Table Of Contents
Release Notes for the Cisco Global Site Selector, Release 4.1(0)
Note The most current Cisco documentation for released products is available on Cisco.com. For the complete set of Cisco Global Site Selector user documentation, go to the following URL:
These release notes apply to Cisco Global Site Selector (GSS) software Version 4.1(0)
This document contains the following sections:
Upgrading or Downgrading the GSS Software
Table 1 provides information about the upgrade sequence for previous software versions that you must follow before you upgrade to Version 4.1(0).
Note The GSS software release 4.1.0 is supported only on GSS 4492R, and is not supported on the following hardware: GSS 4491, GSS 4490, or GSS 4480.
Note You must upgrade the primary GSSM first, followed by the other GSS devices in your network. After you upgrade the primary GSSM, ensure that each GSS device in your network to be upgraded is connected to the primary GSS device. If you upgrade the non-primary GSS prior to the primary GSSM upgrade, you might experience unexpected behavior.
Note When upgrading the GSS device from software versions that earlier than 3.2(0) to software Version 4.1(0), the device will reboot twice to complete the upgrade.
The Cisco Global Site Selector Administration Guide (Software Version 4.1(0)) contains the required information to upgrade your GSS software.
Note The upgrade image does not contain GeoDB database file. You must download the GeoDB database file from the following URL: http://geolite.maxmind.com/download/sec/ . The download link is password protected. For the user name and password, refer to the e-delivery letter of your GeoIP database licence. For further assistance, contact your Cisco account representative or send an e-mail message to firstname.lastname@example.org.
New Features in GSS 4.1(0)
This section describes the new and updated GSS software Version 4.1(0) features and contains the following topics:
Note GSS 4.1(0) is supported only on GSS4492R hardware. You are not permitted to install GSS 4.1(0) on any hardware older than 4492R (4491, 4490, and 4480).
Note The Geo-location-based services cannot be configured with an IPv6 address.
Geo-Location-Based GSLB Feature
GSS software Version 4.1(0) supports the GeoIP database (GeoDB) proximity computation mechanism in GSS. From the latitudinal and longitudinal information in the GeoDB, GSS decides the proximity, based on the geographical distance from the client's D-proxy IP to the zone IP. During the proximity calculation, the GSS uses these distances to determine the IP address of the resource nearest to the D-proxy.
To enhance the various GSS features with GeoIP-awareness, you can add regions based on the GeoDB locations. The process of updating the GeoDB does not impact GSS operations. All user-defined database entries are preserved during a database upgrade.
To enable the GeoDB feature, a valid GeoIP license should be installed and the GeoIP database should be imported into GSS. After importing, if static entries are present, then the distance gets computed based on latitude and longitude mentioned for the static entries.
GSS software Version 4.1(0) supports the capability to answer DNS requests with most proximate answers to the D-proxy.
If you want to enable the GeoDB license package on a particular GSS, you must purchase a GeoDB license from Cisco Systems to receive a Product Authorization Key (PAK) number. For more information on obtaining and installing a GeoDB license, see the Global Site Selector Administration Guide. See the Cisco Global Site Selector GUI-based Global Server Load-Balancing Configuration Guide and the Cisco Global Site Selector CLI-based Global Server Load-Balancing Configuration Guide for more information.
Support for IPv6 Addressing in GSLB and Management
The GSS software Version 4.1.0 supports IPv6 configurations with the following considerations:
•By default, IPv6 is disabled on an interface. The IPv6 support is enabled by configuring an IPv6 address on the interface. To enable the GSS functionality and to bring up the GSS communication, you need to configure an IPv4 address on the interface.
Note All mesh communications in the GSS network occurs over the IPv4 address. If you do not specify an IPv4 address the GSS services will not start.
•The GSS GUI can only be accessed using an IPv4 address in your browser. (For example, https:// 192.168.1.1).
•When you enable IPv6 or configure a global IPv6 address on an interface, the GSS automatically does the following:
–Configures a link-local address (if it is not already configured).
–Performs Duplicate Address Detection (DAD) on both addresses.
•To enable global IPv6 address, you must first configure an IPv6 address on the local interface.
•You can enable or disable an IPv6 configuration on an interface individually. You cannot be enable or disable the IPv6 configuration globally.
•A link-local address is an IPv6 unicast address that has a scope of the local link only and is required on every interface. Every link-local address has a predefined prefix of FE80::/10. You can configure a link-local address manually. If you do not configure a link-local address before enabling an IPv6 address on the interface, the GSS automatically generates a link-local address with a prefix of FE80::/64. Only one IPv6 link-local address can be configured on an interface.
•A unique local address is an optional IPv6 unicast address that is used for local communication within an organization and it is similar to a private IPv4 address (for example, 10.10.2.1). unique local addresses have a global scope, but they are not routable on the Internet, and they are assigned by a central authority. All unique local addresses have a predefined prefix of FC00::/7. You can configure only one IPv6 unique local address on an interface.
•A global address is an IPv6 unicast address that is used for general IPv6 communication. Each global address is unique across the entire Internet. Therefore, its scope is global. The low order 64 bits can be assigned in several ways, including auto configuration using the EUI-64 format. You can configure only one globally unique IPv6 address on an interface.
The sticky module supports the following IPv6 functionalities in software Version 4.1.0:
1. Global prefix length can be configured to match IPv6 D-Proxy addresses into the same sticky database (SDB) entry.
2. The Sticky Groups can be configured for IPv6 address. The IPv6 D-Proxy addresses and the answers returned for AAAA queries can be stored to track hit count for AAAA query answers.
3. All sticky database operations like SDB lookup and SDB entry delete operations should be enhanced for IPv6 D-Proxy and IPv6 answers.
4. The IPv6 sticky database can be synced across the GSS mesh when the global sticky is used.
Software Version 4.1(0) CLI and GUI Changes
This section describes the CLI command and GUI changes associated with software version 4.1(0) and includes the following sections:
Command Changes for Software Version 4.1(0)
Table 2 describes the new CLI commands that are added in software Version 4.1(0):
Note For an overview and detailed syntax description of the new commands in software Version 4.1(0), see Cisco Global Site Selector Command Reference Guide 4.1(0) and Cisco Global Site Selector CLI Configuration Guide 4.1(0)
GUI Changes in Software Version 4.1(0)
The GSS 4.1(0) GUI has a new color scheme that enhances the user experience. Figures 1 through 4 depict the new appearance of the user interface.
Note You must use an IPv4 IP address to access the primary GSSM GUI login screen. IPv6 address is not supported to access the GSSM GUI screen.
Figure 1 Primary GSS GUI
Figure 2 Regions Tab
Figure 3 Shared KeepAlives
Figure 4 Create New DNS Rule
Figure 5 GeoDB Tab
Enhanced GUI Changes
Several GUI screens now contain options for configuring the new GeoDB enhancements and IPv6 support described in the "New Features in GSS 4.1(0)" section. The modified screens are as follows:
•Resources Tab—The menu options for this tab now contain the Regions option for performing the following tasks:
–Add, remove, or modify regions.
–Add additional states to a specific region. For example, if you select United States, you can add multiple states such as California, North Carolina, and Texas simultaneously.
Note Before you add or modify the regions or states, you must import the GeoDB file. To import the GeoDB file, you must use the following command:
geodb database import tar-file-name cisco_geodb_2011-07-12_v001.tar.gz md5sum-file-name cisco_geodb_2011-07-12_v001.tar.gz.md5.
Download the GeoDB file from the following URL: http://geolite.maxmind.com/download/sec/ . The download link is password protected. For the user name and password, refer to the e-delivery letter of your GeoIP database licence. For further assistance, contact your Cisco account representative or send an e-mail message to email@example.com.
•Source Address List Screen (DNS Rules > Source Address Lists)—This screen now contains additional navigation tree options that enables you Add Addresses, Delete Addresses, Add Regions and Delete Region to a new or an existing source address list.
•DNS Rule Builder (DNS Rules > Shared KeepAlives)—The section of the builder that is used to configure the shared keepalives now contains the OID (Object Identifier) Type drop-down list that enables you to choose the IpAddress or Inet option.
•DNS tab (DNS > DNS Rules)—This new create DNS rule screen now contains options to configure aaaa query type, enable sticky, and region-based sticky check boxes.
•GeoDB (GeoDB > Configuration)—The screen now contains a new radio button (Request Monitoring ). You can select this radio button to enable the Geo-source monitoring settings.
For more information, see the Cisco Global Site Selector GUI-Based Global Server Load-Balancing Configuration Guide or the Online Help.
GSS software version 4.1(0) provides enhancement of the maximum VIP limit from 4000 to 8000, maximum answer group limit from 2000 to 4000, and the maximum number of domain lists from 2000 to 4000. You can either enter an IPv4 or an IPv6 address in the VIP address field.
RMI Interface Specification
GSS software Version 4.1(0) improves the performance of the Java RMI interface that GSS uses to communicate with Cisco Application Networking Manager (ANM). Using ANM, you can monitor GSS operations and activate or suspend GSS VIP answers and DNS rules. Improved performance of the RMI interface includes faster response times and the ability to handle additional simultaneous connections.
Note The caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation may be necessary to provide the most complete and concise description.
This section contains the resolved and open caveats for software version 4.1(0) and contains the following topics:
Resolved Caveats for Software Version 4.1(0)
This section lists the resolved caveats for software Version 4.1(0).
•CSCtn64849—When inactivity timeout is set to any value, for example, 5 minutes and a request is sent using a dig utility tool, the entry does not get timed out after the set inactivity timeout value.
•CSCtn67146—When GeoIP feature is enabled the explorer process utilizes 99.9% of the CPU.
•CSCtn67353—When GeoIP enabled with zones is configured and a request is sent from D-proxy where both the D-proxy and the zones have the same latitude and longitude information, the distance is computed as -1, hence there is insufficient proximity data and the proximity clause fails.
•CSCtn67597—Logs display negative D-proxy IP number for few dig requests with GeoIP feature enabled.
•CSCtn75932—When zone IPs are modified, the distance is not calculated accurately.
Workaround: Restart GSS.
•CSCto01224—When GSS is restarted the GeoIP database gets deleted.
•CSCto04065—When the zone IP is entered which is not present on the database, the explorer process uses 99% of the CPU.
Workaround: Do not enter the zone IPs which are not present on the database.
•CSCto04849—Dig request always returns the first answer with the GeoIP feature enabled. GeoIP functionality does not work.
•CSCto14512—Distance is not calculated correctly for a dig request after adding and then deleting static entries.
•CSCto47104—GeoIP feature works without installing a license.
•CSCto52472—GeoDB proximity does not work for more than one DNS rule, the cached proximity database entry does not get updated for a new lookup request received with new zones.
•CSCto45194—GeoIP license installation does not work.
•CSCto60633—No answers are returned when distance returned is outside the acceptable and equivalence distance.
•CSCto60585—When a new zone is added, all the answers are not returned within acceptable and equivalence distance.
Workaround: Re-submit the DNS rule after modifying zones and locations.
•CSCto68183—On rare occasions, GSS can have WTMP partition filled up with ANM user login info that does not get cleared out properly. This can cause problems to access TACACS and SSH.
Workaround: Reload GSS or go into the debug shell and truncate the file.
•CSCto79758—When the GSS is reloaded and if the license is installed before the GeoDB is imported, you cannot run any gslb config/show commands even if the GSS status is ready.
•CSCto93424—Performance drop is seen after each 10 minutes.
•CSCeg62247—The following message is seen on the console of the GSS, which runs software release that are older than 4.1.0.
EXT3-fs warning: maximal mount count reached, running e2fsck is recommended
Workaround: Run the mountcount binary script.
•CSCto98333—The GSS goes into an unstable state if you directly upgrade the software from version 1.3.3 to 3.2.
Workaround: Upgrade to any intermediate version such as 3.1.2 before you upgrade to 3.2. Refer Cisco Global Site Selector Administration Guide 4.1.(0) for the upgrade procedure.
•CSCtq67697—Unable to configure IPv4 or IPv6 VIP answers from the GSS GUI.
Workaround: Use the CLI to configure IPv4 or IPv6 VIP answers.
•CSCtq70881—DNS Server crashes when the DNS rule is configured through CLI.
Workaround: Configure DNS rule through GUI.
•CSCtq71231—The following error message is seen, when you try to add default keepalives of any kal type, to the configured VIP answer.
Failed to Configure Answer with type VIP and Address <ip>. Reason: null
Workaround: Use the GUI to configure default keepalives to the configured VIP answer.
•CSCtq90939—DAD detection does not work in the following cases:
1. If IP is configured in the shutdown mode of the interface and followed with a no shutdown.
2. If DAD detected IP is configured and when you restart the GSS show interface command does not show the DAD status correctly.
Workaround: Configure the interface IP in no shutdown mode and check the for DAD detection in the show interface command.
•CSCts04876—Scripted-kal does not work if the kal-type is snmp-mib-not-index-by-vip with the target address of the Content Services Switch.
Workaround: Use the CSS scripted-kal-type query to target Content Services Switch.
•CSCtr82496—Upon upgrading to software release 4.1.(0), the standby GSS returns NXDOMAIN to the DNS lookup query. This problem occurs when the standby GSS has been upgraded before the primary GSS.
Workaround: Restart GSS.
•CSCtq96231—When you configure two or more answers with ICMP keepalives at the same time the probe statistics gets duplicated.
•CSCtr98825— When scripted-kal is configured to get the LOAD value, the KeepAliveEngine (KALE) process dumps the core file.
Workaround: Configure other keepalive types such as KAL-AP.
•CSCtr69232—Best case performance numbers for the DNS queries drop by 35% because of the IPv6 changes in release 4.1.0.
•CSCts44391—The DNS server crashes when TCP traffic is sent from more than 3 consoles simultaneously. This problem occurs because the "recv" call in tcpRead fails. And, in error path if you set the fd to -1 and delete the reference from Sticky and Proximity module.
•CSCtz88393—In GSS 3.x and earlier versions, if an AAAA query hits the GSS box and if the NS Forward DNS clause is selected, the AAAA queries will not be forwarded to the corresponding Name Server. Instead, an NOERROR will be returned by GSS.
This behavior has been corrected from GSS 4.x versions. If a AAAA query hits the GSS box and if NS Forward DNS clause is selected, the AAAA queries will be forwarded to the corresponding Name Server. If the Name Server is in offline/suspended state, the GSS returns an SERVFAIL.
Open Caveats for Software Version 4.1(0)
This section lists the open caveats for software Version 4.1(0):
•CSCtc76185—When using the CLI to manage the GSS, on rare occasions the answer suspend functions does not work.
Workaround: Use the GSS GUI to suspend the answer.
•CSCte43718—When an answer group change is being made on the GSS GUI, GSS is seeing dnsserver cores, which can be traced back to the change. This issues is not seen with 4492 GSS devices.
•CSCtf78828—GSS uses a variable "numInUse" to track number of answers available to return to the D-proxy based on keepalive checks. When a CSM real bounces in and out of service, a failure can occur that results in the GSS not returning the valid online CSM answer. In a round robin rule, the GSS will not hand out the CSM answer even though the answer is online. This issues is not seen with 4492 GSS devices.
•CSCtg97066—When the GSS is integrated with TACACS+ and the user is accessing the GSS GUI, on rare occasions the Tomcat process restarts and generates a core.
•CSCtj86311—When an HTTP-HEAD KAL response from a VIP is delayed (because FW drops first 3 SYNs), the GSS mis-handles the TCP session and marks the KAL as failed.
•CSCtk56123—When sticky and proximity are enabled on GSS and under the DNS rule, "Wait" is enabled, the GSS stops serving answers (DNS request timeout on the client end) for some clients.
Workaround: Disable sticky or proximity, or disable the "Wait".
•CSCtl11705—The GSS is unresponsive; no response from console, GUI, or SSH and DNS requests also go unanswered.
Workaround: Reboot the GSS to recover.
•CSCtq25770—The periodic back-up of the GeoIP database does not occur until it is initiated manually.
Workaround: Use geodb database periodic-backup command through the CLI to initiate the periodic back-up manually.
•CSCtx47230—When the number of states/countries added in a region crosses more than 50, the DNS server restarts in a loop.
Workaround: Split regions with more than 50 states/countries into multiple regions and configure all these regions into the same Source Address List.
•CSCtz80103—Upon using the MaxMind GeoIP database which is downloaded after November 21, 2012, the following commands may not display any output and may generate a core file when executed:
–geodb database lookup <ip-address>
–show statistics dns geo-region
Workaround: Use the MaxMind database which is downloaded on or before November 21, 2012.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)