Sync release-local-2506 with main

Sync release-local-2506 with main

Author: sethmanheim

AKS-Arc/TOC.yml

@@ -187,6 +187,8 @@
       href: network-validation-errors.md
     - name: Network validation error due to .local domain
       href: network-validation-error-local.md
+    - name: BGP with FRR not working
+      href: connectivity-troubleshoot.md
   - name: Reference
     items:
     - name: Azure CLI

AKS-Arc/aks-platforms-compare.md

@@ -3,7 +3,7 @@ title: Azure Kubernetes Service (AKS) Cloud, Edge, and On-Premises Comparison
 description: Learn about Azure Kubernetes Service (AKS) features, capabilities, and pricing across cloud, edge, and on-premises environments to choose the best deployment for your needs.
 author: sethmanheim
 ms.topic: concept-article
-ms.date: 06/12/2025
+ms.date: 06/16/2025
 ms.author: sethm
 ms.reviewer: rmody
 ---
@@ -23,7 +23,7 @@ This article describes how AKS extends features across multiple platforms and hi
 
 ## General comparison of AKS across platforms
 
-| Platform | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
+| Feature | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 | Supported infrastructure for Kubernetes cluster | Azure cloud | Azure Local, version 23H2 or later | - Windows 10/11 IoT Enterprise<br>- Windows 10/11 Enterprise<br>- Windows 10/11 Pro<br>- Windows Server 2019/2022 | - Windows Server 2019<br>- Windows Server 2022 |
 | CNCF conformant | Yes | Yes | Yes | Yes |
@@ -38,7 +38,7 @@ This article describes how AKS extends features across multiple platforms and hi
 
 ## Monitoring and diagnostic capabilities
 
-|   Feature       |     Azure Cloud    |     AKS on Azure Local    |      Edge Essentials (Windows IoT client/server)    |     Windows Server    |
+|   Feature       | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 |     Azure Monitor Container Insights     |     Yes    |     Yes, via Arc extensions    |     Yes, via Arc extensions    |     Yes, via Arc extensions    |
 |     Azure Monitor Managed Prometheus and control plane metrics scraping     |     Yes    |     Yes, via Arc extensions    |     Yes, via Arc extensions    |     Yes, via Arc extensions    |
@@ -48,7 +48,7 @@ This article describes how AKS extends features across multiple platforms and hi
 
 ## Node pool capabilities
 
-|  Feature                      | Azure Cloud | AKS on Azure Local    | Edge Essentials (Windows IoT client/server) | Windows Server |
+|   Feature       | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 | Windows node pool support      | - Yes<br>- Windows Server 2019 Datacenter<br>- Windows Server 2022 Datacenter | - Yes<br>- Windows Server 2019 Datacenter<br>- Windows Server 2022 Datacenter | - Yes<br>- Windows Server 2022 Datacenter (Core) | - Yes<br>- Windows Server 2019 Datacenter<br>- Windows Server 2022 Datacenter |
 | Linux OS offerings            | - Ubuntu 18.04<br>- Azure Linux | [CBL-Mariner](https://github.com/microsoft/CBL-Mariner) | [CBL-Mariner](https://github.com/microsoft/CBL-Mariner) | [CBL-Mariner](https://github.com/microsoft/CBL-Mariner) |
@@ -67,7 +67,7 @@ This article describes how AKS extends features across multiple platforms and hi
 
 ## Networking capabilities
 
-|  Feature                      | Azure Cloud | AKS on Azure Local    | Edge Essentials (Windows IoT /Client/Server) | Windows Server |
+|   Feature       | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 | Network creation and management | By default, Azure creates a virtual network and subnet for you. You can also choose an existing virtual network in which to create your AKS clusters. | Setting up networking parameters is a required prerequisite to deploy AKS on Azure Local. Network must have connectivity and IP address availability for successful operation of the cluster. | You must provide the IP address range for node IPs and service IPs that are available and have the right connection. The network configuration needed for the cluster is handled by AKS. See [AKS Edge Essentials networking](aks-edge-concept-networking.md). | You must create the network in Windows Server before creating an AKS cluster. Network must have connectivity and IP address availability for successful operation of the cluster. |
 | Supported networking option    | Bring your own Azure virtual network for AKS clusters. | Static IP networks with/without VLAN ID. | Static IP address or use reserved IPs when using DHCP. | - DHCP networks with/without VLAN ID.<br>- Static IP networks with/without VLAN ID. |
@@ -79,7 +79,7 @@ This article describes how AKS extends features across multiple platforms and hi
 
 ## Storage features
 
-| Feature                       | Azure Cloud                                                          | AKS on Azure Local                                                                                 | Edge Essentials (Windows IoT /Client/Server) | Windows Server                        |
+|   Feature       | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 | Types of supported persistent volumes | - Read Write Once<br>- Read Write Many                                         | - VHDX – Read Write Once<br>- SMB or NFS – Read Write Many<br>- ACSA - Read Write Many                             | - PVC using local storage<br>- ACSA                 | - VHDX – Read Write Once<br>- SMB or NFS - Read Write Many |
 | Container storage interface (CSI) support | Yes                                                                      | Yes                                                                                                    | Yes                                             | Yes                                         |
@@ -90,7 +90,7 @@ This article describes how AKS extends features across multiple platforms and hi
 
 ## Security and authentication options
 
-| Feature                       | Azure Cloud | AKS on Azure Local    | Edge Essentials (Windows IoT /Client/Server) | Windows Server |
+|   Feature       | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 | Access to Kubernetes cluster             | Kubectl         | Kubectl                   | Kubectl                                         | Kubectl              |
 | Kubernetes cluster authorization (RBAC)  | - Kubernetes RBAC<br>- Azure RBAC | - Kubernetes RBAC<br>- Azure RBAC | Kubernetes RBAC                                 | Kubernetes RBAC      |
@@ -107,15 +107,15 @@ This article describes how AKS extends features across multiple platforms and hi
 
 ## Pricing and SLA details
 
-| Feature                       | Azure Cloud                                                                           | AKS on Azure Local                        | Edge Essentials (Windows IoT client/server) | Windows Server                                               |
+|   Feature       | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 | Pricing                           | - Unlimited free clusters, pay for on-demand compute of worker node VMs.<br>- Paid tier available with uptime SLA, support for 5k nodes. | Included in Azure Local at no extra cost.  | Cost is per device per month.                        | Pricing is based on the number of workload cluster vCPUs. Control plane nodes and load balancer VMs are free. |
 | Azure Hybrid Benefit support       | Not applicable                                                                            | Not applicable - AKS already included at no extra cost. | No                                              | Yes                                                               |
 | SLA                               | Paid uptime SLA clusters for production with fixed cost on the API + worker node compute, storage and networking costs. | No SLA offered as the Kubernetes cluster is running on premises. | No SLA offered as the Kubernetes cluster is running on premises. | No SLA offered as the Kubernetes cluster is running on premises.           |
 
 ### AI/ML capabilities offered in each platform
 
-| Feature                      | Azure Cloud | AKS on Azure Local    | Edge Essentials (Windows IoT /Client/Server) | Windows Server |
+|   Feature       | Azure (Cloud) | Azure Local (Edge/On-premises) | Edge Essentials (Edge/On-premises, Windows IoT client/server) | Windows Server (Edge/On-premises) |
 | --- | --- | --- | --- | --- |
 | GPU support                       | Yes             | Yes                       | Yes                                             | Yes                  |
 | KAITO (Kubernetes AI toolchain operator) | Yes             | Yes, via Arc extensions   | No                                              | No                   |

AKS-Arc/aks-troubleshoot.md

@@ -3,7 +3,7 @@ title: Troubleshoot common issues in AKS enabled by Azure Arc
 description: Learn about common issues and workarounds in AKS enabled by Arc.
 ms.topic: how-to
 author: sethmanheim
-ms.date: 04/30/2025
+ms.date: 06/18/2025
 ms.author: sethm 
 ms.lastreviewed: 04/01/2025
 ms.reviewer: abha
@@ -36,13 +36,15 @@ The following sections describe known issues for AKS enabled by Azure Arc:
 
 | AKS Arc operation | Issue |
 |------------------------|-------|
+| General network validation errors | [Troubleshoot network validation errors](network-validation-errors.md) |
 | Create validation      | [Control plane configuration validation errors](control-plane-validation-errors.md) |
 | Create validation      | [K8sVersionValidation error](cluster-k8s-version.md) |
 | Create validation      | [KubeAPIServer unreachable error](kube-api-server-unreachable.md) |
 | Network configuration issues | [Use diagnostic checker](aks-arc-diagnostic-checker.md) |
 | Kubernetes steady state   | [Resolve issues due to out-of-band deletion of storage volumes](delete-storage-volume.md) |
 | Release validation     | [Azure Advisor upgrade recommendation message](azure-advisor-upgrade.md) |
 | Network validation | [Network validation error due to .local domain](network-validation-error-local.md) |
+| BGP with FRR not working | [Troubleshoot BGP with FRR in AKS Arc environments](connectivity-troubleshoot.md) |
 
 ## Next steps
 

AKS-Arc/connectivity-troubleshoot.md

@@ -0,0 +1,82 @@
+---
+title: Troubleshoot BGP with FRR in AKS Arc environments
+description: Learn how to troubleshoot BGP connectivity issues when using MetalLB with FRR in AKS Arc deployments.
+author: sethmanheim
+ms.date: 06/19/2025
+ms.author: sethm
+ms.topic: troubleshooting
+ms.reviewer: srikantsarwa
+ms.lastreviewed: 06/19/2025
+
+---
+
+# BGP with FRR not working in AKS Arc environment
+
+This article helps you identify and resolve Border Gateway Protocol (BGP) connectivity issues when using MetalLB with Free Range Routing (FRR) in Azure Kubernetes Service (AKS) Arc environments.
+
+Use this guidance when BGP sessions fail to establish, external IP routing doesn't work correctly, or network connectivity to exposed services becomes unreliable in your AKS Arc deployment.
+
+## Symptoms
+
+In environments using MetalLB with FRR for BGP peering, you might experience the following issues:
+
+- BGP sessions are not established or keep flapping, a condition where the BGP session repeatedly goes up and down, causing route instability. This behavior can be due to network issues, misconfigurations, or hardware problems. It can result in degraded performance or loss of service availability.
+- Services of type `LoadBalancer` don't receive properly routed external IPs.
+- Advertised routes are missing or not propagated to upstream routers.
+- Network connectivity to exposed services is inconsistent or unavailable.
+
+These symptoms are often observed in specific hardware environments such as Hyper-Converged Infrastructure (HCI) or where strict network/security policies are enforced.
+
+## Mitigation
+
+If you encounter these issues with FRR, you can temporarily disable it using Azure CLI:
+
+```azurecli
+# Retrieve the object ID for the managed identity
+$objID = az ad sp list --filter "appId eq '087fca6e-4606-4d41-b3f6-5ebdf75b8b4c'" --query "[].id" --output tsv
+
+# Update the arcnetworking extension to disable FRR
+az k8s-extension update \
+  --cluster-name $clusterName \
+  -g $rgName \
+  --cluster-type connectedClusters \
+  --extension-type microsoft.arcnetworking \
+  --config "k8sRuntimeFpaObjectId=$objID" \
+  --config "metallb.speaker.frr.enabled=false" \
+  -n arcnetworking
+```
+
+## Troubleshooting steps
+
+Use the following steps to diagnose and resolve BGP issues with MetalLB and FRR in your AKS Arc environment.
+
+### Check BGP configuration
+
+```azurecli
+kubectl get ipaddresspools -A -o yaml
+kubectl get bgppeers.metallb.io -A -o yaml
+kubectl get bgpadvertisements -A -o yaml
+```
+
+### Collect logs from MetalLB speaker (FRR)
+
+```azurecli
+# Get the list of MetalLB speaker pods
+kubectl get pods -n kube-system
+
+# Speaker container logs
+kubectl logs -n kube-system arcnetworking-metallb-speaker-xxxxx -c speaker
+
+# FRR container logs
+kubectl logs -n kube-system arcnetworking-metallb-speaker-xxxxx -c frr
+```
+
+### Review TOR switch configuration
+
+- Configuration and logs from the top-of-rack (TOR) switch or upstream router might be necessary.
+- These logs are hardware/vendor-specific and not covered in this guide.
+
+## Next steps
+
+[Official MetalLB troubleshooting guide](https://metallb.universe.tf/troubleshooting/#with-frr)
+

AKS-Arc/container-storage-interface-files.md

@@ -31,7 +31,8 @@ If multiple nodes need concurrent access to the same storage volumes in AKS Arc,
 
 ### [AKS on Azure Local](#tab/local)
 
-1. Make sure the SMB driver is deployed. The SMB CSI driver is installed by default when you create a Kubernetes cluster using the `az aksarc create` command. If you create a Kubernetes cluster by using the Azure portal, Azure Resource Manager (ARM) template, or Terraform, or by using the `az aksarc create` command with `--disable-smb-driver`, you must enable the SMB driver on this cluster using the `az aksarc update` command:
+1. Make sure the SMB driver is deployed. The SMB CSI driver is installed by default when you create a Kubernetes cluster using the `az aksarc create` command. If you create the AKS cluster using the Azure portal, an Azure Resource Manager (ARM) template, or Terraform, the SMB CSI driver is not installed by default. You must enable the SMB driver on the AKS cluster.
+The equivalent Azure CLI command to update an existing AKS cluster and enable SMB is:
 
    ```azurecli
    az aksarc update -n $aksclustername -g $resource_group --enable-smb-driver
@@ -78,7 +79,8 @@ If multiple nodes need concurrent access to the same storage volumes in AKS Arc,
 
 ### [AKS on Azure Local](#tab/local)
 
-1. Make sure the NFS driver is deployed. The NFS CSI driver is installed by default when you create a Kubernetes cluster using the `az aksarc create` command. If you create a Kubernetes cluster by using the Azure portal, Azure Resource Manager (ARM) template, or Terraform, or by using the `az aksarc create` command with `--disable-nfs-driver`, you must enable the the NFS driver on this cluster using the `az aksarc update` command:
+1. Make sure the SMB driver is deployed. The SMB CSI driver is installed by default when you create a Kubernetes cluster using the `az aksarc create` command. If you create the AKS cluster using the Azure portal, an Azure Resource Manager (ARM) template, or Terraform, the SMB CSI driver is not installed by default. You must enable the SMB driver on the AKS cluster.
+The equivalent Azure CLI command to update an existing AKS cluster and enable SMB is:
 
    ```azurecli
    az aksarc update -n $aksclustername -g $resource_group --enable-nfs-driver

AKS-Arc/kubernetes-walkthrough-powershell.md

@@ -3,7 +3,7 @@ title: Use PowerShell to set up Kubernetes on Windows Server clusters
 description: Learn how to set up an AKS host and create Kubernetes clusters using Windows PowerShell.
 author: sethmanheim
 ms.topic: quickstart
-ms.date: 03/28/2025
+ms.date: 06/16/2025
 ms.author: sethm 
 ms.lastreviewed: 05/02/2022
 ms.reviewer: abha
@@ -117,7 +117,7 @@ Set-AksHciConfig -imageDir $csvPath\Images -workingDir $csvPath\ImageStore -clou
 ```
 
 > [!NOTE]
-> You must customize the values shown in this example command for your environment.
+> You must customize the values shown in this example command for your environment, but you can't change the VM name on the host or on the Kubernetes cluster.
 
 ## Step 4: sign in to Azure and configure registration settings