Guest

Cisco ACE GSS 4400 Series Global Site Selector Appliances

Release Note for the Cisco Global Site Selector, Release 1.3(2)

  • Viewing Options

  • PDF (477.8 KB)
  • Feedback
Release Note for the Cisco Global Site Selector, Release 1.3(2)

Table Of Contents

Release Note for the Cisco Global Site Selector, Release 1.3(2)

Contents

Cisco-Supported Hardware and Software Compatibility

Before Upgrading to Version 1.3(2)

Removing Double Quotes from Object or Description Names

Backing Up Your Current Primary GSSM Database

Downgrading from Version 1.3(2)

Obtaining the Recovery Image and Creating the Recovery CD

Using the Recovery CD to Downgrade GSS Devices

Downgrading 4490 GSS Devices

Downgrading 4491 GSS Devices

Restoring a Primary GSSM Database

Software Behavioral Differences

Enhancements to the Multi-port Keepalive Functionality

Example of Configuring Multiple Keepalives for a VIP Answer Type Using the CLI

Example of Configuring Multiple Keepalives for a VIP Answer Type Using the GUI

Changes to TACACS+

Authentication Behavior

User Privileges Based on GUI or CLI Access

Remote Login

Enhancement to the Answer Group Functionality

Additional Information for Building and Modifying DNS Rules

Additional Information for Configuring DNS Sticky

Operating Considerations for Software Version 1.3(2)

Software Version 1.3(2) Open Caveats, Resolved Caveats, and Command Changes

Software Version 1.3(2) Open Caveats

Software Version 1.3(2) Resolved Caveats

CLI Command Changes in Software Version 1.3(2)

Obtaining Documentation

Cisco.com

Product Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Obtaining Technical Assistance

Cisco Technical Support & Documentation Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Release Note for the Cisco Global Site Selector, Release 1.3(2)


January 22, 2007


Note The most current Cisco GSS documentation for released products is available on Cisco.com.


Contents

This release note applies to software version 1.3(2) for the Cisco Global Site Selector (GSS). It contains the following sections:

Cisco-Supported Hardware and Software Compatibility

Before Upgrading to Version 1.3(2)

Downgrading from Version 1.3(2)

Software Behavioral Differences

Additional Information for Building and Modifying DNS Rules

Additional Information for Configuring DNS Sticky

Operating Considerations for Software Version 1.3(2)

Software Version 1.3(2) Open Caveats, Resolved Caveats, and Command Changes

Obtaining Documentation

Obtaining Technical Assistance

Cisco Product Security Overview

Obtaining Additional Publications and Information

Cisco-Supported Hardware and Software Compatibility

GSS software version 1.3(2), installed on a GSS 4492R, GSS 4491, GSS 4490, or GSS 4480, operates with all load balancers if ICMP-, TCP-, or HTTP-HEAD-type keepalives are used. In addition, KAL-AP-type keepalives can be used with a Cisco Content Services Switch (CSS) or Catalyst 6500 Content Switching Module (CSM) to support smarter load balancing.

GSS software version 1.3(2) operates with the following Cisco hardware:

Cisco Content Services Switch (CSS) running the following WebNS software releases:

Cisco CSS Platform
Recommended WebNS Versions
Minimum Supported WebNS Versions

Cisco 11500 Series CSS

Software releases:

7.40.0.04 or greater

7.30.2.03 or greater

Software releases:

7.20.1.04

7.10.3.05

Cisco 11000 Series CSS

Software releases:

6.10.4.05 or greater

5.00.6.05 or greater

Software releases:

6.10.1.07

5.00.3.09


Cisco Catalyst 6500 Content Switching Module (CSM) running the following software releases:

Platform
Recommended CSM Versions 1
Minimum Supported CSM Versions

Cisco Catalyst 6500 Content Switching Module (CSM)

Software releases:

3.1(10) or greater

3.2(1)

4.1(4) or greater

4.2(1) or greater

Software releases:

3.1(4)

3.2(1)

4.1(4)

4.2(1)

1 CSM software versions 3.2(2), 3.2(3) and 4.1(2) are not supported by the GSS when using the KAL-AP by tag keepalive method.


Before Upgrading to Version 1.3(2)

You can upgrade directly to GSS software version 1.3(2) from GSS software versions: 1.3(1), 1.2(1.0.3), 1.2(1.1.2), 1.2(2.0.3), 1.2(2.1.3), and 1.2(2.2.0). To upgrade from GSS software version 1.1(x), you must first upgrade to GSS software version 1.2(2.2.0).


Note If you upgrade from GSS software version 1.1(x) to 1.2(2.2.0) to 1.3(2), do not change the role of the GSS devices in the network until you have completed the installation of version 1.3(2) software on each GSS device in the network.


Before you upgrade your GSS software to GSS software version 1.3(2), be sure that you:

1. Determine if you need to perform the steps to remove double quotes from names and associated description strings. GSS software versions 1.3(2) and 1.3(1) do not allow the use of double quotes for names and associated description strings. If you are upgrading from a GSS software version earlier than version 1.3(1) and you have instances of double quotes (") in object names or associated descriptions, you must remove all double quotes before you upgrade to GSS software version 1.3(2). Follow the steps in the "Removing Double Quotes from Object or Description Names"section.

2. Perform a full backup of your primary GSSM database using the links provided in the "Backing Up Your Current Primary GSSM Database" section.

Removing Double Quotes from Object or Description Names

GSS software versions 1.3(2) and 1.3(1) do not allow the use of double quotes for names and associated description strings. If you have any instances of double quotes (") in object names or associated descriptions (for example, "dns rule 01" or "dns rule 02), you must remove all double quotes before you upgrade to GSS software version 1.3(2).

Perform these steps to remove double quotes:

1. If you are upgrading from version 1.1(x) to version 1.3(x), first upgrade to GSS software version 1.2(2.2.0), then proceed to step 2. If you are upgrading from any 1.2(x) version, go to step 2.

2. Perform a full backup of your primary GSSM database. For details on performing a full backup, refer to Chapter 7, Backing Up, Restoring, and Downgrading the GSSM, the "Backing Up the Primary GSSM" section in the Cisco Global Site Selector Administration Guide. Provide a unique name for the backup file (this is the backup file that includes double quotes). If you need to downgrade in the future, you can use this file to restore your unmodified 1.2 database.

3. In GSS software version 1.2, access the GUI at the primary GSSM. Locate and remove the double quotes from any object names or associated descriptions.

4. Perform a full backup of your modified primary GSSM database. Provide a unique name for the modified backup file. If you need to downgrade in the future, you can use this file to restore your modified 1.2 database.

5. Upgrade to GSS software version 1.3(2) as described in the Cisco Global Site Selector Administration Guide, Appendix A, Upgrading the GSS Software.

Backing Up Your Current Primary GSSM Database

Before you upgrade, you must back up your current primary GSSM database in the event that you need to restore. Refer to the appropriate instructions for backing up your version of GSS software:

For software version 1.3(1), refer to Chapter 7, Backing Up, Restoring, and Downgrading the GSSM, the "Backing Up the Primary GSSM" section in the Cisco Global Site Selector Administration Guide. Also, review the software version 1.3(1) software upgrade sequence as described in the Cisco Global Site Selector Administration Guide, Appendix A, Upgrading the GSS Software.

For software version 1.2, refer to Chapter 7, Backing Up and Restoring the GSSM, the "Backing Up the Primary GSSM" section in the Cisco Global Site Selector Administration Guide.

For software version 1.1, refer to Chapter 9, GSS Administration and Troubleshooting, the "Backing Up the GSSM" section in the Cisco Global Site Selector Configuration Guide.

For software version 1.0, refer to Chapter 3, GSS Administration and Troubleshooting, the "Backing Up the GSSM" section in the Cisco Global Site Selector Configuration Guide.

Downgrading from Version 1.3(2)

This downgrade procedure applies only to GSS 4490 and 4491 devices. If your GSS system uses 4480 devices, you will need to make RMA arrangements to return the devices to Cisco for the downgrade.

Follow the steps in this procedure if you have upgraded to GSS software version 1.3(2) and you need to downgrade. If you have any questions about the need to downgrade your system, contact Cisco Technical Assistance Center (TAC). See "Obtaining Technical Assistance" for more information. To restore an earlier version of your software, you must have a previous backup of the primary GSSM database that corresponds to the version to which you wish to restore. For example, if you wish to downgrade to GSS software Release 1.2(2.2.0), you must have a GSS software Release 1.2(2.2.0) database backup that you can restore. Your GSS software Release 1.3(2) database cannot run on the earlier software platforms because of changes in the database schema and kernel.

In addition to your earlier GSS software version backup, downgrading requires that you download a recovery image from cisco.com, then create a Recovery CD for the GSS software version to which you need to downgrade.

You need the following items to complete the downgrade:

Full backup of your primary GSSM database that corresponds to the GSS software version to which you wish to restore. This backup is required to restore the database on the primary GSSM.

Recovery CD.

Keyboard, mouse, and monitor.

Downgrading the GSS devices in your system requires that you complete the following procedures:

Obtaining the Recovery Image and Creating the Recovery CD

Using the Recovery CD to Downgrade GSS Devices

Restoring a Primary GSSM Database

Obtaining the Recovery Image and Creating the Recovery CD

The steps in this section describe how to obtain the recovery image from Cisco Systems and create the Recovery CD. If necessary, contact Cisco Technical Assistance Center (TAC) for more information about obtaining the recovery image.

You must have a Cisco.com username and password to download a software update from Cisco.com. To acquire a Cisco.com login, go to http://www.cisco.com and click the Register link.


Note You need a service contract number, Cisco.com registration number and verification key, Partner Initiated Customer Access (PICA) registration number and verification key, or packaged service registration number to obtain a Cisco.com username and password.


These steps describe how to obtain the recovery image and create the CD:

1. Use your preferred web browser to access the recovery image at: https://upload.cisco.com/cgi-bin/swc/fileexg/main.cgi?CONTYPES=GSS_Forum

2. Locate the "GSSRecoverySoftware.iso" file. Confirm these file properties:

owner: rongole

date: 16-MAY-2006

size: 194117632 bytes

3. Click the file. If prompted by the software, reenter your username and password, then click OK.


Note The GSS Rescue Software is considered a strong encryption image. If you are not eligible to receive strong encryption images, you will be prompted to complete the Encryption Software Distribution Authorization Form. Complete the form to access and download GSS Recovery Software.


4. If prompted, complete the Encryption Software Distribution Authorization Form (see previous Note).

5. When the End User License Agreement opens, read the license agreement, then click I agree. The File Download page opens.

6. Click Save, then choose a location on your workstation to temporarily store the recovery file.

7. Use your preferred CD-creation software to burn the recovery file to a CD.

8. Before attempting to use the Recovery CD, run an md5 checksum on the file using a tool such as md5sum on Linux and confirm that the value is: b84ff87e04f7b2a95dcf2afe06b02f01

Using the Recovery CD to Downgrade GSS Devices

The procedures in this section describe how to use the Recovery CD to downgrade each 4490 and 4491 GSS device on your network. Refer to the appropriate procedure as required:

Downgrading 4490 GSS Devices

Downgrading 4491 GSS Devices

Downgrading 4490 GSS Devices

These steps describe how to use the Recovery CD to downgrade each 4490 GSS device on your network:

1. Verify the role of the primary GSSM in the GSS network.

2. Connect your keyboard and mouse to their corresponding ports on the GSS 4490 device. Connect the monitor to the GSS console port.

3. Follow steps 3a to 3t for each GSS 4490 device:

a. Insert the Recovery CD into the CD-ROM drive on the GSS.

b. Power cycle the GSS and press F1 during the initial startup sequence to enter BIOS Setup.

c. Select Start Options, then press Enter.

d. Select Startup Sequence, then press Enter.

e. Navigate to First Startup Device, then change the state to Disabled.

f. Navigate to Second Startup Device, then change the state to Disabled.

g. Renavigate to First Startup Device, then select CD-ROM.

h. Renavigate to Second Startup Device, then select Hard Disk 0.

i. Press ESC, ESC, ESC. When prompted, select "If yes, Save and Exit the Setup Utility," then press Enter. The GSS boots from the Recovery CD and displays the Rescue prompt.

j. Enter gss-rescue at the prompt, then press Enter.

k. When "Sleeping..." is displayed, press CTRL-ALT-DEL or power cycle by pressing the power button to reboot the GSS, then press F1 during the initial startup sequence to re-enter BIOS Setup.

l. Power cycle the GSS and press F1 during the initial startup sequence to enter BIOS Setup.

m. Select Start Options, then press Enter.

n. Press Enter again to select Startup Sequence.

o. Navigate to First Startup Device, then change the state to Disabled.

p. Navigate to Second Startup Device, then change the state to Disabled.

q. Renavigate to First Startup Device, then select Hard Disk 0.

r. Renavigate to Second Startup Device, then select CD-ROM.

s. Press ESC, ESC, ESC. When prompted, select "If yes, Save and Exit the Setup Utility," then press Enter. The GSS boots.

t. If you are downgrading a primary GSSM, go to "Restoring a Primary GSSM Database".
If you are downgrading a GSS, stop. You have completed the downgrade process for the GSS 4490 device.

Downgrading 4491 GSS Devices

These steps describe how to use the Recovery CD to downgrade each 4491 GSS device on your network:

1. Verify the role of the primary GSSM in the GSS network.

2. Connect your keyboard and mouse to their corresponding ports on the GSS 4491 device. Connect the monitor to the GSS console port.

3. Follow steps 3a to 3l for each GSS device:

a. Insert the Recovery CD into the CD-ROM drive on the GSS.

b. Power cycle the GSS and press F4 during the initial startup sequence to enter BIOS Setup.

c. At the BIOS Setup screen, select the Boot menu.

d. Select the Boot Device Priority menu.

e. Select ATAPI CD-ROM as the first device from which to boot.

f. Save the settings and exit from BIOS. The GSS boots from the Recovery CD and displays the Rescue prompt.

g. Enter gss-rescue at the prompt, then press Enter.

h. When "Sleeping..." is displayed, press CTRL-ALT-DEL or power cycle by pressing the power button to reboot the GSS, then press F4 during the initial startup sequence to re-enter BIOS Setup.

i. At the BIOS Setup screen, select the Boot menu, select the Boot Device Priority menu, then reselect Hard Drive as the first device from which to boot.

j. Save the settings.

k. Remove the Recovery CD, then exit from BIOS. The GSS boots.

l. If you are downgrading a primary GSSM, go to "Restoring a Primary GSSM Database".
If you are downgrading a GSS, stop. You have completed the downgrade process for the GSS 4491 device.

Restoring a Primary GSSM Database

These steps describe how to restore your primary GSSM by using the earlier GSS software version database backup:

1. Locate the earlier GSS software version backup of your primary GSSM database to which you wish to restore.

2. If you are restoring to GSS software version 1.3(1), go to step 4.

3. If you are restoring to a GSS software version earlier than version 1.3(1), obtain the software and install it as described in steps 1 to 9 in the "Upgrading Your GSS Devices" section in Appendix A of the Cisco Global Site Selector Administration Guide, then go to step 4. Appendix A is located on cisco.com at:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/gss4400series/v1.3/administration/guide/Upgrades.html#wp1001310

4. Restore your primary GSSM using the database backup you created in "Backing Up Your Current Primary GSSM Database". Refer to the steps described in Chapter 7, Backing Up, Restoring, and Downgrading the GSSM, the "Restoring Your Primary GSSM from a Previous Backup" section in the Cisco Global Site Selector Administration Guide. This chapter is located on cisco.com at:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/gss4400series/v1.3/administration/guide/Backup.html

Software Behavioral Differences

The following sections describe the software behavioral differences in GSS software version 1.3(2):

Enhancements to the Multi-port Keepalive Functionality

Changes to TACACS+

Enhancement to the Answer Group Functionality

Enhancements to the Multi-port Keepalive Functionality

The GSS network now supports the ability to monitor multiple devices through the use of multi-port keepalives for VIP-type answers. GSS software version 1.3(2) retains the GSS software version 1.3(1) ability to configure keepalives of different types to monitor multiple ports on the VIP server. It also allows you to configure keepalives that specify the IP addresses other than that of the VIP server (for example, a router, a back-end database server, a Cisco Catalyst Series Switch, or a CSS in a data center configuration). Multiple keepalives, each configured to probe a specified device, but acting as a group, monitor the online status of your configuration. As long as all keepalives are successful, the GSS considers the configuration active and continues to direct traffic to the data center. See Figure 1 for a keepalive configuration example that probes multiple devices on a data center.

Additionally, GSS software version 1.3(2) now allows you to configure multiple shared keepalives. GSS software version 1.3(1) allows the use of only a single shared keepalive.

Unchanged in GSS software version 1.3(2) is the ability to configure a maximum of five keepalives per VIP answer, with a limit of one KAL-AP keepalive. All other shared and non-shared keepalive features and functions are also unchanged in GSS software version 1.3(2).

Both the CLI and the GUI on the primary GSSM support these new keepalive enhancements.

Figure 1 Using Multiple Keepalives to Monitor a Data Center

The following sections provide examples for configuring multiple keepalives using GSS software version 1.3(2):

Example of Configuring Multiple Keepalives for a VIP Answer Type Using the CLI

Example of Configuring Multiple Keepalives for a VIP Answer Type Using the GUI

Example of Configuring Multiple Keepalives for a VIP Answer Type Using the CLI

The example that follows describes how to use the CLI to configure a group of five keepalives that includes a mix of shared and non-shared TCP-, ICMP-, and HTTP HEAD-type keepalives.

Example of Using the CLI to Configure Multiple Keepalives

1. Configure a VIP-type answer. For example:

gssm1.example.com(config-gslb)#answer vip 192.168.200.1
gssm1.example.com(config-ansvip[ans-ip])

The prompt changes to the answer vip configuration mode.

2. Specify a non-shared TCP keepalive that monitors port 443 on the device at IP address 192.168.50.41 and set the retries, successful-probes, and termination values. For example:

gssm1.example.com(config-ansvip[ans-ip])#keepalive type tcp port 443 ip-address 
192.168.50.41 retries 3 successful-probes 4 termination reset

This example assumes that the global failure detection rate is set to Fast (the retries and successful-probes options are available only if Fast is set). In order to specify an optional IP address for a device, you must specify the ip-address option before specifying the retries or successful-probes options.

3. Specify a non-shared TCP keepalive that monitors port 80 for the VIP-type answer at IP address 192.168.200.1 and set the retries value. For example:

gssm1.example.com(config-ansvip[ans-ip])#keepalive type tcp port 80 retries 4

4. Specify a non-shared HTTP-HEAD keepalive that monitors port 8080 for the VIP-type answer at IP address 192.168.200.1 and set the termination value. For example:

gssm1.example.com(config-ansvip[ans-ip])#keepalive type http-head port 8080 
ip-address 10.86.209.22 termination graceful

5. Specify a shared ICMP keepalive that monitors IP address 10.86.209.4 (the shared IP address that is used to test the online status of the VIPs). For example:

gssm1.example.com(config-ansvip[ans-ip])#keepalive type icmp ip-address 10.86.209.4 
shared

This step assumes that a shared ICMP keepalive that specifies IP address 10.86.209.4 was previously created.

6. Specify a shared TCP keepalive that monitors port 1650 on IP address 10.86.209.4 (the shared IP address that is used to test the online status of the VIPs). For example:

gssm1.example.com(config-ansvip[ans-ip])#keepalive type tcp port 1650 ip-address 
10.86.209.4 shared

This step assumes that a shared TCP keepalive that specifies port 1650 and IP address 10.86.209.4 was previously created.

7. Exit the answer vip configuration mode. Exiting combines the configured keepalives into a group and applies them to the configuration. For example:

gssm1.example.com(config-ansvip[ans-ip])#exit
gssm1.example.com(config-gslb)# 

For procedures on configuring keepalive VIP answers using the CLI, refer to the Cisco Global Site Selector CLI-Based Global Server Load-Balancing Configuration Guide, Chapter 6, Configuring Answers and Answer Groups.

For more information on the keepalive type command, see the "CLI Command Changes in Software Version 1.3(2)".

Example of Configuring Multiple Keepalives for a VIP Answer Type Using the GUI

The GUI on the primary GSSM now includes functionality to configure keepalives that specify the IP addresses of multiple devices on your network, and also allows you to configure multiple shared keepalives. The changes to the GUI that reflect these enhancements are:

The Multi-port Keepalive section of the Creating New Answer details page now includes a VIP Address checkbox that selects either a shared or non-shared keepalive (checked selects a non-shared keepalive; unchecked selects a shared keepalive). In GSS software version 1.3(1), this checkbox was available only for Keepalive 1.

The Multi-port Keepalive section of the Creating New Answer details page now includes an IP Address field that specifies the IP address of the device that is to be monitored by the keepalive. This field is accessible only when configuring non-shared keepalives (VIP Address checkbox must be checked).

Refer to Figure 2 and Figure 3 for a multi-port keepalive example as it appears in the Multi-port Keepalive section of the Creating New Answer page. The example specifies one non-shared TCP-type keepalive and two shared keepalives (one ICMP-type and one TCP-type).

For procedures on configuring keepalive VIP answers using the GUI, refer to the Cisco Global Site Selector GUI-Based Global Server Load-Balancing Configuration Guide, Chapter 6, Configuring Answers and Answer Groups.

Figure 2 Multi-port Keepalive Example

Figure 3 Multi-port Keepalive Example (Continued)

Changes to TACACS+

This section describes changes and additional information when a GSS is configured to act as a client for a TACACS+ server. This section includes changes to:

Authentication Behavior

User Privileges Based on GUI or CLI Access

Remote Login

Authentication Behavior

In GSS software version 1.3(2), if a user attempts to remotely connect to the GSS, and that user is configured on the TACACS+ server but is not configured on the GSS, then the user is authenticated with "user" privileges on the GSS. This example assumes that TACACS+ authentication is enabled and the TACACS+ server is online.

For reference, the following TACACS+ authentication behavior is observed in GSS software versions 1.3(2) and 1.3(1) when a user attempts to remotely connect to the GSS, and that user is configured on:

Both the TACACS+ server and the GSS, then the user is authenticated with privileges defined on the GSS (either "user" or "admin" privileges). This example assumes that TACACS+ authentication is enabled and the TACACS+ server is online.

The GSS server but is not configured on the TACACS+ server, then the user is not authenticated. This example assumes that TACACS+ authentication is enabled and the TACACS+ server is online.

The GSS server but is not configured on the TACACS+ server (however, TACACS+ authentication is enabled and the TACACS+ server is offline), then the user is authenticated.

User Privileges Based on GUI or CLI Access

There are differences in how users are assigned privileges based on whether they are using the GUI or the CLI on the primary GSSSM.

For users who are using the GUI, the privilege configured on the TACACS+ server takes preference over any privilege configured on the GSS.

For users who are using the CLI, the privilege configured on the GSS takes preference over the privilege configured on the TACACS+ server. If a user is not configured locally, then the user is assigned the "user" privilege by default (regardless of the privilege configured on the TACACS+ server).

Remote Login

Users can remotely log in to a GSS by Telnet, FTP, or SSH. To successfully log in to a GSS by an SSH session, a user must be configured on both the GSS and the TACACS+ server. To successfully log in by Telnet or FTP, a user need only be configured on the TACACS+ server. In earlier GSS software versions, users were required to be configured on both the GSS and the TACACS+ server for Telnet, FTP, or SSH remote login sessions.

Enhancement to the Answer Group Functionality

In GSS software version 1.3(2), the number of answer groups that you can configure from the primary GSSM has increased from 500 to 1000 answer groups.

Additional Information for Building and Modifying DNS Rules

This information augments the information provided in Chapter 7, Building and Modifying DNS Rules, in the Cisco Global Site Selector GUI-Based Global Server Load Balancing Configuration Guide and the Cisco Global Site Selector CLI-Based Global Server Load Balancing Configuration Guide.

The balance clauses that you configure in a DNS rule are evaluated in order, with parameters established to determine when a clause should be skipped and the next clause is to be used. A balance clause is skipped when any one of the following conditions exits:

A least-loaded balance method is selected and the load threshold for all online answers is exceeded.

The VIP answers in the specified VIP answer group are offline.

Proximity is enabled for a VIP-type answer group and the DRP agents do not return any RTT values that meet the value set for acceptable-rtt.

All answers in a CRA- or NS-type answer group are offline and keepalives are enabled to monitor the answers.

Additional Information for Configuring DNS Sticky

This information augments the information provided in Chapter 8, Configuring DNS Sticky, in the Cisco Global Site Selector GUI-Based Global Server Load Balancing Configuration Guide and the Cisco Global Site Selector CLI-Based Global Server Load Balancing Configuration Guide.

You can configure sticky only in a DNS rule that uses a VIP-type answer group.

Sticky is active for a DNS rule only when the following conditions exist:

Sticky is enabled for either global or local use. In the GUI, select Global or Local for the State option in the Global Sticky Configuration details page; in the CLI, enter the enable global or enable local command.

A sticky method option (domain or domain list) is selected. In the GUI, use the DNS Rule Builder and select By Domain or By Domain List for the Select Sticky Method option in the Create New DNS Rule window; in the CLI, enter the sticky method domain or sticky method domain list command.

Sticky is enabled within a balance clause for the DNS rule. In the GUI, use the DNS Rule Builder and click the Sticky Enable checkbox; in the CLI, enter the sticky enable command.

Operating Considerations for Software Version 1.3(2)

The following operating considerations apply to software version 1.3(2):

When you use a TCP keepalive with the fast detection and graceful termination methods to test a Telnet service on a server running Windows Server 2003, port 23 may fluctuate between the Up and Down state (port flapping). If port flapping occurs on TCP port 23 of Windows Server 2003, you will notice an increase in keepalive negative probe and keepalive transition counts on the Answer Keepalive Statistics list page of the primary GSSM GUI. To resolve this issue, increase the retries value for the TCP keepalive. A retry value of three or four should prevent flapping on port 23 when connecting to a server running Windows Server 2003.

Depending on the number of TCP keepalives you require to send from port 23 to servers running Windows Server 2003, specify the retries value as follows:

If the GSS is transmitting numerous TCP keepalives using port 23, globally change the Number of Retries value for all TCP keepalives on the Configure Global KeepAlive Properties details page of the GUI. If you are using the keepalive-properties tcp fast command in the CLI to configure keepalives, change the value of the retries option.

If TCP keepalives are being used for different devices or ports, change the Number of Retries value on a per TCP keepalive basis using the Modifying Answer detail page of the GUI. If you are using the keepalive type tcp command in the CLI to configure keepalives on a per TCP keepalive basis, change the value of the retries option.

Cisco LocalDirector does not reply properly to TCP keepalives sent on port 23 from a GSS device. To resolve this behavior, specify a different keepalive method with LocalDirector or directly probe the servers located behind LocalDirector.

For a GSS to successfully operate and perform DNS resolutions, a name server must be properly configured, running, and reachable by the GSS.

When a primary GSSM has been upgraded to software version 1.3(2), but other GSS devices remain at version 1.2(1.1.2) or 1.2(2.0.3), global server load-balancing configuration settings are not propagated to the GSS devices still at version 1.2(1.1.2) or 1.2(2.0.3). To avoid this behavior, ensure that all GSS devices on the network are upgraded to GSS software version 1.3(2) before you configure global server load balancing.

GSS software version 1.3(2) does not allow the use of double quotes for names and associated description strings. If you have any instances of double quotes (") in object names or associated descriptions (for example, "dns rule 01" or "dns rule 02), then you must remove all double quotes before you upgrade to GSS software version 1.3(2). To remove all instances of double quotes in object names and associated descriptions, follow the steps in the "Removing Double Quotes from Object or Description Names" section.

Software Version 1.3(2) Open Caveats, Resolved Caveats, and Command Changes

The following sections contain the open caveats, resolved caveats, and command changes in GSS software version 1.3(2):

Software Version 1.3(2) Open Caveats

Software Version 1.3(2) Resolved Caveats

CLI Command Changes in Software Version 1.3(2)

Software Version 1.3(2) Open Caveats

This section lists the open caveats for software version 1.3(2).

CSCef27479—When the GSS operates as a client with a TACACS+ server, it fails to use the TACACS+ server for authentication when you perform a remote SSH login using private and public key pairs. The SSH private and public keys on the GSS perform the user authentication and take priority over a TACACS+ server. If SSH private and public key pair authentication fails, then the TACACS+ server performs user authentication.

Workaround: To use a TACACS+ server for user authentication, use the no ssh keys CLI command to disable the use of SSH key pairs on the GSS. Refer to the Cisco Global Site Selector Getting Started Guide for details on configuring the GSS for remote access over an SSH session that uses private and public key pairs for authentication.

CSCef58474—A GSS CLI session may become unresponsive when you enter the enable command to access privileged EXEC mode from user EXEC mode. This condition may occur when there are seven or more concurrent CLI sessions running on the same GSS.

Workaround: Reduce the number of concurrent sessions running on the same GSS to less than seven by logging out of one or more CLI sessions.

CSCeg10406—Using the gssm restore command to restore the primary GSSM from the backup file may result in a misconfiguration of the keepalive engine and DNS server on the standby GSSM or GSS devices. This behavior is caused as a result of the newly restored configuration not properly overwriting the previous configuration on the primary GSSM.

The following logs are symptoms of a misconfiguration in either the keepalive engine or DNS server:

 KAL-4-KALSTATSNOGID[916] Could not find KAL-GID [208]
 KAL-4-KALGIDNOTFOUND[20077] kalDeleteVip: No KAL-GID found, removing based on GID 
[88]: success
 CRD-4-ANSWERNOTEXT[912] answer id 214 doesn't exist in selector but in kale

The presence of a core file in the /core-files/keepalive and /core-files/dnsserver is evidence of this problem.

Workaround: Ensure the standby GSSM and all GSS devices have network connectivity with the primary GSSM, then perform the following procedure:

a. Log on to the CLI of the standby GSSM or a GSS.

b. Enable privileged EXEC mode.

gss1.yourdomain.com> enable
gss1.yourdomain.com#

c. Determine if the node.state file is present in the / directory. If it is not present, proceed to step g.

gss1.yourdomain.com# cd /
gss1.yourdomain.com# ls

d. If the node.state file is present in the / directory, enter the gss stop command to stop your GSS server.

gss1.yourdomain.com# gss stop

e. Delete the node.state file.

gss1.yourdomain.com# del node.state 
gss1.yourdomain.com# cd /home

f. Enter the gss start command to force the standby GSSM or GSS to retrieve a new and complete configuration from the primary GSSM.

gss1.yourdomain.com# gss start

g. Repeat this procedure for each GSS device in your network.

CSCsb96262—In certain GSS configurations, the primary GSSM exhibits delays in its DNS resolution process. This delay can also be seen in slow GUI responses (30 to 45 seconds) when attempting to switch from one tab to another. This behavior occurs when the primary and standby GSSM reside in the same subdomain as the name server to which they are configured, and the primary GSSM needs to resolve the hostname request for the standby GSSM. Because the name server is not authoritative for the subdomain (the primary and standby GSSMs are), the name server is unable to resolve the hostname request and a looping effect is created.

Workaround 1: Configure your GSS network so that the primary GSSM and the standby GSSM reside in a subdomain that is different from the subdomain in which the answers they resolve for reside. This configuration allows the name server configured for the primary and standby GSSM to answer the primary GSSM's hostname request for the standby GSSM.

Workaround 2: Create a DNS rule at the primary GSSM that enables the primary GSSM to provide an answer to its DNS query for the standby GSSM. The DNS rule must include the following elements:

A domain list that provides the fully qualified domain name for the standby GSSM

An answer that includes the IP address of the standby GSSM and specifies a keepalive type of None

An answer group that includes only the answer created in the previous step

A DNS rule

CSCsc71389—The GSS exhibits an unexpected 2:1 load distribution (where a 1:1 load distribution is expected) under certain DNS rule configurations. The following DNS rule configuration can result in a 2:1 load distribution:

A Hashed method type is selected in the balance clause of the DNS rule

The answer group specified in the balance clause contains only two answers

CSCsd31646The clock timezone command allows you to select standard Universal Time Coordinated (UTC) timezones for your GSS. However, if you need to specify an offset to your standard timezone (for example, daylight savings time arrives early for your region), you must manually set the GSS time.

Workaround: Use the clock set command to manually set a time for each GSS device. For example:

gss1.example.com# clock set 13:01:05 march 26 2006

CSCse07921The GSS GUI incorrectly allows the use of double quotes for certain objects that are defined in the GUI (for example, User Name, Comments for various resources, Path for an HTTP-HEAD keepalive). Attempting to play a GSLB configuration file (using the script play-config command) that includes objects with double quotes results in errors.

Workaround: Do not use double quotes when creating objects from the GUI.

CSCse14107 When AAA accounting is enabled on the GSS, a user is logged out of the console when any CLI command is entered. A subsequent login is successful, but the user is again logged out of the console when a CLI command is entered.

Workaround: Access the GSS device by Telnet or SSH session to the GSS IP address when using AAA accounting commands.

Workaround when you need to downgrade: If you experience this behavior and need to downgrade to an earlier GSS software version, do the following: Access the GSS device by Telnet or SSH session to the GSS IP address and disable any AAA accounting commands. Downgrade by following the steps provided in "Downgrading from Version 1.3(2)".

CSCse16930 When a TACACS+ server is configured for use with the GSS, and an encryption key is defined on the GSS but not defined on the TACACS+ server, the client is locked out and denied local authorization to the GSS.

Workaround: To recover from the lockout situation, define any encryption key on the TACACS+ server.

Software Version 1.3(2) Resolved Caveats

This section lists the resolved caveats for software version 1.3(2).

CSCef94037—The NTP service remains enabled in a GSS even if you disable the service before rebooting a GSS. Starting with software version 1.2(1) and continuing through software version 1.3(1), the ntp enable command is used to enable the NTP service on the GSS. The ntp enable command is used with the ntp-server command to synchronize the GSS system clock with an NTP time server. To preserve backwards software compatibility, the line ntp enable is automatically added to any startup configuration file created by a pre-GSS version 1.2(1) version of software. The re-occurrence of the line ntp enable in the GSS startup-configuration file is caused when you define one or more NTP servers using the ntp-server command. Each time you reboot the GSS, it automatically enables the NTP service if it detects an NTP server in the startup-configuration file.

CSCeh89311—When configuring a GSS device as a standby GSSM using the gss enable gss-standby commands, the standby GSSM may fail to register with the primary GSSM. This behavior is caused if either of the following condition exists:

There is no valid name server IP address configured on the standby GSSM

There is more than one invalid name server IP address configured on the standby GSSM (in addition to a valid name server IP address)

CSCsc99070—When the GSS performs an SNMPwalk on UCD-SNMP-MIB (OID 1.3.6.1.4.1.1.2021), it jumps from OID 2021.4.x to 2021.10.x. Because these omitted OIDs contain disk partition information, the information is not available using SNMP.

CSCsd08995—TACACS+ authentication fails when attempting an SSH login when the GSS password and the TACACS+ password differ.

CSCsd15405—The GSS does not authenticate TACACS+ users if both of the following conditions exist:

The Group-Level Password Aging checkbox is enabled (in the Advanced Options page of the Interface Configuration section in the Cisco Secure ACS HTML interface)

The password aging period has expired (the password warning period is active)

CSCsd36425The GSS returns an incorrect administrative status to an SNMP management station for GSS interface eth0 or eth1 when an interface is not configured with an IP address. The incorrect status is returned as "administratively-UP" and as "operationally-DOWN."

CSCsd48703When executing the script play-config command to play a GSLB configuration file and a name server is not properly configured, the GSS CLI becomes unavailable and the Content Router Manager (CRM) may automatically restart. In some cases, the CLI becomes available again after a few minutes; in other cases, you must restart the GSS using the gss stop and gss start command sequence.

CLI Command Changes in Software Version 1.3(2)

Table 1 lists the commands that have been changed in GSS software version 1.3(2).

Table 1 CLI Commands Changed in Version 1.3(2) 

Command and Syntax
Description

keepalive type http-head

The ip-address option for the keepalive type http-head command has been added to allow you to specify shared keepalives (to monitor the status of VIPs) and non-shared keepalives (to monitor the status of remote devices not connected to the VIPs). The syntax for the keepalive type http-head command is:

keepalive type http-head [host-tag domain_name | ip-address ip_address [shared] | path path | port number | retries number | successful-probes number | termination {graceful | reset}]

The options and variables for this command are:

host-tag domain_name—(Optional) Specifies an optional domain name that is sent to the VIP as part of the HTTP HEAD query. This tag allows an SLB to resolve the keepalive request to a particular website even when multiple sites are represented by the same VIP.

ip-address ip_address—(Optional) Specifies the IP address of a remote device that is not connected to the VIPs. The device is probed by the non-shared HTTP HEAD keepalive. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

ip-address ip_address [shared](Optional) Specifies the IP address that was previously defined in an existing HTTP HEAD shared keepalive. This IP address is used to test the online status of the VIPs to which it services. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

path path—(Optional) Specifies the server website queried in the HTTP HEAD request (for example, /company/owner). The default path "/" specifies the virtual root of the webserver.

port number—(Optional) Specifies the port on the remote device that is to receive the HTTP HEAD-type keepalive request from the GSS. The valid entries are 1 to 65535. The default port is 80.

retries number—(Optional) Specifies the number of times the GSS retransmits a HTTP HEAD packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1.

successful-probes number—(Optional) Specifies the number of consecutive successful HTTP HEAD keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1.

termination—(Optional) Specifies one of the following HTTP HEAD keepalive connection termination methods:

graceful—The GSS initiates the graceful closing of a HTTP HEAD connection by using the standard three-way connection termination method.

reset—The GSS immediately terminates the TCP connection by using a hard reset. If you do not specify a connection termination method, the GSS uses this method type.

keepalive type icmp

The ip-address option for the keepalive type icmp command has been added to allow you to specify shared keepalives (to monitor the status of VIPs) and non-shared keepalives (to monitor the status of remote devices not connected to the VIPs). The syntax for the keepalive type icmp command is:

keepalive type icmp [ip-address ip_address [shared] | retries number | successful-probes number]

The options and variables for this command are:

ip-address ip_address—(Optional) Specifies the IP address of a remote device that is not connected to the VIPs. The device is probed by the non-shared ICMP keepalive. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

ip-address ip_address [shared](Optional) Specifies the IP address that was previously defined in an existing ICMP shared keepalive. This IP address is used to test the online status of the VIPs to which it services. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

retries number—(Optional) Specifies the number of times the GSS retransmits an ICMP echo request packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1.

successful-probes number—(Optional) Specifies the number of consecutive successful ICMP keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1.

keepalive type tcp

The ip-address option for the keepalive type tcp command has been added to allow you to specify shared keepalives (to monitor the status of VIPs) and non-shared keepalives (to monitor the status of remote devices not connected to the VIPs). The syntax for the keepalive type tcp command is:

keepalive type tcp [ip-address ip_address [shared] | port number | retries number | successful-probes number | termination {graceful | reset}]

The options and variables for this command are:

ip-address ip_address—(Optional) Specifies the IP address of a remote device that is not connected to the VIPs. The device is probed by the non-shared TCP keepalive. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

ip-address ip_address [shared](Optional) Specifies the IP address that was previously defined in an existing TCP shared keepalive. This IP address is used to test the online status of the VIPs to which it services. Enter an unquoted text string in dotted decimal format (for example, 192.168.10.1).

port number—(Optional) Specifies the port on the remote device that is to receive the TCP-type keepalive request from the GSS. The valid entries are 1 to 65535. The default port is 80.

retries number—(Optional) Specifies the number of times the GSS retransmits a TCP packet before declaring the device offline. As you adjust the retries value, you change the detection time determined by the GSS. By increasing the number of retries, you increase the detection time. Reducing the number of retries has the reverse effect. The valid entries are 1 to 10 retries. The default is 1.

successful-probes number—(Optional) Specifies the number of consecutive successful TCP keepalive attempts (probes) that must be recognized by the GSS before bringing an answer back online. The valid entries are 1 to 5 attempts. The default is 1.

termination—(Optional) Specifies one of the following TCP keepalive connection termination methods:

graceful—The GSS initiates the graceful closing of a TCP connection by using the standard three-way connection termination method.

reset—The GSS immediately terminates the TCP connection by using a hard reset. If you do not specify a connection termination method, the GSS uses this method type.


Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/techsupport

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Product Documentation DVD

The Product Documentation DVD is a comprehensive library of technical product documentation on a portable medium. The DVD enables you to access multiple versions of installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the same HTML documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .PDF versions of the documentation available.

The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at this URL:

http://www.cisco.com/go/marketplace/

Ordering Documentation

Registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:

http://www.cisco.com/go/marketplace/

Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.

Documentation Feedback

You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.

You can submit comments about Cisco documentation by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you will find information about how to:

Report security vulnerabilities in Cisco products.

Obtain assistance with security incidents that involve Cisco products.

Register to receive security information from Cisco.

A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:

For Emergencies only — security-alert@cisco.com

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.

For Nonemergencies — psirt@cisco.com

In an emergency, you can also reach PSIRT by telephone:

1 877 228-7302

1 408 525-6532


Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

The link on this page has the current PGP key ID in use.

If you do not have or use PGP, contact PSIRT at the aforementioned e-mail addresses or phone numbers before sending any sensitive material to find other means of encrypting the data.


Obtaining Technical Assistance

Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Technical Support & Documentation Website

The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do


Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.


Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—An existing network is down, or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of the network is impaired, while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL:

http://www.cisco.com/go/guide

Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

or view the digital edition at this URL:

http://ciscoiq.texterity.com/ciscoiq/sample/

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL:

http://www.cisco.com/en/US/products/index.html

Networking Professionals Connection is an interactive website for networking professionals to share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:

http://www.cisco.com/discuss/networking

World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html