Table Of Contents
Release Note for the Cisco Global Site Selector, Release 1.0.1
Contents
System Requirements
Cisco-Supported Hardware
Software Compatibility
Upgrading to a New Software Release
Step 1—Back up the Primary GSSM
Step 2—Obtain the Software Upgrade
Step 3—Upgrade your GSS Devices
Step 4—Verify Your Upgrade
Caveats for Software Version 1.0
Resolved Caveats for Software Version 1.0.1
Related Documentation
Obtaining Documentation, Obtaining Support, and Security Guidelines
Release Note for the Cisco Global Site Selector, Release 1.0.1
July 11, 2003
Note 
The most current Cisco documentation for released products is also available on Cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were released.
Contents
This release note applies to software version 1.0.1 for the Cisco Global Site Selector (GSS). It contains the following sections:
•System Requirements
•Upgrading to a New Software Release
•Caveats for Software Version 1.0
•Resolved Caveats for Software Version 1.0.1
•Related Documentation
•Obtaining Documentation, Obtaining Support, and Security Guidelines
System Requirements
This section describes the hardware and software components that are used by the Cisco Global Site Selector.
Cisco-Supported Hardware
Cisco Global Site Selector operates with the following Cisco hardware:
•Cisco Global Site Selector 4480
•Cisco Content Services Switch running WebNS software Version 5.0 or higher
•Cisco Catalyst 6000/6500 Content Switching Module Version 2.2(3) or higher
Refer to the Cisco documentation that came with each device for detailed, device-specific instructions on handling, installing, and configuring your Cisco hardware.
Software Compatibility
For the release of GSS Version 1.0.1, the following upgrade sequences are supported: 1.0.0 to 1.0.1.
Upgrading to a New Software Release
The following sections explain the steps that must be taken to upgrade your GSS software.
1. Performing a full backup of your primary GSSM
2. Obtaining the software update
3. Upgrading the software on your GSS devices
4. Verifying your upgrade
If you have multiple GSS devices contained within the same network of GSSs, ensure the following:
•You upgrade your GSS devices in the following sequence in order to safeguard your critical GSS data:
a. GSSs
b. Primary GSSM
c. Standby GSSM
•The primary and standby GSSMs are running the exact same version of software, Version 1.0(1.0.1).
Step 1—Back up the Primary GSSM
Before you attempt to upgrade your GSS software, first make sure that you have a full backup of your primary GSSM that is current. That way, should the upgrade fail for some reason, you will be able to quickly restore your GSS network to its current state.
You can perform a full backup at any time. Doing so will not interfere with the functioning of the GSSM or any of your other GSS devices.
Note Performing a full backup of the primary GSSM requires access to the CLI.
To perform a full backup of your primary GSSM:
1. Log on to the Cisco command line interface (CLI) of your primary GSSM, following the instructions in the Cisco Global Site Selector Command Reference. The Cisco CLI prompt will appear.
2. Enable Privileged EXEC mode, for example:
gss1.yourdomain.com>enable
3. Use the gssm database validate command to verify the integrity of your existing database.
gss1.yourdomain.com>gssm database validate
4. Use the gssm backup command to create a full backup of your primary GSSM. You will need to supply a file name for your full backup. For example:
gss1.yourdomain.com#gssm backup full gssfullbk
GSSM database backup succeeded [gssfullbk.full]
5. After you have received confirmation that the GSSM has successfully created your full backup, copy or move the file off your GSSM to ensure that it is not also lost in the event of a media failure or other catastrophic loss on your GSSM.
Either the secure copy (SCP) or FTP commands can be used to move your full backup to a remote host, for example:
gss1.yourdomain.com#scp gssfullbk.full server.yourdomain.com:home
Step 2—Obtain the Software Upgrade
Before you can upgrade your Cisco GSS Software, you must first acquire the appropriate software upgrade file from Cisco.
In order to acquire the software upgrade from Cisco, you must first:
•Access the Cisco.com website and locate the software upgrade files.
•Download the software upgrade files to a server within your own organization that is accessible via FTP or SCP from your GSSs and GSSMs.
You must have a Cisco.com username and password before attempting to download a software upgrade from Cisco.com. In order to acquire a Cisco.com login, go to http://www.cisco.com and click the Register link.
Note You need a service contract number, Cisco.com registration number and verification key, Partner Initiated Customer Access (PICA) registration number and verification key, or packaged service registration number in order to obtain a Cisco.com username and password.
To add an upgrade file for the Cisco GSS:
1. Launch your preferred web browser and point it to the Cisco Global Site Selector download page. When prompted, log in to Cisco.com using your designated Cisco.com username and password. The Cisco GSS Software download page appears, listing the available software upgrades for the Cisco GSS Software product.
2. If you do not have a shortcut to the Cisco Global Site Selector download page:
a. Log in to Cisco.com using your designated Cisco.com username and password.
b. Access the Software Center from the Technical Support link.
c. Select the Content Networking Software link from the Software Center - Software Products and Downloads page.
d. Select the Cisco Global Site Selector link from the Software Center - Content Networking page.
e. Select the Download Cisco Global Site Selector link from the Software Center - Content Networking page.
The Cisco GSS Software download page appears, listing the available software upgrades for the Cisco GSS Software product.
Note When you first access the Content Networking page of the Software Center, you must apply for eligibility for GSS software updates because it is considered a strong encryption image. Under the Cisco Content Networking Cryptographic Software section is the Apply for 3DES Cisco Cryptographic Software Under Export Licensing Controls link. Click this link and complete the Encryption Software Export Distribution Authorization Form. This step is required to be able to access and download Global Site Selector software images.
3. Locate the files you wish to download by referring to the Release column for the proper release version of the software.
Note Each software upgrade consists of two files: a binary-format upgrade file (*.upg) and a smaller meta file (*.meta). Only the .upg file must be downloaded in order to successfully complete a Cisco GSS Software upgrade. The .meta file is a simple text file that contains the version number and the size of the upgrade file and can be used to verify file integrity with the information on the Cisco GSS Software Download page.
4. Click the link for the .upg file. The download page appears.
5. Click the Software License Agreement link. A new browser window will open displaying the license agreement.
6. After you have read the license agreement, close the browser window displaying the agreement and return to the Software Download page.
7. Click the filename link labeled Download.
8. Click Save to file and then choose a location on your workstation to temporarily store the .upg upgrade file.
9. Post the downloaded .upg file to a designated area on your network that is accessible to all your GSS devices.
10. Repeat steps 3 through 9 for the .meta file.
11. If desired, open the .meta file and compare the size of the .meta and .upg files with the information displayed on the Cisco GSS Software Download page.
Step 3—Upgrade your GSS Devices
When executing an upgrade, you use the CLI install command.
Before going forward with the installation of the software upgrade, the install command also validates the upgrade file, then unpacks the upgrade archive and installs the upgraded software. Finally, the affected GSS device is stopped and restarted.
Note Upgrading your GSS devices will cause a temporary loss of service for each affected device.
To upgrade the GSS software on a Global Site Selector:
1. If you have not already done so, use the FTP or SCP command to copy the GSS software upgrade file from the network location to a directory on a GSS. For example, to copy an upgrade file named gss.upg from a remote host, your FTP session might look like the following:
gss1.yourdomain.com>ftp host.yourdomain.com
Connected to host.yourdomain.com.
220 host.yourdomain.com FTP server (Version wu-2.6.1-0.6x.21) ready.
Name (host.yourdomain.com:root): admin
331 Password required for admin.
230 User admin logged in. Access restrictions apply.
Remote system type is UNIX.
Using ascii mode to transfer files.
local: gss.upg remote: gss.upg
200 PORT command successful.
Ensure that you set the transfer type to binary.
2. Enable Privileged EXEC mode, for example:
gss1.yourdomain.com>enable
3. Use the install command to install the upgrade. For example:
gss1.yourdomain.com#install gss.upg
Performing software install. This will take a few minutes.
Device will reboot when the install is complete.
Be sure to leave the session open until you receive confirmation that the software upgrade is complete and that the GSS has rebooted.
When the GSS reboots, this causes you to lose any network CLI connections. Console connections will remain active.
4. Once the GSS device has rebooted, see the"Step 4—Verify Your Upgrade" section to determine whether the upgrade completed successfully.
Step 4—Verify Your Upgrade
Use the following procedure to log on to your upgraded GSS device and verify that the upgrade completed successfully.
1. Use the show version command to verify that the intended software version has been successfully installed, for example:
gss1.cisco.com#show version
Global Site Selector (GSS)
Copyright (c) 1999-2002 by Cisco Systems, Inc.
Compiled Wed Jun 25 10:40:49 2003 by ralexand - changeset 26014
uptime is 14 Days 17 Hours 59 Minutes and 28 seconds
Model Number: GSS-4480-K9
2. Use the gss status command to verify that the device is running and confirm that the installed software version is correct. For example, on a primary GSSM, you would see the following:
gss1.yourdomain.com>gss status
Cisco GSS(1.0.1.0.1) GSS Manager - primary [Thu Jul 10 15:29:22 UTC 2003]
Normal Operation [runmode = 5]
%CPU %MEM START PID SERVER
0.0 0.1 13:18 1183 ucd-snmpd
0.0 0.4 13:18 1192 database
0.0 1.7 13:18 1203 tomcat
0.0 0.1 13:18 1494 apache
0.0 1.7 13:18 1237 crdirector
0.0 0.1 13:19 1850 dnsserver
0.0 0.1 13:19 1891 keepalive
0.0 0.1 13:19 1868 boomerang
0.0 1.6 13:18 1046 nodemgr
0.0 0.0 13:17 410 syslogd
Caveats for Software Version 1.0
This section lists the open (unresolved) caveats for Cisco Global Site Selector Version 1.0. There are no new caveats for software version 1.0.1.
•CSCdx58395—CAPP may not recognize dropped fragments when KAL-AP spans multiple packets. When the KAL-AP keepalive spans multiple datagrams due to large payloads, if one of the spanned packets is dropped, the GSS does not 'retry' the request. Instead. the GSS waits until the next period and sends the packets again. This results in the dropped datagram not getting updated load values on the VIPs that expect them.
Workaround: This behavior only occurs in situations where the GSS consumes the full datagram (roughly 1.4K) with tag names or VIPs. Otherwise, all data fits in one single datagram. In situations where there is the need to query hundreds of VIPs associated with a single primary and secondary keepalive, utilize the KAL-AP by VIP option. Alternatively, use the KAL-AP by Tag option, but limit the length of tag names so that the packets do not grow beyond 1.4K.
•CSCdx68188—Load field may be missing from the output for the show statistics kale kalap list command display.
When issuing the show statistics keepalive kalap list CLI command, a list of all VIPs (virtual internet protocol addresses) is displayed with their load values in parenthesis. However if a load value is not yet known (or has the value of zero) the load is l and will not be displayed at all. The VIP displays 'no load' because it may not have been obtained or the remote host is not sending a value between 2 and 254.
For example:
•CSCdx54156—When viewing the primary GSSM GUI through Netscape Navigator, the software does not force you to select Answer type first when creating a new answer. Users viewing the GSSM GUI using Netscape Navigator are not forced to select an answer type before configuring their answer. As a result, you have to re-enter answer information to complete the operation. The GSSM GUI prompts you to re-enter missing fields if answer type is not selected when you click Save.
•CSCdx64544—Web clients issue security warning while you are logged in to an active GSSM GUI session. SSL certificates contain the hostname of the GSSM at the time the device is enabled, but are not updated if the hostname subsequently changes. As a result, Web clients issue a warning to the GSSM user during login.
Warning The workaround described below requires you to remove all user data and configurations from the GSS device. If you choose to perform this procedure be aware that you will need to restore your database and reconfigure the GSS device.
Workaround: Use the following procedure to work around this issue:
a. Log on to the CLI of the primary GSSM and perform a database backup of the device. For example:
gssm1.yourdomain.com# gssm backup database <backup_filename>
b. Copy the backup file off the primary GSSM.
c. Restore the primary GSSM to factory settings. For example:
gssm1.yourdomain.com# restore-factory-defaults
d. Reconfigure network connectivity using the CLI.
e. Copy the backup file back to the primary GSSM.
f. Restore the backup file as shown below
gss.cisco.com#gssm restore <backup_filename>
The existing database will be destroyed. Continue? [y/n]: y
Deleting existing database...
Creating database. This may take a few minutes...
% Backup file integrity validated. Timestamp = 2003-Jul-11-14:34:04
Restoring the database will overwrite all existing
system configuration. If running, the system will
be restarted during this process.
Are you sure you wish to continue? [y/n]: y
Restoring database only (No platform backup present)
GSSM database restore succeeded.
gss.cisco.com#gss enable gssm-primary
•CSCdx5942—Displays that show CRA RTT should also show a one-way delay. Round Trip Time values are displayed for the CRAs (Content Router Agents) in the show stat kale cra list and show stat kale cra <IP_address> commands, and on the GSSM GUI Show KeepAlive Statistics page. To be consistent with other Cisco products, such as the CR 4430B, these should show the one-way delay values. The one-way delay value is simply RTT/2.
•CSCdx82760—GSS lags when logging a large number of messages. When receiving a high volume of logging activity (for example from applications in debug mode), the GSS lags behind the message activity. The timestamp on logged messages is inaccurate and logging continues after messages have ceased.
•CSCdx72509—Outbound FTP connection hang the GSS CLI session. When using FTP to connect the GSS to a site that only accepts "PASV" FTP, the GSS CLI becomes suspended. The CTRL C key combination does not break the connection.
Workaround: Perform the following:
–Use another CLI session or press the Control-\ (backslash) key sequence.
Note Using the Control-\ key sequence immediately ends your current CLI session and logs you out of the GSS software. The Control-\ key sequence may take a few seconds after which you will see the GSS login prompt.
–When reconnected to the remote site, enter the passive command to switch your FTP session to passive mode. For example:
•CSCdx91076—Keepalives are in an incorrect state (INIT, OFFLINE) or show many transitions. The GSSM GUI should enforce a limit of 512 unique keepalives each for the ICMP and HTTP-HEAD keepalive types. It does not currently do this. Configuring more than 512 HTTP-HEAD or more than 512 ICMP keepalives causes the keepalive subsystem to operate incorrectly, and will affect the behavior of other subsystems.
Workaround: There is no workaround. You must make sure that these limits are not exceeded.
Resolved Caveats for Software Version 1.0.1
This section lists the resolved caveats for Cisco Global Site Selector Version 1.0.1.
•CSCea02090 - Upgrades to Tomcat (Java servlet container, an extension of Apache) were made to address reported security issues. Version 3.2.4 of Tomcat, which contains a fix for the vulnerability, has been integrated. An authenticated user could access certain Java .class files, which could then be decompiled into source. While it is better not to expose such information, this vulnerability does not allow a malicious user to perform any unauthorized actions.
The Third-Party Software window in the primary GSSM GUI displays the product names, versions, and URLs to the third party software used in the GSS. These fields now reflect the updated Tomcat software.
•CSCea43429 - Updates to the Apache, httpd, and mod_ssl packages were made in response to reported security issues. For further details, go to cve.mitre.org (Common Vulnerabilities and Exposures) and refer to CVE entries CAN-2002-0839, CAN-2002-0840, CAN-2002-0843, and CAN-2002-1157.
The Third-Party Software window in the primary GSSM GUI displays the product names, versions, and URLs to the third party software used in the GSS. These fields now reflect the updated Apache and mod_ssl software.
•CSCdy51688 - Updates to the OpenSSL package were made in response to reported security issues. as detailed in the CERT/CC Advisory CA-2002-23, "Multiple Vulnerabilities In OpenSSL." For further details, go to http://www.cert.org/advisories/CA-2002-23.html.
The Third-Party Software window in the primary GSSM GUI displays the product names, versions, and URLs to the third party software used in the GSS. These fields now reflect the updated Apache and mod_ssl software.
Related Documentation
Your Cisco Global Site Selector product shipped with a minimal set of printed documentation, as well as a Documentation CD. The printed documentation provides sufficient information for you to install and initially configure your product. The CD contains additional product documentation (user guides, configuration manuals, and so forth), which you can access and print out.
The following is a list of the documentation that shipped with your product (you can access the URLs listed for each document on the Documentation CD and at www.cisco.com on the World Wide Web):
•Release Notes for Cisco Global Site Selector Version 1.0.1 (DOC-7814377=)
The following lists hardware-related documentation for your product. These documents were not shipped with your product, but you can access them and order them by using the URLs listed below:
•Regulatory Compliance and Safety Information for the Cisco Content Networking Product Series
http://www.cisco.com/univercd/cc/td/doc/product/webscale/content/safesite/11564rcs.htm
•Cisco Global Site Selector 4480 Hardware Installation Guide
The following section lists software-related documentation for your product. These documents were not shipped with your product, but you can access them and order them by using the URLs listed below:
•Cisco Global Site Selector Command Reference
•Cisco Global Site Selector Configuration Guide
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Copyright © 2003 Cisco Systems, Inc.
All rights reserved.
