Guest

Cisco ACE GSS 4400 Series Global Site Selector Appliances

Release Notes for the Cisco Global Site Selector, Release 4.1(0)

  • Viewing Options

  • PDF (634.4 KB)
  • Feedback
Release Notes for the Cisco Global Site Selector, Release 4.1(0)

Table Of Contents

Release Notes for the Cisco Global Site Selector, Release 4.1(0)

Contents

Upgrading or Downgrading the GSS Software

New Features in GSS 4.1(0)

Geo-Location-Based GSLB Feature

Support for IPv6 Addressing in GSLB and Management

Software Version 4.1(0) CLI and GUI Changes

Command Changes for Software Version 4.1(0)

GUI Changes in Software Version 4.1(0)

Enhanced GUI Changes

Configuration Scalability

RMI Interface Specification

Caveats

Resolved Caveats for Software Version 4.1(0)

Open Caveats for Software Version 4.1(0)

Obtaining Documentation and Submitting a Service Request


Release Notes for the Cisco Global Site Selector, Release 4.1(0)


September, 2011


Note The most current Cisco documentation for released products is available on Cisco.com. For the complete set of Cisco Global Site Selector user documentation, go to the following URL:
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_support_series_home.html


Contents

These release notes apply to Cisco Global Site Selector (GSS) software Version 4.1(0)

This document contains the following sections:

Upgrading or Downgrading the GSS Software

New Features in GSS 4.1(0)

Software Version 4.1(0) CLI and GUI Changes

Caveats

Obtaining Documentation and Submitting a Service Request

Upgrading or Downgrading the GSS Software

Table 1 provides information about the upgrade sequence for previous software versions that you must follow before you upgrade to Version 4.1(0).


Note The GSS software release 4.1.0 is supported only on GSS 4492R, and is not supported on the following hardware: GSS 4491, GSS 4490, or GSS 4480.



Note You must upgrade the primary GSSM first, followed by the other GSS devices in your network. After you upgrade the primary GSSM, ensure that each GSS device in your network to be upgraded is connected to the primary GSS device. If you upgrade the non-primary GSS prior to the primary GSSM upgrade, you might experience unexpected behavior.



Note When upgrading the GSS device from software versions that earlier than 3.2(0) to software Version 4.1(0), the device will reboot twice to complete the upgrade.


Table 1 GSS Software Upgrade Sequence for 4.1(0)

From version . . .
To version . . .

1.0(x) or

1.1 (prior to 1.1.(1.7.0))

1.1.(1.7.0)

1.1.(1.7.0)

1.2.(2.2.0)

1.2 (x) where x = 1 or 2

1.3(3)

1.3(3)

4.1(0)

2.0(1)

4.1(0)

2.0(2)

2.0(3)

2.0(4)

2.0(5)

3.0(1)

3.0(2)

3.1(0)

3.1(1)

3.1(2)

3.2(0)


The Cisco Global Site Selector Administration Guide (Software Version 4.1(0)) contains the required information to upgrade your GSS software.


Note The upgrade image does not contain GeoDB database file. You must download the GeoDB database file from the following URL: http://geolite.maxmind.com/download/sec/ . The download link is password protected. For the user name and password, refer to the e-delivery letter of your GeoIP database licence. For further assistance, contact your Cisco account representative or send an e-mail message to ask-gss@cisco.com.


New Features in GSS 4.1(0)

This section describes the new and updated GSS software Version 4.1(0) features and contains the following topics:

Geo-Location-Based GSLB Feature

Support for IPv6 Addressing in GSLB and Management

Configuration Scalability

RMI Interface Specification


Note GSS 4.1(0) is supported only on GSS4492R hardware. You are not permitted to install GSS 4.1(0) on any hardware older than 4492R (4491, 4490, and 4480).



Note The Geo-location-based services cannot be configured with an IPv6 address.


Geo-Location-Based GSLB Feature

GSS software Version 4.1(0) supports the GeoIP database (GeoDB) proximity computation mechanism in GSS. From the latitudinal and longitudinal information in the GeoDB, GSS decides the proximity, based on the geographical distance from the client's D-proxy IP to the zone IP. During the proximity calculation, the GSS uses these distances to determine the IP address of the resource nearest to the D-proxy.

To enhance the various GSS features with GeoIP-awareness, you can add regions based on the GeoDB locations. The process of updating the GeoDB does not impact GSS operations. All user-defined database entries are preserved during a database upgrade.

To enable the GeoDB feature, a valid GeoIP license should be installed and the GeoIP database should be imported into GSS. After importing, if static entries are present, then the distance gets computed based on latitude and longitude mentioned for the static entries.

GSS software Version 4.1(0) supports the capability to answer DNS requests with most proximate answers to the D-proxy.

If you want to enable the GeoDB license package on a particular GSS, you must purchase a GeoDB license from Cisco Systems to receive a Product Authorization Key (PAK) number. For more information on obtaining and installing a GeoDB license, see the Global Site Selector Administration Guide. See the Cisco Global Site Selector GUI-based Global Server Load-Balancing Configuration Guide and the Cisco Global Site Selector CLI-based Global Server Load-Balancing Configuration Guide for more information.

Support for IPv6 Addressing in GSLB and Management

The GSS software Version 4.1.0 supports IPv6 configurations with the following considerations:

By default, IPv6 is disabled on an interface. The IPv6 support is enabled by configuring an IPv6 address on the interface. To enable the GSS functionality and to bring up the GSS communication, you need to configure an IPv4 address on the interface.


Note All mesh communications in the GSS network occurs over the IPv4 address. If you do not specify an IPv4 address the GSS services will not start.


The GSS GUI can only be accessed using an IPv4 address in your browser. (For example, https:// 192.168.1.1).

When you enable IPv6 or configure a global IPv6 address on an interface, the GSS automatically does the following:

Configures a link-local address (if it is not already configured).

Performs Duplicate Address Detection (DAD) on both addresses.

To enable global IPv6 address, you must first configure an IPv6 address on the local interface.

You can enable or disable an IPv6 configuration on an interface individually. You cannot be enable or disable the IPv6 configuration globally.

A link-local address is an IPv6 unicast address that has a scope of the local link only and is required on every interface. Every link-local address has a predefined prefix of FE80::/10. You can configure a link-local address manually. If you do not configure a link-local address before enabling an IPv6 address on the interface, the GSS automatically generates a link-local address with a prefix of FE80::/64. Only one IPv6 link-local address can be configured on an interface.

A unique local address is an optional IPv6 unicast address that is used for local communication within an organization and it is similar to a private IPv4 address (for example, 10.10.2.1). unique local addresses have a global scope, but they are not routable on the Internet, and they are assigned by a central authority. All unique local addresses have a predefined prefix of FC00::/7. You can configure only one IPv6 unique local address on an interface.

A global address is an IPv6 unicast address that is used for general IPv6 communication. Each global address is unique across the entire Internet. Therefore, its scope is global. The low order 64 bits can be assigned in several ways, including auto configuration using the EUI-64 format. You can configure only one globally unique IPv6 address on an interface.

The sticky module supports the following IPv6 functionalities in software Version 4.1.0:

1. Global prefix length can be configured to match IPv6 D-Proxy addresses into the same sticky database (SDB) entry.

2. The Sticky Groups can be configured for IPv6 address. The IPv6 D-Proxy addresses and the answers returned for AAAA queries can be stored to track hit count for AAAA query answers.

3. All sticky database operations like SDB lookup and SDB entry delete operations should be enhanced for IPv6 D-Proxy and IPv6 answers.

4. The IPv6 sticky database can be synced across the GSS mesh when the global sticky is used.

Software Version 4.1(0) CLI and GUI Changes

This section describes the CLI command and GUI changes associated with software version 4.1(0) and includes the following sections:

Command Changes for Software Version 4.1(0)

GUI Changes in Software Version 4.1(0)

Enhanced GUI Changes

Command Changes for Software Version 4.1(0)

Table 2 describes the new CLI commands that are added in software Version 4.1(0):


Note For an overview and detailed syntax description of the new commands in software Version 4.1(0), see Cisco Global Site Selector Command Reference Guide 4.1(0) and Cisco Global Site Selector CLI Configuration Guide 4.1(0)


Table 2 CLI Command Change in Version 4.1(0) 

Mode
Command and Syntax
Description

Global server load-balancing configuration

show sticky database {all | answer {name/ip_address} | domain {name} | domain-list {name} | group {name} | inactive minimum {minutes} maximum {minutes} | ip {ip_address} region region id netmask {netmask} | rule {rule_name}}

This new parameter added to the show sticky database command allows you to display sticky database entries by specifying one or more entry matching criteria.

region region id—Displays the sticky entries based upon the region id.

answer ip_address—Displays all sticky entries related to a particular answer. Specify the name of the answer. If there is no name for the answer, specify the IP address of the sticky answer. Enter an IPv6 address.

ip ip_address—Enter either an IPv4 or an IPv6 IP address.

netmask netmask—Specifies the subnet mask of an IPv4 address or the prefix length of an IPv6 address.

Rule configuration

clause number vip-group name [count number | ttl number | manual-reactivation enable | method {round-robin | least-loaded | ordered | weighted-round-robin | hashed {domain-name | source-address | both}} | sticky {enable | disable} | region-sticky {enable | disable} | proximity {enable [rtt number | wait {enable | disable}| zone number] | disable}] | geodb {enable [acceptable-distance distance] | disable}

The new parameter added to the clause number vip-group name command in the rule configuration mode allows you to activate the DNS region sticky and geodb proximity.

region sticky—Activates DNS region sticky for the balance clause when you specify enable. Deactivates sticky for the balance clause, when you specify disable.

geodb—Activates GeoDB proximity for the balance clause when you specify enable. Deactivates the GeoDB proximity for the clause when you specify disable.

acceptable-distance distance—Changes the GeoDB-acceptable distance for the balance clause to a different value from the global GeoDB configuration. The GSS uses this value as the user-specified acceptable distance when determining the most proximate answer. Enter an acceptable distance value from 0 to 20000 kms. The default value is 5000 kms.

Rule configuration

query {a | aaaa| all }

query—Specifies the type of DNS query to apply to the rule. Choose one of the following:

a—The DNS rule is applied only to answer address record (A-record) requests originating from a host on the configured source address list. Any requests with unsupported query types (for example, MX, PTR, or CNAME records) that match this DNS rule are dropped and not answered by the GSS. For an AAAA query with a configured host domain, the GSS returns a NODATA (No Answer, No Error) response for the requester to make a subsequent A-record query.

All—The DNS rule is applied to all DNS queries originating from a host on the configured source address list. For any request other than an A or AAAA record query (for example, MX or CNAME record), the GSS forwards the request to a name server configured in one of the three balance clauses. When the GSS receives the response from the name server, it delivers the response to the requesting client D-proxy.


Note When you select All, you must configure one balance clause to include a name server-type answer group.


   

aaaa—The DNS rule is applied only to answer address record (AAAA record) requests originating from a host on the configured source address list. For any request with unsupported query types (for example, MX, PTR, or CNAME record) that match this DNS rule, those query types are dropped and are not answered by the GSS. For an A record query with a configured host domain, the GSS returns a NODATA (No Answer, No Error) response in order for the requester to then make a subsequent A-record query. In the DNS, rule A and AAAA record types can be selected simultaneously. The configured rule is applied to answer address record (A and AAAA record) requests originating from a host on the configured source address list. For any request with unsupported query types (for example, MX, PTR, or CNAME record) that match this DNS rule, those query types are dropped and are not answered by the GSS

User EXEC, privileged EXEC, global configuration, and global server load-balancing

geodb static-entry start-ip ip_address end-ip ip_address latitude number longitude number countrycode word : statename word

The geodb static-entry command in the global server load-balancing configuration mode is used to add static entries to the GeoDB database.

start-ip—Specifies the start of the IP address range.

latitude—Specifies the latitude of the location where the IP address range is located.

longitude—Specifies the longitude of the location where the IP address range is located.

end-ip—Specifies the end of the IP address range.

countrycode—Specifies the country code.

statename—Specifies the state name.

Global server load-balancing configuration

geodb-properties {{disable | enable} | mask netmask | timeout minutes | equivalence kilometers | acceptable-distance kilometers | request-monitoring {enable | disable}}}

You can configure the global GeoDB configuration settings by using the geodb-properties command in global server load-balancing configuration mode. The GeoDB functionality is applicable only for A or AAAA requests, which comes from IPv4 D-proxies.timeout minutes—Specifies the maximum time interval that can pass without the PDB receiving a lookup request for an entry before the GSS removes the entry from the PDB. The inactivity timeout range is from 5 to 10080 minutes (168 hours).

disable—Disables the GeoDB feature.

enable—Enables the GeoDB feature.

mask —Specifies a global subnet mask that the GSS uses to uniformly group contiguous D-proxy addresses as an attempt to increase the number of clients that the GeoDB database can support.

equivalence—Specifies the distance that the GSS applies to the most proximate GeoIP values to identify the relative values of other zones that the GSS should consider as equally proximate. The equivalence distance range is from 0 to 9999 kms.

acceptable-distance —Specifies the acceptable distance value when determining the most proximate answer. The range of the acceptable distance is from 0 to 20000 kms.

request-monitoring—Enables or disables the Geo-source monitoring settings.

Global server load-balancing configuration

source-address-list name owner name comments text | region name | Country Code: State Name | ipaddress ip-address

name—Name for the source address list. Enter a unique alphanumeric name with a maximum of 80 characters. Names that include spaces must be entered in quotes (for example, "name 1").

owner name—Specifies an existing owner name with which the source address list is to be associated.

comments text—(Optional) Specifies descriptive information or important notes about the source address list. Enter up to 256 alphanumeric characters. Comments with spaces must be entered in quotes.

region—Specifies the region that you have configured in the GSS.

Country Code—Country code that resides in the GeoDB configuration.

State Name—Name of the state that you have associated with a specific country.

ipaddress—Specifies the ip address of the source-address-list. Both IPv4 and IPv6 is supported


GUI Changes in Software Version 4.1(0)

The GSS 4.1(0) GUI has a new color scheme that enhances the user experience. Figures 1 through 4 depict the new appearance of the user interface.


Note You must use an IPv4 IP address to access the primary GSSM GUI login screen. IPv6 address is not supported to access the GSSM GUI screen.


Figure 1 Primary GSS GUI

Figure 2 Regions Tab

Figure 3 Shared KeepAlives

Figure 4 Create New DNS Rule

Figure 5 GeoDB Tab

Enhanced GUI Changes

Several GUI screens now contain options for configuring the new GeoDB enhancements and IPv6 support described in the "New Features in GSS 4.1(0)" section. The modified screens are as follows:

Resources Tab—The menu options for this tab now contain the Regions option for performing the following tasks:

Add, remove, or modify regions.

Add additional states to a specific region. For example, if you select United States, you can add multiple states such as California, North Carolina, and Texas simultaneously.


Note Before you add or modify the regions or states, you must import the GeoDB file. To import the GeoDB file, you must use the following command:
geodb database import tar-file-name cisco_geodb_2011-07-12_v001.tar.gz md5sum-file-name cisco_geodb_2011-07-12_v001.tar.gz.md5.

Download the GeoDB file from the following URL: http://geolite.maxmind.com/download/sec/ . The download link is password protected. For the user name and password, refer to the e-delivery letter of your GeoIP database licence. For further assistance, contact your Cisco account representative or send an e-mail message to ask-gss@cisco.com.


Source Address List Screen (DNS Rules > Source Address Lists)—This screen now contains additional navigation tree options that enables you Add Addresses, Delete Addresses, Add Regions and Delete Region to a new or an existing source address list.

DNS Rule Builder (DNS Rules > Shared KeepAlives)—The section of the builder that is used to configure the shared keepalives now contains the OID (Object Identifier) Type drop-down list that enables you to choose the IpAddress or Inet option.

DNS tab (DNS > DNS Rules)—This new create DNS rule screen now contains options to configure aaaa query type, enable sticky, and region-based sticky check boxes.

GeoDB (GeoDB > Configuration)—The screen now contains a new radio button (Request Monitoring ). You can select this radio button to enable the Geo-source monitoring settings.

For more information, see the Cisco Global Site Selector GUI-Based Global Server Load-Balancing Configuration Guide or the Online Help.

Configuration Scalability

GSS software version 4.1(0) provides enhancement of the maximum VIP limit from 4000 to 8000, maximum answer group limit from 2000 to 4000, and the maximum number of domain lists from 2000 to 4000. You can either enter an IPv4 or an IPv6 address in the VIP address field.

RMI Interface Specification

GSS software Version 4.1(0) improves the performance of the Java RMI interface that GSS uses to communicate with Cisco Application Networking Manager (ANM). Using ANM, you can monitor GSS operations and activate or suspend GSS VIP answers and DNS rules. Improved performance of the RMI interface includes faster response times and the ability to handle additional simultaneous connections.

Caveats


Note The caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation may be necessary to provide the most complete and concise description.


This section contains the resolved and open caveats for software version 4.1(0) and contains the following topics:

Resolved Caveats for Software Version 4.1(0)

Open Caveats for Software Version 4.1(0)

Resolved Caveats for Software Version 4.1(0)

This section lists the resolved caveats for software Version 4.1(0).

CSCtn64849—When inactivity timeout is set to any value, for example, 5 minutes and a request is sent using a dig utility tool, the entry does not get timed out after the set inactivity timeout value.

CSCtn67146—When GeoIP feature is enabled the explorer process utilizes 99.9% of the CPU.

CSCtn67353—When GeoIP enabled with zones is configured and a request is sent from D-proxy where both the D-proxy and the zones have the same latitude and longitude information, the distance is computed as -1, hence there is insufficient proximity data and the proximity clause fails.

CSCtn67597—Logs display negative D-proxy IP number for few dig requests with GeoIP feature enabled.

CSCtn75932—When zone IPs are modified, the distance is not calculated accurately.

Workaround: Restart GSS.

CSCto01224—When GSS is restarted the GeoIP database gets deleted.

CSCto04065—When the zone IP is entered which is not present on the database, the explorer process uses 99% of the CPU.

Workaround: Do not enter the zone IPs which are not present on the database.

CSCto04849—Dig request always returns the first answer with the GeoIP feature enabled. GeoIP functionality does not work.

CSCto14512—Distance is not calculated correctly for a dig request after adding and then deleting static entries.

CSCto47104—GeoIP feature works without installing a license.

CSCto52472—GeoDB proximity does not work for more than one DNS rule, the cached proximity database entry does not get updated for a new lookup request received with new zones.

CSCto45194—GeoIP license installation does not work.

CSCto60633—No answers are returned when distance returned is outside the acceptable and equivalence distance.

CSCto60585—When a new zone is added, all the answers are not returned within acceptable and equivalence distance.

Workaround: Re-submit the DNS rule after modifying zones and locations.

CSCto68183—On rare occasions, GSS can have WTMP partition filled up with ANM user login info that does not get cleared out properly. This can cause problems to access TACACS and SSH.

Workaround: Reload GSS or go into the debug shell and truncate the file.

CSCto79758—When the GSS is reloaded and if the license is installed before the GeoDB is imported, you cannot run any gslb config/show commands even if the GSS status is ready.

CSCto93424—Performance drop is seen after each 10 minutes.

CSCeg62247—The following message is seen on the console of the GSS, which runs software release that are older than 4.1.0.

EXT3-fs warning: maximal mount count reached, running e2fsck is recommended

Workaround: Run the mountcount binary script.

CSCto98333—The GSS goes into an unstable state if you directly upgrade the software from version 1.3.3 to 3.2.

Workaround: Upgrade to any intermediate version such as 3.1.2 before you upgrade to 3.2. Refer Cisco Global Site Selector Administration Guide 4.1.(0) for the upgrade procedure.

CSCtq67697—Unable to configure IPv4 or IPv6 VIP answers from the GSS GUI.

Workaround: Use the CLI to configure IPv4 or IPv6 VIP answers.

CSCtq70881—DNS Server crashes when the DNS rule is configured through CLI.

Workaround: Configure DNS rule through GUI.

CSCtq71231—The following error message is seen, when you try to add default keepalives of any kal type, to the configured VIP answer.

Failed to Configure Answer with type VIP and Address <ip>. Reason: null

Workaround: Use the GUI to configure default keepalives to the configured VIP answer.

CSCtq90939—DAD detection does not work in the following cases:

1. If IP is configured in the shutdown mode of the interface and followed with a no shutdown.

2. If DAD detected IP is configured and when you restart the GSS show interface command does not show the DAD status correctly.

Workaround: Configure the interface IP in no shutdown mode and check the for DAD detection in the show interface command.

CSCts04876—Scripted-kal does not work if the kal-type is snmp-mib-not-index-by-vip with the target address of the Content Services Switch.

Workaround: Use the CSS scripted-kal-type query to target Content Services Switch.

CSCtr82496—Upon upgrading to software release 4.1.(0), the standby GSS returns NXDOMAIN to the DNS lookup query. This problem occurs when the standby GSS has been upgraded before the primary GSS.

Workaround: Restart GSS.

CSCtq96231—When you configure two or more answers with ICMP keepalives at the same time the probe statistics gets duplicated.

Workaround: None.

CSCtr98825— When scripted-kal is configured to get the LOAD value, the KeepAliveEngine (KALE) process dumps the core file.

Workaround: Configure other keepalive types such as KAL-AP.

CSCtr69232—Best case performance numbers for the DNS queries drop by 35% because of the IPv6 changes in release 4.1.0.

Workaround: None.

CSCts44391—The DNS server crashes when TCP traffic is sent from more than 3 consoles simultaneously. This problem occurs because the "recv" call in tcpRead fails. And, in error path if you set the fd to -1 and delete the reference from Sticky and Proximity module.

Workaround: None.

CSCtz88393—In GSS 3.x and earlier versions, if an AAAA query hits the GSS box and if the NS Forward DNS clause is selected, the AAAA queries will not be forwarded to the corresponding Name Server. Instead, an NOERROR will be returned by GSS.

This behavior has been corrected from GSS 4.x versions. If a AAAA query hits the GSS box and if NS Forward DNS clause is selected, the AAAA queries will be forwarded to the corresponding Name Server. If the Name Server is in offline/suspended state, the GSS returns an SERVFAIL.

Workaround: None

Open Caveats for Software Version 4.1(0)

This section lists the open caveats for software Version 4.1(0):

CSCtc76185—When using the CLI to manage the GSS, on rare occasions the answer suspend functions does not work.

Workaround: Use the GSS GUI to suspend the answer.

CSCte43718—When an answer group change is being made on the GSS GUI, GSS is seeing dnsserver cores, which can be traced back to the change. This issues is not seen with 4492 GSS devices.

Workaround: None.

CSCtf78828—GSS uses a variable "numInUse" to track number of answers available to return to the D-proxy based on keepalive checks. When a CSM real bounces in and out of service, a failure can occur that results in the GSS not returning the valid online CSM answer. In a round robin rule, the GSS will not hand out the CSM answer even though the answer is online. This issues is not seen with 4492 GSS devices.

Workaround: None.

CSCtg97066—When the GSS is integrated with TACACS+ and the user is accessing the GSS GUI, on rare occasions the Tomcat process restarts and generates a core.

Workaround: None.

CSCtj86311—When an HTTP-HEAD KAL response from a VIP is delayed (because FW drops first 3 SYNs), the GSS mis-handles the TCP session and marks the KAL as failed.

Workaround: None.

CSCtk56123—When sticky and proximity are enabled on GSS and under the DNS rule, "Wait" is enabled, the GSS stops serving answers (DNS request timeout on the client end) for some clients.

Workaround: Disable sticky or proximity, or disable the "Wait".

CSCtl11705—The GSS is unresponsive; no response from console, GUI, or SSH and DNS requests also go unanswered.

Workaround: Reboot the GSS to recover.

CSCtq25770—The periodic back-up of the GeoIP database does not occur until it is initiated manually.

Workaround: Use geodb database periodic-backup command through the CLI to initiate the periodic back-up manually.

CSCtx47230—When the number of states/countries added in a region crosses more than 50, the DNS server restarts in a loop.

Workaround: Split regions with more than 50 states/countries into multiple regions and configure all these regions into the same Source Address List.

CSCtz80103—Upon using the MaxMind GeoIP database which is downloaded after November 21, 2012, the following commands may not display any output and may generate a core file when executed:

geodb database lookup <ip-address>

show statistics dns geo-region

Workaround: Use the MaxMind database which is downloaded on or before November 21, 2012.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html