Table Of Contents
Release Notes for Cisco SN 5428-2 Storage Router, Release 3.5.3
September 8, 2004
These release notes support Cisco SN 5428-2 Storage Router software release 3.5.3.
For a list of software caveats that apply to Release 3.5.3, see the "Caveats" section. The caveats are updated for every maintenance release and are located on Cisco.com and the Documentation CD-ROM.
These release notes describe the following topics:
The Cisco SN 5428-2 Storage Router provides universal access to storage over IP networks. The storage router software controls the operation of the Cisco SN 5428-2 Storage Router. You can configure the software to provide the following types of access to storage over IP networks:
•SCSI routing only
•Transparent SCSI routing only
•SCSI routing and FCIP
•Transparent SCSI routing and FCIP
SCSI routing provides IP hosts with access to Fibre Channel (FC) storage devices, using iSCSI protocol. The iSCSI protocol is an IETF-defined protocol for IP storage (ips).
Note For more information about the iSCSI protocol, refer to the IETF standards for IP storage at http://www.ietf.org.
With SCSI routing, storage device access is managed primarily in the SN 5428-2. (See Figure 1.)
Figure 1 SCSI Routing
Transparent SCSI routing provides IP hosts with transparent access to intelligent storage arrays using iSCSI protocol; that is, each IP host is presented as an FC host to an intelligent storage array. With transparent SCSI routing, availability of storage devices is managed primarily in the intelligent storage array. (See Figure 2.)
Figure 2 Transparent SCSI Routing
Fibre Channel over IP (FCIP) enables SN 5428-2 Storage Routers to provide connectivity by tunneling through an IP network between storage area networks (SANs). (See Figure 3.)
Figure 3 FCIP
In addition to providing services for accessing storage over IP networks, the SN 5428-2 Storage Router software provides the following services:
•VLAN Access Control—provides IP access control to storage based on a VLAN identifier (VID) number (in addition to access control through access lists)
•Authentication—provides iSCSI, Enable and Login authentication using AAA authentication methods
•High Availability (HA)—provides the ability to group storage routers in a cluster for intelligent failover and other cluster-related functions (for SCSI routing only)
•E_Port with FC Fabric Zoning—provides the ability to connect FC ports to FC switches and participate in fabric zoning, manage zoning, and support zone mergers
•SNMP/MIB support—provides network management of the SN 5428-2 through SNMP using selected MIBs
•Gigabit Ethernet Interface features—provides the ability to assign a management IP address per Gigabit Ethernet interface, multiple IP addresses per SCSI routing instance, and an optional secondary Gigabit Ethernet interface per IP address used for SCSI routing or SN 5428-2 management. When the SN 5428-2 is deployed for FCIP, provides primary and optional secondary Gigabit Ethernet interfaces to the FCIP peer.
•FCIP data compression—enables the SN 5428-2 to dynamically compress FCIP data traffic for better channel bandwidth utilization
•FCIP SACK support—uses selective acknowledgement (SACK) to overcome the limitations of recovering from multiple lost packets during a TCP transmission for FCIP instances configured as TCP clients or servers
•Buffer credit extension—enables the SN 5428-2 to donate buffer credits from a donor port to selected FC ports
•Secure Sockets Layer (SSL) support—provides HTTPS connection for secure access through the web-based GUI
•Secure Shell (SSH) protocol version 2 support—provides high encryption and authentication for interactive management sessions, and is a common replacement for Telnet
•Routing Information Protocol (RIP) listening support—allows the SN 5428-2 to learn dynamic routing using RIP (version 1 or version 2) listening
•Service Location Protocol (SLP) support—provides the ability to advertise targets of specified SCSI routing instances to initiators or servers that use SLP
•Internet Storage Name Service (iSNS) support—provides the ability to register iSCSI targets with an iSNS server, allowing iSCSI initiators to dynamically discover available storage targets
•LUN Trespass feature—provides a LUN failover feature for selected storage arrays that operate on the active/passive port model. When enabled, the trespass feature provides a redundant path from the storage router to the storage array by allowing the storage router to detect a path failure to a storage array port and perform the necessary operations to fail LUNs over to the other port on the storage array without using any multi-path software. See the "LUN Trespass Feature" section for details about storage array interoperability.
•TCP Window Tuning—provides the ability to maximize bandwidth across the network by automatically setting the local TCP receive window size to the remote TCP receive window size without user intervention
•A command-line interface (CLI) and a web-based GUI—provides user interfaces for configuration and maintenance of an SN 5428-2
This section describes the system requirements for release 3.5.3 and includes the following information:
•The Gigabit Ethernet interfaces on the SN 5428-2 Storage Router use a flow control mechanism for stopping and starting traffic that prevents the loss of data. Flow control should also be turned on at the router's Gigabit Ethernet interfaces where the SN 5428-2 Storage Router is connected.
•If the SN 5428-2 Storage Router is participating in a cluster (SCSI routing only), and the HA or management interfaces are plugged into a switch that has Spanning Tree Protocol (STP) enabled, the storage router should be considered as an end station and the affected ports on the switch should be configured appropriately. For example, set "portfast" on Cisco switches to cause the ports to immediately switch from blocking mode to forwarding mode. This helps prevent time-outs, which can cause unexpected behavior when storage routers join a cluster.
To ensure the best performance for the SN 5428-2 Storage Router and the iSCSI drivers, the extended windowing feature of TCP and the receive and transmit flow control feature of the Gigabit Ethernet driver should be enabled on all IP hosts connecting to the SN 5428-2. On the SN 5428-2 Storage Router, you can use the CLI show scsirouter all connection tcp command to display the current and maximum TCP window size for each connected host.
Graphical User Interface
Note With certain versions of Microsoft Internet Explorer 6, the links in the left frame may fail to function after performing a remote backup. If this occurs, click on the Maintenance menu link at the top of the page to reactivate the links.
iSCSI Driver Version Support
A Cisco SN 5428-2 Storage Router running software release 3.5.3 or later is interoperable with an IP host running any Cisco iSCSI Driver version 2.1.1 or later. It is not interoperable with an IP host running any Cisco iSCSI Driver version 1.8.x.
A Cisco SN 5428-2 Storage Router running software release 3.5.3 or later is also interoperable with an IP host running Microsoft Windows® 2000, Microsoft Windows XP, or Microsoft Windows Server™ 2003 and the Microsoft iSCSI Software Initiator package, version 1.03 or higher. You can download the Microsoft iSCSI Software Initiator package, which includes the Microsoft iSCSI initiator service and the Microsoft iSCSI Initiator software driver, from http://www.microsoft.com/windowsserversystem/storage/technologies/iscsi/default.mspx.
SN 5428-2 interoperability information is available on Cisco.com. You can access the interoperability matrix by following these instructions:
Step 1 At http://www.cisco.com, click Products & Solutions, and select Storage Networking and SN 5400 Series Storage Routers from the menus.
Step 2 At the Cisco SN 5400 Series Storage Routers web page, click Technical Documentation from the navigation menu on the left side of the page.
Step 3 Click the Tech Notes link, and then click the Cisco SN 5428 and SN 5428-2 Interoperability Matrix link.
LUN Trespass Feature
The SN 5428-2 LUN trespass feature provides LUN failover capability for selected storage arrays that operate on the active/passive port model.The trespass feature has been tested with the following storage arrays:
•EMC Clarion 4500/4700
•EMC Clarion Cx400
•HP MSA1000, with firmware version 4.24
New and Changed Information
This section describes new and changed features in Release 3.5.1, and includes the following information:
New CLI Commands
By default, the sending of LUN Change Async events is disabled for SCSI routing instances. You can enable this function at the target level, using the following CLI command:
scsirouter name target name lunasyncevent enable
Use the no form of this command to disable this function.
New and Changed GUI Functionality
•The all option for tracing SCSI routing instances was removed.
•An all option was added to allow the deletion of all SCSI routing instances from the storage router.
This section describes how to obtain updated SN 5428-2 software and upgrade an existing SN 5428-2 software installation, and includes the following information:
Obtaining Updated Software and iSCSI Drivers
Registered Cisco.com users can download the most current SN 5400 Series system software, Cisco iSCSI drivers, and release notes from Cisco.com. You can access software and related information by following these instructions:
Step 1 At http://www.cisco.com, log in to Cisco.com. Click Technical Support and Downloads.
Step 2 At the Software Center (Downloads) web page, under Software Products & Downloads, click Storage Networking Software.
Step 3 At the Storage Networking Software web page, click the appropriate link for your software.
Step 4 At the Software Download web page, click the file that you want to download. Another software download web page will be displayed with detailed information about the download file and Cisco's Software License Agreement. Follow the instructions on that and any subsequent web pages to download the software.
Step 5 To install and configure storage router software, see the appropriate storage router software configuration guide and release notes. (To install and configure iSCSI driver software, see the readme file in the downloaded driver archive.)
Determining the Storage Router Software Version
To determine the version of SN 5428-2 software running on the storage router, establish a Telnet or console port session with the storage router, and enter the CLI show version command. (See Example 1.) The Application field displays the version of software currently running on the storage router. The System Bootstrap field displays the software version that will run the next time the storage router is restarted.
You can also check the version of the storage router software by using the web-based GUI. Log in as monitor to display the Processor and Software Information table, or click Processor and SW (under System) in the Monitor dynamic menu list in the left frame. The Software Version field contains the current software version information.
Example 1 Determining the Software Version[SN5428-2A01]$ show versionCisco SN 5428-2-K9 Storage RouterCLI Version: 2.1iSCSI Version: 0/2 (Min/Max)System Bootstrap: 3.5.3-K9Operating System: 3.5.3-K9Switch Version: V188.8.131.52-0Application: 3.5.3-K9Web Server: R6_1_0OpenSSH: 3.4p1OpenSSL: 0.9.6eZlib: 1.1.4Copyright (c) 1986-2003 by Cisco Systems, Inc
Upgrading to a New Software Release
For information about upgrading to new storage router software using the CLI, see the section "Installing Updated Software" in Chapter 11, "Maintaining and Managing the SN 5428-2 Storage Router," of the Cisco SN 5428-2 Storage Router Software Configuration Guide, Release 3.5.
To upgrade to new storage router software using the web-based GUI, follow these instructions.
Step 1 In the web-based GUI, log in as "admin". To access the GUI, enter the URL for the storage router. (Point your browser to the storage router management interface IP address using the HTTP protocol.) For example, type http://10.1.10.244.
Step 2 Click Maintenance to view information about the software versions currently available to the storage router. If multiple versions of software are available, delete all versions except the currently running version.
Step 3 (Optional) Based on your storage router configuration, click the appropriate link in the Upgrade section of the Maintenance dynamic menu list in the left frame to download a list of currently available software versions. Use this list to determine the software version you want to download.
Step 4 Click the appropriate link in the Upgrade section of the Maintenance dynamic menu list to download the desired version of software.
Step 5 After you have downloaded the new version of software, click Reset in the System section of the Maintenance dynamic menu list.
Step 6 At Select next boot version, select the new software version. If you have made configuration changes to the storage router that have not been saved, click the Save unsaved changes? checkbox to save any configuration changes that have been made but not saved to the storage router's bootable configuration
Step 7 Click Reset System.
Step 8 After the storage router has rebooted, verify that it is running the new software. (See the "Determining the Storage Router Software Version" section.)
If the storage router is deployed for transparent SCSI routing, the upgrade to version 3.5.3 from any version prior to 3.3.1 places the storage router in dynamic mode. Dynamic mode resets iSCSI client-to-FC WWPN bindings upon reboots or iSCSI logouts, and requires an intelligent storage array that supports an extended iSCSI FC PLOGI frame. To change the mode of an existing transparent SCSI routing deployment, you must completely clear the storage router configuration. When the storage router reboots, follow the prompts from the initial configuration script to complete the new system configuration and select the desired mode for transparent SCSI routing.
For more information about clearing the storage router configuration, see the section "Resetting the System" in Chapter 11, "Maintaining and Managing the SN 5428-2 Storage Router," of the Cisco SN 5428-2 Storage Router Software Configuration Guide, Release 3.5.
For more information about static and dynamic modes for transparent SCSI routing, see the section "Summary of Configuration Process" in Chapter 7, "Configuring Transparent SCSI Routing," of the Cisco SN 5428-2 Storage Router Software Configuration Guide, Release.3.5.
Uninstalling an Upgrade
Note Software versions prior to 3.3.1 do not support the static mode for transparent SCSI routing.
To return to a previous SN 5428-2 software release, and remove the updated SN 5428-2 software using the CLI, follow these instructions:
To return to a previous software release and remove the updated storage router software using the web-based GUI, follow these instructions:
Step 1 In the web-based GUI, log in as "admin". To access the GUI, enter the URL for the storage router. (Pointing your browser to the storage router management interface IP address using the HTTP protocol.) For example, type http://10.1.10.244.
Step 2 Click Maintenance to display the dynamic Maintenance menu list in the left frame.
Step 3 Click Reset from the dynamic Maintenance menu list.
Step 4 Click the Select next boot version drop-down arrow to view the list of available software versions. Choose the version of software to run when the system is booted.
Step 5 (Optional) To save configuration changes before rebooting, check the Save unsaved changes checkbox. If the checkbox is not checked, any unsaved configuration changes will be lost.
Step 6 Click Reset System.
Step 7 After the storage router reboots, verify that it is running the selected software. (See "Determining the Storage Router Software Version" section.)
Step 8 (Optional) Click Maintenance and then click the Delete link to the right of the updated software in the Show Storage Router Software table to remove it from the storage router.
Limitations and Restrictions on SN 5428-2 Storage Router Clusters
This release includes the following restrictions on storage router clusters:
•A cluster can be composed of up to two SN 5428-2 Storage Routers, or one SN 5428-2 and one SN 5428 Storage Router.
•A cluster can support up to 12 SCSI routing instances.
•A cluster can support up to 100 iSCSI targets.
Caveats describe unexpected behavior or defects in the specified SN 5428-2 software release. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.
This document describes open and resolved severity 1 and 2 caveats and selected caveats of other severities, for release 3.5.3.
•The "Open Caveats" section lists caveats that are open in the current release and may be open in previous releases.
•The "Resolved Caveats" section lists caveats that are resolved in this release, but open in previous releases.
Within the sections, the caveats are sorted alphanumerically by caveat number.
Note If you have an account with Cisco.com, you can use Bug Navigator II to find caveats of any severity for any release. You can reach Bug Navigator II on Cisco.com at Service & Support:
The caveats listed in this section are open in SN 5428-2 software release 3.5.3.
Compaq SecurePath Manager software does not work with iSCSI and an MSA1000. This configuration is not currently supported.
The caveats listed in this section are resolved in SN 5428-2 software release 3.5.3.
SCSI routing instances may enter a failover loop when the configured network devices (network interface and target) are available from both of the HA nodes in the cluster. The problem may occur when the storage routers in the cluster are configured for mixed mode (SCSI routing and FCIP).
Workaround: None. This problem is resolved in release 3.5.3.
An open to the device may fail when running the SN 5428-2 Storage Router with an IP host running Windows 2000 and accessing a STK9840 tape device.
Workaround. None. This problem is resolved in release 3.5.3.
If a failover is performed when the storage router is running in a cluster, the IP hosts may occasionally be unable to connect to the IP addresses on the current master.
Workaround: None. This problem is resolved in release 3.5.3.
TCP connections can be broken with RST packet attacks. A TCP connection can be dropped by sending an RST packet within the TCP window. For long lived connections such as iSCSI, this opens the possibility of a denial of service if an attacker continually causes the TCP connection to be dropped. Cisco issued a security advisory for this problem.
Workaround: None. The problem is resolved in release 3.5.3, solving the security advisory previously issued.
This section describes changes or corrections to the SN 5400 Series Storage Router Command Reference, Release 3.5.
The following command has been added to the CLI:
•To enable the sending of LUN Change Async events for the specified SCSI routing instance and target combination, use the scsirouter target lunasyncevent enable command. To disable this function at the target level, use the no form of this command.
scsirouter name target name lunasyncevent enable
By default, the sending of LUN async events is disabled for all SCSI routing instances and targets. You can enable this function for SCSI routing instances at the target level only. See caveat CSCee00457 for complete details.
The following sections describe the related documentation available for Cisco SN 5428-2 Storage Router release 3.5.3. These documents consist of hardware installation and software configuration guides, and platform-specific release notes and readme files for the Cisco iSCSI drivers.
This release notes document is the only document specific to SN 5428-2 release 3.5.3. It is only available as an electronic document on Cisco.com and the Documentation CD-ROM.
Refer to the Cisco SN 5428-2 Storage Router Hardware Installation Guide for hardware installation procedures. This document is available as an electronic document on Cisco.com and the Documentation CD-ROM.
Refer to the Cisco SN 5428-2 Storage Router Software Configuration Guide Release 3.5, for configuration information and procedures. This document is available as an electronic document on Cisco.com and the Documentation CD-ROM.
Refer to the Cisco SN 5400 Series Storage Router Command Reference, Release 3.5, for information about the CLI command interface. This document is available as an electronic document on Cisco.com and the Documentation CD-ROM.
For documentation on the SN 5428-2 web-based GUI, refer to the SN 5428-2 Storage Router web-based GUI online Help system.
Service and Support
For service and support for a product purchased from a reseller, contact the reseller, who offers a wide variety of Cisco service and support programs described in "Service and Support" of Cisco Information Packet shipped with your product.
Note If you purchased your product from a reseller, you can access Cisco.com as a guest. Cisco.com is Cisco Systems' primary real-time support channel. Your reseller offers programs that include direct access to Cisco.com services.
For service and support for a product purchased directly from Cisco, use Cisco.com.
Software Configuration Tips on the Cisco TAC Home Page
A variety of Cisco SN 5428-2 Storage Router software installation, configuration and usage tips are available on the Cisco Technical Assistance Center (TAC) Web Site.
You can access "tech tips" by following these instructions:
Step 1 At http://www.cisco.com, log in to Cisco.com. Click Technical Support, and select Product Support from the menu.
Step 2 At the Product Support web page, click Storage Networking from the navigation menu on the left side of the page.
Step 3 At the Storage Networking Devices web page, click the SN 5400 Series Storage Routers link.
Step 4 Click appropriate link for your system. For example, click the SN 5428-2 Storage Router link.
Step 5 Click the Troubleshooting link, and then click the appropriate links for information about installing, configuring, and troubleshooting SN 5400 Series system software and iSCSI drivers.
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
You can access the most current Cisco documentation at this URL:
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
You can find instructions for ordering documentation at this URL:
You can order Cisco documentation in these ways:
•Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).
You can send comments about technical documentation to email@example.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.
Cisco Technical Support Website
The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year at this URL:
Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool automatically provides recommended solutions. If your issue is not resolved using the recommended resources, your service request will be assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553 2447
For a complete list of Cisco TAC contacts, go to this URL:
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:
•The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:
•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:
•Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:
•iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:
•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
•World-class networking training is available from Cisco. You can view current offerings at this URL:
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Copyright © 2004 Cisco Systems, Inc. All rights reserved.