sys admins and our leadership teams.  We must provide reasoning for why a time-proven infrastructure firmware upgrade has resulted in a revenue-impacting outage.  I must come up with the explanation for why a 'golden' firmware version contains such an debilitating, undisclosed (release notes) bug.  I must now wear the dis-honorary 'scapegoat' badge for why KPIs were tarnished.

Never again will we trust that infamous 'gold star' icon next to a UCS firmware version.

Never will we read a books-worth of release notes and expect to be properly informed for making an upgrade decision.  

@jonmiller5555:

Our escalation with our regional Cisco reps and one of our VARs has turned up the heat a little bit.  When we first encountered the issue, our internal support teams targeted the issue as something complete unrelated to the UCS firmware upgrade.  Though at the time there was an unknown event coinciding with our UCS infrastructure firmware upgrade, we initially couldn't fathom that the UCS firmware upgrade was to blame.  Regardless, we err on the side of caution and opened an SR with TAC that evening to review what was otherwise a clean firmware upgrade.  On the following day, we relayed more information we were finding that pointed to an FC issue.  Eventually TAC made the correlation with that additional info.

As for fixing this, the latest I've heard directly is that we are pretty much guaranteed to experience this bug again regardless of an upgrade (to a fixed version) or a downgrade (to a known clean version).  This is partly because one of the instigating actions is the act of a reboot of either FI.  That technically means that performing an upgrade/downgrade will still allow for this bug to present itself when the FIs reboot to activate the firmware.

For us, we operate a metro cluster configuration, so we have two data centers configured identically and operate them as one logical data center.  We'll be able to vMotion a good portion of our 'floating' workload to our other data center.  The problem will be the several 100 remaining systems we have bound to the one impacted data center.  The only clear way to guarantee we won't corrupt those systems with FC flapping is to take a total outage of those systems and shut them down prior to the upgrade/downgrade.  Needless to say, doing so won't be an easy feat for us and will take considerable effort in planning such an outage for the firmware upgrade/downgrade.

Unless you're 1000+ VMs have a second home they can move to, I imagine you're going to have a harder time.  It would be nice to know some more specifics as to what 'code' in the FIs is causing this issue and why it can't otherwise be 'repaired' in-place to fix the problem without jumping to another version altogether.  I would much rather prefer an in-place patch of sorts...however, I can also see were implementation of such a code fix would likely require the FI to be restarted, which will still allow for the bug to impact FC traffic.  Find me between the rock and the hard place...

I assumed the same, all VMs will need to power down. Unfortunately we are not in a stretch cluster between our data centers, so I can't easily move them and don't have enough compute to run all of our workloads in one data center anyways. I did warn my team earlier today not to reboot the FIs at all, but we really only do it for upgrades anyways.

Our local Cisco reps have been helping with this issues as well, hopefully more to come soon.

Speaking of a "no FI reboots" declaration...one thing we did hear on the backend but did not see publicly disclosed yet was reference to a similar bug with relation to modifying VLANs.  One of the symptoms now listed on the Bug ID page is: "Any changes related to vNIC or vHBA to the service profile associated to the server (Impacts that specific server for which the Service profile is modified)"

My interpretation of this undisclosed similar bug is that there could be an issue with adding/modifying/removing VLANs, particularly widespread if your vNICs rely on templates.  If "any change to vNIC" for this bug can be instigated by adjustments to VLANs as well, you'll need to tread more carefully on any changes you make that could replicate to vNIC and vHBA configurations.  We use vNIC templates.  I know when we add a new VLAN to a vNIC template, its an automatic discovery on the attached vNICs to update them with the new VLAN config.  This could be then (in theory) be an 'any change to vNIC' and result in the bug impacting FC traffic on those systems that had a vNIC updated.

Internally, we've essentially called a moratorium on ANY changes in our bugged UCS domain until we've moved to a clean version.

@JoeJordan3877:  Thanks for calling out CSCwm30262.  I think that is exactly in line with my previous response to @jonmiller5555 about avoiding more than just FI reboots.  It is very interesting to see DME called out as a culprit with that bug.

And you certainly shouldn't discredit your due diligence in review release notes.  As I first started this thread, those bugs were NOT listed.  I beat myself up for awhile thinking we had missed something.

I recommend that everyone reach out to their local/regional Cisco reps and escalate accordingly.  Its now evident that far more are falling into this bug trap than even I was first led to believe.  It is disconcerting to hear of others experiencing similar uphill battles with TAC.  One of the things we should have done was insisted on escalating our SR to at least Sev-2...but at the time, we just didn't believe UCS could have been to blame.  Sev-2 and above will trigger not only greater priority but should open additional escalation channels behind the scenes.

@System Administrator can you check your PM's?