Table Of Contents
Release Notes for Cisco ACNS Software, Release 5.0.3
New Hardware Features in Release 5.0.3
New Software Features in Release 5.0.3
Additional HTTP Request Methods
Enabling the HTTPS TCP Keepalive
CLI Command copy http install to Handle HTTP Redirect and Authentication
New CLI Command to Prevent Modification of Host Names in HTTP Request Headers
Windows Media Player Version 9.0
New CLI Command to Configure TTL for WMT Multicast
Newly Added Fields on the Content Distribution Manager GUI for Configuring WMT Settings
Downgrading to ACNS 4.2.5 Software
Interoperability Between ACNS 5.0.1 and ACNS 5.0.3 Software
New CLI Commands for Additional Information on CPU Usage
Windows File-Sharing Server Functionality in ACNS Software, Release 5.0.3
New CLI Command to Change the Content Distribution Manager GUI Port
Automatically Creating a Location with the Content Engine Name
Eliminating Unnecessary Updates to Properties on the Content Distribution Manager GUI
Increasing the Responsiveness of Content Engines in a Network of 100 Nodes
Performing a Database Backup Before Initialization of the Content Distribution Manager
Synchronizing the Content Engine Network Module System Clock Using NTP
Disabling Kernel Debugger Mode Using a Global Configuration Command
Avoiding CPU Spikes During Forwarder Lookup
More Intelligent Forwarder Content Engines
Modification to the show distribution CLI Command
Distribution Polling Interval Slider Control
Configuring a Channel to be Multicast-Only
New CLI Command for User Control of Multicast Distribution
New CLI Commands to Test Multicast Connectivity
Support for Export of Acquisition and Distribution, and TV-Out Transaction Logs
New CLI Command for Scheduling Concurrent Jobs
New CLI Command for Debugging in the Acquirer
New CLI Command for Checking the Last Modified Time of Content
Support for Limiting Bandwidth per File
Replication of Playback Attributes
Allowing Question Marks in the Path to the Manifest File
Parsing <object> and <embed> Tags to Perform Crawling
Replication Status Enhancements
Change in the Current Working Directory
Support for Wildcard Characters in the dir and ls EXEC Commands
Content Routers to Recognize Origin Server Domain Name for Redirection
Support for Apache Version 1.3.27
Support for a Larger Number of Actions Performed on a Rule
Access Control List Support for Interfaces
Websense Server Integration with the Content Engine
Support for an ASCII Password During TACACS+ Authentication
New CLI Command to Configure a Generic Name for a Realm During Authentication
Enhancing Upgrade to Devices and Device Groups
Changes in Device and Device Group Assignment to Channels
New CLI Command to Copy Files from the cdnfs to the sysfs
Modification to the cdnfs cleanup CLI Command
Media File System Issues When Downgrading to ACNS 5.0 Software
Websense Issues When Downgrading to ACNS 5.0 Software or ACNS 5.1 Software
Open Caveats - ACNS Software, Release 5.0.3
Resolved Caveats - ACNS Software, Release 5.0.3
SmartFilter and the No-Auth Rule Interaction
Obtaining Technical Assistance
Obtaining Additional Publications and Information
Release Notes for Cisco ACNS Software, Release 5.0.3
May 2, 2003
Note
The most current Cisco documentation for released products is available at Cisco.com at http://www.cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were printed.
Documentation Survey
Is Cisco documentation helpful? Click here to give us your feedback.
Contents
These release notes contain information about ACNS software, Release 5.0.3. These release notes describe the following topics:
•
•
Introduction
These release notes describe new features, supported hardware, and open and resolved caveats regarding ACNS software, Release 5.0.3.
New and Changed Information
This section describes existing features that have changed and new features in ACNS software, Release 5.0.3. These features include the following:
New Hardware Features in Release 5.0.3
ACNS software, Release 5.0.3 supports several new hardware features:
Assigning SCSI Disk Drive IDs
When you replace SCSI drives on the CE-565, the SCSI IDs are assigned by placing or removing jumpers on the disk drive jumper pins. You must assign SCSI IDs 0 and 1 as follows:
•
•
To verify the correct configuration of SCSI disk drive IDs, refer to the boot time messages on the console of CE-565. An example of the boot time messages relating to the SCSI drive IDs is given:
Attached scsi disk sda at scsi0, channel 0, id 0, lun 0Attached scsi disk sdb at scsi0, channel 0, id 1, lun 0
New Software Features in Release 5.0.3
This section describes the software features that are new or have changed in ACNS Software, Release 5.0.3. Also, a number of CLI commands are new or have changed syntax options. For detailed information about the changes in CLI commands, see the "New and Changed CLI Commands" section.
The new features include the following:
Additional HTTP Request Methods
Content Engines accept or reject a Hypertext Transport Protocol (HTTP) request depending on whether the request method is supported. In ACNS software, HTTP request methods are categorized as supported and unsupported. HTTP 1.1 request methods (for example, GET, HEAD, or POST) are supported by default. Nonstandard request methods, such as Web-Based Distributed Authoring and Versioning (WebDAV) are not. In previous releases of ACNS software, users were unable to add or delete HTTP request methods using a CLI command and had to ask Cisco to perform this function. ACNS software, Release 5.0.3 adds the http add-method global configuration command to let you add HTTP request methods to the list of those supported by the Content Engine, and the no version of this command, no http add-method that lets you remove a method from the list.
The following example adds the WebDAV REPORT method to the list of supported methods.
ContentEngine(config)# http add-method REPORTContentEngine(config)#You can run the show http methods EXEC command to display a list of supported and unsupported HTTP request methods. In the show http methods command output, request methods supported by default appear in parentheses.
This is an example of the show http methods command:
ContentEngine# show http methodsRequest headers supported for HTTP:------------------------------------(Default methods shown in-between braces)(GET), (POST), (HEAD), (PUT), (TRACE)(DELETE), (OPTIONS), (CONNECT), (PURGE), (NETHCMD)(PROPFIND), (PROPPATCH), (MKCOL), (COPY), (DELETE)(MOVE), (LOCK), (UNLOCK), (BIND), (BMOVE)(BCOPY), (BDELETE), (BPROPFIND), (BPROPPATCH), (SEARCH)(SUBSCRIBE), (UNSUBSCRIBE), (POLL), (SUBSCRIPTIONS), (ACL)(NOTIFY), (INVOKE), REPORTUnsupported Request Methods Hit :------------------------------------(Sorted in more recently used order)ContentEngine#REPORT is listed as the last entry in the output. It does not appear in parentheses, because REPORT is not a default method.
A description of WebDAV and WebDAV methods is available as IETF RFC 2518, HTTP Extensions for Distributed Authoring—WEBDAV.
Note
When the Content Engine receives an HTTP request from a client using a method not supported, ACNS software adds the method to the list of unsupported methods and returns an error to the client. You can add any method not supported to the list of supported methods.
Enabling the HTTPS TCP Keepalive
A "The page cannot be displayed" error message occurs when a web page takes about 5 to 8 minutes to download after background processing of queries. This error occurs because the cache does not support Hypertext Transport Protocol Secure (HTTPS) keepalive messages. For HTTPS connections, the default timeout value is 5 minutes. When no keepalive messages are sent by the Content Engine to the clients and to the edge Content Engines, the connection is closed. In ACNS software, Release 5.0.3, you can force the Content Engine to send keepalive probes using the https tcp-rw-timeout global configuration command. When the HTTPS TCP keepalive feature is enabled, the Content Engine sends TCP keepalives on idle TCP connections using keepalive configuration parameters such as TCP keepalive timeout, TCP keepalive probe count, and TCP keepalive probe interval.
The https tcp-rw-timeout 1 -3600 command allows you to configure a maximum read/write timeout of 3600 seconds; that is, HTTPS keepalives are sent for the specified period.
CLI Command copy http install to Handle HTTP Redirect and Authentication
The copy http install [username username password password] [proxy {hostname | ip-address} [port port_num] command is used to copy a software release file from an HTTP server and install it on the local device. Using this command, users can specify the HTTP proxy and associated port number.
The command sets up HTTP redirection by allowing the HTTP requests to be redirected to a different location.
The command authenticates a username and password with a preconfigured primary domain controller (PDC) before allowing requests to be served by the Content Engine (an option to specify username and password on the command line is provided).
New CLI Command to Prevent Modification of Host Names in HTTP Request Headers
In earlier ACNS software releases, the Content Engine rewrites the host name parameter in the HTTP request headers to match the fully qualified domain name (FQDN) used to resolve Domain Name System (DNS) queries. As a result, when the Content Engine queries a web server with the modified host name instead of the original host name, the web server does not serve the request, because it is unable to process the modified host name.
A new CLI global configuration command has therefore been added in ACNS software, Release 5.0.3 that enables you to specify whether the host name parameter in the request header needs to be modified or not. When configured, this command prevents rewriting the host name parameter. This ensures that incorrectly configured web servers match Content Engine content requests to the corresponding virtual server when they notice a non-FQDN name in the HTTP request header.
On the other hand, if you choose to not modify the host name parameter, the Content Engine checks whether the host name in the HTTP request header is a fully qualified domain name. If it is not, the Content Engine appends a default domain name to the host name and sends this request to the origin server. The syntax of the command is given below:
http request-header host unmodified
Use the no version of this command, no http request-header host unmodified, to append a default domain name to the host name.
The show http request-header command can be used to see whether the host name in the request header is to be unmodified or not. An example of the http request-header host unmodified and show http request-header commands are given below.
ContentEngine(config)# http request-header host unmodifiedContentEngine(config)# exitContentEngine# show http request-headerHTTP request header-------------------Host: Don't append a default domain name (cisco.com) to hostnamestring if it is not a fully qualified domain nameContentEngine(config)# no http request-header host unmodifiedContentEngine(config)# exitContentEngine# show http request-headerHTTP request header-------------------Host: Append a default domain name (cisco.com) to hostnamestring if it is not a fully qualified domain nameWindows Media Player Version 9.0
ACNS software, Release 5.0.3 supports Windows Media Player Version 9.0. The support is limited to Windows Media Player, and does not include other components in the Windows Media Technologies 9.0 suite.
Windows Media Player Version 9.00.00.2980 has been tested on ACNS software, Release 5.0.3. We have not tested later versions of Windows Media Player 9.0 on ACNS software, Release 5.0.3. You can contact Content Networking Business Unit (CNBU) product marketing to learn about support for later versions of Windows Media Player 9.0.
Note
Typically, proxy servers fail to serve a request if:
•
•
•
New CLI Command to Configure TTL for WMT Multicast
In releases of ACNS software earlier than Release 5.0.3, the TTL value for multicast of Windows Media Technologies (WMT) packets was set to 5 hops and was not user-configurable. For clients who were many router hops from a Content Engine functioning as a multicast server, requested content was not delivered to the clients. In other words, when the delivering device sent content to the multicast address configured on the Content Engine, it was not delivered to the requesting clients. In ACNS software, Release 5.0.3, a new CLI global configuration command has been added to configure the TTL for WMT multicast. The new command is:
wmt multicast time-to-live ttl
where the value for the TTL is between 0 and 255 hops. The default is 5 hops.
Newly Added Fields on the Content Distribution Manager GUI for Configuring WMT Settings
The wmt proxy outgoing, wmt cache enable, and wmt live-url-stripping CLI commands have been added as GUI check boxes to the WMT General Settings for Content Engine window in the Content Distribution Manager GUI in ACNS software, Release 5.0.3. (These GUI options are not available in ACNS software, Release 5.0.) The Enable Outgoing HTTP Proxy, Enable Outgoing MMS Proxy, Enable WMT Proxy, and Enable Live Stripping check boxes are used to configure an outgoing proxy (MMS over HTTP and MMS proxy), enable the WMT proxy and cache, and remove personalization information from the URL before using it for live splitting
Downgrading to ACNS 4.2.5 Software
ACNS software, Release 5.0.3 allows downgrading to ACNS software, Release 4.2.5. Previous releases of ACNS software 5.x allow downgrading to ACNS software, Release 4.2.1 only.
Interoperability Between ACNS 5.0.1 and ACNS 5.0.3 Software
In ACNS software, Release 5.0.1 and later, different versions of the product are required to continue to work together to support users who decide to upgrade only a portion of their Content Delivery Network (CDN) at a time, as would be the case in larger networks. This section describes the restrictions and guidelines for supporting version interoperability in the Centralized Management System (CMS) among the Content Distribution Manager, Content Engine, and Content Router.
As far as the CMS is concerned, Content Routers and Content Engines do not have any specific direct inter-Content Engine CMS communication, and direct Content Router-to-Content Engine interaction is therefore not affected by CMS version changes at this time. However, other systems such as Content Engine-to-Content Router keepalive, Content Router-to-Content Engine request redirection, and acquisition and distribution (A&D) content distribution must maintain interoperability between versions.
The ACNS 5.0.3 Content Distribution Manager is interoperable with the ACNS 5.0.1 Content Engines and Content Routers. If there is a backward slash character (\) or multiple forward slashes (//) in the middle of a URL file path acquired in ACNS software Release 5.0.1, the content will be reacquired and redistributed on upgrade to ACNS software, Release 5.0.3. For example, the URL http://www.server.com/foo//bar causes the content to be redistributed, whereas the URL ftp://ftp-server//foo/bar does not result in redistribution of content because these two slashes are not in the middle of the file path.
Support for Different Types of Files
The CMS defines several external file formats for various configuration data to be imported to the system. These files include coverage zone files, URL filter list, and upgrade metadata file. These files have been maintained for compatibility with earlier releases of ACNS software.
CMS Configuration Data Mapping to CLI Commands
Much of the Content Distribution Manager configuration data is mapped directly to the execution of CLI commands on the nodes. Therefore, it is important that the relationship between CMS data and the CLI remains consistent. CLI commands continue to support syntax as in earlier ACNS software releases.
Statistics and Status Monitoring Information
Within the CDN, nodes send statistics and status information to the Content Distribution Manager where the information can be viewed. Subsystems that use this mechanism are:
•
•
•
•
•
New features, such as channel upgrade and replication status count, are only available on the ACNS 5.0.3 Content Distribution Manager when an ACNS 5.0.3 Content Engine is being used. Content Engines running earlier versions of the ACNS software display certain statistics as not available (NA).
Standby Content Distribution Manager
The CMS has implemented a standby Content Distribution Manager feature that allows a second Content Distribution Manager to receive updates from a primary Content Distribution Manager and therefore maintain a copy of the CDN configuration. If the primary Content Distribution Manager fails, the standby can be use to replace the primary.
For interoperability, when a standby Content Distribution Manager is used, it must be at the same software version as the primary Content Distribution Manager in order to maintain the full Content Distribution Manager configuration.
When upgrading a CDN containing a standby Content Distribution Manager, use this procedure:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
When downgrading a Content Distribution Manager, you must restore a previous database backup before installing the downgraded software version. Use the following procedure to downgrade a Content Distribution Manager:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
New CLI Commands for Additional Information on CPU Usage
Several users reported 100 percent CPU utilization. Content Engines lacked a tool to diagnose this problem without console access, so a CLI command was added in Release 5.0.3 to track CPU utilization. Two keywords have been added to the show processes commands in ACNS software, Release 5.0.3 to help track CPU utilization.
•
•
–
–
–
Note
Windows File-Sharing Server Functionality in ACNS Software, Release 5.0.3
The Windows file-sharing protocol is called Server Message Blocks (SMB) or Common Internet File System (CIFS) protocol. The Linux implementation of the Windows file-sharing system is called Samba. Servers as well as clients are available in Samba. The new Samba server feature in ACNS software, Release 5.0.3 provides parity with the existing file-sharing service available in ACNS software, Release 4.x. When the ecdnfs is enabled on Content Engines running ACNS software, Release 4.x, the Samba server is implicitly enabled. However, in ACNS software, Release 5.0.3, the Samba server needs to be enabled using a CLI command to start the server to serve Windows client requests for file sharing using the SMB protocol. The clients can browse the pre-positioned content that resides on Content Engines.
In ACNS software, Release 5.0.3, Samba server functionality is provided, but no client functionality. Also, the Samba server is supported only on Content Engines, not Content Distribution Managers and Content Routers.
Content files and meta files are present in the cdnfs on Content Engines. Although both content and meta files are owned by the root (UID =0, GUID =0), they have different Linux permission mode-based access control. This feature of permission mode-based access control is different from the one that existed in ACNS software, Release 4.x. Content files are readable by non-privileged-level users, whereas meta files are readable only by privileged-level users. When a user logs in through Windows file sharing, the mode is set to non-privileged-level user mode by default. Therefore, only content files are accessible to Windows file-sharing clients.
The network-filesystem server samba enable global configuration command has been added in ACNS software, Release 5.0.3 to enable the Samba server on Content Engines when the cdnfs is enabled.
Content Engine(config)# network-filesystem server samba enableUse the no form of the command to disable Samba server functionality.
You can authenticate users who need to access Samba file sharing. The username global configuration command can be used to add a user to list of valid Samba users. Users have the option of providing a clear-text Windows sharing password or an encrypted Samba sharing password.
ContentEngine(config)# username user1 samba-password ?0 Specifies clear-text Windows sharing password (default)1 Specifies type 1 encrypted samba passwordWORD User Windows sharing password (clear text)The status of the Samba server can be examined using the show network-filesystem server samba EXEC command. This command displays information on the current status of the Samba server (enabled or disabled) and a list of the files that are being shared.
Content Engine# show network-filesystem server sambaA security vulnerability has been found in versions of Samba up to and including 2.2.8. An anonymous user could exploit the vulnerability to gain root access on the target machine. This problem is observed if Samba server is enabled in ACNS software, Release 4.x and 5.0.1. The workaround is to disable the Samba server or upgrade to ACNS software, Release 5.0.3.
New CLI Command to Change the Content Distribution Manager GUI Port
In ACNS software, Release 5.0.3, a new global configuration command has been added to change the Content Distribution Manager GUI port from the standard number 8443.
CDM(config)# cdm ui port 1-65535This global configuration command is available on Content Distribution Manager devices only. Changing the Content Distribution Manager GUI port value automatically restarts the Centralized Management System (CMS) service if it has been enabled.
Automatically Creating a Location with the Content Engine Name
In ACNS software, Release 5.0, a user who activates a Content Engine through the GUI is required to choose a location. Certain users might have just one Content Engine configured in one location. In this case, in order to activate a Content Engine, the user needs to choose Network > Locations in the Content Distribution Manager GUI to create a new location and then must go back to the Devices > Content Engines window to choose this location and activate this Content Engine. Although this process is simple, the user might want to create a location and activate the Content Engine with a single click. In ACNS software, Release 5.0.3, the usability of the Content Engines window has been improved with the addition of a check box. When this check box is checked, a default location is created and this Content Engine is automatically assigned to this location.
Two additions have been made to the Modifying Content Engine window, as shown in Figure 1:
•
This option automatically creates a new location named <CE-name>-location, and this Content Engine is assigned to this location.
•
This option allows the user to choose an already created location as the parent, but only for the newly created default location.
Figure 1 Modifying Content Engine Window
The Select a Location drop-down list allows a user to choose a preexisting location for the Content Engine. If the location that has been chosen for the Content Engine contains a parent location, then the same location tree hierarchy will be applied to the Content Engine.
Note
The user can choose either Create a New Location or Select a Location, but not both. An error message appears if both are chosen.
Once the Content Engine has been activated, the check box to create the default location and the drop-down list to select the parent location for it do not appear again. Also, the default location for this Content Engine is not different from the Content Engine location created by choosing Network > Locations, so it can be modified or viewed in the same way.
Note
To support further automation, a new function has been added to allow a user activate all unactivated Content Engines. The Activate all inactive Content Engines icon has been added to the Content Engines list window. Clicking this icon opens the Activate all inactive Content Engines window shown in Figure 2. From here, a user can choose an existing location as the parent location for all unactivated Content Engines by clicking the Select a location as the parent for all inactive CEs radio button. In this case, the user needs to specify the parent location by choosing a location from the drop-down list. Alternatively, the user can choose to create a new location for each inactive Content Engine by clicking the Create a new location for each inactive CE radio button and also specify a parent location for all newly created locations by choosing a location from the Select a parent location for all newly created locations drop-down list.
Figure 2 Activate All Inactive Content Engines Window
Eliminating Unnecessary Updates to Properties on the Content Distribution Manager GUI
In ACNS software, Release 5.0, the order in which CLI commands are executed is inconsistent. As a result, whenever the user updates values or properties in a particular Content Distribution Manager GUI window, the Content Distribution Manager resets all values in that window that have been configured through CLI commands. ACNS software, Release 5.0.3, addresses the dependencies between properties that have not been modified and properties that are being modified, so that not all properties are updated if a single property in a group in a particular window on the Content Distribution Manager is modified. The changes made to specific properties in the Content Distribution Manager GUI by clicking Submit are applied to the Content Engine by using CLI commands in the correct order. Execution of CLI commands in the correct order ensures that configuration using the CLI is not changed as a result of configuration of properties in the Content Distribution Manager GUI. In ACNS software, Release 5.0.3, this applies to the following CLI commands:
•
•
•
•
•
•
•
Increasing the Responsiveness of Content Engines in a Network of 100 Nodes
In ACNS software, Release 5.0, the responsiveness of the Content Distribution Manager to requests from Content Engines decreases on a 100-node network in which the Content Distribution Manager is a 507 model with the update rate of the nodes set to 100 seconds.
In contrast, in ACNS software, Release 5.0.3, if requests for full updates fail continuously 10 times, the Centralized Management System (CMS) logs a system message with the Content Distribution Manager and stops the CMS service.
Performing a Database Backup Before Initialization of the Content Distribution Manager
In ACNS software, Release 5.0, database contents might be automatically destroyed during the process of registration under certain circumstances. Therefore, in ACNS software, Release 5.0.3, provision has been made to perform an automatic database backup before destroying the database on the Content Distribution Manager. The backup process is rapid, and the backup file is small. This backup is stored in the usual location for database backups, and named in such a manner that users are able to identify the automatically created backup. Users can thus easily retrieve their configuration if any unintentional database loss occurs on the Content Distribution Manager.
Synchronizing the Content Engine Network Module System Clock Using NTP
The Content Engine Network Module (CE-NM) causes the real-time clock on the board to be reset when it is powered off for a long period (in most cases, more than 10 minutes). As a result, the clock on the CE-NM might be reset to 1980 if it is powered off for a long period. Several applications that depend on the correct time being configured on the Network Module might not work in such a scenario. Therefore, we strongly recommend that the CE-NM be configured for the Network Time Protocol (NTP) using the ntp server {ip-address | hostname} global configuration command, either after an upgrade from ACNS 4.2.x software to ACNS 5.x software, or on obtaining a factory-fresh CE-NM, to maintain the correct time on the Network Module. This ensures that the system clock on the CE-NM is always synchronized with the NTP time server's clock.
To configure and enable NTP server settings on the CE-NM, follow these steps:
Step 1
Step 2
Step 3
Figure 3 NTP Settings for Content Engine Window
Step 4
Step 5
Step 6
Step 7
Note
Disabling Kernel Debugger Mode Using a Global Configuration Command
In ACNS software, Release 4.x, the Ctrl-Break or Ctrl-\ (backslash) key sequence was not available to allow administrators to reboot a Content Engine when the console had locked up. However, the key sequence Ctrl-_ (underscore) was available to reboot the Content Engine through the kernel debugger (kdb) mode through the Content Engine serial console port. Entering reboot at the kdb prompt allowed the Content Engine to be rebooted. When the kdb mode is used for diagnostic purposes, however, all normal operations running on the Content Engine are stalled until the user intervenes. As a result, the no kernel kdb global configuration command has been added in ACNS software, Release 5.0.3 to disable the kernel debugger through the CLI.
The rationale for disabling the kernel debugger is twofold:
•
•
Note
Avoiding CPU Spikes During Forwarder Lookup
The Time To Live (TTL) attribute specified in the channel routing module is fixed based on the location or the distance between the Content Engine and its forwarder. The get_forwarder function is called by the channel based on the TTL specified in the channel routing module. Therefore, the possibility exists that several channels will call the get_forwarder function simultaneously, causing increased CPU usage when several channels require database access. This function call might trigger heavy load on the Content Engine, generating CPU spikes and affecting other processes, such as streaming applications running on the Content Engine.
Changes in ACNS software, Release 5.0.3 address this increased CPU usage. When the system starts, it does not call the get_forwarder function in the beginning but instead spreads the calls for the first n minutes. In addition, a flag is added to the get_forwarder function call for all applications that have a usable forwarder and need to call the get_forwarder function within the current interval. This flag informs the channel routing module to avoid extensive routing recalculations involving database functions.
More Intelligent Forwarder Content Engines
In releases of ACNS software earlier than Release 5.0.3, if the forwarder Content Engine fails to receive content for any reason, it asks the downstream receiver Content Engines or the children Content Engines to wait until the content is obtained. If the failure to acquire content is due to a permanent problem such as disk failure, the downstream receiver Content Engines could theoretically wait forever for content replication that would never occur.
In ACNS software, Release 5.0.3, if the forwarder Content Engine fails to receive content because of disk failure or failure to look up the database, it detects such errors and tells the children Content Engines or downstream receiver Content Engines to contact a different forwarder. Similarly, if the receiver encounters a failure of the unified name space (UNS) operation, it will wait for a few minutes and retry the UNS operation.
The channel routing algorithm in ACNS software, Release 5.0.3 has been modified. This modification ensures that a changeover in case of a forwarder Content Engine failure is load-balanced. In ACNS software, Release 5.0.1, an ordered list of forwarder Content Engines exists for each location in the location path. The list comprises an ascending order of forwarder Content Engine IDs. Each Content Engine chooses its forwarder based on the forwarder Content Engine ID list order. The list also wraps to form a loop, with the starting Content Engine forming the beginning of the loop. For a particular Content Engine and for an intra-location list (list of Content Engines in a Content engine's own location), the starting or the first Content Engine is picked from a random number generated from the website ID of the channel. For an inter-location list (list of Content Engines in different locations), the starting Content Engine is chosen from a random number generated from the Content Engine ID of a particular Content Engine. There is a disadvantage associated with this method of ordering forwarder Content Engines. Because the ordering is always based on the starting Content Engine ID, the failover sequence is not load-balanced, that is, when a Content Engine fails, all Content Engines that used it as a forwarder switch to the next Content Engine as specified in the ordered list.
In ACNS software 5.0.3, instead of using the Content Engine ID sequence as the initial ordered list, an additional step to permute the ordering of Content Engines has been introduced. Now, a random number is generated based on the Content Engine ID using MD5 with the channel ID and Content Engine ID as parameters. This random number is used to generate one permutation of the Content Engine ID ordered list. The generated permutation is used as the ordered list. This ordered list differs from the one generated in ACNS software 5.0 because the Content Engine IDs are ordered randomly and not in ascending order. Also, if two MD5 values are the same, the permutation remains the same. However, different Content Engines are very likely to have different permutations. When a Content Engine fails, there is an equal probability of all Content Engines that used it as a forwarder to switch to different Engines. Thus, the failover sequence is load-balanced.
Modification to the show distribution CLI Command
New parameters have been added to the show distribution command, which displays the distribution information for a specified channel. These parameters show the distribution statistics of a metadata sender and unicast data sender. It is now also possible to probe a remote Content Engine for the liveness of its associated channel. The new parameters are:
•
This command retrieves the metadata from a remote Content Engine assigned to a specified channel ID. The start and end generation IDs specify the beginning and ending database values representing the current version of the multicast cloud stored in the local database.
Note
•
This command shows the status of the relative CDN URL of an object at a remote Content Engine assigned to a specified channel ID.
•
This command can be used to probe a remote Content Engine for the liveness of the channel to which it is assigned.
The following examples show various ways of using these commands:
ContentEngine# show distribution remote 172.16.2.160 unicast-sender channel-id 153 cdn-url aaThe preceding example shows the status of the object "aa" at a remote Content Engine with the IP address 172.16.2.160 and the channel ID 153. The URL of the content object specified in the command must not be the complete source URL. Instead, it must be the relative CDN URL of the object.
ContentEngine# show distribution remote 172.16.2.160 unicast-sender channel-id 153 probeThe preceding example probes the remote Content Engine with the IP address 172.16.2.160 for the liveness of its assigned channel ID 153.
ContentEngine# show distribution remote 172.16.2.160 metadata-sender channel-id 153The preceding example retrieves metadata from a remote Content Engine with the IP address 172.16.2.160 assigned to channel ID 153. Because no start and end generation IDs have been specified, metadata retrieval will occur from the start generation ID, -100 and conclude at the end generation ID, which is obtained by adding 100 to the start generation ID.
Note
ContentEngine# show distribution remote 172.16.2.160 metadata-sender channel-id 153 start-generation-id 10 end-generation-id 10The preceding example retrieves metadata from a remote Content Engine with the IP address 172.16.2.160 according to the start and end generation IDs of 10.
Another parameter has been added to the show distribution command to display the properties of a pre-positioned object. The show distribution object-status url command can be used for this purpose. The following example shows output from the show distribution object-status command:
ContentEngine# show distribution object-status linux.domain.com========== Website Information ==========Website Name: Website1Website Original FQDN: linux.domain.comWebsite FQDN:========== Channels Information ==========Channel 153 (name = test) doesn't contain this object.Channel 197 (name = channel_2) doesn't contain this object.========== UNS Relations ==========cdn-url: linux.domain.comlookup error: rpcst = 0, uns_errno = 9========== CDN UNS Property ==========/sw/unicorn/bin/uns-clt: connecting.../sw/unicorn/bin/uns-clt: connected to UNS RPC serverReply from server:uns_errno: 9 (Requested object not found in UNS)status: 0fileName: <empty>Attr:fileSize: 0startTime: 0endTime: 0playServer: 0lastModifiedTime: 0authRequired: falsechannels (0)key=value pairs:/sw/unicorn/bin/uns-clt: closing connection to UNS RPC serverDistribution Polling Interval Slider Control
In ACNS software, Release 5.0, the acquisition and distribution system varies the metadata poll rate based on the number of receivers in the forwarder's queue (which require distribution of content), when the receiver contacts the forwarder. If at one point 100 receivers are in the forwarder's queue simultaneously, the forwarder might distribute the metadata and ask the receiver to check again in 20 minutes. However, when the receiver checks the next time, there might be fewer simultaneous receivers in the forwarder's queue. Therefore, the forwarder might distribute the metadata and ask the receiver to check earlier (that is, in less than 20 minutes.
In ACNS software, Release 5.0.3, the process of metadata distribution has changed. The new distribution system allows users to control the interval at which the receivers are notified of changes in metadata. The concept of a latency multiplier or multiplication factor has been implemented to support this functionality. This multiplier enables users to control how receiver Content Engines notice change in content. This latency multiplier supports both low-latency users and low-overhead users.
In ACNS software, Release 5.0.3, the Distribution Polling Interval slider control is displayed under the Acquisition and Distribution Information heading in the Modifying Content Engine window.
The default metadata polling interval is 120 seconds. The effective polling interval is obtained by multiplying the default polling interval by the value you specified on the slider control. The higher the "normal" multiplier, the longer it takes for the receiver to be notified of changes in content and the less the network traffic that results from polling. On the other hand, the lower the "normal" multiplier, the less time it takes for the receiver to be notified of content changes, and the greater the network traffic that results from polling.
Note
Acquisition and distribution (A&D) uses the concept of sender Content Engine and receiver Content Engine for metadata replication. The sender Content Engine sends the receiver Content Engine the duration to wait before asking for any updates. The sender Content Engine calculates this duration based on a number of factors, such as the number of devices in the CDN. Depending on the multiplication factor to be configured per receiver Content Engine, the polling interval will either be shorter or longer than the value calculated by the sender Content Engine. Once the receiver Content Engine obtains the number from the sender, it multiplies the interval by the value specified in the "normal" multiplier. The slider control simply stores that multiplication factor. The multiplication factor will be 1 in the middle (under "normal") and will be less than 1 to the left, and more than 1 to the right of the "normal" position on the slider control bar. For example, if the distribution polling interval is set to 10% of normal, the value of the polling interval corresponds to 0.1 times normal. Therefore, if the value of the metadata poll interval is 120 seconds, 10% of normal is equal to 12 seconds, which is the effective polling interval.
Change in CLI Command Output to Display Distribution Polling Interval
In ACNS software, Release 5.0.3, the show distribution channel [channel-id channel_num] command used to display the distribution information for a specified channel ID has been modified to include the polling interval multiplier in the output of the CLI command (shown in the last line in the following example).
ContentEngine# show distribution channel channel-id 280Channel ID: 280Channel Name: ibasicuniWebsite Name: wsWebsite origin_fqdn: 10.107.193.114Channel Priority: 500ID of Configured Root CE: 149Name of Configured Root CE: CR-2-CE3IP of Configured Root CE: 10.1.63.24This CE's Role: Not a Root CEIn Full Reload: NoMcast Receiving: YesMcast Sending: NoMetadata-Forwarder ID: 149Metadata-Forwarder Name: CR-2-CE3Metadata-Forwarder IP: 10.1.63.24Ucast-Forwarder ID: 149Ucast-Forwarder Name: CR-2-CE3Ucast-Forwarder IP: 10.1.63.24Last gen-id Switch: NeverID of Effective Root CE: 149Current root-ce-uid: 1048890762Current low-water-marker: 1Current max-gen-id: 73Current max-del-gen-id: 90Number of jobs completed: 46Has incompleted job: YesLast poll: 61 Secs agoNext poll: 59 Secs from nowIdle poll interval: 120 SecsPoll interval multiplier: 1Configuring a Channel to be Multicast-Only
In ACNS software, Release 5.0, when a preconfigured multicast fails, the receiver Content Engine obtains the content from the multicast sender through unicast. Although the number of carousel passes can be used to specify the number of times a multicast sender is to send the content of the channel to which it is assigned, it requires that the content be unicast, causing an overhead on the multicast sender Content Engine. (The number of carousel passes denotes the number of times a multicast sender sends the content of the channel to which it is assigned.) Enabling constant unicast polling for multicast channels consumes a large amount of bandwidth and can disrupt multicasting when the requisite bandwidth is not available. When a forwarder Content Engine receives content through a carousel pass and the edge receiver does not receive the content successfully, the edge receiver would have obtained the content from the forwarder through unicasting, without waiting for the next carousel pass. By configuring a channel to be multicast-only in ACNS software, Release 5.0.3, you can deploy forwarders for multicasting. This solution enables channel configuration to add this new channel as multicast-only, causing the unicast receiver to check this configuration flag and stop unicasting the content on this channel.
To configure a channel to be multicast only, follow these steps:
Step 1
Step 2
Step 3
Step 4
When a channel is configured to be multicast-only, the Content Engine enabled for multicasting (which must also be configured to be a receiver Content Engine in the multicast cloud and which must have a multicast distribution license key purchased from Cisco Systems) will request content only through multicasting. The multicast-enabled Content Engine does not try to obtain content from the multicast-only channel through unicast, even if multicasting fails. However, if a Content Engine is not enabled for multicasting, it can continue to request all the content from a multicast-only channel through unicasting. On the other hand, if a channel is configured to be multicast/unicast, the Content Engine can request content through unicasting, even if preconfigured multicasting fails.
If multicast replication is only desired, configure the channel to be multicast-only with a higher number of carousel passes and ensure that multicast is successfully enabled on sender and receiver Content Engines. If unicast failover is desired for a few lagging Content Engines, reconfigure the channel as multicast/unicast to enable a Content Engine to receive content using unicast after most Content Engines have already obtained content through multicast.
Changes in Channel Provisioning APIs
The Channel Provisioning API, which is the ChannelApiServlet, provides the Content Distribution Manager with channel information. In ACNS software, Release 5.0.3, the createChannel and modifyChannel actions performed by the Channel Provisioning API have been modified to support configuration of a multicast-only channel.
Note
A description of the modified (createChannel and modifyChannel) actions follows:
createChannel
Creates a channel.
Parameters:
•
•
•
•
•
•
For ACNS software, Release 5.0.3, three more options have been added. They are unicast_only, multicast_only, and unicast_multicast. In order to interoperate with ACNS software, Release 5.0, the settings of true and false have been retained. The meaning of these settings is:
–
–
–
–
–
•
Return:
Newly created channel ID
Syntax:
https://<cdmIpAddress>:8443/servlet/com.cisco.unicorn.ui.ChannelApiServlet?action=createChannel&channel=<channel_name>&website=<website_ID>[&weakCert=<true | false>][&skipEncrypt= <true | false>][&priority=<high | normal | low>][&mcastEnable=<true | false | unicast_only | multicast_only | unicast_multicast>][&desc=<description>]
modifyChannel
Modifies channel settings.
Parameters:
•
•
•
•
•
•
For ACNS software, Release 5.0.3, three more options have been added. They are unicast_only, multicast_only, and unicast_multicast. In order to interoperate with ACNS software, Release 5.0, the settings of true and false have been retained. The meaning of these settings is:
–
–
–
–
–
•
Note
Return:
None
Syntax:
https://<cdmIpAddress>:8443/servlet/com.cisco.unicorn.ui.ChannelApiServlet?action=modifyChannel&channel=<channel_ID>[&channelName=<channel_name>][&weakCert=<true | false>] [&skip Encrypt=<true | false>][&priority=<high | normal | low>] [&mcastEnable=<true | false | unicast_only | multicast_only | unicast_multicast>] [&desc= <description>]
New CLI Command for User Control of Multicast Distribution
In ACNS software, Release 5.0.3, a new CLI command lets you redistribute content using multicast when preconfigured multicast fails. The distribution multicast resend EXEC command can be used to reschedule content redistribution through multicast for all channels, or for a specified channel ID or name. This command is especially useful in satellite environments, where the pre-configured multicast might fail because of weather conditions. The command options are:
•
•
•
The distribution multicast stop EXEC command can be used to stop the multicast distribution for all channels, or for a specified channel ID or name. The command options are:
•
•
•
Once stopped, you can restart multicast distribution using the distribution multicast resend EXEC command.
New CLI Commands to Test Multicast Connectivity
Pragmatic General Multicast (PGM) is a reliable multicast protocol that enables PGM receivers to report loss of data and request retransmission by the PGM sender. In ACNS software, Release 5.0.3, two new CLI commands have been introduced to test multicast connectivity between sender and receiver Content Engines. These commands can be used to start and stop the PGM rate generator (pgmrategen, or PGM sender application) and PGM rate monitor (pgmratemon, or PGM receiver application).
Pgmrategen Command
The pgmrategen start ipaddress ttl EXEC command continuously sends data packets on the specified multicast IP address as a background application. The TTL for each packet that is multicast can also be specified using this command. The TTL value can vary between 1 and 255, depending on the number of network elements that the packet must pass through before reaching the multicast receiver. The pgmrategen start command displays the percentage of packets that have been multicast. When the percentage reaches 100, the sending of data packets stops. Because the PGM sender application runs in the background, once the progress reaches 100 percent, the application displays "Exiting." in the CLI. Users need to press the Enter key to stop the PGM sender application and return to the EXEC prompt.
If the pgmrategen start command is issued from a Content Engine in which the multicast sender application is running, the command causes the multicast sender application to stop temporarily. The following example shows the output of the pgmrategen start command for a multicast IP address of 227.1.1.1 and TTL of 255:
ContentEngine# pgmrategen start 227.1.1.1 255Starting pgmrategen ....Type "pgmrategen stop" to revert back to normal modeContentEngine#Setting PGM Defaults...Reading PGM configuration file /sw/unicorn/config/fxd/pgmfxSatellite.conf.src...Initializing PGM engine...PGM v3.2.3 [GF(2^8)],build: Nov 12 2002,17:50:04System: Linux ContentEngine 2.4.16 #1 SMP Tue May 13 04:40:08 PDT 2003 i686PGM: GSI 0a0101150000Raw IP sndbuf(262144), rcvbuf(262144)UCD-SNMP Version: 4.2.3SNMP: PGM Receiver MIB loadedSNMP: PGM Source MIB loadedSNMP Agent Initialized, SNMP Port 4052PGM Web Monitor listening on 0.0.0.0.3057ContentEngine#ContentEngine#Creating PGM Sender...Initializing PGM Sender...PGM source 8652:100:0a0101150000 source createdThis program will multicast data on multicast address 224.20.10.5.Sending 1024 messages of 1420 bytes (1420 Kbytes)PGM rate is 1024 KbpsProgress: 99%Total time 11.3972 seconds, 124.592 KBps, 1020.66 KbpsPGM sender 8652:100:0a0101150000 going away, data 1013->1438460CPU Usage: 0.030 seconds = 0.010 user + 0.020 sys, 0.263% CPUExiting.ContentEngine#The PGM sender application internally uses certain configuration files for configuring multicasting. The output of the command displays headers referring to the sender buffer size, receiver buffer size, the SNMP agent that is used and its details. The PGM sender sends 1420 KB of data at the rate of 1024 kbps. The ContentEngine# prompt is displayed in between the lines of command output, because command results are displayed from the background. The pgmrategen stop EXEC command can be used to stop the PGM sender application. This causes the multicast sender application to be restarted. The pgmrategen stop command can also be used before the percentage of data packets that have been multicast reaches 100 percent. In this case, the PGM sender application terminates and returns to the EXEC prompt.
Note
To restart the multicast sender application, the pgmrategen stop command needs to be used to stop the PGM sender application that runs in the background.
Pgmratemon Command
Similarly, the pgmratemon start ipaddress EXEC command can be used to run the pgmratemon (PGM receiver) background application. This application listens for PGM multicast data transmitted from a PGM sender on the specified multicast IP address. This command causes the multicast receiver application running on a Content Engine to stop temporarily. For testing the multicast connectivity between two Content Engines, the same multicast IP address must to be used for both transmission and reception of data packets. Also, the PGM receiver application does not terminate by itself because when the PGM receiver background application waits for the arrival of packets, there is no defined time of arrival of data packets. The Ctrl-C key combination can be used to return to the EXEC prompt but it does not end the PGM receiver application. Whenever the PGM receiver application receives a packet, it prints a line of output containing the packet size and bandwidth. Instead, the pgmratemon stop EXEC command must be used to stop the PGM receiver application. The following example shows the output of the pgmratemon start command:
ContentEngine# pgmratemon start 227.1.1.1Starting pgmratemon ....Type "pgmratemon stop" to revert back to normal modeSetting PGM Defaults...Reading PGM configuration file/sw/unicorn/config/fxd/pgmfxSatellite.conf.rcv...Initializing PGM engine...PGM v3.2.3 [GF(2^8)],build: Nov 12 2002,17:50:04System: Linux ContentEngine 2.4.16 #1 SMP Fri Apr 11 02:00:26 PDT 2003i686PGM: GSI 0a0101130000Raw IP sndbuf(262144), rcvbuf(262144)UCD-SNMP Version: 4.2.3SNMP: PGM Receiver MIB loadedSNMP: PGM Source MIB loadedContentEngine#ContentEngine#SNMP Agent Initialized, SNMP Port 4053PGM Web Monitor listening on 0.0.0.0.3058Creating PGM Listener...Initializing PGM listener...This is a sample receiver program that uses TIBCO's SmartPGM API.This program will listen for PGM multicast data from a SmartPGM senderon multicast address 227.1.1.1.To end the program press Ctrl-C.Waiting for PGM multicast data.ContentEngine#ContentEngine#ContentEngine#[17806:100:0a01010e0000], new TSIPGM receiver 17806:100:0a01010e0000 receiver created[17806:100:0a01010e0000] 1.21 secs, 109.2 KBps, 894.7 Kbps[17806:100:0a01010e0000] 1 secs, 120.6 KBps, 988.3 Kbps[17806:100:0a01010e0000] 1 secs, 122 KBps, 999.7 Kbps[17806:100:0a01010e0000] 1 secs, 123.4 KBps, 1.011 Mbps[17806:100:0a01010e0000] 1 secs, 122 KBps, 999.6 Kbps[17806:100:0a01010e0000] 1 secs, 122 KBps, 999.6 Kbps[17806:100:0a01010e0000] 1 secs, 123.4 KBps, 1.011 Mbps[17806:100:0a01010e0000] 1 secs, 122 KBps, 999.6 Kbps[17806:100:0a01010e0000] 1 secs, 122 KBps, 999.6 Kbps[17806:100:0a01010e0000] 1 secs, 123.4 KBps, 1.011 Mbps[17806:100:0a01010e0000] 1 secs, 122 KBps, 999.6 KbpsThe pgmratemon stop EXEC command can be used to stop the PGM receiver application. When this command is used, the multicast receiver application restarts. The following example shows the output of the pgmratemon stop command:
ContentEngine# pgmratemon stopStopping pgmratemon ....Exiting.ContentEngine#
Note
Expert Mode Configuration
The initial configuration settings for multicast file transfer daemon (which takes care of multicast sending and receiving) are maintained in two files, namely, pgmfx.conf and fxd.conf. Two versions of these files are present, one for satellite configuration and another for terrestrial configuration. The contents of these files contain brief comments for individual configuration items. These files are located in the /sw folder on multicast sender and receiver Content Engines. There are separate files for satellite and terrestrial configuration, namely pgmfxSatellite.conf, fxsSatellite.conf, pgmfxTerra.conf, and fxdTerra.conf.
The Content Distribution Manager allows the user to modify some of the commonly used configuration values, such as FEC transmission group, advertisement IP address, sender delay, TTL, and maximum bandwidth. To modify other configuration values, expert mode needs to be used. This mode requires users to copy the files to a directory with write permissions and modify the configuration values for the desired configuration. After modification, these files must be saved on the multicast sender and receiver Content Engines as follows:
In multicast sender:
/local/local1/multicast-expert-config/fxd.conf.src
/local/local1/multicast-expert-config/pgmfx.conf.src
In multicast receiver:
/local/local1/multicast-expert-config/fxd.conf.rcv
/local/local1/multicast-expert-config/pgmfx.conf.rcv
The properties configurable using the Content Distribution Manager are not available for modification in expert mode, that is, the users cannot modify the expert mode configuration values from the Content Distribution Manager. If expert mode configuration files are present, the changes made to properties from the Content Distribution Manager are added to the expert mode configuration files and these files copied to the /state folder. The /state folder is a temporary working folder that contains the current process states and configuration. Both the fxd and pgmfx configuration files are copied to the /state folder.
Note
If routers are to be enabled to assist in distribution of content, users must use the expert mode configuration files. The ip_router_alert number setting must be set to 1 to enable the IP router alert option in PGM packets. If this value is 0, then no PGM packets are sent with the IP router alert option. Therefore, the IP routers are enabled for content distribution by default. Users need to modify this setting in the pgmfxSatellite or pgmfxTerra config files, depending on whether the multicast medium is satellite or terrestrial. This setting affects the operational features of PGM for all sessions.
Warning
When multicast sender and receiver applications start, the correct configuration files to start the file transfer daemon are searched for. By default, these applications check to see if expert mode configuration files exist. Otherwise, the satellite or terrestrial configuration files are looked for depending on the multicast cloud configuration.
Caution
Support for Export of Acquisition and Distribution, and TV-Out Transaction Logs
In earlier releases of ACNS software, the show transaction-logging command did not display the acquisition and distribution (A&D) transaction log file and TV-out transaction log information. However, transaction logging and exporting to FTP servers was previously available for other processes, such as HTTP caching proxy and WMT MMS caching proxy. Although provision was made to store the A&D transaction log information in the /local/local1/logs/export directory, it was not exported to the FTP servers. One workaround was to run the copy disk ftp {hostname | ip-address} remotefiledir remotefilename localfilename EXEC command to copy the files to a FTP server from the local disk. However, this was a tedious process because ACNS software does not support regular expressions for specifying the location of the log files, and therefore the user might have needed to specify a remote filename for each file to be copied. The only restriction was that the transaction log configuration settings must be in the folder /local/local1/logs/export.
ACNS software, Release 5.0.3 addresses this issue by allowing the user to configure transaction logs for export either from the CLI or from the Content Distribution Manager GUI. The user must use the transaction-log enable CLI global configuration command to create a working log file. Once transaction logging is enabled, the A&D transaction log file will be created. The created A&D transaction log is in the /local/local1/logs/acqdist directory. The naming convention for the A&D transaction log file is acqdist_ipaddress_yyyymmdd_hhmmss. The IP address is a 32-bit quantity in a 4-part dotted decimal format. The A&D transaction logs that are not in that directory are not exported using FTP because the export process handles only files with the file-naming convention that starts with the known file name prefix and resides in the designated directory.
The transaction-logs export ftp-server {hostname | servipaddrs} login passw directory global configuration command can be used to specify which FTP server is to receive exported files at the target FTP server, and the target directory path for exported files on FTP server. The transaction-logs export interval minutes command can be used to specify how frequently the archive log files are to be saved or the export interval in minutes. The transaction log export configurations can also be specified using the Transaction Log Settings for Content Engine window in the Content Distribution Manager GUI. These files will be exported in accordance with the specified export configurations. The transaction log contains an entry per item for acquisition (start/stop), metadata (send/receive), unicast (pull/send), and multicast (sent/received). The log contains the following headers, namely, StartTime, Duration, ProcessName, ChannelID, ChannelName, DeviceName, CDNUrl, SourceUrl, LastModifiedTime, Size, Status, and Action.
Also, support has been provided for export of TV-out, RealProxy, and Cisco Streaming Engine transaction logs. These logs will be named according to the specified naming conventions as tvout_ipaddress_yyyymmdd_hhmmss, rproxyaccess.log.ipaddress_.yyyymmddhhmmss, and cseaccess.hhmmss000.log, respectively.
TV-out transaction logs are available in the /logs/tvout folder when TV output service and transaction logging have been enabled. The TV-out transaction log contains the following headers, namely, StartTime, Request, Url, ElaspedTime, Status, and Bytes. The log uses Apache custom transaction log format, as represented by the string "%t %r %U %T %s %B".
The following example shows output from the show transaction-logging command.
ContentEngine# show transaction-loggingTransaction log configuration:---------------------------------------Logging is enabled.End user identity is visible.File markers are disabled.Archive interval: every-day every 1 hourMaximum size of archive file: 2000000 KBLog File format is squid.Windows domain is not logged with the authenticated usernameExporting files to ftp servers is disabled.File compression is disabled.Export interval: every-day every 1 hourHTTP Caching Proxy Transaction Log File InfoWorking Log file - None existingWMT MMS Caching Proxy/Server Transaction Log File InfoWorking Log file - size : 575age: 9273Archive Log file - mms_export_10.1.1.21_20030405_014217 size: 575A&D Transaction Log File InfoWorking Log file - size : 119age: 9273Archive Log file - acqdist_10.1.1.21_20030405_014217 size: 119Translog directory doesn't exist. might be because /local1 has no sysfs mounted.Real Proxy Transaction Log File InfoWorking Log file - size : 0age: 3227456Archive Log file - rproxyaccess.log.172.16.192.148_.20021106192814 size: 0Archive Log file - rproxyaccess.log.172.16.192.148_.20021106202454 size: 0Archive Log file - rproxyaccess.log.172.16.192.148_.20021120204036 size: 0Archive Log file - rproxyaccess.log.172.16.192.148_.20021127164618 size: 0Archive Log file - rproxyaccess.log.172.16.192.148_.20021205203111 size: 0Archive Log file - rproxyaccess.log.172.16.192.148_.20030109191040 size: 0Archive Log file - rproxyaccess.log.172.16.192.148_.20030114203550 size: 0Archive Log file - rproxyaccess.log.172.16.192.148_.20030217051943 size: 0Archive Log file - rproxyaccess.log.172.16.192.148_.20030226194344 size: 0Archive Log file - rproxyaccess.log.172.16.192.148_.20030226194554 size: 0Cisco Streaming Engine Transaction Log File InfoWorking Log file - size : 698age: 294404Archive Log file - cseaccess.log size: 698Archive Log file - cseaccess.021203000.log size: 1158Archive Log file - cseaccess.021223000.log size: 1100Archive Log file - cseaccess.021230000.log size: 698Archive Log file - cseaccess.030106000.log size: 928Archive Log file - cseaccess.030113000.log size: 928Archive Log file - cseaccess.030120000.log size: 698Archive Log file - cseaccess.030127000.log size: 698Archive Log file - cseaccess.030203000.log size: 698Archive Log file - cseaccess.030210000.log size: 698Archive Log file - cseaccess.030217000.log size: 698Archive Log file - cseaccess172.16.192.148__.log size: 698Archive Log file - cseaccess172.16.192.148__.030226000.log size: 755Archive Log file - cseaccess172.16.192.148__.030305000.log size: 698Archive Log file - cseaccess.030224000.log size: 928Archive Log file - cseaccess.030312000.log size: 870Archive Log file - cseaccess.030319000.log size: 870Archive Log file - cseaccess.030326000.log size: 698TV-out Transaction Log File InfoWorking Log file - size : 48age: 9273Archive Log file - tvout_10.1.1.21_20030405_014217 size: 48New CLI Command for Scheduling Concurrent Jobs
A new global configuration command has been introduced in ACNS software, Release 5.0.3 to set the maximum number of objects that can be scheduled concurrently for multicast distribution. When networks are reliable or the size of files being multicast is small, we recommend that you set the maximum number of concurrent objects to 50. However, when networks are unreliable or the size of files being multicast is large, a smaller number of concurrent objects (for example, five) is recommended. In addition, this command can be used to set the minimum bandwidth that must be allotted for each concurrent job. The syntax of this command is:
multicast max-concurrent-jobs 1 - 50 [minimal-target-rate 51200 - 10485760]
The max-concurrent-jobs parameter sets the maximum number of jobs that can be scheduled concurrently. The default is 5. The minimal-target-rate parameter to sets the minimum bandwidth that must be allotted per object in bits per second (bps). The default value is 102400 bps. The minimal-target-rate parameter is optional; if left unconfigured, the default value of 102400 bps is used.
New CLI Command for Debugging in the Acquirer
The acquirer test-url url EXEC command can be used for debugging purposes in the acquirer to test whether a URL is accessible or not. The actual content is dumped into the path /dev/null. An example of this command follows.
ContentEngine# acquirer test-url http://192.168.150.26--05:16:41-- http://192.168.150.26=> `/dev/null'Connecting to 192.168.150.26:80... connected.HTTP request sent, awaiting response... 200 OKLength: 1,722 [text/html]100%[====================================>] 1,722 1.64M/s ETA 00:0002:45:40 (1.64 MB/s) - `/dev/null' saved [1722/1722]New CLI Command for Checking the Last Modified Time of Content
Content downloaded by ACNS software, Release 5.0 has an incorrect Last-Modified-Time attribute that remains incorrect after upgrading to ACNS software, Release 5.0.3. This occurs because the acquirer in ACNS software, Release 5.0 stores the Last-Modified-Time attribute in local time format, whereas in ACNS software 5.0.3, this attribute is stored in Greenwich mean time (GMT).
Content acquired after upgrading to ACNS software, Release 5.0.3 uses the correct last modified time.
It may be helpful to be able to identify old content (that acquired by ACNS software, Release 5.0) that has an incorrect last modified time, so that it can be corrected. The following command has been added to ACNS software, Release 5.0.3 so that users can display such content.
acquirer check-time-for-old-content [channel-id channel-num | channel-name channel_name]
Note
To correct the last modified time for old content, the acquirer check-time-for-old-content correct [channel-id channel-num channel-name channel_name] EXEC command can be used, which will cause this content to be redistributed to any receiver Content Engine running ACNS software, Release 5.0.1, but not to any Content Engine running ACNS software, Release 5.0.3. Content Engines running ACNS software, Release 5.0.3 are able to obtain metadata about the changed Last-Modified-Time attribute without having to download the data itself again (which has not changed). The syntax is:
acquirer check-time-for-old-content correct [channel-id channel-num | channel-name channel_name]
This command changes the Last-Modified-Time attribute of the content from local time format to GMT. When an if-modified-since (IMS) request from a client is received, it does not fail, because the Last-Modified-Time attribute is stored in GMT.
Note
Manifest File Updates
In versions of ACNS software earlier than Release 5.0.3, the <host name> tag in the manifest file specifies the fully qualified domain name, including the protocol and port for the origin server. The <item> src and <crawler> start-url attributes specify the relative path of the URL relative to the value specified in the <host> name attribute. Specifying only the relative URL of the file in the <item> src and <crawler start-url attributes was found to be a difficult way of specifying the URLs from which crawling was to start.
In ACNS software, Release 5.0.3, a format has been provided for specifying the complete URL in the <item> src and <crawler> start-url attributes in the manifest file, as shown in the following line:
Protocol://username:password@domain-name:port/file-pathIn the above format, the username and password must be specified when authentication is required for login to a website whose links need to be crawled.
The following modifications have been made to the manifest file in ACNS software, Release 5.0.3.
New Feature with ttl Attribute
The ttl attribute was introduced in ACNS software, Release 5.0.1 to specify the recheck interval. The ttl attribute value must be greater than or equal to zero. In ACNS software, Release 5.0.3, users are allowed to specify a TTL value of -1 to ensure that the acquirer will never recheck an item. In certain cases, for performance reasons, users might not want the acquirer to recheck some items, because they know that they have not changed.
Acquisition varies with different TTL values, as follows:
•
•
•
New Feature with playServer Attribute
There are some differences in the way in which playserver attribute is implemented between ACNS software, Release 5.0.1 and ACNS software, Release 5.0.3. In ACNS 5.0.1 software, even if HTTP is not specified on a customized playserver table, the HTTP playserver is included automatically. Therefore, all pre-positioned content can always be played using the HTTP protocol in addition to the customized list of playservers. In ACNS 5.0.3 software, the HTTP playserver is included in the default playserver table. However, if you choose to specify your own playserver table or <playServer> attribute in the <item> or <crawler> manifest file tags, the HTTP playserver is not automatically included as in the case of ACNS 5.0.1 software. The HTTP playserver must be added to the playserver table to play HTTP content or other content using the HTTP protocol.
The following examples show the differences in the implementation of the playserver attributes and tables between ACNS 5.0.1 software and ACNS 5.0.3 software.
•
In the following example, ACNS 5.0.1 software allows both the HTTP and WMT playservers to play the content, even though only the WMT playserver is specified.
<item src="video.mpg" playServer="wmt" />In ACNS 5.0.3 software, only the WMT playserver plays the video.mpg file. If the HTTP playserver is to be enabled to play this file, the HTTP playserver must be specified as follows:
<item src="video.mpg" playServer="wmt, http" />•
The following manifest file produces different results depending on whether it is being parsed in ACNS 5.0.1 software or ACNS 5.0.3 software.
<CdnManifest><playServerTable><playServer name="wmt"><extension name="asf" /><extension name="wmv" /></playServer><playServer name="qtss"><extension name="mov" /></playServer></playServer></playServerTable><server name="server"><host name="http://server.com/" proto="http" /></server><crawler start-url="root" depth="3" ttl="45" /></CdnManifest>The manifest file specified above will be implemented as follows:
–
–
<playServerTable><playServer name="wmt"><extension name="asf" /><extension name="wmv" /></playServer><playServer name="qtss"><extension name="mov" /></playServer><playServer name="wmt"><extension name="avi" /><extension name="mpeg" /><extension name="mpg" /><extension name="mp3" /><extension name="rm" /><extension name="ram" /></playServer></playServerTable>If the <playServerTable> and <playServer> attributes are not specified, the default playserver table will be used that automatically includes the HTTP playserver.
•
In the following example, both ACNS 5.0.1 software and ACNS 5.0.3 software function in the same manner. Because there is no <playServerTable> and <playServer> attribute specified, the default playserver table generates the playserver for this file, which also includes the HTTP playserver. The files are allowed to be played by the HTTP playserver as well as the associated playserver for that type of file extension.
<CdnManifest><item src="video.asf"></CdnManifest>failRetryInterval Attribute
If acquisition fails, the CDN attempts to acquire the content again. The value specified for the failRetryInterval attribute specifies the retry interval in minutes. For example, setting the failRetryInterval attribute value to 10 ensures that the CDN will try to acquire this content every 10 minutes. If a value is not specified for the failRetryInterval attribute, the failRetryInterval attribute is set to a default value of 5 minutes. Therefore, if you specify the failRetryInterval attribute value to be less than 5 minutes, it will be converted to 5 minutes. In other words, if acquisition fails, attempts to acquire the content will occur every 5 minutes regardless of the TTL value. You can disable the fail and retry feature by assigning the failRetryInterval attribute to a value greater than the ttl attribute in the <options>, <item-group>, <item>, or <crawler> manifest file tags.
The behavior of the failRetryInterval attribute is different for single items and crawl items. If acquisition for single content items fails, with the ttl attribute not equal to 0 and less than the value of the failReryInterval attribute, the item will be checked for freshness beyond the time interval specified in the ttl attribute. Otherwise, the single content item will be checked for freshness depending on the time interval specified in the failRetryInterval attribute.
The failRetryInterval attribute checks for content whose acquisition has failed beyond the time specified in the attribute, the ttl attribute checks for freshness of content that has been acquired successfully.
For crawl items, if some of the web pages are not acquired (except for 300 and 400 error status codes for which retry is not attempted), these pages are rechecked beyond the time specified in the failRetryInterval attribute and recrawled beyond the value specified in the ttl attribute.
For example, for a crawl item with a ttl attribute of 10 and a failRetryInterval attribute of 4, the acquirer rechecks for failed items every 4 minutes until it reaches the ttl attribute value and then recrawls the item when it exceeds the ttl attribute value (after 10 minutes in this case).
Removal of <wmt-meta-data> tag
The <wmt-meta-data> tag specified as a subtag of the <item> and <crawler> tags is no longer supported in ACNS software Release 5.0.3. The <wmt-meta-data> tag was introduced in ACNS software, Release 5.0 to solve the problem of double redirect, which resulted in the loss of attributes specified in an Active Streaming Format Stream Redirector (ASX) files. The double redirect problem no longer exists, and the attributes in a pre-positioned ASX file are not overwritten. Therefore, the <wmt-meta-data> tag has been removed from the manifest file.
The purpose of the <wmt-meta-data> tag in ACNS software, Release 5.0 was to specify one or more file attributes that would be displayed in the Windows Media Player when a file was played. In ACNS software, Release 5.0.3, users need not include the <wmt-meta-data> tag in the manifest file. Instead, they can encode the metadata in the streamed files, such as Windows Media Video (WMV), Windows Media Audio (WMA), or Active Streaming Format (ASF) files. Alternatively, users can choose to pre-position the ASF file and specify pointers to the streamed file that contains the required metadata. The metadata can then be displayed when the media file is played.
ignoreQueryString Attribute
This playback attribute can included in the <options>, <item-group>, <item>, and <crawler> tags. When this attribute is set to true, the CDN ignores any string after the question mark (?) character in the requested URL for playback. However, if this attribute is omitted, it is set to false by default. For example, assume that content with the URL http://web-server/foo has been pre-positioned. When a user requests content with the URL http://web-server/foo?id=xxx and if the ignoreQueryString attribute is set to false, the CDN will not return the pre-positioned content with the URL http://web-server/foo. Instead, the CDN treats http://www-server/foo?id=xxx as a different URL. On the other hand, if the ignoreQueryString attribute is set to true, the CDN treats http://www-server/foo?id=xxx the same as http://www-server/foo and returns pre-positioned content.
playDuration Attribute
The playDuration attribute is not supported in the manifest file in ACNS software, Release 5.0, so the duration of file playback is not known. In ACNS software, Release 5.0.3, however, the playDuration attribute specifies the playtime duration in seconds for a video file. This value can be used both for HTTP download and the TV-out program schedule, and is used in the <item>, <crawler>, <options>, and <item-group> tags in the manifest file. If users use HTTP to play a video file, the CDN uses this playDuration attribute to calculate the downloading bit rate. TV-out programs can also use this value to schedule video programs. If the playDuration attribute is omitted, the CDN will attempt to calculate it for MPEG files.
For ACNS software, Release 5.0.3, the document "Creating Manifest Files for Cisco ACNS Software, Release 5.0.3" replaces Chapter 6, "Creating Manifest Files" in the Cisco ACNS Software Deployment and Configuration Guide, Release 5.0. You can access the updated manifest file chapter for ACNS software, Release 5.0.3 from the following URL:
http://www.cisco.com/en/US/products/sw/conntsw/ps491/prod_configuration_guide09186a008017a530.html
Support for Limiting Bandwidth per File
In ACNS software, Release 4.x, the Channels Media Editor window allows you to view media file properties and modify them. The rate at which the media file will be streamed during playback is also provided. However, this feature is not available in ACNS software, Release 5.0, so certain media files such as QuickTime (.qt) and Macromedia Flash (.swf) files are played back at a rate faster than the rate at which the client can play them. A new attribute, bitrate, has been added to the ACNS software, Release 5.0.3 manifest file to provide a way of modifying the bit rate at which media files are distributed to the client during playback. The CDN uses this value in playback download. The bitrate attribute has three forms:
•
•
•
This attribute can be applied to following tags in the manifest file:
<options>
<item-group>
<item>
<crawler>
In the following example,
<item src="http://www.cisco.com/Prod/ACNS.swf" bitrate-in-kbps="500" />the ACNS software will download the ACNS.swf file at a rate of 500 kbps.
Replication of Playback Attributes
In ACNS software, Release 5.0.1, the notFoundUrl attribute in the <options> tag (which enables a request from the client to be redirected to that particular URL if the CDN does not possess the content) does not work whenever content cannot be acquired by the CDN. This problem is observed when the metadata of the content has been replicated to the Content Engine already, but not the content. However, if the content cannot be acquired because of "File not found" errors, then the request will not be redirected to the URL specified in the notFoundUrl attribute.
This problem has been rectified in ACNS software, Release 5.0.3. In this release, when the acquirer fails to acquire content from an origin server, its playback attributes, such as notFoundUrl and noRedirectToOrigin, are replicated to all Content Engines. This enables Content Engines to play back the contents according to the specified playback attributes.
Note
Allowing Question Marks in the Path to the Manifest File
In ACNS software, Release 5.0.1, it is not possible to point a channel to a manifest file that contains a question mark (?) in the name, for example, http://www.mydomain.com/test.asp?channel_ID=2. This is a limitation of the manifest file when you specify a path to the image file contained on the origin server.
Enhancements made in ACNS software, Release 5.0.3, allow the use of question marks. When the path of the URL contains question marks in the manifest file, the path is parsed as follows:
•
–
–
–
•
The following are examples of a valid path for a URL:
http://dir?1/manifest.xmlhttp://di?r/test.xml?ch=3http://dir/test.xml?ch=3http://dir/tes?t.xml?ch=3http://di^r/test.xml?ch=3http://dir/test.xml?c^h=3dir/test.xml?ch=3d?ir/test.xml?ch=3dir/t?est.xml?ch=3http://dir?/test.xml?ch=3The following are examples of an invalid path for a URL:
http://dir/?test.xml?ch=3http://dir/tes^t.xml?ch=3Parsing <object> and <embed> Tags to Perform Crawling
In ACNS software, Release 5.0.3, the manifest file can now parse the <object> and <embed> tags, which are frequently used in HTML pages to embed players for video files. This feature will enable pre-positioning of video files. In earlier releases of ACNS software, only some of the attributes in the <object> tag are parsed by the manifest file, and none of the attributes in the <embed> tag are parsed. The acquirer now parses these tags to find the links for pre-positioning video files. The <param> tag will be included as part of the <object> tags. The following syntax can be used to parse the <param> tag:
<param name="src" value="xxx" />In the above syntax, src points to the fully qualified domain name of the origin server and value represents the file to be parsed.
The following syntax can be used to parse the <embed> tag:
<embed src="xxx" pluginspage="xxx" pluginurl="xxx" />In the above syntax, src points to the fully qualified domain name of the origin server and the pluginspage and pluginurl attributes represent the attributes of the player embedded in the HTML pages.
Replication Status Enhancements
In ACNS software, Release 5.0, the replication status feature allows users to view the status of content replication using the Content Distribution Manager GUI, output from CLI commands, or an API file. However, a number of drawbacks are associated with such a view of content replication. A major disadvantage is that the replication status is shown as complete only when all Content Engines assigned to a channel had completed content replication from the root Content Engine. The status is shown to be incomplete when content replication is still in process on even one of the Content Engines in the channel.
ACNS software, Release 5.0.3 features an enhanced display of replication status. The progressive file count status shows different information depending on which device provides the display.
•
•
•
In ACNS software, Release 5.0.3, system-level replication status (unavailable in Release 5.0) is provided under the Monitoring tab. This enables the user to move from a system-level status view to a replication status view for a specific Content Engine or channel. The user can also view a detailed replication status for each Content Engine and channel.
The following sections describe the Channel Replication Status and Device Replication Status windows, and the Replication Status for Channel and Content Engine windows. In ACNS software, Release 5.0, the channels contain only elementary replication status information. In ACNS software, Release 5.0.3, the information formerly in the Channels window has been moved to the Channel Replication Status window, thereby simplifying the Channels window.
Viewing the System Replication Status by Content Engine
The Device Replication Status window lists all Content Engines on the system. This window displays a summary of all channels associated with a specific Content Engine in a given state for all Content Engines in the system.
To view the system replication status by device, follow these steps:
Step 1
Step 2
Figure 4 Device Replication Status Window
Step 3
Table 1 describes the status information that is displayed in this window.
Note
Viewing the Replication Status for a Content Engine
The Replication Status for Device window displays the replication status of individual channels assigned to a particular Content Engine. You can filter the information by channels or by any of the other columns displayed in this window. To view the replication status for a particular Content Engine, follow these steps:
Step 1
Alternatively, you can view the Replication Status for Device window by choosing CDN Settings > Replication Status from the Modifying Content Engine window.
Tip
Figure 5 Replication Status for Device Window
Table 2 describes the status information that is displayed in this window.
Step 2
Viewing Replication Items
The Content Distribution Manager GUI in earlier ACNS software releases had only two columns: Replication Status and Content Description Status in the Replication Status for Channel window in the Content Distribution Manager GUI. Administrators therefore found it difficult to determine the status of replication and the freshness of content replication based on this limited information. This was because the results of the queries to determine the detailed replication status are cached in the Content Distribution Manager memory for 1 hour. As a result, users are confused when they compared the memory-cached Content Distribution Manager GUI results and the latest content replication information obtained through CLI commands.
In contrast, in ACNS software, Release 5.0.3, a time stamp denoting the time in Greenwich mean time (GMT) at which the replication status was last cached is displayed to inform the user about the freshness of the detailed content replication status. Also, a request for a detailed replication status triggers an aggregated replication status request. This ensures that the cache status is refreshed at the same time on the Content Distribution Manager.
In the Replication Status for Device window, the use can click the View replicated item status for channel icon next to the channel of interest to view the latest replication status obtained by forcibly refreshing the Content Engine status. The Replication Items window appears. (See Figure 6.) A Force replication information refresh icon has been added to the Replication Items window to let the user forcibly refetch the latest content replication information. However, each use of this icon triggers an extensive database query, resulting in performance degradation. The user can decide on whether to forcibly refresh the replication status or not depending on the time stamp since the last metadata update.
Figure 6 Replication Items Window
Table 3 describes the status information that is displayed in this window.
Note
Viewing the System Replication Status by Channel
The Channel Replication Status window lists all channels on the system. This window displays the summary of all Content Engines associated with a specific channel in a given state for all channels in the system.
To view system replication status by channel, follow these steps:
Step 1
Step 2
Figure 7 Channel Replication Status Window
Step 3
Table 4 describes the status information that is displayed in this window.
Viewing the Replication Status for a Channel
The Replication Status for Channel window displays the replication status of individual Content Engines assigned to a particular channel. You can also filter the information by Content Engines or by any of the other columns displayed in this window. To view the replication status for a particular channel, follow these steps:
Step 1
Alternatively, you can view the Replication Status for Channel window by choosing Basic Settings > Replication Status from the Modifying Channel window.
Tip
Figure 8 Replication Status for Channel Window
Step 2
Table 5 describes the replication status information that is displayed in this window.
Changes in CLI Commands for Replication Status
The show statistics replication commands that display the channel replication status on the Content Distribution Manager have been modified to show the progressive file count status during acquisition and replication. Examples follow.
CDM# show statistics replication channelsReplication status for channel channel_2 ID 197-------------------------------------------------------------CEs complete: N/ACEs in process: N/ACEs with failures: N/ACEs unknown: N/ATotal number of CEs: N/AReplication status for channel test ID 153-------------------------------------------------------------CEs complete: 0CEs in process: 0CEs with failures: 1CEs unknown: 0Total number of CEs: 1Root CE ID: 103State: Failed Processing Manifest, Manifest Error: Failed to fetch manifest file: NO Host(906)Used disk quota: 0 BytesValid as of: Tue Apr 01 12:45:30 UTC 2003CDM# show statistics replication content-engines selected-channel Website1 test content-engine ContentEngineReplication status for channel test (ID 153) for CE ID 103-------------------------------------------------------------State: Failed Processing ManifestFiles done: 0Files to do: 0Files failed: 0Files failed to be updated: 0Total number of files: 0Valid as of: Wed Apr 09 22:05:43 UTC 2003ContentEngine# show statistics replication channelsContent Engine: ce1 (ID 88) rootChannel: 'test', WebSite: 'Website1' (channel ID 153)State: CompleteFiles done: 10003Files to do: 0Files failed: 0Files failed to be updated: 0Total files count: 10003Used disk quota: 209 MbChange in XML-Formatted Output of Replication Status APIs
The replication status APIs return a list of channels, Content Engines, or contents for each channel, and an indication whether replication is complete or not for the specified channel. There is no change in the request syntax of the ReplicationStatusApiServlet to retrieve the replication status. However, the API output has been modified to include the new replication status information.
The following is the Document Type Definition (DTD) of the XML-formatted output.
<?xml version="1.0"?><!DOCTYPE replicationStatus[<!ELEMENT replicationStatus (message, CeStatus*, ChannelStatus*)><!ATTLIST replicationStatusaction CDATA #REQUIREDcount CDATA #REQUIRED><!ELEMENT message EMPTY><!ATTLIST messagestatus (success | failure) "success"message CDATA #REQUIRED><!ELEMENT CeStatus EMPTY><!ATTLIST CeStatusceId CDATA #REQUIREDceName CDATA #IMPLIEDchannelId CDATA #REQUIREDchannelName CDATA #IMPLIEDstate CDATA #IMPLIEDfilesDone CDATA #IMPLIEDfilesToDo CDATA #IMPLIEDfilesFailed CDATA #IMPLIEDfilesUpdateFailed CDATA #IMPLIEDtotalFiles CDATA #IMPLIEDupdateTime CDATA #IMPLIED><!ELEMENT ChannelStatus EMPTY><!ATTLIST ChannelStatusid CDATA #REQUIREDtotalNumCes CDATA #REQUIREDnumCesComplete CDATA #REQUIREDnumCesInProcess CDATA #REQUIREDnumCesFailed CDATA #REQUIREDnumCesUnknownState CDATA #REQUIREDrootCeState CDATA #REQUIREDmanifestError CDATA #IMPLIEDusedDiskQuota CDATA #IMPLIEDvalidAsOf CDATA #IMPLIED>Change in the Current Working Directory
In ACNS software, Release 5.0.3, the directory /local1 has been made the current working directory when a user uses Telnet or Secure Shell to connect to a Content Engine. This is required because most Content Engines have only one sysfs file system, and all the log files and other data are in the /local1 directory.
Support for Wildcard Characters in the dir and ls EXEC Commands
In releases of ACNS software before Release 5.0.3, the dir and ls EXEC commands used to display a long list of files in a directory, or the list of files in a directory or subdirectories, respectively, do not support wildcard characters such as * (asterisk) and ? (question mark). Support for the * wildcard character has been provided for the dir and ls EXEC commands in ACNS software, Release 5.0.3. An example of the dir EXEC command with the wildcard character * follows.
ContentEngine# dir *size time of last change name-------------- ------------------------- -----------15148 Wed Jan 15 02:06:11 2003 /local1/acns-db-1-14-2003-20-36.dump4314 Fri Oct 11 07:06:43 2002 /local1/acns-db-9-11-2002-1-36.dump125295 Sat Dec 7 02:29:45 2002 /local1/cmsdb.log4096 Fri Oct 4 05:34:52 2002 <DIR> /local1/crashContent Routers to Recognize Origin Server Domain Name for Redirection
Content Routers in ACNS software, Release 5.0.3 can recognize the fully qualified domain name (FQDN) of the origin server for redirection. This feature enables the user to request content by specifying the origin server, instead of having to specify the delegated Content Router FQDN as the requested domain. The user can thereby continue to obtain content from the closest Content Engine instead of from the origin server. When a user requests content using the origin server as the requested domain, the request is forwarded to the Content Services Switch positioned in front of the origin server. The Content Services Switch then forwards the content request to a Content Router for redirection. If a Content Router receives a content request that is specified with the origin server as the requested domain, it will then find the mapped Content Router FQDN; decide which Content Engine is closest to the client; and send a HTTP 302 Found (Redirection) URL back to the client. The 302 Found (Redirection) URL is in the format <cename>.ce.<CR FQDN> and contains no reference to the origin server. The client sends a request to the 302 Found (Redirection) URL. The DNS server, in turn, forwards the DNS request to the delegated Content Router. After the client obtains the closest Content Engine IP address from the Content Router, it forwards the request for content to the IP address of the Content Engine. This new feature applies to both HTTP and RTSP requests made to a Content Router.
Tip
If users have a Content Services Switch deployed in their CDN for load balancing, this feature of redirection of requests with origin server name allows them to access the content using Content Router redirection without advertising a separate Content Router FQDN.
When used on the Content Router, the following commands display the origin server FQDN in addition to the Content Router FQDN:
•
•
•
•
In addition, two new commands that are currently available on the Content Engine have been added to the list of configuration commands on the Content Router:
•
•
Users can also configure the Layer 4 switch redirection interoperability over HTTP and RTSP using the Content Distribution Manager GUI.
To configure and enable Layer 4 switch interoperability, follow these steps:
Step 1
Step 2
Step 3
Figure 9 Layer 4 Switch Settings for Content Router Window
Step 4
Step 5
Step 6
Support for Apache Version 1.3.27
Version 1.3.26 and earlier versions of the Apache Server have security vulnerabilities. To address the security problems, ACNS software, Release 5.0.3 supports Apache Server Version 1.3.27. The major enhancements made in Apache Server Version 1.3.27 are:
•
•
•
Support for a Larger Number of Actions Performed on a Rule
ACNS software, Release 5.0 does not allow configuration of more than 120 rule action items. For example, when a Content Engine running ACNS software, Release 5.0 is configured with 100 block actions starting from pattern list 1 to 100 and with 30 reset actions starting from pattern list 1 to 30, the Content Engine displays the following error message after configuring the 100 block and the first 20 reset actions:
"Internal Error. when setting /cfg/gl/cache/rule/rule_sequence (Error number: 1)"The show statistics rule command generates a core file after this message. ACNS software, Release 5.0.3 allows configuration of more than 120 rule action items. It allows up to 512 actions to be configured. However, it must be remembered that actions consume a significant amount of memory resources. Because rules consume resources, the more rules there are defined, the more Content Engine performance might be affected.
Access Control List Support for Interfaces
Users may want to deploy a Content Engine with one interface in the public or customer's IP address space for content serving and another interface in the private IP address space for management services such as Telnet, HTTPS, SSH, SNMP, and software upgrades. Users need to lock the public interface to deny unauthorized access to management services. To implement this functionality, ACNS software, Release 5.0.3 provides access control lists (ACLs) that enable the management services to be tied to the private IP address space. This ensures that enterprise customers can access the Content Engine for serving content only in the public IP address space.
However, in ACNS software, Release 5.0.3, support for access control lists is limited to SNMP management services only. A device attempting to access one of the management services must be on a list of trusted devices before it is allowed access. The implementation of access control lists for management services is similar to the access control list support provided in the Global Site Selector and Cisco routers.
The ip access-list standard {acl_name | acl_number} global configuration command allows users to create and modify standard access lists. The acl_name variable is a string of up to 7 characters that must begin with a letter; the acl_number variable is a number in the range 1 to 99, indicating a standard access list. Use the no form of this command to delete the access control list. When a new standard access control list is created or an existing access control list is modified, the global configuration mode enters into a submode. This submode is the standard IP access control list configuration submode. The "(config)" portion of the CLI prompt changes to "(config-std-nacl)" to show that the user is in the standard IP access control list configuration submode. While in this submode, the user can specify one or more standard conditions, such as the number of the network from which the packet is being sent or the wildcard bits that can be applied to the IP address of the host. These conditions determine whether to allow the management service to permit or deny a packet received by it. The user specifies these conditions in the access control list. If the packets match the conditions specified in the access control list, it is permitted access to management services. Otherwise, the packets are denied access.
To specify a condition, users need to use the {deny | permit} {[source] [source-wildcard] | any} command. However, if the condition matches one already specified in the list, then no action is performed.
The syntax description of the command is as follows:
By default, a standard access list denies everything because the list is terminated by an implicit deny any condition. Therefore, there must be at least one condition statement for the standard access list to exist. Also, references to an access list that do not exist are the equivalent of a permit any condition statement.
In ACNS software, Release 5.0.3, the global configuration command snmp-server access-list [acl_number] configures an access control list to allow access to an SNMP agent. The acl_number variable is a number in the range 1 to 99, indicating a standard access control list. SNMP checks against the specified access control list before accepting or dropping incoming packets.
Websense Server Integration with the Content Engine
In releases of ACNS software earlier than Release 5.0.3, the SmartFilter software is the only URL filtering application that runs on the Content Engine. Although URL filtering is performed using the Websense server in ACNS software, Release 5.0, this application runs on a separate system and communicates with the Content Engine over the network. In ACNS software, Release 5.0.3, the Websense server, Version 4.4.1 is integrated with higher-end Content Engine models (the CE-7305 and CE-7325) and runs as a separate process instead of running on a separate system. There are no changes in the way the Cache application communicates with the Websense server, except that the server now runs on the same device as the Cache application.
The amount of RAM needed for Websense server integration with the Content Engine is about 60 MB to 140 MB. When the Websense server is enabled and the Websense URL database is downloaded for the first time, CPU usage will be high. Therefore, we recommend enabling the Websense server during off-peak times or at times of low network traffic. Otherwise, other processes running on the Content Engine might be affected. When the Websense server stalls, it is automatically restarted.
Because of limitations on the memory usage of the Websense server, it is runs locally only on the CE-7305 and CE-7325 models. The Websense server currently does not reside on low-end Content Engine models (the CE-507, CE-565, and CE-510).
Websense provides an image of the Websense server that resides in the /local/local1/WebsenseEnterprise directory. All the executables as well as the configuration and logging files will be stored in this directory. This package requires about 150 MB of disk space in the /local/local1/WebsenseEnterprise directory. An additional 140 MB disk space is required when the Websense URL database is downloaded, increasing the total disk space requirement to 290 MB. Because of this increased disk space requirement, we recommend increasing the size of the sysfs disk partition to be larger than the default value on the Content Engines.
Configuration of Ports for the Websense Server
The Websense process requires that these four ports be opened for connections either from processes internal to the Content Engine or from external processes such as the PIX firewall:
•
This is the TCP port that receives requests for content filtering according to the Websense protocol.
•
If the Websense process blocks a URL, it sends a redirect URL to the user. The redirect URL is configured to print out the blocked page and policy for the user. The Websense process listens on this port to receive the pages blocked, serviced by a thread in the Websense server. This thread sends the blocked page in response to the redirected request.
•
This port is required by the Websense GUI to configure the Websense server.
•
The Websense server has an exhaustive set of diagnostics that the users can run remotely to diagnose problems in the Websense process. This port is the one that these diagnostics utilities connect to.
Users can configure these ports by modifying the websense.ini file which resides in the /local/local1/WebsenseEnterprise directory. The Websense server must be restarted so it can pick up the newly configured ports. Default port numbers for these four ports are:
•
•
•
•
Users can modify the ports by exporting a copy of the websense.ini file using FTP from the /local/local1/WebsenseEnterprise directory on the Content Engine, modifying the file, deleting the websense.ini file on the Content Engine, and then sending back the modified file to the Content Engine using FTP.
Note
Changes in CLI Commands for the Websense Server
CLI commands for the Websense server have been changed as follows:
•
The Cache application uses this global configuration command to set up communication with the Websense server. This command has been modified to include another variable to signify that the Websense server is local. The revised syntax is as follows:
url-filter http websense server {local | hostname}
If the local variable is specified during the configuration, then the Cache application sends URL filtering requests to the Websense server running on the Content Engine. On the other hand, if the hostname variable is chosen, then the Websense server running on the Content Engine is not used.
•
This new global configuration command enables the local Content Engine to act as the Websense server. When this command is used, a back-end script starts the Websense server process through the node manager.
If the default ports are changed, the Websense server must be disabled and reenabled before the changes can be implemented.
•
This command has been modified to show the IP address of the local host in the Websense sever IP field when the local host is configured as the Websense server for Websense URL filtering.
•
This new command shows the configuration for the Websense server configured on the Content Engine. The output of the command includes the configured port numbers for the Websense server port, block message server port, configuration server port, and diagnostics server port; the Websense server version number; and the maximum number of connections.
•
This existing EXEC command has been enhanced to save modified Websense configuration files (websense.init and ws.cfg) across disk reconfiguration and ACNS software release upgrades.
User must execute this command in order to have the most recent configuration modifications, including websense.ini file modifications and the Websense URL filtering configuration changes. The write memory command enables the changes made from the external Websense Manager GUI to be saved across disk reconfiguration and upgrade (which might erase disk content).
If the write memory command was not used before reboot but after a disk reconfiguration or an ACNS software upgrade that erases disk content, the Websense configurations that were saved when the write memory command was last used will be retained. However, if the write memory command was never used before, then default configurations will be applied when the content on /local/local1/WebsenseEnterprise directory is erased.
To configure the Websense server to run on the Content Engine, follow these steps:
Step 1
Step 2
Note
Step 3
•
•
•
Step 4
To enable the Websense server using the Content Engine GUI, follow these steps:
Step 1
Step 2
Note
You can also enable the Websense server using the Content Distribution Manager GUI. To enable the Websense server on the Content Engine, follow these steps:
Step 1
Step 2
Step 3
Figure 10 URL Filter Settings for Content Engine Window
Step 4
Step 5
Step 6
Tip
Step 7
Step 8
Step 9
To download the Websense components, such as Explorer, Manager, and Reporter, or to obtain an evaluation key for using the Websense server that runs on the Content Engine, you can access the following URL and follow the sequence of steps:
http://www.websense.com/downloads
To access the set of documents on Websense product setup and implementation, you can access the following URL:
http://www.websense.com/support/documentation/index.cfm
Support for an ASCII Password During TACACS+ Authentication
Terminal Access Controller Access Control System (TACACS) is an authentication method that validates all users on an individual basis before they can gain access to a Content Engine. In ACNS software, Release 5.0.3, the tacacs server {hostname | ip-address} primary global configuration command has been changed to the tacacs host {hostname | ip-address} configuration command. This change is necessary to maintain similarity with Cisco IOS software commands. A maximum of three hosts can be configured (one primary and two backup). Optionally, the server can be configured as a primary server to specify that it will be connected first. If no primary server is configured, the first host configured is the primary server. On configuring a fourth server to be a TACACS host, the following message is displayed "Maximum TACACS+ servers limit is reached". The output of the tacacs ? command, given below, displays the newly added keywords, namely, host and password.
ContentEngine(config)# tacacs ?enable Enable TACACS+ Authenticationhost Specify a server addresskey Set security wordpassword Specify TACACS+ password typeretransmit Number of times requests are retransmitted to a servertimeout Number of seconds to wait before a request to server is timeoutA new global configuration command, tacacs password ascii, has been added in ACNS software, Release 5.0.3. This command can be used to specify the TACACS+ password type as ASCII. The default password type is PAP (Password Authentication Protocol). In releases prior to ACNS software 4.2.9, the password type is not configurable. When users need to login to a Content Engine, a TACACS+ client sends the password information in PAP format to a TACACS+ server. However, TACACS+ servers that are configured for router management required the passwords to be in ASCII clear text format instead of PAP format to authenticate users logging into the Content Engine. Therefore, in ACNS software, Release 4.2.9, the password type to authenticate user information has been made configurable from the CLI. An example of the tacacs password ascii command together with the no version of the command and show tacacs commands are show below:
ContentEngine(config)# tacacs password ?ascii Utilize ASCII password type for authentication (PAP is default)ContentEngine(config)# tacacs password asciiContentEngine# show tacacsLogin Authentication for Console/Telnet Session: enabled (primary)Configuration Authentication for Console/Telnet Session: enabled (primary)TACACS+ Configuration:---------------------TACACS+ Authentication is offKey = *****Timeout = 5Retransmit = 2Password type: asciiServer Status---------------------------- ------172.19.226.182 primaryContentEngine(config)# no tacacs password asciiContentEngine# show tacacsLogin Authentication for Console/Telnet Session: enabled (primary)Configuration Authentication for Console/Telnet Session: enabled (primary)TACACS+ Configuration:---------------------TACACS+ Authentication is offKey = *****Timeout = 5Retransmit = 2Password type: papServer Status---------------------------- ------172.19.226.182 primary
Note
The TACACS+ client can send different requests to the server for user authentication. The client can send a TACACS+ request with the Password Authentication Protocol (PAP) authentication type. In this scenario, the authentication packet includes both the username and the user's password. The server must have an appropriately configured user's account. Also, the client can send a TACACS+ request with the ASCII authentication type as another option. In this scenario, the authentication packet includes the username only and waits for the server response. Once the server confirms that the user's account exists, the client sends another Continue request with the user's password. The authentication server must have an appropriately configured user's account to support either type of password.
New CLI Command to Configure a Generic Name for a Realm During Authentication
The realm displayed in the authentication popup window when you connect to the Content Engine is "Cisco Content Engine". Because this realm reflects the type of application or device being used, there was a need to configure the realm to be more generic, such as "proxy" or "cache", so that a realm string can be configured for HTTP basic request authentication. In ACNS software, Release 5.0.3, a new option has been added to the existing http authentication global configuration command to configure the realm. The syntax of the command is as follows:
http authentication {realm realm-name}
The show http authentication EXEC command can be used to view the name of the configured realm. The following example shows the http authentication realm command along with the show version of the command.
ContentEngine(config)# http authentication realm CEContentEngine(config)# exitContentEngine# show http authenticationHTTP Authentication:Header: 401Realm: "CE"Cache Timeout: 480 (minutes)Cache Maximum entries: 4000Enhancing Upgrade to Devices and Device Groups
In ACNS software, Release 5.0.1, when a set of Content Engines is upgraded, each Content Engine obtains a very large upgrade file directly from a single source server. The drawbacks are that there is no limit on the bandwidth consumed for download, and the network is overloaded because of the concurrent download of large update image files. Also, the device states displayed during software updates are generalized, making it difficult for users to determine whether anything has gone wrong during the upgrade process.
The above-mentioned drawbacks have been resolved in ACNS software, Release 5.0.3 through the use of meta files that are used to refer to the pre-positioned image files. Meta files contain a collection of information to register image files on the Content Distribution Manager and validate those image files on the Content Engines. The URL for the pre-positioned image file from a channel can be used in the meta file. A channel is created that specifies the manifest file that points to the image files contained on the origin server, and Content Engines are assigned to the channel. The user creates the meta file that references the pre-positioned image file and registers it.
To register a software update meta file URL, follow these steps:
Step 1
Step 2
Step 3
Users can update devices and device groups by choosing the software update file URL from the Update Software for Content Engine window in the Content Distribution Manager GUI. The software update component in the Centralized Management System determines whether the URL references pre-positioned content.
To view the progress of an upgrade, users can view the software update status messages displayed in the Software Version column of the Content Engines window in the Content Distribution Manager GUI. These intermediate messages are also written to the system log on Content Engines.
Table 6 shows the status update messages that are now displayed in the Software Version column in the Content Engines window on the Content Distribution Manager GUI during requests for pre-positioned image files for software updates.
Note
In addition, the username and password can be specified for content requested through HTTP that requires authentication. The syntax for a sample metadata file follows.
updateFileSize=122805908version=5.0.3updateFileUrl= http://linux.domain.com/unib26.binuser=adminpassword=testIf the channel manifest file used to acquire upgrade image files requires a username and password, the following attribute must be added to that manifest file's <options> tag:
<options requireAuth="false">This ensures that authentication is turned off, because authentication requires going back to the origin server.
Changes in Device and Device Group Assignment to Channels
In earlier releases of ACNS software, when a device group is assigned to a channel, the channel assignments are copied to the devices associated with the device group. These copied channel assignments make the device appear to have been directly assigned to the channel. This implementation has the drawback of not removing a device-channel assignment when the device is removed from the original device group or when the channel is unassigned from the original device group.
In ACNS software, Release 5.0.3, the above-mentioned drawback has been corrected. When a device is removed from a device group containing the original channel assignment, this device is also unassigned from channels. Similarly, when a channel is removed from a device group, the associated devices are also unassigned.
In the Content Distribution Manager GUI, a distinction is made between devices that are assigned directly to a channel or devices that are assigned through a device group. If the device is assigned directly as well as through a device group, the assignments are tracked separately. For tracking purposes, a new window, View all Content Engines assigned to Channel, has been added to the Content Distribution Manager GUI. This window displays all Content Engines assigned to a channel, regardless of whether they are assigned directly or through device groups.
To view the list of all Content Engines assigned to a channel, follow these steps:
Step 1
Step 2
Step 3
Figure 11 View All Content Engines Assigned to Channel Window
Table 7 describes the information that is displayed in this window.
.
The Content Engines Assigned to Channel window now displays only the list of Content Engines directly assigned to a channel. It does not display Content Engines assigned through a device group. Also, removing a device group does not affect the list of Content Engines displayed in the Content Engines Assigned to Channel window.
Similarly, the Device Groups Assigned to Channel window displays only the list of device groups directly assigned to a channel. It does not display device groups whose Content Engines have been assigned through device groups. Removing a Content Engine does not affect the list of device groups displayed in the Device Groups Assigned to Channel window.
New CLI Command to Copy Files from the cdnfs to the sysfs
The copy cdnfs EXEC command has been added to ACNS software, Release 5.0.3. This command lets users copy data files out of the cdnfs to the sysfs for further processing, for example, to provide the copied files to the install imagefilename EXEC command for copying the cdnfs files to install the ACNS software. The syntax of the new command is as follows:
copy cdnfs disk url sysfs-filename
Modification to the cdnfs cleanup CLI Command
The cdnfs cleanup command, which was used to clean up unwanted entries in the cdnfs and synchronize the acquisition and distribution database with the content stored on the cdnfs, has been modified in ACNS software, Release 5.0.3. This command now cleans up the content of deleted channels from the acquisition and distribution database. In certain cases, the acquirer is not notified by the CMS about deleted channels, and it therefore fails to clear all unified name space (UNS) content. In such cases, the cdnfs cleanup EXEC command can be used to clean up all UNS content associated with deleted channels. The cdnfs command options are:
ContentEngine# cdnfs ?browse Browse CDNFS files/directorycleanup Clean up orphan content in CDNFSdelete-unused-ecdnfs-files Delete unused ECDNFS(legacy file system) fileslookup Lookup given URL in CDNFS
Note
The cdnfs cleanup command options are:
ContentEngine# cdnfs cleanup ?info Summary info of garbage entries. No cleanupstart Start the CDNFS garbage collectionstop Stop the CDNFS garbage collectionThe following example shows the output of the cdnfs cleanup info command:
ContentEngine# cdnfs cleanup infoGathering cleanup information. This may take some time....(Use Ctrl+C or 'cdnfs cleanup stop' to interrupt)..............................Summary of garbage resource entries found-------------------------------------------Number of entries : 605Size of entries (KB) : 60820911ContentEngine# show statistics acquirerQuerying Database.......Statistics for Channel Channel-id : 223 Channel-Name : 2cisco---------------------------------------------------------Manifest:---------Fetch Errors : 0Parsing Errors : 0Acquisition:-------------Total Number of Acquired Objects : 7748Total Disk Used for Acquired Objects : 474988224 BytesTotal Number of Failed Objects : 7355Total Number of Re-Check Failed Objects : 0Statistics for Channel Channel-id : 222 Channel-Name : 1cisco---------------------------------------------------------Manifest:---------Fetch Errors : 0Parsing Errors : 0Acquisition:-------------Total Number of Acquired Objects : 5687Total Disk Used for Acquired Objects : 454992336 BytesTotal Number of Failed Objects : 5401Total Number of Re-Check Failed Objects : 0The cdnfs cleanup start command in ACNS software, Release 5.0.3 can now be used to clean up orphan content for deleted channels in the cdnfs, whereas in Release 5.0, it is used to clean up only garbage entries in the cdnfs.
Hardware Supported
ACNS 5.0.3 software supports the following existing and new platforms:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Software Supported
ACNS software, Release 5.0.3 uses SmartFilter software, Release 3.1.2 for URL filtering. Therefore, you need to use SmartFilter Administration Server software, Release 3.1.2 after you upgrade to ACNS software, Release 5.0.3.
New and Changed CLI Commands
The following CLI commands are new or have changed syntax options in ACNS software, Release 5.0.3.
Limitations and Restrictions
This section lists the limitations of ACNS software, Release 5.0.3
Boomerang Commands
In ACNS software 4.x, boomerang commands are used to enable content routing software on Content Engines to enable them function as content routing agents for a specified domain. Boomerang agents support multiple domains, where each agent might be associated with a different boomerang server. However, in ACNS 5.0.3 software, boomerang domain configuration commands are not supported.
Important Notes
This section emphasizes important information regarding ACNS 5.0.x software.
Media File System Issues When Downgrading to ACNS 5.0 Software
If you have configured the media file system (mediafs) with ACNS 5.1 software or later, and then downgrade to ACNS 5.0 software, the mediafs disk space assignment is lost and it reverts to ACNS network file system (cdnfs) disk space. (The mediafs is used for on-demand content that is fetched through the two streaming protocols [RTSP and WMT]. The cdnfs is used for pre-positioned content in the ACNS network.)
This situation occurs because of a design change that was implemented in ACNS 5.1 software. Because ACNS 5.0 software is not compatible with this change, the disk space becomes assigned to cdnfs instead of mediafs. To work around this problem, follow these steps:
1.
Use the Content Distribution Manager GUI for Content Engines that are registered with a Content Distribution Manager. Use the Content Engine GUI for standalone Content Engines (that is, Content Engines that are not registered with a Content Distribution Manager and are being managed through the Content Engine GUI or CLI).
2.
Websense Issues When Downgrading to ACNS 5.0 Software or ACNS 5.1 Software
If the local (internal) Websense server is enabled on the Content Engine and you downgrade from the ACNS 5.2.x software to ACNS 5.0 software or ACNS 5.1 software, the WebsenseEnterprise directory is removed from the Content Engine and the local Websense server stops working. Note that the ACNS 5.2.x software does not generate an error message indicating that the WebsenseEnterprise directory has been removed.
To avoid this problem when downgrading from ACNS 5.2.x software to ACNS software 5.1 or ACNS 5.0 software, follow these steps:
1.
2.
3.
Caveats
This section lists and describes caveats that are open in ACNS software, Release 5.0.3. Caveats describe unexpected behavior in ACNS 5.0 software. Severity 1 caveats are the most serious; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats.
Open Caveats - ACNS Software, Release 5.0.3
•
Symptom: WCCP bypass does not function properly when bypassing large packets from the client. Therefore, the client never receives an acknowledgment from the server for the data sent.
Condition: This problem occurs when the Content Engine bypasses the connection and the server advertises a maximum segment size (MSS) of 1460 bytes.
Workaround: If the client's path is configured to discover the maximum transmission unit (MTU), users can configure a lower value of MTU on the router interface connected to the Content Engine. Therefore, when a client sends a large packet, the router would drop it and would send an Internet Control Message Protocol (ICMP) message with the reduced MTU value. Clients would then adjust to the lower value.
•
Symptom: Content cannot be acquired using strong authentication from secure origin servers that use certificates from nonstandard certificate authorities (CAs). If strong authentication was chosen for content acquisitions from such a site, the acquirer error statistics will contain a 401 (Unauthorized) error code, and the acquirer error log will contain the following error message:
Strong Cert Authentication rejects certificate due to error: ssl error codeCondition: This problem occurs if the origin server uses a certificate that is not known as a standard certificate to the ACNS acquirer. For content acquisition from secure sites over HTTPS using strong authentication, only sites with certificates from standard certificate authorities are supported.
Note
Workaround: Use one of these workarounds:
–
–
-----BEGIN CERTIFICATE-----Issuer: C=US, O=VeriSign, Inc., OU=Class 1 Public PrimaryCertification AuthorityValidityNot Before: Jan 29 00:00:00 1996 GMTNot After : Jan 7 23:59:59 2020 GMTSubject: C=US, O=VeriSign, Inc., OU=Class 1 Public PrimaryCertification Authority-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: C=US, O=VeriSign, Inc., OU=Class 2 Public PrimaryCertification AuthorityValidityNot Before: Jan 29 00:00:00 1996 GMTNot After : Jan 7 23:59:59 2004 GMTSubject: C=US, O=VeriSign, Inc., OU=Class 2 Public PrimaryCertification Authority-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public PrimaryCertification AuthorityValidityNot Before: Jan 29 00:00:00 1996 GMTNot After : Jan 7 23:59:59 2004 GMTSubject: C=US, O=VeriSign, Inc., OU=Class 3 Public PrimaryCertification Authority-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: C=US, O=RSA Data Security, Inc., OU=Secure ServerCertification AuthorityValidityNot Before: Nov 9 00:00:00 1994 GMTNot After : Jan 7 23:59:59 2010 GMTSubject: C=US, O=RSA Data Security, Inc., OU=Secure ServerCertification Authority-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: O=VeriSign, Inc, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab.LTD., OU=For VeriSign authorized testing only. No assurances (C)VS1997ValidityNot Before: Mar 4 00:00:00 1997 GMTNot After : Mar 4 23:59:59 2025 GMTSubject: O=VeriSign, Inc, OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD., OU=For VeriSign authorized testing only. No assurances (C)VS1997-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: C=AU, ST=Queensland, O=CryptSoft Pty Ltd, CN=Test PCA (1024 bit)ValidityNot Before: Dec 2 21:38:51 1999 GMTNot After : Jul 10 21:38:51 2005 GMTSubject: C=AU, ST=Queensland, O=CryptSoft Pty Ltd, CN=Test CA (1024 bit)-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=PCAValidityNot Before: Jun 15 02:14:29 1997 GMTNot After : Jul 15 02:14:29 1997 GMTSubject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=CA-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=PCAValidityNot Before: Jun 14 22:54:45 1997 GMTNot After : Jul 14 22:54:45 1997 GMTSubject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=PCA-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: C=GB, O=UCL, OU=ICE-TEL Project, CN=TrustFactoryValidityNot Before: Apr 22 14:39:14 1997 GMTNot After : Apr 22 14:39:14 1998 GMTSubject: C=GB, O=UCL, OU=ICE-TEL Project, CN=TrustFactory-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: O=European ICE-TEL project, OU=V3-Certification AuthorityValidityNot Before: Apr 2 17:35:53 1997 GMTNot After : Apr 2 17:35:53 1998 GMTSubject: O=European ICE-TEL project, OU=V3-Certification Authority,L=Darmstadt-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: O=European ICE-TEL project, OU=V3-Certification AuthorityValidityNot Before: Apr 2 17:33:36 1997 GMTNot After : Apr 2 17:33:36 1998 GMTSubject: O=European ICE-TEL project, OU=V3-Certification Authority-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=DarmstadtValidityNot Before: Apr 2 17:35:59 1997 GMTNot After : Apr 2 17:35:59 1998 GMTSubject: O=European ICE-TEL project, OU=V3-Certification Authority,L=Darmstadt, CN=USER-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: C=Ca, L=Nepean, OU=No Liability Accepted, O=For Demo Purposes Only, CN=Entrust Demo Web CAValidityNot Before: Apr 26 13:35:01 1996 GMTNot After : Apr 26 13:35:01 2006 GMTSubject: C=Ca, L=Nepean, OU=No Liability Accepted, O=For Demo PurposesOnly, CN=Entrust Demo Web CA-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: C=AU, ST=Queensland, O=CryptSoft Pty Ltd, CN=Test PCA (1024 bit)ValidityNot Before: Dec 2 21:35:48 1999 GMTNot After : Jul 11 21:35:48 2005 GMTSubject: C=AU, ST=Queensland, O=CryptSoft Pty Ltd, CN=Test PCA (1024 bit)-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: C=US, O=RSA Data Security, Inc., OU=Commercial CertificationAuthorityValidityNot Before: Nov 4 18:58:34 1994 GMTNot After : Nov 3 18:58:34 1999 GMTSubject: C=US, O=RSA Data Security, Inc., OU=Commercial CertificationAuthority-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,OU=CertificationServices Division, CN=Thawte Server CA/Email=server-certs@thawte.comValidityNot Before: Aug 1 00:00:00 1996 GMTNot After : Dec 31 23:59:59 2020 GMTSubject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,OU=Certification Services Division, CN=Thawte Server CA/Email=server-certs@thawte.com-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,OU=CertificationServices Division, CN=Thawte Premium Server CA/Email=premium-server@thawte.comValidityNot Before: Aug 1 00:00:00 1996 GMTNot After : Dec 31 23:59:59 2020 GMTSubject: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,OU=Certification Services Division, CN=Thawte Premium Server CA/Email=premium-server@thawte.com-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: C=AU, ST=Queensland, L=Brisbane, O=CryptSoft Pty Ltd,OU=development, CN=CryptSoft Dev CAValidityNot Before: Mar 22 13:34:04 1997 GMTNot After : Mar 22 13:34:04 1998 GMTSubject: C=AU, ST=Queensland, L=Brisbane, O=CryptSoft Pty Ltd, OU=development, CN=CryptSoft Dev CA-----END CERTIFICATE----------BEGIN CERTIFICATE-----Issuer: C=AU, ST=Queensland, L=Brisbane, O=CryptSoft Pty Ltd,OU=WORTHLESS CERTIFICATION AUTHORITIES, CN=ZERO VALUE CA - DEMONSTRATION PURPOSES ONLYValidityNot Before: Apr 3 13:22:54 1997 GMTNot After : Apr 3 13:22:54 1998 GMTSubject: C=AU, ST=Queensland, L=Brisbane, O=CryptSoft Pty Ltd,OU=WORTHLESS CERTIFICATION AUTHORITIES, CN=ZERO VALUE CA - DEMONSTRATION PURPOSES ONLY-----END CERTIFICATE-----•
Symptom: When CDN users use an external authentication server such as TACACS+, RADIUS, Windows NT LAN Manager (NTLM), or Lightweight Directory Access Protocol (LDAP) for authentication, authorization, and accounting of user accounts, the authentication server settings cannot be changed.
Condition: This occurs in ACNS software, Release 5.0 and later.
Workaround: Users need to remove the authentication server from service when they want to change the settings for any of the external authentication servers, such as TACACS+, RADIUS, NTLM, or LDAP. This can be done using the Local Authentication Settings window or the Authentication Scheme Settings window in the Content Distribution Manager GUI.
•
Symptom: ACNS 5.x software uses certain CLI commands that are important for CDN functionality and need to be managed using device groups. If any of these commands are configured using the device CLI or GUI, these settings are not stored as part of the CDN-wide configuration data of the Content Distribution Manager and are overwritten by the Content Distribution Manager. These commands include the following:
cdp
ldap
logging
ntp
radius-server
tacacs
bandwidth
bypass
dns-cache
ftp
http
https
icp
multicast
ntlm
proxy-auto-config
proxy-protocols
rtsp
excluding:
–
–
–
rule
transaction-logs
url-filter
multicast accept-license-agreement
wmt
excluding
–
–
–
authentication
error-handling
dns enable
In addition, if these settings are configured on the Content Engine or Content Router before it is registered with the Content Distribution Manager, they are not displayed in the running configuration.
Workaround: If these settings are configured on the Content Engine or Content Router before it is registered with the Content Distribution Manager, reconfigure these settings after registration using the Content Distribution Manager GUI.
•
Symptom: When the user tries to add port 8443 for incoming HTTPS proxy requests on a Content Engine using the https proxy incoming 8443 command, the following message appears:
Port 8443 is reserved for application the Cdm_UI_httpCondition: This occurs when port 8443 is reserved for the HTTPS incoming proxy by the Content Distribution Manager GUI and port 8443 cannot be used on a Content Engine where no Content Distribution Manager GUI is running. However, on a Content Distribution Manager, it is appropriate to reserve port 8443, because this port is used as the Content Distribution Manager GUI port.
Workaround: Once a port has been registered for an application with the port manager, it cannot be used by other applications except the one that registered it. Therefore, if a port is configurable through the CLI, it must not be made the default port. A port manager that is aware of different personalities and allows some ports to be reserved only on the Content Distribution Manager and some others only on the Content Engine can solve this problem.
•
Symptom: For pre-positioned Windows Media content, if the content is defined in the manifest file to be WMT over HTTP play and if NTLM authentication is enabled from the Content Distribution Manager, the Content Engine fails to handle the authentication with the origin server properly. You are repeatedly prompted for a username and password although you have already entered the proper username and password.
Condition: This limitation that will be resolved in a future release.
Workaround: Choose one of the following options to avoid this problem.
–
–
–
•
Symptom: The cache process unexpectedly reboots after running for 3 months.
Condition: The cache process automatically reboots when it runs for a relatively long time under production traffic.
Workaround: The cache process is automatically restarted by a node manager. Therefore, no special workaround action needs to be performed.
•
Symptom: A multicast receiver Content Engine obtains content through unicast before the multicast sender has delivered the content through multicast.
Condition: This symptom occurs when a multicast receiver Content Engine retrieves content through unicast from a parent forwarder, which is not the multicast sender. In this case, the multicast receiver contacts its forwarder, which has the latest content, and obtains the content without waiting for the next carousel pass.
Workaround: Take either of these actions:
–
–
•
Symptom: In ACNS software, Release 4.2.3 and earlier, passwords are displayed in clear-text format in the startup configuration file. However, these passwords appear as asterisks or as encrypted in the running configuration file.
Workaround: There is no known workaround.
•
Symptom: The CLI will not allow you to assign a device group but will report only the first Content Engine with insufficient space. You might have to try a few times to assign a device group.
Condition: You are using the CLI to assign a device group to a channel, and multiple Content Engines have insufficient space for the channel quota.
Workaround: Either verify which Content Engines have space before you use a CLI command, or make sure that device groups contain similar Content Engines and Content Engines are assigned consistently to device groups.
•
Symptom: Users experience a brief outage of HTTP services, and the following message is logged in the syslog.txt file:
Service 'cache' died due to signal 15: Terminated.Condition: This occurs when multiple services are enabled on lower-end Content Engine models, especially the CE-507. The system might be running low on memory.
Workaround: Cache service is resumed automatically. Users need to reduce the number of services on low-end Content Engine models such as the CE-507.
•
Symptom: Users receive a DNS failure message when the cache process is unable to resolve the host names presented in the URL.
Condition: DNS failure occurs when users attempt to access a website. However, this symptom is transient and rare.
Workaround: Use the reload function of the browser, although the problem vanishes by itself after a short while.
•
Symptom: An error alert on the system log page indicates a failure to configure an IP address.
Condition: The Content Distribution Manager accepts invalid IP addresses that you enter in the NTLM server.
Workaround: Make sure that you enter a valid IP address.
•
Symptom: When the user tries to copy a file from the FTP server and install the software release file on the Content Engine, using the copy ftp install {hostname | ip-address} remotefiledir remotefilename command, the following error message appears:
ruby_upgrade: cannot create lock file 'ruby_upgrade.lck' : Permission deniedCondition: This error occurs when the user uses TACACS as the login authentication method for device management.
Workaround: There is no known workaround.
•
Symptom: The number of MPEG-1 concurrent streams that is streamed over HTTP is low on a CE-7325. The download of MPEG-1 files is found to be slower than the rate at which the files need to be played on a Windows Media Player. In addition, monitoring of the SNMP event MIB is interrupted.
Condition: This symptom is observed when ten MPEG-1 streams are pre-positioned across four Content Engines, each having an internal disk, and the HTTP bit rate is set to 1.1 Mbps.
Workaround: The files need to be encoded in other formats, or the MPEG-1 files must be streamed using Windows Media Technologies (WMT) or RTSP instead of HTTP.
•
Symptom: When a user configures certain settings for RealProxy, RealServer or WMT using CLI commands, the "The evaluation has already expired" message appears. However, when the same settings are configured using GUI, an error message is displayed in the System Message Log window on the Content Distribution Manager GUI.
Condition: This occurs when an evaluation license is used and the evaluation period has expired.
Workaround: Purchase and install a permanent license. Do not use the evaluation license anymore.
•
Symptom: If the server responds with a "100 Continue" message for a POST request from the user, the Content Engine stops parsing all requests on the connection, and subsequent requests are not handled properly.
Condition: This symptom occurs in ACNS software, Release 4.2.5 or earlier.
Workaround: To partially address the problem with proxy connection, users can upgrade to ACNS software, Release 4.2.7 and later. Known servers respond with the "100 Continue" message to the POST request method only. This results in slightly higher latency because of a break in the persistent connection.
•
Symptom: When the URL for playback of a media file is specified with two question marks and RealProxy is configured on the Content Engine, RealServer is unable to resolve the request for playback.
Condition: This symptom occurs when the RTSP gateway adds the first question mark for logging purposes and the user adds the second question mark to the URL for playback. For example, when the URL,
rtsp://rtspgateway:1554/uns-symlink-tree/origin-server/foo.rm?rtsp://origin-server:554/foo.rm? a=bar, is specified, RealSubscriber encounters problems in resolving the two ? characters in the playback URL.
Workaround: There is no known workaround.
•
Symptom: Login and configuration authentication servers can be enabled without having to configure an IP address or host name. For example, even if no TACACS+ servers are configured, you can still enable login authentication using TACACS. This can be verified by using the show authentication user and authentication login tacacs enable commands.
Condition: When the disable local login authentication command is used to disable TACACS authentication, the CLI believes that TACACS authentication has been already enabled and allows users to disable local authentication for login. In this scenario, the user can never log in to the Content Engine, because there are no configured TACACS servers and local authentication is also disabled.
Workaround: There is no known workaround.
•
Symptom: iMac systems running OS X and Windows Media Player 7.1 cannot stream E-CDN video-on-demand (VOD) content from ACNS software, Release 4.2.5.
Condition: This symptom affects iMac systems only. Windows systems work correctly.
Workaround: There is no known workaround.
•
Symptom: Users cannot play live streaming content from a Windows Media Server that is trying to obtain a stream from a Content Engine broadcast station alias.
Condition: This problem occurs when a Microsoft Windows Media Server is configured to obtain a WMT live stream from the Content Engine. The user's media player receives a "corrupted data" error or "invalid state" error. This problem does not occur if the stream that has been obtained from the Content Engine is not a live stream. However, playing a stream from the Windows Media Server fails. The Windows Media Server is failing to retrieve the stream from the Content Engine, which in turn is obtaining the stream from the origin server.
Workaround: There is no known workaround. If possible, users should use a Content Engine to obtain the stream from a Windows Media Server.
•
Symptom: The F1 key might not work with certain terminal settings to access the BIOS menu.
Condition: This symptom occurs either on the CE-7305 or CE-7325 only. With certain terminals, the F1 key might not work well because the terminal emulation program might use the F1 key for its own purposes, or send an incorrect F1 key sequence to the Content Engine. Without the F1 key, the user cannot press F1 to access the BIOS menu at system boot time.
Workaround: Tune the terminal emulation program settings, or connect a keyboard and monitor to the Content Engine to access the BIOS.
•
Symptom: When a user enables streaming (RTSP, WMT, and Darwin Streaming Server) on the Content Engine Network Module from the Content Distribution Manager GUI, some of the streaming configuration settings are lost. These include WMT license key installed, RTSP server real-subscriber accept-license-agreement, rtsp server real-subscriber enable, rtsp proxy media-real enable, rtsp proxy media-real license-key installed, rtsp ip-address rtsp server, and cisco-streaming-engine enable.
Condition: This symptom can be observed when the user issues the show running-config command to display the running configuration.
Workaround: The user must choose the RTSP and WMT settings from the Contents pane on the Content Distribution Manager GUI and resubmit the configurations.
•
Symptom: The Content Distribution Manager GUI shows that an upgrade on a Content Engine has failed when the upgrade has in fact been successful. However, the CLI on the Content Engine shows the correct upgrade information.
Condition: This symptom occurs because the upgrade meta file has the wrong software version. In other words, the version in the meta file does not match the version of the upgrade file.
Workaround: Currently, there is no known workaround.
•
Symptom: The Windows Media Player will continue to wait forever to play a media file if the source is a media file that is configured to play in a loop from the Windows Media Server, and if the Content Engine is configured for unicast-in multicast-out multicast delivery of streaming media.
Condition: This occurs only when the source is a Windows Media Server and the media file is configured to loop and when the Content Engine is configured for unicast-in multicast-out.
Workaround: Avoid using a loop file from the Windows Media Server. Users can pre-position the media file to the Content Engine and multicast the file from the local disk before configuring it to play in a loop.
•
Symptom: Performing a software upgrade or downgrade using the Content Distribution Manager GUI shows the status as updateFailed in the device listing windows, such as Content Engines window. This occurs when the software upgrade or downgrade encounters an error on the target device. Once a request for upgrade or downgrade is received by the target device, attempts to upgrade or downgrade software occur only once.
Condition: This occurs in ACNS software, Release 5.0 and later.
Workaround: Users need to avoid some of the following common error conditions:
–
–
–
–
If any of the above errors occur, clear that error and request another software upgrade or downgrade using the Content Distribution Manager GUI.
•
Symptom: When a Content Engine is used as a proxy server, there might be a significant delay (several minutes) in downloading content. This delay is comparable to the amount of time taken to retrieve the content when a Content Engine is not used.
Condition: This problem occurs with basic HTTP configuration. The delay occurs in the moment between the time the Content Engine retrievies the content from the origin server and the time it sends the content back to the client. However, this problem has not been found to occur with transparent caching.
Workaround: There is no known workaround.
•
Symptom: The RealProxy player stops playing live split stream after a few hours. The video frame stops and the media cache statistics of the RTSP proxy show that no packets have been received.
Condition: This occurs on Content Engines running ACNS software, Release 5.0.3.
Workaround: Close the RealProxy player and restart it. The audio and video will be available again.
•
Symptom: When the show distribution remote ip-address channel-id channel_num cdn-url cdn-url command is used to display the status of the relative CDN URL of an object at a remote Content Engine, there is a long delay before the ouput of the command is displayed.
Condition: This symptom occurs in ACNS software 5.0.3. This problem occurs because the CLI command checks whether the object is available at the remote Content Engine and tries to download the object completely, which might cause the delay if the object size is large or network connectivity is slow.
Workaround: There is no known workaround.
•
Symptom: During device registration, local database creation fails, and only a partial set of Centralized Management System (CMS) management tables remain in the system.
Condition: This occurs if the device reboots during creation of management tables.
Workaround: Before the creation of database tables, the database must be cleared of any data. The database can be re-created using the following CLI commands in the order shown:
1.
2.
3.
The cms deregister command removes the registration information from the Content Distribution Manager and removes known database tables. The cms database delete command removes all tables, including any table that might have been created as part of another ACNS software release. Finally, the cms enable command registers the device with the Content Distribution Manager, creates the local database, and starts the CMS processes.
•
Symptom: With WCCP Version 2 enabled, Windows XP clients might experience problems in accessing remote systems with shared files and folders that are running Windows 2000 Server and Internet Information Services (IIS) server.
Condition: This problem occurs when an attempt is made to connect to a remote system by specifying the Universal Naming Convention (UNC) name of a resource or mapping a network drive. Although, connection is established with the remote system, it takes approximately 10 minutes for the share to open. This is because the Content Engine affects the Server Message Blocks (SMB) protocol.
Workaround: Take one of these actions:
–
–
–
•
Symptom: When an active interface of a standby group stops functioning, all interfaces in the standby group become unstable. As a result, there is no active interface in the standby group.
Condition: This occurs when multiple interfaces of a Content Engine are part of the same group. This problem occurs on a CE-560 running ACNS software, Release 5.0.1 b4. The output of the show standby command identifies the problem, as shown in the following example:
ContentEngine# show standbyStandby Group: 1IP address: 10.36.64.41, netmask: 255.255.255.224Member interfaces:FastEthernet 0/0 priority: 200FastEthernet 0/1 priority: 100Active interface: noneMaximum errors allowed on the active interface: 10000The output shows that none of the interfaces in the standby group are active. In this case, FastEthernet 0/0 interface was active before it stopped functioning. FastEthernet 0/0 interface did not become active once again.
Workaround: There is no known workaround.
•
Symptom: When a manifest file contains URLs in multiple-byte languages, such as Korean, acquirer generates a core dump. Manifest Validator utility also generates a core dump.
Condition: This occurs because ACNS software 5.x does not support URLs specified in multiple-byte languages.
Workaround: Avoid using URLs in multiple-byte languages in the manifest file.
•
Symptom: The SmartFilter application does not perform URL filtering under a certain combination of conditions.
Condition: URL filtering fails when all of the following conditions are present:
–
–
–
–
–
Workaround: Avoid any of the above mentioned conditions to work around this problem.
•
Symptom: The ip name-server serial-lookup global configuration command fails to query each of the configured name servers iteratively in case the primary name server responds in the negative.
Workaround: There is no known workaround.
•
After thousands of playlist position changes for a playlist that is scheduled to loop playback continuously or for an extended period of time, the TV-out service might run out of memory. Interruption in playback occurs and core files are generated.
Under some error conditions, such as loss or unavailability of media files on the cdnfs, a playlist might change its position rapidly, thereby exhibiting this behavior after several hours of continuously failed playback.
Condition: This occurs on the CE-507-AV, CE-560-AV, and CE-510 or CE-560 with optional AV decoder card installed, running ACNS software, Release 5.0 or later.
Workaround: Perform any of the following workarounds:
–
–
–
•
Symptom: The acquirer check-time-for-old-content [channel-id channel_num | channel-name channel_name] EXEC command does not work. The following messages are displayed when the command is used with valid root Content Engine channel ID and names:
ContentEngine# acquirer check-time-for-old-content channel-id 291Unable to get the channel information record for channel= 291This CE is not the root CE for this channel = 291Failed to check the last modified time in DBContentEngine# acquirer check-time-for-old-content channel-name channeltestUnable to get the channel information record for channel= 291This CE is not the root CE for this channel = 291Failed to check the last modified time in DBWorkaround: Use the acquirer check-time-for-old-content EXEC command without the channel ID and channel name parameters. This command will display the incorrect last modified time for all channels of the root Content Engine.
•
Condition: If a device is downgraded from ACNS software, Release 5.0.3 to ACNS software, Release 5.0.1, and subsequently deregistered from the Content Distribution Manager and reregistered with the Content Distribution Manager, the local database tables that were created as part of ACNS software, Release 5.0.3 remain in the database. The existence of these tables causes a later ACNS software upgrade to fail.
Symptom: When the ACNS software is upgraded, the database upgrade fails because a table is found to exist already. This appears as an upgrade error in the syslog.txt log file. The Centralized Management System (CMS) does not start on the device, and the device appears as offline in the device listing windows in the Content Distribution Manager GUI.
Workaround: This problem occurs only if the downgraded device is deregistered from the Content Distribution Manager. However, it is also possible to downgrade a device, keep it registered with the Content Distribution Manager, and later upgrade the device. In situations that require the downgraded device to be deregistered from the Content Distribution Manager, the database needs to be cleared of all tables before you reregister the device.
The squence of CLI commands to deregister and reregister a device is as follows.
1.
2.
3.
The cms deregister command removes the registration information from the Content Distribution Manager and removes known database tables. The cms database delete command removes all tables, including any table that might have been created as part of another ACNS software release. The cms enable command registers the device with the Content Distribution Manager, creates the local database, and starts the CMS processes.
•
Symptom: Installing an upgraded version of ACNS software, Release 5.0.x deletes all content in the existing SmartFilter directory. Therefore, if SmartFilter software was previously installed for URL filtering, installation of a newer version of ACNS software, Release 5.0.x causes filtering to be disabled.
Condition: This symptom occurs if the user installs an upgraded version of ACNS software, Release 5.0.x on a Content Engine running SmartFilter software.
Workaround: SmartFilter, Version 3.1.2 is shipped with ACNS software, Release 5.0.x and contains SmartFilter software policy information stored on remote SmartFilter Administration Servers. Use the SmartFilter Administration Console to reapply the configuration settings on the Content Engine, and manually download the SmartFilter Control List. Once the Control List has been downloaded to the Content Engine, URL filtering will recommence.
•
Symptom: The following message appears during bootup or when disk commands are used:
You are using unsupported hardware.Condition: This occurs on a CE-560, CE-590, and CE-7320 with Storage Arrays, SA-7 and SA-14 and running ACNS software, Release 5.0.3 or earlier.
Workaround: Ignore the warning message. The storage array actually works, although the warning message informs that it is not working.
•
Symptom: When Microsoft Internet Information Services (IIS) server 4.0 is used as the FTP server and DOS format is used as the directory listing format, acquisition of content fails and error 712 (file size mismatch) occurs. This problem occurs because the IIS server calculates the file size incorrectly. When you compare the calculated file size with the downloaded file size,a mismatch is found and the downloaded file is ignored.
Condition: This problem occurs in ACNS software, Releases 5.0.1 and 5.0.3. Also, it is observed only with IIS server 4.0. IIS server 5.0 functions properly.
Workaround: There is no known workaround.
•
Symptom: No CLI command is available in ACNS software, Release 5.0 and later releases to clear WCCP generic routing encapsulation (GRE) packet-related information. Although a CLI command (show wccp gre command) is available to display the WCCP GRE counters, there is no CLI command currently available to clear them.
Condition: This symptom is observed regardless of whether WCCP is enabled or disabled on the Content Engine.
Workaround: There is no known workaround.
•
Symptom: Any changes in the Content Engine's DNS cache configuration do not take effect immediately.
Condition: This situation occurs when the dns listen and dns pin commands are used to configure an IP address and port number to listen for requests and map the IP addresses to their corresponding host names.
Workaround: Use the no dns enable and dns enable commands to disable and enable the Content Engine's DNS caching server, which will result in the DNS caching server picking up the changed configurations.
•
Symptom: Distribution of content does not work behind a firewall. The Content Distribution Manager preserves only the Ethernet IP address of the Content Engine and not the external IP address. Therefore, the Content Engine tries to contact the root Content Engine with the Ethernet IP address, which is not reachable, and the contents are never distributed.
Condition: This occurs in ACNS software, Release 5.0.
Workaround: There is no known workaround.
•
Symptom: Under certain conditions, if the user configures one valid and one invalid FTP server for exporting transaction logs, the show statistics transaction-logs command displays the entry for the valid FTP server twice. As a result of the duplicate entry, the counters are not correspondingly incremented with the number of files that are exported through FTP.
Condition: This symptom is observed on Content Engines running ACNS software, Release 5.0.
Workaround: The clear statistics transaction-logs command can be used to clear the transaction log export statistics and the duplicate entry for the valid FTP server.
•
Symptom: The client does not receive a requested object if the Websense server is not reachable or if the Websense server timeout value is greater than the configured default timeout value.
Condition: This symptom is observed only under the following conditions:
–
–
–
Workaround: The Websense server timeout value must be configured to be less than 60 seconds.
•
Symptom: If you use the Content Router for routing WMT content and the content is not yet replicated to a Content Engine, and if a playback request on the Content Router fully qualified domain name is redirected to a Content Engine, then the Content Router returns an error instead of proxying the request from the origin server.
Condition: This occurs in ACNS 5.0 software when the following circumstances have occurred:
–
–
Workaround: Publish the Content router fully qualified domain name URL only after content has been fully replicated on the Content Engines.
•
Symptom: The Software Update File Registration window on the Content Distribution Manager GUI displays the following error message for a valid meta file URL:
Transaction not completedsun.net.ftp.FtpProtoclException:portCondition: This occurs when the Content Distribution Manager host name contains numeric values. For example, if the software update file URL is 7305.cisco.com, Linux systems encounter problems when Java attempts to resolve the URL to an IP address. This is because only 7305 is considered instead of 7305.cisco.com. As a result, the URL is resolved to a strange IP address, 0.0.28.137 for 7305, causing the Content Distribution Manager GUI to display an error message even though the meta file URL might be valid. Also, this problem occurs if the update meta file is hosted on an FTP server.
Workaround: Perform one of the following workarounds:
–
–
•
Symptom: A user other than an administrator with privilege level 15 does not possess super user privileges.
Condition: This occurs when a user other than an administrator is configured to be a super user with privilege level 15.
Workaround: Users need to log in as administrators to perform tasks that require super user privileges.
•
Symptom: Authentication of users who want to access the Content Engine fails if more than one TACACS+ server is configured incorrectly.
Condition: This occurs when three TACACS+ servers are configured, with the first and the second servers being unreachable and therefore invalid. The Content Engine fails to authenticate the user using the third TACACS server, which is valid.
Workaround: There is no known workaround. Users need to configure the TACACS servers properly for authentication of users who access the Content Engine.
•
Symptom: If the cdnfs browse EXEC command is used and the filename or the directory name of pre-positioned content contains a space, the command does not display the information contained in the file, or does not browse through the cdnfs files and directories.
Condition: This occurs in Content Engines running ACNS software, Release 5.0.3.
Workaround: Currently, there is no known workaround.
Resolved Caveats - ACNS Software, Release 5.0.3
•
By default, the SNMP agent logs "error" and "warn" type messages to the snmpd.log file. The SNMP agent creates this log file in the /tmp directory. The SNMP agent can potentially log large numbers of error messages if the same error conditions recur. Therefore, the log file size increases, necessitating movement of the snmpd.log file to a different directory.
•
There is no end command available in ACNS software, Release 4.x and later. This command, which was supported in earlier releases of ACNS software, allows the user to switch from interface configuration mode to privileged-level EXEC mode. This situation occurs when the user tries to enter privileged-level EXEC mode directly from interface configuration mode using a single command.
Note
•
If a preload operation is started at a particular time, the time statistics are normal. However, if the preload operation is started again at the same time as the earlier specified time, then the preload statistics will not be accurate.
•
A router might send the Content Distribution Manager's HTTP request for a coverage zone file to a Content Engine, and the Content Engine might send the Content Distribution Manager a cached copy of the coverage zone file. Therefore, the Content Distribution Manager might not get the updated coverage zone file; instead, it receives an old cached copy.
•
An SNMP query will return incorrect vendor object identifiers (OIDs) for the CE-510, CE-565, CE-7320, and CE-7325. This occurs while querying entPhysicalVendorType. Also, this symptom occurs on all Content Engines running ACNS software, Release 5.x.
•
The service name "daemon" is wrongly spelled as "deamon" in the node manager configuration file. Therefore, restarting the service with the correct spelling fails.
•
A "404 Object Not Found" response appears in the client browser under the following conditions:
–
–
–
•
If changes are made to a playlist schedule while that playlist is currently active for TV-out playback, all TV-out playback may stop. This generally occurs when the playlist schedule is still applicable to the current time. This symptom occurs in ACNS software, Release 5.0 or later, running on CE-510 or CE-565 hardware with an optional audio video decoder card installed.
•
When a Content Engine receives a "100 Continue" response after a POST request, it switches itself to the pipe-through mode and performs a two-way pipe-through between the server and the client. The server does not close the connection after serving the POST request. Therefore, the Content Engine does not process successive requests (meant for other servers) from the client and instead passes them directly to the same server over the same connection. This symptom is observed in proxy mode because the browser uses HTTP 1.1 by default, which in turn uses a persistent connection.
•
When a web server tries to authorize requests from different Content Engines in a cache farm for Java class objects and related GUI files for the Java monitor, (for the purpose of viewing statistics from all Content Engines in a cache farm), certain Internet Explorer (IE) browser versions record an error in handling 401 (Unauthorized) responses from the web server for Java applets. However, in Netscape browsers, an authorization dialog box is displayed automatically for each and every Content Engine in the cache farm. This process of logging in to each Content Engine needs to be done manually in IE, which is cumbersome when there are a large number of Content Engines in the cache farm.
•
If a file extension match rule is specified as a rule-based crawl filter for a crawl job, when the show acquirer progress [channel-id channel_num | channel-name channel -name] command is used in the middle of crawling, it displays an incorrect number of pages to be crawled. However, on completion of crawling for the object, the command correctly displays the total number of pages that have been crawled.
•
The show statistics distribution mcast-data-receiver command displays unnecessary error messages on the console when multicast is not enabled on the Content Engine or when the CLI configuration is overwritten by the GUI configuration. The following warning messages appear on the console, without giving meaningful information on the exact cause of the error with the multicast data receiver.
WARNING: cannot contact ad_logd, will keep trying. Output redirected to stderr.•
When the Windows Media Technologies (WMT) server is disabled on a Content Engine, the WMT content served by a standard HTTP server is not preloaded.
•
When the Time To Live (TTL) is specified for some content and the content's size is increased before the TTL, the acquirer tries to refetch the object. When acquisition for a channel is stopped in the middle of a GET request using the acquirer stop-channel channel-id channel_num command and restarted after some time using the acquirer start-channel channel-id channel_num command, the show statistics acquirer [channel-id channel_num] command displays the acquired size of a previously acquired object even after the completion of acquisition of the new object. In other words, the previously acquired object size is not updated with the new value.
•
The Content Engine enters kernel debugger (kdb) mode on the serial port and all services stop functioning. This symptom occurs when a certain type of corrupted link causes the operating system kernel to access invalid memory, thereby enabling kdb mode on the Content Engine.
•
When a Content Router is upgraded to ACNS software, Release 5.0, and reloaded, the following error message appears in the Content Distribution Manager log:
Warning Unexpected critical error on the node %CE-SNMP-2-430004: ds_notification_register () failed: item name = /cfg/gl/hostname, error = 26" in the CDM log.•
If the current time (now) is past the time specified in the HTTP expires header, the acquirer still serves content. In other words, the content is not being treated as NO-CACHE. However, this is the case if and only if the user specifies the object as a single content item with both the expires and serveStopTime attributes set in the manifest file.
•
Apache Server Version 1.3.26 and earlier are reported to be susceptible to security vulnerabilities, thereby prompting a strong recommendation for upgrade to the latest version, Apache Server 1.3.27.
•
Although the show acquirer progress command is used to display information for all channels and the number of objects acquired, no statistics are shown when the acquirer is being stopped or the user is exiting the acquirer. Instead, this command displays this message:
Acquirer may be busy or not running.•
When the user subscribes three Content Engines from one location to a specified channel ID or name, the metadata receiver and unicast data receiver use different forwarders. If the acquisition is stopped using the acquisition-distribution stop command while the root Content Engine is still acquiring content, one of the remaining Content Engines starts performing the role of a temporary root Content Engine. The temporary root Content Engine acquires all content objects, and the replication status is set to "Complete." Although the replication status is shown to be "Complete" when verified using the show statistics replication channels command, the replication status is still displayed as "Incomplete" when seen on the user interface.
•
The Content Engine closes the connection when it receives a "207 Multi-Status" response from the server. This type of response is seen when the Content Engine processes certain WebDAV requests, particularly "PROPFIND."
•
The IP address on a disconnected interface can be accessed. This problem occurs only if all the following conditions are met:
–
–
–
•
Repeated IP addresses for Ethernet Port Channels are shown under the Network Interfaces heading in the View Network Configurations for Content Engine window in the Content Distribution Manager GUI. This is observed when you view the network interface information for a Content Engine.
•
When the show statistics distribution mcast-data-sender command is used to display the content distribution statistics of the multicast data sender, it gives an inaccurate count of the errors, thereby misleading the user. Although each of the error categories displayed in the output of the command might display a count of 0, the Total Aborted Transfers field shows a count that is not the sum of each of the error categories. The Total Aborted Transfers field in effect shows the sum of errors during the stale and deleted object aborts of a transfer.
•
MPEG files containing MPEG-2 transport streams fail in TV-out playback. Nonrandom playlists that contain such files continue to fail after playback of such files is attempted. This symptom is observed in ACNS software, Release 5.0 or later running on a CE-510 or CE-565 with an optional Audio Video Interleaved (AVI) decoder card installed.
•
FastEthernet and GigabitEthernet interfaces that are configured with a secondary IP address, but with no primary IP address configured, fail to apply the primary IP address to the interface even after configuration of the primary IP address. However, the configured primary IP address appears in the output of the show running-config command.
•
After the primary IP address is removed from an interface, the show running-config command output shows that the interface is in shut down status. However, you might be able to ping external hosts. This symptom occurs when a Fast Ethernet or Gigabit Ethernet interface originally has both a primary IP address and a secondary IP address configured, and the primary IP address is later removed.
•
The no https destination-port allow 443 563 command prevents any remote procedure calls to the Content Engine. As a result, this Content Engine cannot be accessed on the Content Delivery Network by any other Content Engine for distributing data or by the Content Distribution Manager for sending notifications.
Note
•
Flooding IP packets continuously into the Content Engine causes it to enter into the kernel debugger mode. As a result, none of the CLI commands can be accessed from the console after a certain amount of time.
•
When a root Content Engine is changed to be a receiver Content Engine, some transient behavior is associated with the change. Initially, the show status replication channels command does not work for a few seconds. After awhile, the Content Engine functions as a temporary root Content Engine for a few minutes without reacquiring content. However, internally, the Content Engine still continues to function as a receiver Content Engine, without affecting the acquisition and distribution functions.
•
In Content Router device mode, the show statistics command without any options shows the output that is shown in the show statistics content-routing all command. When a Content Distribution Manager device is running in Content Distribution Manager mode, the show statistics authentication command is missing. This symptom occurs on all Content Engines running ACNS software, Release 5.0.x software when the device is configured in Content Distribution Manager or Content Router device mode.
•
Although the downgrade process from ACNS software, Release 5.x to ACNS software, Release 4.2.x is completed successfully, the "Image download failed" message appears on the GUI and remains until the entire downgrade process ends.
•
The HTTP outgoing proxy breaks down, causing requests to be sent to the local Apache server.
•
When a Small Computer System Interface (SCSI) error requiring a host, bus, or device reset occurs on a CE-7305 or CE-7325, the multipoint-to-point tunneling (MPT) driver uses the nonexistent error-handling code functions and fails. The Content Engine enters the built-in kernel debugger (kdb) mode, rendering all services unusable.
•
When you downgrade ACNS 5.0 software to ACNS 4.2 software, the show rtsp command does not appear in ACNS 4.2 software. The RTSP redirector and RealProxy are tied together in ACNS 4.2 software. If RealProxy is not enabled, then the show rtsp command does not show incoming port information for the RTSP redirector. Either both (RealProxy and RTSP redirector) are running or both are not running.
•
If Content Distribution Manager software update appears to fail for some reason, but a successful update is made to a new target ACNS software release using other methods, the error message "upgrade Failed" continues to appear in the Software Version field in the Content Engines window of the Content Distribution Manager GUI, although the Content Engine was upgraded successfully. The error message appears because the wrong version number was entered into the upgrading meta file.
•
Support must be provided to display essential information in the error messages that are displayed when the acquirer encounters an error. These errors might occur while content acquisition tasks are being performed for a specified channel. For example, when a unified name space (UNS) error occurs, the error message does not contain the UNS error code. Similarly, when an HTTP redirect occurs in the case of "301 (Moved Permanently)" or "302 (Moved Temporarily)" responses, the URL for the redirection is not published along with the error message.
•
When a file system disk configuration for a newly created Content Engine and device group is performed, a NullPointerException occurs. As a result, the disk configuration cannot be successfully completed.
•
When an attempt is made to retry 302 Moved Temporarily errors while crawling, the same 302 error is returned every 5 minutes because the redirection URL remains the same.
•
The Content Engine or Content Router is found to be offline, and the CMS start log on the node shows that the store upgrade has failed. Typically, the upgrade fails because of a lack of sufficient disk space for the database backup on the Content Engine or Content Router before the store upgrade.
•
Calculation of the MD5 checksum of a file's CDN URL takes longer if the file to be downloaded is large. The MD5 checksum is attached to each message along with the password and checked at the receiver to ensure accuracy.
•
The CMS process is unable to process messages when the auto-register enable {FastEthernet slot/port | GigabitEthernet slot/port} configuration command is used to register Content Engines with the Content Distribution Manager using Dynamic Host Configuration Protocol (DHCP). However, the status of the Content Engine is shown to be online in the Content Distribution Manager GUI, with the IP address acquired from the DHCP server.
•
The Content Router CMS process stops when processing an updated coverage zone file. The Content Router status will be shown as offline in the Content Distribution Manager GUI.
•
The root Content Engine stops in the middle of acquiring content while downloading files larger than 2 GB and displays this message:
Unable to scan the play length•
WCCP generates a core dump on a Content Engine Network Module during system bootup. This symptom occurs when a startup configuration has been initially applied on the Content Engine Network Module and a change in IP address occurs because of WCCP running on the Content Engine Network Module.
•
The error message displayed when a user adds usernames that contain special characters shows two lines of messages that are not relevant to the error.
•
The HitRate and Update fields in the WMT Statistics for Device Groups window in the Content Distribution Manager GUI are not updated correctly and display values such as 0.0 and N/A, respectively.
•
When applications send garbage data, the remote proxy caching (RPC) layer might allocate a large amount of memory space for such applications, thereby affecting the memory required for other applications. Because of the memory overrun, the Content Engine stops functioning.
•
When the show statistics acquirer errors command is used to display acquisition errors for a specified channel, manifest file parsing and fetch errors are displayed, interspersed with single content item errors. Therefore, the number of manifest file item errors seems to be higher than it actually is, misleading the user.
•
Deregistration of Content Engines from a standby Content Distribution Manager is successful, even though these Content Engines were originally registered with the primary Content Distribution Manager and were then moved to the standby Content Distribution Manager.
•
While running a mixed load of WCCP, WMT video-on-demand (VOD), and real-time streaming traffic, a CE-510 running BIOS PLEK45AUS and ACNS software 5.0.1 enters kernel debugger (kdb) mode.
•
In the case of crawling and if there is redirection, for example, "foo" is redirected to "foo/", then playback will fail if "foo" is used as the CDN URL. The main web page "foo" is displayed properly, but playback fails when the client browser tries to retrieve the links in the web page. For example, if the link is "ttl.html", the browse tries to retrieve the link "foottl.html" instead of "foo/ttl.html.".
•
Although mismatched numbers are provided to identify URLs that do not match the prefix, accept, reject, and matchRule attributes specified in the <crawler> manifest file tag, and failed numbers are used to identify failed requests, there is currently no way of identifying the number of requests not cached for those requests with NO-CACHE headers.
•
When the root Content Engine is reassigned to a specified channel ID or name, and the original root Content Engine is deregistered and then reregistered with the Content Distribution Manager, the acquirer fails to read the channel record. However, it continues to read other database records, such as acquisition and distribution channel information and logs the following error message in the syslog:
%CE-ACQ-2-10001: Acquirer failed to read DbAcqChannelInfo with id=647. error=-2•
The metadata receiver takes care of setting up zero-byte-length files on the receiver. As a result, some confusion exists because the sender count and receiver count of files transmitted and received does not match. This, in turn, is caused by the fact that neither the unicast nor the multicast sender will be able to transmit files of zero byte length.
•
The UNS server process application generates a core file and restarts repeatedly. As a result, cdnfs files are not served to users (they are cache misses), problems occur in replication of content, and core files are added to the /local1 directory under /core_dir. Messages such as the following appear in the output of the syslog:
Nodemgr: %CE-NODEMGR-3-330025: Service 'uns' died due to signal 6: Aborted•
When the show statistics distribution mcast-data-sender command displays the "Current Files Scheduled" count as equal to or greater than 2, the multicast scheduler does not schedule any more files to send. The multicast data sender will stop sending data. As a result, the "Total Bytes Transferred" count does not increment. This is a rare condition that occurs when two separate problems occur simultaneously.
•
When you use any Centralized Management System command, such as the cms database validate command, with the login ID of a user other than the administrator, the following message appears:
Insecure dependency in require while running setuid at /sw/merlot/bin/spen line 176.•
A Content Engine is shown to have a replication status of Incomplete even after it has been unassigned from the previously associated channel.
•
Some confusion exists when the sender count and receiver count of files transmitted and received do not match because the multicast sender does not transmit files of zero byte length. Instead, the multicast sender sets the multicast send state as complete.
•
The show statistics distribution mcast-data-receiver command displays the "Files Being Received" and "Total Bytes Received" count as static or unchanged when files are not being received by the multicast data receiver. This symptom occurs in very rare situations, when a very small file is being transferred. A packet may be lost (possibly the only data packet for the transfer) after the advertisement for the transfer has been received and accepted, causing the multicast receiver to forever expect a file to begin transferring.
•
The Content Distribution Manager host name cannot be resolved when the auto-register command is used to register Content Engines or Routers using DHCP. The following message appears:
Usable CDM hostname not found in DHCP server responseThis symptom occurs when the Content Distribution Manager host name is specified during autoregistration of Content Engines or Content Routers.
•
The Content Router does not recognize any Content Engines. No Content Engines appear when you use the show content-routing routes command. This symptom occurs when the Content Router's IP address has changed and the Content Engines are not aware of this change. The Content Engines send keepalives to the wrong address, and the Content Router does not know that any of the Content Engines are alive.
•
Rarely, the acquirer might pause indefinitely in an infinite loop. If the root Content Engine is not acquiring or updating any content, the show acquirer progress command can be used to monitor the progress of content acquisition. If the following message appears 5 or 6 times in a row, it indicates that the acquirer is stuck in this infinite loop.
Unable to contact Acquirer - Acquirer might be busy or not running•
When the clear statistics distribution mcast-data-receiver and clear statistics distribution mcast-data-sender commands are used by users whose usernames are configured through the CLI, the following error message occurs:
"ftok(/tmp/mcast-s-errorlog.504) return -1 ad-debug cannot attach to the shared memory. /tmp/mcast-s-errorlog.504However, when the same command is used from the GUI, the changes are committed to memory.
•
The multicast sender ignores the times specified for changes in the multicast-out (M-OUT) bandwidth type defined in the A&D Bandwidth settings for Content Engine window in the Content Distribution Manager GUI.
•
The BIOS configuration utility and BIOS boot menu cannot be accessed from the console because the F1 and F12 keys do not work properly from a serial console. However, the F1 and F12 keys work when used from an attached keyboard.
•
All users see the following error message on the Windows Media Player when playing any WMT stream:
There is insufficient bandwidth available to fulfill the request.This condition occurs when the wmt evaluate command is first configured and the Content Engine has never been reloaded with the running configuration copied to the startup configuration.
•
The Cache application reloads several times and generates core files when the DNS lookup fails, and an attempt is made to insert a host name into the error message in some specific cases.
•
When a CLI command displays output spanning more than one page, at the end of the first page, the CLI prompts the user with the line "--More--". At this point, the user can press the Spacebar key. Alternatively, a user can also enter "q" as a standard method of quitting. Entering "q" kills output but not the CLI process itself, and no user prompt is returned. Also, the Ctrl-C key combination works on the show running-config command correctly but does not work on the show tech-support command.
•
The show cdn-statistics command for displaying statistical data for Content Engines can be run with user privileges instead of root privileges. Also, the show cdn-statistics cisco streaming engine command displays the following message:
Invalid statistics type: iptv•
The CE-7325 is heavily loaded and runs out of memory when there are a large number of WMT Server video-on-demand (VOD) requests. All Telnet and console connections fail to respond until the load is removed from the CE-7325. However, even after all loads are removed, the Telnet and console connections do not respond for a minute or two. This problem occurs only when the file size of WMT VOD pre-positioned content is large and a large number of unique WMT stream keys have been requested. If the total WMT request media size (the product of media file size and number of unique stream keys) is greater than the CE-7325 physical memory limit of 4 GB, the CE-7325 runs out of memory and does not respond to further requests.
•
The Cache application generates a core dump on the CE-7325 under heavy load conditions.
•
The disk recover EXEC command fails to recover the system disk and displays this error message
Disk recover failed. Disk00 has swap turned on.This problem occurs as a result of unexpected disk configuration, upgrade failure or problem in the software.
•
When an attempt is made to assign a Content Engine to a channel twice, the channel size is been subtracted from the available disk space when the device assignment to the channel is made the first time. However, the Content Distribution Manager GUI assumes that more free disk space is required to accommodate the channel size, because it does not recognize that the same device is being assigned to the same channel for the second time. This is observed when overlapping device groups are used, that is, when a Content Engine is a member of two device groups and both device groups are being assigned to the same channel.
•
An upgrade from ACNS software, Release 4.2 to ACNS software, Release 5.0.1 on the CE-7320 or CDM-4650 fails. The following message appears:
Saving upgrade parameters ...uflash: flash write: . - done Updating rescue image ...uflash.static: failed to map sectors of old system image: -5 /swstore/acns42upgrade_installer.sh: problem running /swstore/uflash.static auto setrescue /swstore/dmdsysimg_rescue_legacy ftp_to_install: problem with ruby_upgrade: (1,43)
Note
•
A CLI user who is not logged in as an administrator and who installs the ACNS-4.2.x-TO-5.0.1-K9.bin image, after entering the privileged-level EXEC mode (using the enable command), sees the following error message:
..[downloading, other messages]/tmp/preinstall3582: sfdisk: command not foundFound following disk layout:/tmp/preinstall3582: sfdisk: command not foundYour first disk is not in standard configuration.[other error / warning messages]..Ultimately, the upgrade fails and the user is returned to the CLI prompt.
•
The HTTP cache is unable to mount any cache file system (cfs) partitions. This symptom occurs only on the CE-565 and CE-590 when all streaming services (WMT, RealServer, RealProxy, and Cisco Streaming Engine) are enabled.
•
The Content Engine Network Modules NM-CE-BP-20G and NM-CE-BP-40G do not mount the Flash images automatically during bootup after a reload.
•
The Packets Sent and Packets Received parameters shown in the output of the show interface command are incorrect. These parameters stop incrementing after reaching a certain value.
•
URL filtering of the list of sites to which access is permitted or denied fails over RTSP when the port number on which the server is accepting requests is not specified in the URL filtering list. This occurs when URL filtering over RTSP is enabled and the URL rtsp://server_ip/file.rm in the URL filtering list is not configured with the port number. In such cases, the default port number has been assumed in the URL and therefore URL filtering fails.
•
The following error message is displayed during startup:
Service 'get_config' has not returned within 120 seconds. Try stopping it.This occurs when both IP address and IP default gateway are configured, the priority-level messages to be logged to a host are configured, and network connectivity is removed.
•
A CE-7320 running ACNS software, Release 4.2.5 stops and enters the kernel debugger (kdb) mode. This problem occurs when the CE-7320 is running WCCP Version 2 with IP spoofing enabled.
•
A Content Router- style request for redirection of ASX files to a Content Engine does not work if the request is intercepted by WCCP-enabled routers and redirected to the Content Engine. This symptom occurs when WCCP WMT service is enabled on the Content Engine.
•
A security vulnerability exists in OpenSSL (Secure Sockets Layer) 0.9.6e recommending the application of a security patch to OpenSSL 0.9.6e to prevent unauthorized attacks by malicious users.
•
The Content Engine processes a request for pre-positioned content as a proxy-style request instead of serving it as a video-on-demand (VOD) from the local pre-positioned file system. The problem occurs when the following conditions exist:
–
–
–
•
The Cache application generates a core file when the NTLM pass-through service is set on the origin server to configure a virtual connection between the client and the server through the Content Engine.
•
Performing a software upgrade or downgrade using the Upgrade Software for Content Engine window on the Content Distribution Manager GUI causes the upgrade or downgrade process to fail. The process does not use the username and password to connect to the FTP server where the ACNS software image resides. This is because the password is specified in the meta file with a @ symbol, instead of %40.
•
NTLM authentication fails when accented characters are used to specify clear-text passwords in the Netscape browser. The LAN Manager encryption incorrectly encrypts the accented characters, because it recognizes only ASCII characters.
•
Clearing the cache on a Content Engine running ACNS 4.2.1 software that is actively caching information might result in the following message:
cache-2# clear cache httpbin_err_mesg: Error 32: Verifier not responding.cache-2#The Cache application also stops functioning at this point. However, the WCCP process still shows the Content Engine in the Content Engine farm. When this occurs, the connections might have been redirected and not served from the cache.
•
When a Content Engine is deregistered and reregistered with the Content Distribution Manager, SQL error messages are created in the Content Distribution Manager syslog.
•
When a user modifies the services that are enabled for the default administrator role, the changes take effect. As a result, the administrator will not be able to access other services that are disabled. For example, if the user chooses Admin > Roles from the Content Distribution Manager GUI and clicking the Edit icon next to the default Admin role, the Modifying Roles window appears. Then, if the user enters a username in the Name field, checks the Devices check box, and clicks Submit, all other previously configured services are modified.
Note
•
CDN content acquisition or distribution stops because of no disk space available in one or more cdnfs file systems, as seen from the output of the show statistics cdnfs command. This problem occurs when an error occurs in the calculation of disk space consumed by data files left over from ACNS 4.x or ECDN 3.x. This calculation causes other software to erroneously fill up the disk space of one or more cdnfs file systems.
•
When a user requests RTSP server parameters configuration using the Content Distribution Manager GUI, the Centralized Management System (CMS) enabled on the Content Engine fails.
•
The Cache application reloads and generates core dump files during file system operation. The rule action cache command is used to override HTTP response headers while caching objects and some servers return strange responses (without headers).
•
If the username and password specified in the meta file contain characters that are used to parse URLs, the meta file fails to be processed and the software update file registration process fails.
•
Content Engines cannot play files with a maximum bit rate of 100 kbps in proxy or server mode. In this case, Windows Media Player displays this message:
There is insufficient bandwidth to fulfill the request.However, it is able to play files configured with other bit rates.
•
When all the Content Engines and device groups of a channel have been removed, the Content Distribution Manager GUI still displays the Replication Status as "Complete."
•
Downgrading from ACNS software, Release 5.0.2 to ACNS software, Release 4.2 fails on certain Content Engine Network Modules (CE-NMs), causing the CE-NM to revert to ACNS software, Release 5.0. This symptom might sometimes occur if multiple disks are attached to the CE-NM.
•
When clients use long-persistent connections with the Content Engine as a reverse proxy server, the Content Engine appears to be leaking packets received from port 8999. This results in the remote host receiving a packet from port 8999 and sending a reset (RST) bit, causing the termination of the connection.
•
The no interface PortChannel {1 | 2} [ip-address ip-address netmask] command does not release the IP address configured for the Ethernet interface. This occurs only in ACNS software, Release 5.0.2.
•
On upgrade from ACNS software 4.2 to ACNS software 5.0, login access to the Content Engine using Secure Shell (SSH) fails. This occurs because an additional key is required as a result of the SSH upgrade to a newer version in ACNS software 5.0, which was not generated in ACNS software 4.2.
•
The Cache application stalls while configuring bandwidth for an interface during reload of Content Engines with more than one processor, such as the CE-7305 and CE-7325.
•
Chunked HTTP request packets fail to pass through the Content Engine. While the first packet of the request reaches the Content Engine, subsequent requests do not reach the Content Engine, causing the server to return a 500 (Internal Server Error) to the client. This problem occurs only with chunked HTTP request packets.
•
When the number of characters in the search expression to be matched is greater than 19 and enclosed within quotes, the find-pattern EXEC command, used to search for a particular pattern in file, does not return the desired output.
•
When an attempt is made to resubmit a change made to the Cache Authenticated Content field in the Authenticated HTTP Cache Settings for Content Engine window on the Content Distribution Manager GUI, the setting is reset. This occurs when the Cache Authenticated Content field is set to "all" and the window settings are submitted. On clicking Submit once again in the Authenticated HTTP Cache Settings for Content Engine window (without changing the settings), the Cache Authenticated Content field is set to "Do not set". As a result, the user needs to reset the field setting and resubmit the changes.
•
The Content Engine stops abruptly and generates a core file after the action to override the HTTP response headers and cache the pattern-list "?" is enabled using the following command:
rule action cache ttl hours 2 .\\?*•
The WCCP flow table displaying the standard web caching service packet flows is found to be incorrect after the Cache application restarts automatically. However, because the view of the WCCP router seeing the Content Engine does not change, WCCP is unaware that it needs to update the standard web caching service packet flows.
•
When the preload max-bandwidth global configuration command is used to configure the maximum bandwidth for the preload process, the preload speed is limited by the configured maximum bandwidth, whether in a cache miss or a cache hit. This symptom occurs only when the preload max-bandwidth command is configured. Otherwise, the preload speed shows the difference between a cache hit and a cache miss.
•
The CE-7305 enters kernel debugger (kdb) mode while attempting to remove an IP address from a PortChannel interface.
•
Playing certain Windows Media Audio (.wma) files causes the Microsoft Media Streaming (MMS) server to restart automatically.
•
The Content Engine console pauses indefinitely. As a result, the user cannot log in through the console. However, access to the Content Engine is still possible using Telnet or SSH, and all applications function. This symptom is rare (only two cases).
•
When the WMT server is enabled and the WMT license key is reset after disabling the WMT server and uninstalling the license key, the WMT bandwidth configured is reset to 1 kbps.
•
When the administrator changes the primary Content Distribution Manager to standby and deletes or deregisters the old primary Content Distribution Manager from the new primary Content Distribution Manager, all Content Engines that are registered with the old primary Content Distribution Manager are shown to be in Pending status (because they appear to use the old Content Distribution Manager's IP address) in the Content Engines window in the new primary Content Distribution Manager GUI.
•
When the download of a software update file fails on a Content Engine, an OutofMemoryError error occurs, causing the Java Virtual Machine (JVM) to stop. This is followed by a restart of the Centralized Management System (CMS).
•
When there are two concurrent requests for the same disk object, the Cache application restarts unexpectedly. This problem occurs when the load on the Content Engine is high and the size of the objects is greater than 512 KB.
•
In ACNS software, Release 5.0.3, the Acquisition and Distribution Proxy Hostname and Acquisition and Distribution Proxy port fields have been added under the Acquisition and Distribution Information heading in the Modifying Content Engine window. Although these fields have been included as read-only fields displaying N/A for implementation in a future release of ACNS software, it leads the user to believe that proxy support exists for A&D.
Note
•
The CE-7305 enters kdb mode. A core dump is triggered by an exceptional race condition within the Content Engine. The most likely scenario is that the Content Engine has been overloaded while handling extremely heavy HTTP traffic. The Content Engine is unlikely to encounter this problem during normal operation of moderate traffic loads.
•
When a request from a client to a WMT server is specified with a double space between the host name and the relative URL, the WMT server loops back to itself infinitely. This problem causes the utilization of all resources available on the Content Engine, thereby slowing down other processes running on the Content Engine.
•
Content Engine bypass does not work when IP spoofing is enabled with Layer 2 redirect. In this case, the packets sent back by the origin server to the client are not sent by the Content Engine to the router. Instead, these packets are sent to the IP layer and are dropped. Also, the bypass entries are displayed in the output of the show bypass list command.
•
Requests sent by a client fail if a Content Engine, configured with a WMT HTTP outgoing proxy and enabled with NTLM authentication, uses another WMT HTTP outgoing proxy and the upstream proxy is also enabled with NTLM authentication.
•
When the cmd dregister force command is used to forcibly remove the node registration of the CE-7320, the remote procedure call (RPC) replicator fails, preventing the CE-7320 from acquiring and receiving contents.
•
When a URL is specified with a ? character, CDNFS does not recognize the ? character. Therefore, CDNFS does not serve the content from the disk space assigned for pre-positioned content. Instead, it obtains a copy of the content from the origin server and serves the client request for content.
•
The HTTP crawler for acquisition is attempting to acquire content that does not exist. This occurs while crawling an HTML document composed of strings within a <SCRIPT> element that contains an <OBJECT> element. This problem occurs because the acquirer parses the <SCRIPT> element and attempts to crawl to the media file that the <OBJECT> element refers to, which actually is nonexistent content.
•
The following error message is recorded by the data server in the syslog:
24: EMFILE: Too many open filesThis occurs when the data server client opens a large number of sockets to the data server and does not close them. As a result, the Content Engine reboots and enters factory default mode, causing the data server to stop functioning.
•
The error statistics counter to display the number of errors, such as UNS file record failures and catalog record access failures, is not incremented when multicast scheduling fails.
•
Multicast sender fails to send files if the FQDN of a web site is changed during distribution of content. This occurs because the multicast sender queries UNS to look for content in the old web site FQDN. However, UNS returns an error and does not distribute the remaining files through multicast distribution.
•
When the user exits from the Telnet session with a Content Engine, core file is generated by the Telnet daemon because the Telnet daemon does not release the Linux resources properly on termination of the Telnet session.
•
When the device mode content-router global configuration command is used to change the device operation mode from Content Engine to Content Router, after a restart of the device, the device mode still appears as Content Engine in the output of the show cms info command. However, the show device mode shows the device mode to be Content Router.
•
When the multicast function is disabled and enabled on a multicast sender, files that were available before disabling will never be multicast. This is because these files are marked for unicast, when multicast is disabled and are therefore not multicast, unless the files are re-acquired or the distribution multicast reset command is used. However, files that arrive at the multicast sender, after multicast is reenabled, are multicast.
Note
•
When a Content Engine is enabled for transaction logging to use the National Center for Super Computing Applications (NCSA) combined Extensible Log File (XLF) format as defined by the World Wide Web Consortium (W3C), the Content Engines log the referer header incorrectly in the transaction log. The following custom log format is entered in the Content Engine for each device group:
"%a %v %u [%{%d}t/%{%b}t/%{%Y}t:%{%H}t:%{%M}t:%{%S}t %{%z}t] %r %s %b %{Referer}i %{User-Agent}i"
When the user refreshes the browser window and the referer header is missing in the request, the incorrect entry format logged in the transaction log is of the form:
10.254.5.111 jsh.cisco.com - [14/Apr/2003:15:07:39 +0000] "GET http://jsh.cisco.com/ HTTP/1.0" 304 0 - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Hotbar 3.0; YComp 5.0.0.0)"The page referred in the request, jsh.cisco.com, is replaced with a "dash" (-) in the log format causing an error in the referer transaction log entry.
•
The CE-7325 does not increment the acknowledgment (ACK) bit and the server retransmits the content packets. The Content Engine continues to send a window size of zero and does not recover from the download. Also, the Content Engine sends content to the client with an incorrect checksum. As a result, the client refuses to accept the content. Therefore, the transfer of content from the Content Engine to the client stalls, causing the transfer of content from the server to the Content Engine to stall.
•
Streaming of Moving Picture Experts Group-2 (MPEG-2) files over HTTP using the pacing control configured to serve pre-positioned content over HTTP does not work properly with a media encoded bit rate of 6 Mbps. The HTTP bit rate is 15 percent more than the media encoded bit rate. When the HTTP session starts, the media player downloads the entire 462-MB file in less than 50 seconds and then starts playback from the local cached content. However, if you clear the cache from the browser and request the same MPEG-2 file, the browser does not respond for a few minutes.
•
When a number of bandwidth settings are configured from the CLI or Content Distribution Manager GUI in quick succession, bandwidth settings specified for RealProxy and RealServer work properly. However, the bandwidth settings for WMT and the Cisco Streaming Engine fail.
•
When the forwarding method is changed from generic routing encapsulation (GRE) to Layer 2 (L2) redirect, the change is not reflected in the way the cache process works. This problem occurs with a 7200 router and two Content Engines running ACNS software, Release 4.2.1. Also, a core dump is generated by WCCP on the Content Engines.
•
When different playlists have overlapping playlist schedules and a playlist preempts playback of another playlist, that playlist might not resume playback after playback of the preempting playlist has finished. This occurs on any Content Engine AV model running ACNS software, Release 4.2 or 5.0. Playlists are configured to play once and stop and have overlapping schedules.
•
Entering en? in global configuration mode leads to the exit CLI configuration command. In other words, using en? in configuration mode is equivalent to entering the exit command and not pressing the Return key. This occurs in ACNS software, Release 5.0.
Note
•
Occasionally, TV-out statistics are not displayed when playback is active and being transitioned to a new playlist. In other words, the show statistics tvout all command does not work under such circumstances. This is observed on Content Engines running ACNS software, Release 5.0 with TV-out service enabled on the Content Engine.
•
When the number of files scheduled for multicast distribution is 200,000, the number of files being received on the receiver side shows some erroneous values on a few occasions. This symptom is observed repeatedly with this configuration, although the count of files being received reverts to the normal value after the output is viewed a number of times.
•
Querying the cdpInterfaceEnable MIB variable returns nothing. This occurs on a CE-7320 that is running ACNS 5.0.x software.
•
Support is not provided for displaying the bandwidth usage for multiple files, along with the content distribution statistics for a multicast data sender, in the output of the show statistics distribution mcast-data-sender command.
•
URL filtering configuration changes made after the SmartFilter URL filter has been enabled and disabled might not be reflected. This symptom occurs rarely if a URL filtering configuration is made after SmartFilter configuration. Also, in the Content Distribution Manager GUI, the changes made to the fields in the URL Filter Settings for Content Engine window might not be reflected.
•
Changes made to a playlist that is currently running are not updated even after the TV-out service is disabled and enabled.
•
In the Content Engine GUI, no option is available in the TACACS+ window to enable or disable TACACS authentication.
Note
•
An SNMP query about UDP group variables does not return the desired statistics. This symptom occurs on all Content Engines running ACNS software, Release 5.0.x.
•
The DNS cache server works when enabled on a CE-7305, CE-7320, CE-7325, CE-565, and CE-510 with the dns listen ip-address command configured. However, the DNS cache server fails when the dns listen all command is configured on the above-mentioned Content Engines. This problem does not occur on a CE-507, CE-560, and CE-590.
•
The sysfs file system configuration is lost after the cdnfs file system size is decreased and the Content Engine is rebooted from the Content Distribution Manager. This symptom occurs only if the Content Engine is upgraded from E-CDN software and in the middle of the upgrade, the user uses the disk config command to configure disk space and configures a partition of 1 GB.
•
RealMedia content pre-positioned on the Content Engine and QuickTime content cannot be streamed by using the Real-Time Streaming Protocol (RTSP). Although the file can be played through HTTP for pre-positioned RealMedia content, this is not true for QuickTime content. This symptom is observed under the following conditions:
–
–
•
When a database update is attempted after a new file is received from a Content Distribution Manager for a Content Engine or when the time zone is changed on the Content Engine, the show statistics wmt {all | usage | streamstat} command does not function.
•
Content Engines that are configured as proxy servers and with rules set for filtering traffic are unable to fetch pre-positioned real-time streaming content from origin servers because of Domain Name Service (DNS) lookup failure. This problem occurs when origin servers are configured with host names instead of IP addresses or when the fully qualified domain name of the specified website is used in the Content Router.
•
When the show statistics acquirer errors [channel-id channel-num] command is used to display the acquisition error logs for the specified channel, the current manifest file errors are appended to the previous fetch errors, instead of being displayed as the current manifest file errors.
•
When the show statistics dns-cache command is used to display Content Engine DNS caching statistics, the total number of members displayed under the host name hash statistics is incremented with garbage values. This symptom is observed only when the DNS caching statistics are displayed after both the clear cache and clear statistics dns-cache commands have been used to clear the DNS caching statistics.
•
The Websense server does not open up the destination if the remote location with which it tries to establish the connection fails.
•
The verifier does not respond, causing the following message to appear:
Verifier not responding when rules configured in a specific scenario.This symptom occurs when there are more than 100 rules configured on a Content Engine running ACNS software, Release 4.2.x and an attempt is made to configure newer rules on the Content Engine, after upgrading it to ACNS software, Release 5.x.
•
Content Engines are shown to be in the Pending state when a new node is registered with the Content Distribution Manager and is not rebooted. The Pending state is observed because Secure Shell (SSL) continues to use the old certificate for the new node, assuming that it has already been registered with the Content Distribution Manager.
•
When the user's identification number (UID) is changed to be other than 0 for administrative user accounts and the privilege level is super user, it is not possible to modify the user information for users with lower privilege levels, such as normal users. In other words, super user privileges work only when the UID is set to 0.
•
The Cache application automatically restarts while recording data server error messages in syslog for incorrect data server message headers.
•
When a multicast sender is not enabled, multicast distribution fails. In such cases, a unicast sender also fails to distribute content because it has not started to receive the content.
•
The Cache application restarts when rules are configured with header-type patterns and the header-field is not available in the request. This will not occur for the request-line and user-agent header-field patterns, because these two headers are always available. The referer header-field might not be available in about 20 percent of cases, and in this scenario, if the user configures a referer pattern-type, then this cache restart problem arises. The problem occurs because the pattern tries to match a nonviable header in the request.
•
Blocking and other actions in an RTSP request by the rules pattern header-field request-line do not work. The block action is configured for the pattern header-field user-agent "RealMedia Player Version 6.0.9.1762 (win32)." A request is sent from this user agent (RealPlayer). The request is not blocked and is served instead. Blocking action is also not working for the header-field request-line.
•
The Content Engine GUI allows you to configure the redirect action for the MMS protocol. However, once configured, this rule cannot be removed from either the CLI or the GUI.
•
Users are unable to configure pattern lists containing quotation marks, both from the Content Distribution Manager GUI and from the Content Engine GUI. Although the Content Engine accepts the pattern list associated with a rule, the pattern list is not reflected in the output of the show rule all command. Also, if pattern lists are configured using backslashes, the Content Engine configures the pattern list but displays junk values. These values cannot be deleted from the CLI and the GUI.
•
The Cache application restarts when the show statistics rule action action-type command is used. This problem occurs in the CE-7320 and not in the CE-590. However, this condition is not observed when the show statistics rule action all command is used.
•
The Content Engine enters kernel debugger (kdb) mode when generic routing encapsulation (GRE) redirection mode is used and WCCP mask assignments are set.
•
The Cache application restarts automatically while printing an error log message for an incorrect NTLM state.
Documentation Updates
This section describes some documentation updates.
SmartFilter and the No-Auth Rule Interaction
The no-auth rule permits specific login and content requests to bypass authentication and authorization features such as LDAP, RADIUS, SSH, or TACACS+. For example, any requests from the source IP address (src-ip) of 172.16.53.88 are not authenticated.
ContentEngine(config)# rule enableContentEngine(config)# rule action no-auth pattern-list 1 protocol allContentEngine(config)# rule pattern-list 1 src-ip 172.16.53.88 255.255.255.255If ACNS software is configured for authentication and SmartFilter URL filtering, requests that are allowed to bypass authentication will also bypass the URL filter.
Related Documentation
Your product shipped with a minimal set of printed documentation, as well as a Documentation CD. The printed documentation provides enough information for you to install and initially configure your product. The CD contains additional product documentation (user guides, configuration manuals, and so forth), which you can access and print out.
Product Documentation Set
In addition to these release notes, the product documentation set includes:
•
•
•
Refer to the Documentation Guide for a complete documentation roadmap and URL documentation links for this product.
Hardware Documentation
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Software Documentation
•
•
•
•
•
•
•
Online Help
Content Distribution Manager GUI online help system.
Release-Specific Documents
For ACNS software, Release 5.0.3, the document "Creating Manifest Files for Cisco ACNS Software, Release 5.0.3" replaces Chapter 6, "Creating Manifest Files" in the Cisco ACNS Software Deployment and Configuration Guide, Release 5.0. You can access the updated manifest file chapter for ACNS software, Release 5.0.3 from the following URL:
http://www.cisco.com/en/US/products/sw/conntsw/ps491/prod_configuration_guide09186a008017a530.html
To download the Websense components, such as Explorer, Manager, and Reporter, or to obtain an evaluation key for using the Websense server that runs on the Content Engine, you can access the following URL and follow the sequence of steps:
http://www.websense.com/downloads
To access the set of documents on Websense product setup and implementation, you can access the following URL:
http://www.websense.com/support/documentation/index.cfm
Obtaining Documentation
Cisco provides several ways to obtain documentation, technical assistance, and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation on the World Wide Web at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at th
Guest
