Table Of Contents
Release Notes for the Cisco Global Site Selector, Release 4.1(3)
Note The most current Cisco documentation for released products is available on Cisco.com. For the complete set of Cisco Global Site Selector user documentation, go to the following URL:
These release notes apply to Cisco Global Site Selector (GSS) software Version 4.1(3).
This section includes the following topics:
Upgrading or Downgrading the GSS Software
Table 1 provides information about the upgrade sequence for previous software versions that you must follow before you upgrade to Version 4.1(3).
Note To access the graphical user interface (GUI) after upgrading the GSS device from software version 3.2(0) to software version 4.1(x), clear the cache and then go to the URL and press Enter. This process is due to the change in the GUI look and feel.
Note The GSS software release 4.1(x) is supported only on GSS 4492R and is not supported on the following hardware: GSS 4491, GSS 4490, or GSS 4480.
Note You must upgrade the primary GSSM first, followed by the other GSS devices in your network. After you upgrade the primary GSSM, ensure that each GSS device in your network to be upgraded is connected to the primary GSS device. If you upgrade the nonprimary GSS prior to the primary GSSM upgrade, you might experience unexpected behavior.
When upgrading the GSS device from software versions that are earlier than 3.2(0) to software Version 4.1(x), the device will reboot twice to complete the upgrade.
The Cisco Global Site Selector Administration Guide contains the required information to upgrade your GSS software.
This section contains the resolved and open caveats for software version 4.1(3) and contains the following topics:
Resolved Caveats for Software Version 4.1(3)
This section lists the resolved caveats for software Version 4.1(3):
•CSCty98081—A TCP probe fails when port 25 is used with graceful connection termination. This problem results in a VIP going offline.
Workaround: Change the termination method to Reset instead of Graceful.
•CSCtz80103—When using the MaxMind GeoIP database which is downloaded after November 21, 2012, the following commands do not display any output and generate a core file when executed:
•Geodb database lookup [ip-address].
•Show statistics dns geo-region .
Workaround: Use MaxMind database downloaded on or before 21, November 2013.
•CSCua34359—GSS appliances in a cluster mark answers offline as a result of a keepalive failure.
Workaround: Reboot the primary GSSM appliance.
•CSCub24018—A partial configuration loss on platform.cfg moves the box to an inaccessible state.
Workaround: Reload the box without saving the current configuration.
•CSCtg97066—The Tomcat process restarts and generates a core while accessing the GUI.
•CSCua02282—GSS does not reply to the DNS requests on the IPv6 anycast address.
Workaround: Run the workaround script.
•CSCue39593—GSS proximity stopped working as the clauses with proximity enabled are being bypassed.
Workaround: Kill the proximity process by using the process-kill proximity command.
•CSCua57195—Apache is vulnerable to CVE-2003-1418 and is showing the INODE information.
•CSCud30580—When multiple default gateways are configured, the existing connection to the GSS drops and the client fails to reach the GSS one hop away.
•CSCtz80583—GSS reports online for when KALAP load changes from 255 to 0.
Workaround: Suspend the VIP to make it offline.
•CSCtw46343—GSS proximity for the show and configuration commands fails while updating the probing method to PATH-PROBE.
Workaround: Restart the GSS.
•CSCtz72938—The remote network time service throws a denial of service vulnerability.
Workaround: Do not use the ntpd.
Open Caveats for Software Version 4.1(3)
This section lists the open caveats for software Version 4.1(3):
•CSCtj86311—When the HTTP-HEAD KAL response from a VIP is delayed (because FW drops the first three SYNs), the GSS mishandles the TCP session and marks the KAL as failed.
•CSCtk56123—When sticky and proximity are enabled on GSS, the GSS stops serving answers (DNS request timeout on the client end) for some clients.
Workaround: Either disable the sticky or proximity. Or disable the "Wait".
•CSCtt15709—The show sticky database X command displays an ID number for the answer name instead of an IP address or name.
Workaround: Enter the show sticky database answer X command for each answer name on the GSS to obtain the ID numbers so that you have a reference. The answer field should not contain any space characters.
•CSCtz64438—The CPU utilization gets high when the debug level logging is enabled and the log file size increases.
Workaround: Disable the debug level logging and truncate or delete the large log files.
•CSCtz64504—Reloading of GSS slows down and pauses at "Build properties" due to high CPU utilization.
•CSCtz11052—Unable to download database from the master GSS.
Workaround: Re-create the cluster by entering the gss disable and gss enable gssm-primary commands on the primary GSS.
•CSCtz32651—Getting error when configuring a TACACS server key with a space in quotes.
Workaround: Do not use quotes when specifying the key for TACACS server or reload the GSS without saving the configuration
•CSCub80218—GSS is vulnerable to CVE-2012-2110.
•CSCub83392—GSS is vulnerable to CVE-1999-0662.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2013 Cisco Systems, Inc. All rights reserved.