Guest

Cisco Application and Content Networking System (ACNS) Software

Release Notes for Cisco ACNS Software, Release 5.1

 Feedback

Table Of Contents

Release Notes for Cisco ACNS Software, Release 5.1

Contents

Introduction

New and Changed Information

New Features

New or Changed Information

Manually Downloading the SmartFilter Control List

Websense 5.0.1 Support

Downloading Websense Components and Obtaining an Evaluation Key

Change in the Meaning of Pending Status and Offline Status

Change in Root Content Engine Certificate Authority

Difference Between ACNS 5.1 and ACNS 5.0.x Software Regarding TFTP Access

Adjusting the TCP Window Size on a Content Engine

Upgrade Note

Important Notes

Media File System Issues When Downgrading to ACNS 5.0 Software

Websense Issues When Downgrading to ACNS 5.0 Software or ACNS 5.1 Software

Scheduling Live Events for Multiple Content Engines

Multicast Sender Nonretroactive Scheduling Rule

Limitations

Pre-Positioned Content That Requires Playback Authentication

Hardware Supported

Caveats

Open Caveats - ACNS Software, Release 5.1

Resolved Caveats - ACNS Software, Release 5.1

Documentation Updates

TACACS+ Enable Password Attribute

Pre-Positioned Content

Configuration Requirements for Managed Live Events

cdn-url Attribute Description

Multicast Sender Interoperability

FTP Caching Support

FTP-over-HTTP Caching Support

Native FTP Caching Support

Restrictions Regarding Native FTP Caching in ACNS 5.1 and 5.1.x Software

FTP Caching Support in the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1

FTP Caching Support in the Cisco ACNS Software Command Reference, Release 5.1 Publication

Group-Type Patterns in Rule Pattern Lists

SmartFilter Software and the rule action no-auth Command Rule Interaction

Bandwidth Configuration for Interfaces and Content Services

pace Command

pre-load Command

NTLM Preload Support

show statistics icap Command

Default Port of the Content Engine GUI

Playing Nonhinted IP/TV On-Demand Programs over an ACNS Network

Restriction on IP/TV Program Manager Configuration

Related Documentation

Product Documentation Set

Hardware Documentation

Software Documentation

Online Help

Obtaining Documentation

Cisco.com

Product Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Obtaining Technical Assistance

Cisco Technical Support & Documentation Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Release Notes for Cisco ACNS Software, Release 5.1


August 4, 2005

ACNS Build 5.1.1b3


Note The most current Cisco documentation for released products is available at Cisco.com at http://www.cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were printed.


Contents

These release notes contain information about the Cisco Application and Content Networking System (ACNS) software, Release 5.1. These release notes describe the following topics:

Introduction

New and Changed Information

Important Notes

Limitations

Caveats

Documentation Updates

Related Documentation

Obtaining Documentation

Documentation Feedback

Cisco Product Security Overview

Obtaining Technical Assistance

Obtaining Additional Publications and Information

Introduction

ACNS software combines the technologies of demand-pull caching and pre-positioning for accelerated delivery of web applications, objects, files, and streaming media; ACNS software runs on Cisco Content Engines, Content Distribution Manager, and Content Router hardware platforms.

These release notes are intended for administrators who will be configuring, monitoring, and managing devices that are running ACNS 5.1 software. These release notes describe the new product features, the supported hardware, and the open and resolved caveats regarding ACNS software, Release 5.1.

New and Changed Information

This section describes new and changed features in the ACNS 5.1 release. It also lists the supported hardware.

New Features

Table 1 lists the new features in ACNS software, Release 5.1.

Table 1 New Features in ACNS 5.1 Software 

Feature Type
Feature

Nonstreaming server and proxy features

Support for Internet Content Adaptation Protocol (ICAP) Version 1.0:

Ability to scale antivirus servers and cache clean content

Request modification (REQMOD) and response modification (RESPMOD) support

Load balancing and failover of ICAP servers

Demand-pull caching and pre-positioning of content

 

Native Trivial File Transfer Protocol (TFTP) server and gateway (provides a way for Content Engines to serve content files requested by networking devices that use the native TFTP protocol)

 

Server Message Blocks (SMB) server enhancements with Windows file-sharing service with Common Internet File System [CIFS]) file path support and pre-positioning of content

 

DNS caching with the Web Cache Communication Protocol (WCCP)

 

Microsoft NT LAN Manager (NTLM) and Active Directory (AD) enhancements (nested group support)

 

Lightweight Directory Access Protocol (LDAP) and AD enhancements (group attribute query, static groups, and LDAP password expiration)

 

TACACS+ enhancements (local authentication only if the TACACS+ server does not respond to the authentication request)

 

Acceptable use policy (AUP) support (Content Engine checks the LDAP attribute of a particular user to ensure that the user has accepted the AUP before allowing that user to access content)

 

Integrated Websense 5.0 server (runs as a separate process on the Content Engine instead of running on a separate system)

 

HTTPS server and proxy support that includes Secure Socket Layer (SSL) caching and back-end SSL support for secure import and storage of certificates and keys

 

Native FTP proxy support

 

Browser agent detection (Content Engine directs the user request to the origin server based on the HTTP header)

Streaming automation

Application programming interface (API) for program import, export, and scheduling (for example, to create and manage programs and schedules that are inserted into the Content Distribution Manager and then distributed to Content Engines, or to rebroadcast live or scheduled broadcasts)

 

Managed live event support (unicast-in, multicast or unicast out through Windows Media Technologies [WMT] or the Cisco Streaming Engine)

 

Live failover

In the case of root Content Engine failover, the origin server is contacted.

In the case of intermediate Content Engine failover, the parent Content Engine is contacted.

In the case of edge Content Engine failover, unicast failover to the Content Router occurs.

In the case of client failover, multicast is rolled over to unicast.

Streaming server and proxy features

Cisco Streaming Engine live splitting (unicast or multicast in, unicast or multicast out; streams to the QuickTime player or Cisco IP/TV Viewer Release 5.1)

 

Standards-based MPEG encoder interoperability

 

RealNetworks Version 9 server and proxy

 

WMT enhancements in addition to live event support and APIs that include:

Windows Media 9 (WM9) encoder interoperability for Microsoft Media Server (MMS)

Support for WMT multicast logs

Live splitting and proxy performance enhancements

WMT upstream proxy bandwidth controls

 

IP/TV Release 5.1 support

Management enhancements

New Manifest Generator (a Windows-based application that is installed on a separate system) that helps generate a manifest file.

 

Local and central configuration synchronization (synchronizes local CLI configuration changes to the Content Distribution Manager)

 

Enhanced role-based management (increased role-based management down to the page level)

 

Replication status enhancements (report by filenames and channel)

 

Network Address Translation (NAT) and firewall enhancements

 

Secure access to the Content Engine web GUI (secure access through HTTPS is now supported; the default port for HTTPS access is 8003, and the default port for nonsecure access [HTTP] is 8001)

 

Content Distribution Manager GUI enhancements

Platform enhancements

Support of network attached storage (NAS) virtual storage

 

IP access control lists (ACLs) for Content Engine interfaces (permit or deny Telnet, Secure Shell [SSH], Simple Network Management Protocol [SNMP], and Content Distribution Manager traffic)

 

Dynamic bypass with the Cisco Content Services Switch (CSS) and Content Switch Module (CSM)

Other features

Multicast sender failover (failover to hot standby multicast sender)

 

Intelligent carousel (on-demand content remulticasting on a per file basis)

 

MMS acquisition (MMS is now added to the list of supported acquisition protocols)

 

NTLM authentication for preloading content (HTTP support only)

 

Dynamic proxy automatic configuration (PAC) file support (Content Distribution Manager acquires and distributes PAC file templates to Content Engines)


New or Changed Information

This section describes new or changed information for the ACNS 5.1 release. It covers the following topics:

Manually Downloading the SmartFilter Control List

Websense 5.0.1 Support

Change in the Meaning of Pending Status and Offline Status

Change in Root Content Engine Certificate Authority

Difference Between ACNS 5.1 and ACNS 5.0.x Software Regarding TFTP Access

Adjusting the TCP Window Size on a Content Engine

Upgrade Note


Note For information about changes to the ACNS software 5.1 documentation set, see the "Documentation Updates" section of these release notes.


Manually Downloading the SmartFilter Control List

The intent of the SmartFilter Control List is not to categorize every available URL on the Internet. Instead, it focuses on categorizing those Internet sites that are considered unproductive or inappropriate for typical business or educational environments. The 30 predefined SmartFilter Control List categories encompass a wide variety of material. Some categories are focused on reducing legal liability of a company. These 30 categories are set to "Deny" in the default SmartFilter software policy. Some categories contain such sites as MP3 sites (sites that content that consumes excessive bandwidth). The remainder of these 30 categories are considered unproductive or inappropriate for business or educational environments.

SmartFilter software also provides ten user-defined categories that allow you to further tailor access by defining and filtering sites that are not included in the SmartFilter Control List. Additionally, you can exempt any site that you would like specific groups or individuals to access quickly and easily.

Secure Computing uses automated tools to search the Internet continuously for new sites and pages that meet the content criteria for the 30 predefined Control List categories. Candidate sites are presented to Secure Computing Control List technicians for personal review. As a rule, sites are not added to the SmartFilter Control List without first being viewed and approved by Secure Computing Control List technicians.


Note Secure Computing Corporation cannot guarantee that it has identified every potential site in a given category. Because identifying a particular site as belonging to a particular category involves judgment and opinion, the SmartFilter Control List that is provided may not include sites that a particular organization may wish to control.


You can use the SmartFilter Administration Console to define a SmartFilter Control List download schedule. The Download Setup window tracks the download site, your username, and your password. If you do not download an updated SmartFilter Control List at least monthly, the SmartFilter software considers the Control List "expired," and invokes the action that you specified in the SmartFilter License window.

If the SmartFilter Control List (sfcontrol file) was not properly downloaded from the Secure Computing FTP site and you used FTP to transfer this sfcontrol file from one Content Engine to another, this can cause the cache process to restart.

To stop SmartFilter from restarting the cache process, complete the following tasks, which include manually downloading the SmartFilter control list to the Content Engine:

1. Disable the SmartFilter feature on the Content Engine.

For example, enter the no url-filter http smartfilter enable global configuration command to disable this feature through the Content Engine CLI.

2. Remove the sfcontrol file from the Content Engine. The file is at /local1/smartfilter/sfcontrol.

3. Reenable the SmartFilter feature on the Content  Engine.

For example, enter the url-filter http smartfilter enable global configuration command to disable this feature through the Content Engine CLI.

4. From the SmartFilter Administration Console, perform a manual download of the SmartFilter Control List from the Secure Computing FTP site to the Content Engine.

a. In the upper left panel of the SmartFilter Administration Console, choose the plug-in that corresponds to the Content Engine that is experiencing the problem.

b. In the lower left panel of the SmartFilter Administration Console, double-click the Control List folder to open it.

c. From the Control List folder, choose Download Setup. The Download Setup window appears.

d. In the Download Setup window, verify that the download settings are properly set for a manual download.

e. If you change anything in the Download Setup window, click OK to apply the change to the selected Content Engine.

f. In the Download Setup window, click the Download Now button.


Note For more information about configuring the SmartFilter software, go to the following website: http://www.securecomputing.com.


Websense 5.0.1 Support

Cisco ACNS 5.1 software supports Websense server Version 5.0.1 on all Cisco Content Engine platforms. The integrated Websense server runs internally on the Content Engine (as opposed to running on a separate system and communicating with the Content Engine over the network) and uses approximately 60 MB to 140 MB of RAM in the Content Engine. We recommend that you run the integrated Websense server on Content Engines with at least 512 MB of RAM for best results.

When the Websense server is enabled and the Websense URL database is downloaded for the first time, CPU usage can be very high. Therefore, we recommend that you enable the Websense server during off-peak times or times of low network traffic. Otherwise, other processes running on the Content Engine might be affected. If the Websense server stalls, it restarts automatically.

Websense provides an image of the Websense server that resides in the /local/local1/WebsenseEnterprise/EIM directory. All the executables as well as the configuration and logging files are stored in this directory. This package requires about 150 MB of disk space in the /local/local1/WebsenseEnterprise/EIM directory. An additional 140 MB of disk space is required at the time of downloading the Websense URL database, increasing the total disk space requirement to 290 MB. To ensure that you have enough disk space to properly download the Websense software, we recommend that you increase the amount of sysfs disk space to be greater than the default sysfs configured on your Content Engine.

In ACNS 5.1 software, there is a new connections option for Websense URL filtering on a Content Engine:

url-filter http websense {allowmode enable | enable | server {[hostname | ip-address] | local} [port portnum [timeout seconds [connections connection]]]}

Use the connections option to change the default number of connections per CPU to the Websense server to fine-tune the performance of Websense. The default is 40 connections per CPU, and the range is 1 to 250. We recommend that you do not change the default number of Websense connections unless there is a known Websense performance problem. If there is a Websense performance problem, contact the Cisco Technical Assistance Center (TAC) for the correct number of connections.


Note For information about configuring the Websense software, go to the following website: http://www.websense.com.


Downloading Websense Components and Obtaining an Evaluation Key

To download the Websense components, such as Explorer, Manager, and Reporter, or to obtain an evaluation key for the Websense server that runs on the locally deployed Content Engine, access the following URL and follow the steps:

http://www.websense.com/downloads

Change in the Meaning of Pending Status and Offline Status

In ACNS 5.0 software, the Content Distribution Manager GUI reported the status of a Content Engine as follows:

"Pending" status meant that the Content Distribution Manager had not been contacted by the Content Engine for a getUpdate (get configuration poll) request since the Content Distribution Manager was last restarted.

"Offline" status meant that the Content Distribution Manager had not been contacted by the Content Engine for a getUpdate request for at least two polling intervals, but the Content Distribution Manager had received at least one configuration request at some point in the past. This meant that a dead Content Engine would stay "pending" forever after the Content Distribution Manager restarted (or the standby Content Distribution Manager took over).

In ACNS 5.1 software, "offline" means that the Content Distribution Manager has not been contacted by the Content Engine for a getUpdate request for at least two polling intervals. "Pending" means that the Content Distribution Manager has not heard from the Content Engine yet, but that it is too soon after a restart (or switch from a standby to a primary Content Distribution Manager) to decide whether the Content Engine is actually offline. With this change, no Content Engine will remain "pending" for longer than two polling intervals. (By default, that is 10 minutes.)

Change in Root Content Engine Certificate Authority

Certificate checking is currently used by the acquirer component on the root Content Engine. Sometimes administrators of ACNS 5.0.x networks had to configure weak-certificate-checking to allow common HTTPS websites to be acquired. With ACNS 5.1 software, this need to configure the weak-certificate-checking option is greatly reduced, thereby enabling administrators of ACNS 5.1 networks to enforce stricter certificate checking on common HTTPS websites, often without having to configure weak-certificate-checking on the root Content Engine.

Difference Between ACNS 5.1 and ACNS 5.0.x Software Regarding TFTP Access

In ACNS 5.1 software, the administrator needs to configure the IP access list explicitly in order to allow or deny access to users through the TFTP protocol.

In ACNS 5.0 software, TFTP access was denied to users by default. ACNS administrators had to use the trusted-host command to allow TFTP access to users. The trusted-host command is not supported in ACNS 5.1 software. If this command is configured on Content Engines running a version of ACNS software earlier than Release 5.1, the command appears in the display but does not have any effect. Instances of this command can be deleted by using the no trusted-host command.

Adjusting the TCP Window Size on a Content Engine

Content download from certain origin web servers may be permanently stalled because of a bug on the origin web servers. You may be unable to proxy to a certain web server through the Content Engine because the origin web server is returning an extremely small TCP window size. The server decreases the window size with every packet until the server returns a window size of 0, and never increases the size after that.

This occurs because the Content Engine is sending exactly the amount of data allowed for the window size returned, and nothing more. A client going directly to the server (bypassing the Content Engine) sends the amount of data allowed by that window size plus 1 byte.

To avoid this problem, use the tcp server-satellite global configuration command on the Content Engine. This command uses a different set of window size calculations.

Upgrade Note

After upgrading to ACNS 5.1.1 software from ACNS 5.0.x software, update all of the manifest files so that their last-modified-time timestamps are updated, and click the Fetch Manifest button in the Content Distribution Manager Channel page to ensure that the root Content Engine parses the manifest files again. This step ensures that the root Content Engine converts all channel contents into the ACNS 5.1 software format.

Do not remove any channels carried over from ACNS 5.0.x software or remove any root Content Engines from a channel carried over from ACNS 5.0.x software before completing this step. Otherwise, the acquisition process on the root Content Engine could be stopped, which requires manual intervention to correct.

Important Notes

This section emphasizes important information regarding ACNS 5.1 software.

Media File System Issues When Downgrading to ACNS 5.0 Software

If you have configured the media file system (mediafs) with ACNS 5.1 software or later, and then downgrade to ACNS 5.0 software, the mediafs disk space assignment is lost and it reverts to ACNS network file system (cdnfs) disk space. (The mediafs is used for on-demand content that is fetched through the two streaming protocols [RTSP and WMT]. The cdnfs is used for pre-positioned content in the ACNS network.)

This situation occurs because of a design change that was implemented in ACNS 5.1 software. Because ACNS 5.0 software is not compatible with this change, the disk space becomes assigned to cdnfs instead of mediafs. To work around this problem, follow these steps:

1. After you downgrade to ACNS 5.0 software, use the CLI (disk config EXEC command) or the GUI to assign the mediafs disk space.

Use the Content Distribution Manager GUI for Content Engines that are registered with a Content Distribution Manager. Use the Content Engine GUI for standalone Content Engines (that is, Content Engines that are not registered with a Content Distribution Manager and are being managed through the Content Engine GUI or CLI).

2. Reboot the Content Engine for the disk configuration changes to take effect.

Websense Issues When Downgrading to ACNS 5.0 Software or ACNS 5.1 Software

If the local (internal) Websense server is enabled on the Content Engine and you downgrade from the ACNS 5.2.x software to ACNS 5.0 software or ACNS 5.1 software, the WebsenseEnterprise directory is removed from the Content Engine and the local Websense server stops working. Note that the ACNS 5.2.x software does not generate an error message indicating that the WebsenseEnterprise directory has been removed.

To avoid this problem when downgrading from ACNS 5.2.x software to ACNS software 5.1 or ACNS 5.0 software, follow these steps:

1. Disable the local (internal) Websense server on the Content Engine.

2. Deactivate the Websense services on the Content Engine.

3. Install the ACNS 5.1 software or ACNS 5.0 software downgrade image on the Content Engine.

Scheduling Live Events for Multiple Content Engines

When you schedule a program for a live event, we strongly recommend that you use Greenwich Mean Time (GMT) instead of the local time of the Content Engine that is delivering the program. If you are transmitting the live event across multiple Content Engines that span different time zones, and you schedule local time on each Content Engine instead of GMT, the live transmission is likely to fail.

Multicast Sender Nonretroactive Scheduling Rule

In ACNS 5.1 software, a primary multicast sender automatically schedules the first carousel pass, which sends multicast content to receiver Content Engines. However, ACNS software enforces a nonretroactive scheduling rule, which states that a multicast sender cannot send any files that arrived 10 minutes before it became a multicast sender. Thus, in ACNS software, Release 5.1, when a Content Engine becomes the active primary sender, it does not automatically schedule the first carousel pass to include content that is over 10 minutes old. If you want the old content sent, you must use the distribution multicast resend EXEC command without the on-demand-only option specified. (The on-demand-only option triggers a resend only when a negative acknowledgement [NACK] is issued. In this instance, you want to trigger the resend without a NACK from the receiver.)

After the first multicast carousel pass is complete (whether you manually triggered the resend using the distribution multicast resend command or whether the primary sender completed the pass automatically), the primary sender then determines whether the next carousel pass for content will follow a fixed schedule or whether it will be triggered by NACKs from receiver Content Engines.

In ACNS 5.1 software, you can configure the primary sender to disregard NACKs from receiver Content Engines and send content based on a fixed schedule of carousel passes. To enable this behavior, use the multicast fixed-carousel enable global configuration command. In contrast, a backup multicast sender cannot be enabled for fixed carousel passes; on backup senders, carousel passes must always be triggered by NACKs from receiver Content Engines.


Note When the multicast fixed-carousel option is used, the on-demand-only option of the distribution multicast command is not available. The system displays an error message when the on-demand-only option of the distribution multicast resend command is issued in conjunction with the multicast fixed-carousel enable command.


The multicast fixed-carousel enable command is only available for the ACNS 5.1 software primary multicast sender. The default is no fixed carousel; the first carousel pass is automatic and future carousel passes are ondemand only, that is, they are triggered by NACKs.

Limitations

This section describes some limitations regarding ACNS 5.1 software.

Pre-Positioned Content That Requires Playback Authentication

The requireAuth attribute in the manifest file determines whether users need to be authenticated before the specified content is played. When requireAuth is set to true, the Content Engine requires authentication to play back the specified content to users and communicates with the origin server to check credentials. If the requests pass the credential check, the content is played back from the Content Engine.

Cisco ACNS 5.1 software does not support RTSP playback when authentication is specified. If RTSP content is requested that needs to be authenticated before playback, the content is refetched from the origin server each time it is requested; pre-positioned RTSP content that needs to be authenticated cannot be played back from the Content Engine.

Thus, if you specify the requireAuth attribute for any content item, make sure that the origin server FQDN you entered in the Content Distribution Manager GUI Create New Web Site window or Modifying Web Site window (accessed through Channels > Web Sites) is accurate and can do the following:

1. Accept requests for the path as stated in manifest file.

2. Accept authentication requests from end users for this URL.

This reminder is applicable even when you have multiple acquisition servers specified in the manifest file. Because the "true" origin server is still the website origin server FQDN, you need to make sure that content is accessible from the website origin server FQDN and that it can accept authentication requests.

Hardware Supported

ACNS software, Release 5.1 supports the following hardware platforms:

NM-CE-BP-SCSI

CE-565-K9

NM-CE-BP-80G

CE-565A-72GB-K9

NM-CE-BP-40G

CE-565A-144GB-K9

CDM-4630

CE-590

CDM-4650

CE-590-DC

CE-507

CE-7320

CE-507AV

CE-7305-K9

CE-510-K9

CE-7305A-K9

CE-510A-80GB-K9

CE-7325-K9

CE-510A-160GB-K9

CE-7325A-K9

CE-560

CR-4430

CE-560AV

 

Caveats

This section lists and describes the open and resolved caveats in ACNS 5.1 software. Caveats describe unexpected behavior in ACNS 5.1 software. Severity 1 caveats are the most serious; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats.

Open Caveats - ACNS Software, Release 5.1

This section lists and describes caveats that are open in ACNS software, Release 5.1.

CSCdy82311

Symptom: Content cannot be acquired using strong authentication from secure origin servers that use certificates from nonstandard certificate authorities (CAs). If strong authentication was chosen for content acquisitions from such a site, the acquirer error statistics will contain a 401 (Unauthorized) error code, and the acquirer error log contains the following error message:

Strong Cert Authentication rejects certificate due to error: ssl error code

Condition: This problem occurs if the origin server uses a certificate that is not known as a standard certificate to the ACNS software acquirer. For content acquisition from secure sites over HTTPS using strong authentication, only sites with certificates from standard certificate authorities are supported.


Note With strong authentication, if any errors occur during certificate verification by the ACNS acquirer, then content from that site will not be acquired. With weak authentication, certain errors (for example, a certificate has expired, certificate is not yet valid, and a subject issuer mismatch has occurred) are allowed during certificate verification.


Workaround: Use one of these workarounds:

Use weak authentication.

On the secure server, use a certificate that was generated by one of the standard certificate authorities. ACNS network administrators should refer to the following information to determine which CA certificate to install on their origin servers. Note that the certificate list differs based on the version of the ACNS software. For the ACNS 5.1.x software release or later, refer to the certificate list in the Cisco ACNS Software Upgrade and Maintenance Guide, Release 5.x.

CSCea51815

Symptom: The Content Engine model CE-565 shows lower HTTP performance when it is attached to a Storage Array SA-7 device.

Condition: This problem occurs when the CE-565 has WMT enabled and is attached to an SA-7 device.


Note The Storage Array device is used for the cache file system (cfs).


Workaround: Allocate less space to the cfs if a Storage Array is attached to the Content Engine.

CSCeb33333

Condition 1: The ACNS network is set up for multicast distribution with Content Engines subscribed to multicast-enabled channels. Multicast sender and receiver Content Engines are running mixed versions of ACNS software. All Content Engines have been successfully enabled for multicasting. The Content Distribution Manager is running ACNS 5.1 software.

Symptom:

Only senders running ACNS 5.1 software support the backup protocol. Only ACNS 5.1 receivers can send negative acknowledgement (NACKs).

If both the primary sender and the backup sender are actively sending the same file, the receiver Content Engine locks out one of the two and receives one copy of the file from the first sender.


Note Cases 1 through 6 assume that you are using a Content Distribution Manager that is running ACNS 5.1 software.


Case 1: The primary sender is using an ACNS software release earlier than ACNS 5.1. The backup sender is using ACNS 5.1 software, as is the receiver.

The backup sender considers the primary sender inactive and becomes active after the configured failover period.

The primary sender periodically sends the multicast files as configured in the carousel pass and multicast-out bandwidth settings.

The receiver tries to send a NACK to the primary sender, but receives NACK failures and begins sending NACKs to the backup sender. The backup sender responds to the NACK.

Case 2: Both the primary sender and the backup sender are using ACNS 5.1 software. The receiver is using an ACNS software release earlier than ACNS 5.1.

Failover works between the primary and backup senders, but neither the primary sender nor the backup sender ever receives a NACK response from the receiver.

The primary sender sends out the first carousel pass for content without the need for a NACK, so the receiver might be able to obtain content if it joins the group promptly. If it does not, the receiver is not able to obtain content.

Case 3: Both the primary sender and the receiver are using an ACNS software release earlier than ACNS 5.1. The backup sender is using a software release earlier than ACNS 5.1.

The backup sender considers the primary sender inactive and becomes active after the configured failover grace period. The backup sender continues to wait for a NACK response from the receiver before sending the multicast, but the receiver is unable to send a NACK.

The primary sender periodically sends the multicast files as configured in the carousel pass and multicast-out bandwidth settings.

The receiver should be able to obtain content from the primary sender.

Condition 2: Although you may have received a warning message from the Content Distribution Manager, you can still configure a Content Engine as a backup sender if the Content Engine is registered with a Content Distribution Manager running ACNS 5.1 software and the Content Engine is running ACNS software earlier than ACNS Release 5.1. Cases 4 through 6 discuss the backup sender operating under these conditions.

Symptom: The Content Distribution Manager does not send related configuration information and configuration changes to the Content Engine running the earlier software version. This results in the the Content Engine not being able to identify itself as the multicast backup sender. This scenario might also occur if a backup sender using ACNS 5.1 software is downgraded to an earlier software version through the Content Engine CLI.

Case 4: Both the primary sender and the backup sender are using an ACNS software release earlier than ACNS 5.1. The receiver is using ACNS 5.1 software.

The receiver alternates attempts to send NACKs between the primary sender and the backup sender but is unsuccessful.

The primary sender periodically sends the multicast files as configured in the carousel and multicast-out bandwidth settings.

Case 5: The primary sender and receiver are using ACNS 5.1 software. The backup sender is using an ACNS software release earlier than ACNS 5.1

The primary sender considers the backup sender inactive after the configured fallover grace period.

The receiver can only successfully send NACKs to the primary sender. If the primary sender fails, the receiver sends the NACKs to the backup sender, and when it receives a NACK failure as expected, the receiver retries the primary sender. The receiver alternates between the senders until the primary sender becomes active again.

Case 6: The primary sender is using ACNS 5.1 software. Both the backup sender and the receiver are using an ACNS software release earlier than ACNS 5.1.

The primary sender considers the backup sender inactive and becomes active after the configured fallback grace period. The primary sender sends the first carousel pass of content without needing to receive a NACK. It then waits for the receiver's NACK to trigger further carousel passes if more than one carousel pass is configured.

The receiver never sends a NACK to the primary sender or the backup sender.

Condition 3: The Content Distribution Manager is using an ACNS software release earlier than ACNS 5.1. In software releases earlier than ACNS 5.1, only one sender is configurable for each cloud.

Case 7: The sender is using ACNS 5.1 software. The receiver is using a software release earlier than ACNS 5.1.

The sender behaves like an ACNS 5.1 software primary sender. That is, it sends the first round of content without requiring a NACK to trigger the carousel pass. However, the sender is unable to continue making carousel passes because the receiver is unable to send NACKs.

Workaround for Case 7: Use the distribution multicast resend EXEC command on the sender Content Engine to trigger a multicast carousel pass manually.

Case 8: Both the sender and the receiver are using ACNS 5.1 software.

The sender is able to perform carousel passes and the receiver is able to send NACKs for missing content; however, there is no support for a backup sender or for configuring the NACK interval multiplier.

Case 9: The sender is using an ACNS software release earlier than ACNS 5.1. The receiver is using ACNS 5.1 software.

The sender periodically sends the multicast files as configured in the carousel pass and multicast-out bandwidth settings so that the receiver can obtain content.

The receiver tries to send NACKs to the sender but continually fails and retries.

Workaround for Cases 1 through 9: Upgrade both senders and receivers to ACNS 5.1 software. Upgrade the sender first, and then upgrade the receivers.

CSCeb83282

Symptom: When IP address changes are made on a WCCP-enabled Content Engine, existing connections break, and new connections are not accepted for 30 seconds.

Condition: This problem occurs when you change IP addresses on a Content Engine that has WCCP enabled.

Workaround: Disable WCCP on the Content Engine before changing IP addresses on the Content Engine.

CSCeb85057

Symptom: The Content Engine displays the following error message:

KERNEL: assertion (atomic_read(&sk->wmem_alloc) == 0) failed

Condition: The Content Engines display this error message during normal operation.

Workaround: Ignore the error message.

CSCec09045

Symptom: Users do not receive the requested page or the requested page loads very slowly.

Condition: This problem occurs when the origin server sends back a response with "Connection: close," but does not close the connection. The Content Engine waits for the server to close the connection, until the Content Engine times out. Subsequent requests are affected and are not processed until the previous request is completed, thus causing the delay.

Workaround: Configure the Content Engine for a static bypass entry for the server.

CSCec31134

Symptom: The HTTP proxy cache hit response time increases dramatically over time.

Condition: The Content Engine is overloaded (200 requests per disk spindle is the maximum for the CE-7305 and CE-7325).

Workaround: Reduce the load.

CSCec36290

Symptom: When you use Windows XP with Windows Media Player 9.0.0.3008 installed, embedded Microsoft media files (for example, .asf files) cannot be retrieved over HTTP from a Content Engine that has the media files pre-positioned.

Condition: When the Content Engine has media files pre-positioned, and the Content Engine is not configured for either WMT or proxy, media files must be retrieved over HTTP from a pre-positioned store on the Content Engine.

Workaround: You can avoid this problem by doing the following:

Use a Windows 2000 device or a different version of Windows Media Player.

Enable WMT on the Content Engine.

CSCec38286

Symptom: An advanced program that uses a file having three streams (audio, video, and web presentation) launches the Web Presenter server. (When creating, duplicating, or editing a program, you must indicate the type of program. A program can be one of three types: live, file-based, or advanced. Advanced programs allow you to combine file-based and live information.)

Condition: This occurs only when an advanced program is file-based and includes a web presentation. The Presenter Server window should not be opened for a file-based program that contains URLs. When an advanced, file-based program is created, IP/TV Program Manager requires that the user specify a SlideCast or Web Presentation Server for the program. This should be optional; the user should not have to do this. IP/TV Program Manager then creates an sdp file that treats the Web Presenter portion as a live program rather than a file-based program (for example, the sdp file contains "a=x-iptv-svr:presentation 192.168.1.101 live" rather than "a=x-iptv-svr:presentation 192.168.1.101 file").

Workaround: Click the Play Web Presentation from File radio button if the presentation stream is from the file.

CSCec40403

Symptom: The CE-7325 does not respond to a console or Telnet session.

Condition: This situation can occur if the CE-7325 is experiencing a heavy WMT proxy load (approximately 3000 concurrent sessions of 300-kbps media requests) and the majority of the requests are cache misses. Even after the heavy load no longer exists, the CD-7325 does not respond to a console or Telnet session for another few minutes.

Workaround: Reboot the device.

CSCec44019

Symptom: Creating more than 24 bandwidth settings of the same type is not allowed. The default and maximum bandwidths are not included in this count.

Condition: A constraint error occurs if you create more than 24 bandwidths of the same type for a particular Content Engine. If this Content Engine's bandwidth is configured so that it enables aggregation, then the sum of all of its specified bandwidths and those of the device groups to which this Content Engine belongs cannot exceed 24 in total.

Workaround: Additional bandwidth (more than 24) has to be specified using the CLI on the individual Content Engines. You should disable the local central management (LCM) feature (from the Content Distribution Manager GUI, choose System > System Configuration and set System.Icm.enable to false). LCM is a new ACNS 5.1 software feature that allows a change made locally through the Content Engine CLI to be propagated to the Content Distribution Manager. Through LCM, the Content Distribution Manager is aware of all local changes to the Content Engines; such changes are reflected in the Content Distribution Manager GUI.

CSCec46588

Symptom: A core file from "nmbd" is seen in the /local1/core_dir directory in Cisco ACNS software.

Condition: This occurs rarely and only when the CIFS server is enabled. The application is restarted immediately. There is virtually no loss of function.

Workaround: There is no known workaround.

CSCec46643

Symptom: The CLI shell (in EXEC or CONFIG mode) exits unexpectedly in Cisco ACNS software.

Condition: This is very rare. When it occurs, there is a core.XXXX file in the /local1/core_dir directory, where XXXX is a number.

Workaround: Log in to the CLI shell again.

CSCec49405

Symptom: During a pause in the multicast transmission, a small amount of network traffic from the multicast sender continues on the advertised multicast address.

Condition: This condition occurs when you use multicasting to distribute content.

Workaround: There is no workaround. The bandwidth that is being consumed is for PGM protocol source path messages (SPM).

CSCec52221

Symptom: Windows Media Technologies (WMT) is enabled with no media file system (mediafs) after you downgrade from ACNS 5.1b300 software to ACNS 5.0.7b8 software.

Condition: This occurs if you upgrade from ACNS 5.0.7b8 to ACNS 5.1bx software, configure the disk, and then downgrade to ACNS 5.0.7b4.

Workaround: Reconfigure the disk with a mediafs partition and reload the software.

CSCec54225

Symptom: You cannot configure the Content Engine TACACS+ client to authenticate administrative users if the TACACS+ encryption key is not defined.

Condition: This problem is reported for a TACACS+ server configuration in conjunction with a Rivest, Sharmir, Adelman (RSA) token server. The problem occurs when the TACACS+ encryption key is not defined and the TACACS+ authentication server configuration involves an RSA server. There are no problems if the encryption key is configured. There are no authentication problems if the encryption key is not defined and the RSA token server is not involved in the configuration.

Workaround: Configure the TACACS+ encryption key for secure authentication.

CSCec54987

Symptom: A user initiates a data transfer (such as a GET operation). The user cancels the data transfer by simultaneously pressing Ctrl-C. If the network connection between the client and the FTP proxy is on a very slow link compared to the proxy-to-ftp server link, then the cancellation takes a long time to return control to the FTP client.

Condition: This symptom occurs on systems running ACNS 5.1 software that have the FTP transparent WCCP service enabled. This behavior is seen only if the file is a cache miss and the network connection between the client and the FTP proxy (the Content Engine) is very slow compared to the WAN connection (for example, the connection between the Content Engine and the origin FTP server).

Workaround: There is no known workaround.

CSCec57998

Symptom: Rarely, core dumps from the login program may occur.

Condition: This problem appears to occur only very rarely when you try to use Telnet to access the Content Engine.

Workaround: There is no known workaround.

CSCec58408

Symptom: Content Engines in an ACNS network delete acquired on-demand content when IP/TV Broadcast Server, which is configured to serve the program, does not have the media file available in its IP/TV media root directory.

Condition: This problem occurs when the media file is not available in the IP/TV media root directory, either because of a change in the IP/TV media root directory path or because the media file was renamed or deleted for the exported ACNS program. This situation will also occur if the IP/TV Broadcast Server fails or is deliberately removed from operation.

Workaround: Make sure the media file for an exported ACNS program is available in the IP/TV Broadcast Server even if the media root directory is changed. Also ensure that the media file is not deleted or renamed after the creation of the program.

CSCec58676

Symptom: HTTPS requests show a 500 error code in the transaction log.

Condition: In ACNS 5.1 software, any HTTPS request over HTTP will cause an error code of 500 to be written to the transaction log.

Workaround: Ignore the 500 error code in the transaction log.

CSCec58971

Symptom: When the disk add diskname cdnfs remaining EXEC command is used, the following erroneous output is displayed:

dc: stack empty
dc: dc: dc: stack empty
dc: stack empty
dc: stack empty
dc: stack empty
dc: stack empty
dc: dc: stack empty
ruby_disk - manipulate disks on Ruby platform

Condition: This problem occurs when the cdnfs remaining option is used with the disk add diskname command.

Workaround: Do not configure the cdnfs remaining option. Specify the disk space using a number and units of GB, MB, or percentage of the disk. After performing this disk add operation, reboot the Content Engine. The cdnfs space on the new disk drive will be used after the reboot.

CSCec59582

Symptom: The SNMP agent process (snmpced) crashes on a CE-7320 that is running ACNS 5.1 software.

Conditions: This occurs on a CE-7320 that is running ACNS 5.1 software.

Workaround: There is no known workaround.

CSCec61961

Symptom: Rules configured in the Rules Template do not change the host header correctly for the rewrite and use-server actions.

Condition: The rule rewrite and use-server actions do not change the request header as expected. The Host header on the request should be changed to the new host that the request is being sent to; otherwise, the request may risk rejection. The rule rewrite and use-server actions will change the server of the original request. HTTP/1.1 specifies that the Host header, which specifies the host name of the server, must be present in a request. If either the rule rewrite or use-server action is applied to a request (which effectively changes the server host), then the Host header of the corresponding action also needs to be changed to reflect the host name of this new server that is sent the request.

Workaround: There is no known workaround.

CSCec61987

Symptom: The use-dns-server option under the rule global configuration command is visible when it should be hidden. This is a hidden CLI command intended to provide backward compatibility.

Conditions: This problem occurs if you configure the ACNS 4.2 software use-dns-server option of the rule command in an ACNS 5.1 software environment and the ACNS 5.1 software has pattern lists configured with an "AND" grouping. If the ACNS 4.2 software syntax is converted to ACNS 5.1 software, misconfiguration occurs.

Workaround: Do not use the ACNS 4.2 software use-dns-server action for configuring this action with the rule command; instead, use ACNS 5.1 software syntax for configuration.

CSCec62492

Symptom: A configured on-demand program is not listed in the IP/TV Program Manager OnDemand Program Listing window if the associated media file is not available.

Condition: The problem occurs only when the associated on-demand program media file is not available in the configured IP/TV Broadcast Server after the program was created.

Workaround: We recommend that you do not remove or change the media file location in IP/TV Broadcast Server after you configure on-demand programs that use the media file. If you must remove or change the media file location, then you must edit all the programs that use that file on that server to use either another file or another server.

CSCec63550

Symptom: The first network-attached storage (NAS) attachment that failed at bootup is not recovered by the health probe.

Condition: This problem occurs only when a transient Network File System (NFS) or Common Internet File System (CIFS) connection failure occurs during the NAS attachment process.

Workaround: Reconfigure the failed NAS configuration. If the NFS or CIFS connection failure is transient, reconfiguration will succeed.

CSCec65255

Symptom: The audio stream sounds discontinuous when you listen to a rebroadcast or video on demand (VOD) of a recorded MP4 file.

Condition: The symptom occurs with IP/TV-generated MP4 files that are streamed from a Cisco Streaming Engine. The problem only occurs with MP4 files that contain an MP3 audio track sampled at 8000 Hz. Streaming the file directly from IP/TV Server does not result in this problem.

Workaround: Use a sampling frequency of 11025 Hz or 22050 Hz while creating a live program with MP3 audio if the recorded file is to be deployed in an ACNS network. Alternatively, use the AAC codec instead of MP3.

CSCec67374

Symptom: The acquirer stops and the root Content Engine displays a message that the RPC to acquirer failed. The syslog also reports the following:

65-1#Service 'acquirer' died due to signal 3: Quit
Oct 22 11:36:24 565-1 Nodemgr: %CE-NODEMGR-5-330027: pid 3576 exits Oct 22 11:36:24 
565-1 Nodemgr: %CE-NODEMGR-3-330025: Service 'acquirer' died due to signal 3: Quit
Oct 22 11:36:24 565-1 Nodemgr: %CE-NODEMGR-5-330032: Stopping service: 'acquirer'.

Condition: If a channel is created and content is acquired by an early version of ACNS software (such as ACNS 5.0.x) and if after upgrading the root Content Engine to ACNS 5.1.1b3 software, you delete the channel or assigned another Content Engine as the new root Content Engine, the acquirer for the old root Content Engine will crash. But if you have modified the manifest file for this old channel and the manifest file has been re-parsed by ACNS 5.1 software (either by clicking the Fetch Manifest button in the Channel window or through the "Update Interval" for the manifest file), then deleting the old channel does not cause this problem.

Workaround: The workaround depends on which of the following conditions apply.

1. If you have not encountered this problem yet but want to remove the channel from the Content Engine that is the root Content Engine, or want to make another Content Engine the root Content Engine, follow these steps:

a. Change the time stamp of the manifest file for that channel. (For example, you can use the touch command to change a file's time stamp in a UNIX or Linux environment. In a Windows operating system environment, you may have to open the manifest file and resave the file to change its time stamp.)

b. Click the Fetch Manifest button in the Channel window, and then proceed to remove the channel from the Content Engine that is the root Content Engine, or make another Content Engine the root Content Engine.

2. If you have already encountered this problem but the channel has not yet been deleted, and you just changed the root Content Engine for the channel or just unsubscribed the Content Engine from the channel, follow these steps:

a. Reassign the Content Engine to the channel as the root Content Engine.

b. Change the time stamp of the manifest file for that channel.

c. Restart the acquirer on the root Content Engine using the acquisition-distribution stop and acquisition-distribution start EXEC commands.

d. Click the Fetch manifest button in the Channel window, and then proceed to either unsubscribe to the channel or make another Content Engine the root Content Engine.

3. If you have already deleted the channel, the following workaround requires that the Content Engine download all metadata again, but it does not need to download the files again. With this workaround, the acquirer will obtain the property of the file that the user is attempting to download (for example, the file size and time stamp of the file named video.asf) but will not have to download the actual file again.

a. Use the cms database delete and cms database create EXEC commands to reset the database.

b. Use the cms enable global configuration mode command to enable the CMS and then wait for the metadata to be downloaded to the Content Engine.

c. Use the show statistics replication EXEC command to verify that all content metadata has been downloaded. The download normally handles between three and five files per second. For example, if the Content Engine has 10,000 objects, the download will take approximately 1 hour to be completed.

d. Use the cdnfs cleanup EXEC command to clean up the files for the removed channels.

CSCec67540

Symptom: CPU usage on the Content Engine periodically spikes (every half minute).

Condition: This problem occurs under normal running conditions.

Workaround: There is no known workaround.

CSCec67688

Symptom: Statistics reported by the show statistics tcp EXEC command may be inconsistent and incorrect under rare circumstances.

Condition: The exact conditions under which this problem happens are currently unknown, but it appears that this problem can occur after extended periods of operation.

Workaround: Clearing TCP statistics will usually bring all TCP-related statistics back to normal.

CSCec68837

Symptom: A FreeBSD FTP client receives a "connection reset by peer error" message after it initiates a command that requires a data connection, such as "dir," "get," or "put" operation.

Condition: This problem occurs if FTP client traffic is intercepted by WCCP and redirected to a Content Engine that is running the FTP proxy cache for processing, and the FTP server to which the FTP client is connected supports the FTP command EPSV (Extended Passive). The symptom can also occur with any other FTP client application that issues the EPSV command.

Workaround: If the FTP client application has an option not to use the EPSV command and to use the PASV command instead, then use that option. This FTP client option is available in FreeBSD Release 4.7 and later and is called "epsv4." If this option is not available, then do not use passive mode if possible. Note that this may not be possible if there are firewalls that prevent the FTP server from initiating a connection back to the FTP client.

CSCec70872

Symptom: The Content Engines fill up the / filesystem, and components then start to fail.

Conditions: This problem may be related to SmartFilter configurations.

Workaround: There is no known workaroud.

CSCec73096

Symptom: When a new Content Engine is added to a device group that has a WMT license enabled, WMT fails to start on this new Content Engine until you manually enable WMT on this Content Engine.

Condition: This problem was not reproducible.

Workaround: There is no known workaround.

CSCec74208

Symptom: In rare circumstances the bypass counters may be incorrect.

Condition: This problem is likely to be seen under the following conditions:

WCCP L2 redirect is being used, and the WCCP router ID is different from the IP address that is assigned to the router interface from which the packets are redirected to the Content Engine (the WCCP router ID is the numerically lowest IP address configured on the router).

L4 switched connections are being bypassed.

Workaround: If the first condition is true, change the IP address assignments on the router so that the IP address assigned to the router interface from which packets are redirected to the Content Engine becomes the WCCP router ID. If the second condition is true, there is no known workaround.

CSCec74830

Symptom: Earlier versions of IP/TV supported encoding of Japanese characters in Windows native Shift JIS encoding. For IP/TV 5.1 software, Shift JIS Japanese data is applied to the following data items:

On-demand program (category name, program name, description, administrator name, and producer name)

Scheduled program (channel name, program name, description, administrator name, and producer name)

Japanese characters are corrupted on all on-demand program data items. For scheduled program data items, only certain characters are corrupted but not all.

Microsoft Internet Explorer and Netscape Navigator support UTF-8 encoding in which Japanese characters are available. With UTF-8, all Japanese data is corrupted for both on-demand and scheduled programs though they are corrupted in different ways.

Conditions: Multibyte Japanese text for on-demand program information (category name and program name) is corrupted. Also for scheduled programs, certain Shift JIS Japanese characters are corrupted (channel name, program name), although other characters are saved or restored correctly.

Workaround: Do not use multibyte character sets.

CSCec75119

Symptom: The cache process restarts when proxy request authentication is enabled on a Content Engine.

Condition: This is an infrequent problem and can occur on the CE-7320.

Workaround: There is no known workaround.

CSCec75636

Symptom: If the community string that is used for sending SNMP traps is not the same as the community string for SNMP read or read-write access, the Content Engine does not send traps.

Conditions: This occurs on Content Engines that are running any version of the ACNS software.

Workaround: Make sure that you specify the same community strings in the snmp-server host and the snmp-server community global configuration commands.

CSCec78596

Symptom: The Content Engine WMT server refuses to stream content faster than 3500 kbps over MMST and MMSU. The server also sends WMT streaming packets at a faster rate than it should.

Conditions: The first symptom occurs only with Windows Media Player Version 8 or 9, and is caused by a player bug introduced after Microsoft released Windows Media Player Version 8.

The second symptom occurs only if the stream file is generated by the Windows Media Player 9 encoder. The higher the bit rate, the more serious the problem is. For a 1500-kbps stream, the Content Engine sends it at 1600 kbps; for a 2100-kbps stream, the Content Engine sends it at 3100 kbps.

The second symptom causes Windows Media Player 8 and 9 to exhaust the receive buffer and to start dropping packets, which will cause inferior audio and video quality. Windows Media Player 7 will experience the same problem when using MMSU. However, Windows Media Player 7 will operate better when using MMST or HTTP because it will stop receiving packets instead of dropping them, which triggers the TCP flow control on the Content Engine side to pause sending.

Workaround: Use Windows Media Player Version 7 to play back the high bit rate stream through MMST and HTTP.

CSCec78725

Symptom: Pre-positioned content is proxied to the origin server.

Condition: When content is acquired, the manifest file has an item AuthFlag=True. For content to be authenticated, the request is then proxied to the origin server.

Workaround: Do not set the AuthFlag to true. If you need to authenticate content, then there is no known workaround for ACNS 5.1 software users.

CSCec80698

Symptom: The media player cannot play smoothly if there is a proxy chain and a partial cache hit occurs during the initial playing of a cacheable file.

Condition: This problem can occur if there are two or more Content Engines in the proxy chain and one of the Content Engines is the outgoing proxy for the other Content Engine. The typical setup in which this problem occurs is the following: media player > CE1 > CE2 > origin server. The player plays a cacheable file and then stops in the middle and does not close the player. If the player is not closed, and if the user clicks the STOP button and then restarts the player by clicking the PLAY button again, during the second playing of the file the player stops where it stopped the first time.

Workaround: There is no known workaround.

CSCec82061

Symptom: The device pauses indefinitely in all processing tasks. The kdb (kernel debugger) prompt appears.

Condition: This problem occurs when WMT live splitting is used with WMT video on demand on a Content Engine.

Workaround: Use the no wmt fast-live-split enable global configuration command to disable the high-performance live splitting feature on the Content Engine. This should bypass some kernel work. However, this workaround is not recommended if the highest WMT live-split performance is required from this Content Engine.

CSCec82868

Symptom: The cache process restarts when it receives a username longer than 50 characters and both proxy authentication and SmartFilter URL filtering are enabled.

Condition: The problem occurs when all of the following conditions exist:

A username that is longer than 50 characters is received in the HTTP authentication header.

Proxy request authentication is enabled.

SmartFilter is enabled.

Workaround: There is no known workaround.

CSCec83758

Symptom: The Centralized Management System (CMS) restarts on the Content Distribution Manager, and the syslog has the following entries:

va.lang.NullPointerException: java.lang.NullPointerException at 
com.cisco.unicorn.util.Asserter.notNull(Asserter.java:29) at 
com.cisco.unicorn.messaging.DistributionMessage.sendAsync(DistributionMessage.java: 
590)

Condition: This problem can occur if there are numerous Content Engines in the ACNS network and you use the Content Distribution Manager GUI to request an update about on-demand replication status.

Workaround: There is no known workaround.

CSCec83768

Symptom: The syslog on the Content Distribution Manager displays the following warnings:

java.lang.NullPointerExc eption: java.lang.NullPointerException at 
com.cisco.unicorn.controller.ProxyInfoHelper.getConfigList(ProxyInfoH elper.java:31) 
at com.cisco.unicorn.controller.AServant.getListEntryTripleUpdates(AServant.java:1763) 
at com.cisco.unicorn.controller.ServantCe.calculateUpdates(ServantCe.jav a:352) 

Condition: This problem can occur when the Content Distribution Manager has a heavy load (for example, when there are more than 300 Content Engines in the ACNS network).

Workaround: Increase the data feed poll period that is set by default to 300 seconds; for example, increase it to 600 seconds or more. Change this setting through the Content Distribution Manager GUI (choose System > System Configuration > System.datafeed.PollRate).

CSCec83776

Symptom: The CMS becomes unresponsive on a Content Distribution Manager or reports a timeout error.

Condition: This problem occurs if the CMS locks up on the Content Distribution Manager because of massive device registration and activation within a short time period.

Workaround: Restart CMS on the Content Distribution Manager.

CSCec85126

Symptom: An SNMP cold start trap is not generated when the Content Engine boots up.

Condition: This problem occurs on all Content Engines that are running ACNS 5.1.1 software.

Workaround: There is no known workaround.

CSCec85337

Symptom: When enabling an HTTP outgoing proxy through the Content Distribution Manager GUI, you receive a "transaction not completed" error message.

Condition: This problem occurs if you are using the ACNS 5.1 software Content Distribution Manager GUI to enable an HTTP outgoing proxy.

Workaround: Use the http outgoing proxy global configuration command to enable an HTTP outgoing proxy.

CSCed29481

Symptom: The playback of Windows Media Technologies (WMT) content fails if Content Router routing is used to play back the content, and the content is not yet pre-positioned or has been deleted because the expiration period has elapsed. This problem occurs when the origin server is listening for requests only on the Microsoft Media Server (MMS) port but not the HTTP port. This problem does not occur if the WMT content is pre-positioned and the content resides on the Content Engine.

Condition: This problem occurs when the following conditions exist:

The Content Engines are running ACNS 5.0 or 5.1.1 software.

Content Router routing is used to play back WMT content and that content is not replicated on the Content Engine.

Workaround: Use one of these workarounds:

Before you publish the URL for end user access, make sure that the WMT content is replicated on the Content Engine.

Configure the WMT origin server to listen for requests on the HTTP port as well on the MMS port.

CSCei62672

Symptom: When you click links from the table of contents or the index of the ACNS Content Distribution Manager online help, the links open in the same pane, that is, the left pane, which contains the table of contents and the index, instead of opening in the right pane, which contains the help topics.

Condition: This problem occurs after you install Microsoft security update MS05-026. This security patch disables cross-frame navigation features that are based on HTML Help ActiveX control (HHCTRL).

Workaround: To reenable cross-frame navigation features that are based on HHCTRL, modify your Windows registry as explained in Microsoft Knowledge Base article 896905, which is available at this URL:

http://support.microsoft.com/kb/896905/

CSCin52125

Symptom: The RTSP gateway generates a core file.

Conditions: This occurs because of a heavy performance load.

Workaround: Lighten the load on the device.

CSCin54434

Symptom: Websense Manager cannot connect to the local Websense server (the Websense server runs as a separate process on the Content Engine instead of running on a separate system).

Condition: This occurs if you connect to the Content Engine with the local Websense server Version 5.0.1 using an external IP address from Websense Manager Version 5.0.1.

Workaround: There is no known workaround.

CSCin55484

Symptom: A pre-positioned content object is lost after you configure a disk and reload the Content Engine.

Condition: If the amount of cdnfs content approaches the amount of disk space allocated to the cdnfs, then cdnfs content is removed to ensure that the cdnfs file system can be resized properly to hold the saved content. In ACNS 5.0.x software, the content is moved out of the file system (if other file systems that can hold the content are detected) or is deleted (if other file systems that can hold the content are not detected) when a disk configuration is performed and 90 percent or more of the cdnfs file system is used.

Workaround: Take one of the following actions to avoid this problem:

Do not perform disk configuration.

Ensure that the amount of content present is less than 90 percent of the disk space allocated to the newly specified cdnfs file system.

Upgrade to ACNS 5.1 software, which always preserves content when you perform a disk configuration, irrespective of the amount of disk space specified for the cdnfs.

CSCin58464

Symptom: The Websense policy server and user server generate core files.

Condition: This problem occurs when the Websense server is running on ACNS 5.1 software with a version of the Websense Manager that is earlier than Version 5.0.1 build 20030722. This problem does not exist when the Websense server is running on ACNS 5.0.3 software.

Workaround: Download Websense Manager Version 5.0.1 build 20030722.

CSCin59084

Symptom: If there is a WCCP transparent proxy between the ACNS network root Content Engine and the content origin server, and the proxy requires NTLM authentication, then the ACNS network acquirer may fail to acquire content in the following scenario:

1. You specify the WCCP transparent proxy authentication information by using the acquirer proxy authentication transparent global configuration command. Content acquisition works correctly.

2. You remove the proxy authentication through the no acquirer proxy authentication transparent command. Content acquisition stops working, which is expected.

3. You restore the proxy authentication back using the basic-auth-disable option of the acquirer proxy authentication command. Content acquisition should work, but it does not. Content acquisition results in a 401 error message.

Condition: This occurs with ACNS 5.1 software.

Workaround: Restart the acquirer through the acquisition-distribution stop and acquisition-distribution start EXEC commands.

CSCin59100

Symptom: In ACNS 4.2 software, rules are configured only for HTTP and not for streaming protocols. If a Content Engine that is configured with rules and is running ACNS 4.2 software is upgraded to ACNS 5.1 software, then these rules are configured with the protocol type "all."

Condition: This occurs when the software is upgraded to ACNS Release 5.1 from ACNS Release 4.2.

Workaround: If you do not want the rule to be applied for some of the rule actions, you can change the rule configuration as required.

CSCin59272

Symptoms: In HTTPS acquisition with directory indexing crawling, when the starting URL lacks a forward slash (/) at the end, the acquirer fails with a 700 error message.

Condition: In HTTPS acquisition with directory indexing crawling, when the starting URL lacks a forward slash at the end, the server returns a 302 Redirect message and redirects the request to the starting URL with a forward slash at the end. However, some servers may return some data in addition to the headers in the HEAD request. In such scenarios, the acquirer fails with a 700 error message.

Workaround: Add a forward slash to the starting URL in the manifest file.

CSCin59408

Symptom: Configurations from the Content Engine GUI SNMP Version 3 window are not accepted, and core files are generated.

Condition: This occurs when you configure SNMP Version 3 through the Content Engine SNMPv3 window.

Workaround: There is no known workaround.

CSCin59462

Symptom: An FTP client application stops receiving data for a data transfer operation such as a directory listing (ls) or file transfer (GET). The same symptom can occur for FTP-over-HTTP data transfers from the FTP server to the Content Engine.

Condition: For FTP client applications, the Content Engine must be using the FTP proxy through WCCP redirection, configured for following the FTP client's mode for establishing a data connection. The FTP client application must have also been set to use active mode to the FTP server.

ContentEngine(config)# wccp ftp router-list-num number
ContentEngine(config)# wccp version 2 
ContentEngine(config)# ftp proxy active-mode enable 

For FTP-over-HTTP data transfers, the Content Engine must be configured for an FTP incoming proxy and configured for using active mode to the FTP server. The client browser must be configured to use the Content Engine FTP proxy for FTP URLs.

ContentEngine(config)# ftp proxy incoming port
ContentEngine(config)# ftp proxy active-mode enable 

The symptoms can occur with the configurations described above and when the FTP server starts sending data packets that are received out of order by the Content Engine before the Content Engine sends the TCP connection establishment SYN-ACK packet to the FTP server.

Workaround: Remove the Content Engine active mode configuration by issuing the following configuration command:

ContentEngine(config)# no ftp proxy active-mode enable

When this symptom occurs on an FTP client application, press Ctrl-C simultaneously to stop the partial data transfer operation.

When this symptom occurs on a browser configured for FTP-over-HTTP, click the STOP button to stop the partial data transfer operation.

CSCin59581

Symptom: When you have numerous pattern lists configured (ORed together) and you downgrade from ACNS 5.1 software to ACNS 5.0 software, then the first pattern list configuration is used. All other pattern lists are lost.

Condition: This problems occurs when you downgrade from ACNS 5.1 software to ACNS 5.0 software and you have many pattern lists configured (ORed together). If you upgrade from ACNS 5.0 software to ACNS 5.1 software, then the rules are converted properly. If you then downgrade to ACNS 5.0 software (without changing the rules; for example, not using ACNS 5.1 software-specific syntax such as ORing) then there is no problem; all rules are converted properly.

Workaround: There is no known workaround.

CSCin59582

Symptom: When you have numerous pattern lists configured (ORed together) and you downgrade from ACNS 5.1 software to ACNS 4.2 software, then the first pattern list configuration is used. All other pattern lists are lost.

Condition: This occurs when you downgrade from ACNS 5.1 software to ACNS 4.2 software and you have many pattern lists configured (ORed together). If you upgrade from ACNS 4.2 software to ACNS 5.1 software, then the rules are converted properly. If you then downgrade to ACNS 4.2 software (without changing the rules, for example, not using ACNS 5.1 software-specific syntax such as ORing), then there is no problem; all rules are converted properly.

Workaround: There is no known workaround.

CSCin59664

Symptom: IP/TV Program Manager maintains and displays stale files from servers that are not managed anymore. These stale files are maintained in the IP/TV Content Manager database (iptvcmdb) and displayed.

Condition: This problem occurs when the server is not managed by IP/TV Program Manager anymore but stale files are being retained for over a day.

Workaround: Ignore the stale files.

CSCin59781

Symptom: The cache process crashes while passing traffic for both the standard and the dynamic HTTPS service.

Condition: This problem can occur when heavy HTTPS traffic is passing through the Content Engine. Using standard and dynamic WWPC services and having debug enabled when the HTTPS traffic is heavy may contribute to this problem.

Workaround: There is no known workaround. However, the cache process will restart and work normally after such a crash.

CSCin59863

Symptom: You are unable to disable the local Websense server that is running on the Content Engine.

Condition: When you use the no websense-server enable global configuration command to disable the local Websense server, the local Websense still operates and no error message is displayed to indicate that the local Websense server has not been disabled. The show websense-server EXEC command shows that all the Websense server ports are unconfigured in ACNS 4.0 software but the Websense server is still running. The show services ports and show services summary EXEC commands do not list the Websense server ports.

Workaround: Disabling the Websense server means turning off the URL filtering functionality (subject to allow mode configuration). If you cannot disable the local Websense server, you can turn off the Websense client configuration. To turn off URL filtering for the local Websense server, disable the Websense URL filtering client in the Content Engine. Also if the local Websense server was used by some other Websense clients, disable Websense URL filtering on these clients. Alternatively, you can use the reload EXEC command on the Content Engine.

CSCin59907

Symptom: A java.lang.IllegalArgumentException occurs when you click the Refresh button in the IP ACL window of the Content Distribution Manager.

Workaround: Ignore the entries in the log file, because the window functions correctly.

CSCin59915

Symptom: The CPU usage on the Content Engine spikes to 100 percent, and the MMS record consumes more CPU.

Condition: This occurs when WMT is not enabled, HTTP authentication is enabled, content preload has started a MMS record, and there is a proxy between the client and the server. The MMS record goes into an infinite loop when its request is intercepted by a proxy that needs authentication from the client.

Workaround: To recover from excessive CPU usage, disable preloading on the Content Engine so that the MMS record processes created by it are killed. Preloading of WMT content with authentication cannot be done.

CSCin59942

Symptom: The FTP Control Proxy process (ftp_ctlpxy) associated with the FTP proxy quits and then restarts.

Condition: When the FTP proxy on the Content Engine has many FTP sessions open (for example, 40 sessions) and the cache process is intentionally restarted because of a configuration action to enable or disable WMT, then the FTP Control Proxy process unexpectedly quits and restarts.

Workaround: There is no known workaround. However, the symptom may be alleviated if WMT configuration is performed when FTP proxy traffic is low.

CSCin60029

Symptom: When a rule with the redirect action is configured with a URL of 0 and with a matching pattern (no replacing pattern), the cache process crashes if the request matches the pattern.

Condition: This occurs when you configure a numeric value of 0 for the redirected URL (for example, if www.yahoo.com is redirected to 0). If you want the Content Engine to redirect URL x to URL y, then you can configure the rule redirect action. While doing so, you must configure URL x and URL y.

Workaround: There is no known workaround.

CSCin60032

Symptom: With ACNS 5.x software, if rules are configured, the redirect action does not occur in certain configurations.

Condition: This occurs in ACNS 5.0 software and ACNS 5.1 software when the Rules Template is enabled.

Workaround: This is a configuration issue. If your intention is to redirect to the URL http://origin.foo.com, then the redirect value must include the URL scheme (http://). For example, the resultant rule must be rule action redirect http://origin.foo.com pattern-list 1 protocol http.

CSCin60034

Symptom: The cache process is unintentionally restarted because of a problem closing the network endpoint associated with an FTP proxy data transfer.

Condition: This occurs when the FTP proxy is under load with many open sessions and the WCCP feature was disabled through the no wccp version 2 command.

Workaround: There is no known workaround. However, the symptom may be alleviated if the no wccp version 2 command is executed when the FTP proxy is not under load.

CSCin60061

Symptom: The rule redirect global configuration command does not work, and no pages are served to the client.

Condition: This occurs if the rule redirect command is configured with header-field patterns and if the pattern matches.

Workaround: Use the url-regsub pattern instead of the header-field patterns.

CSCin60067

Symptom: The configurable proxy error message download fails when the URL is an HTTPS URL.

Condition: This occurs when the URL that the file is being downloaded from is an HTTPS URL.

Workaround: Use FTP and HTTP URLs.

CSCin60175

Symptom: For URL filtering, the attempt to delete the device HTTP, RTSP, and WMT good and bad site settings through the Content Distribution Manager fails. This may occur when you attempt to remove all device URL filtering settings, or after you disable one or more good and bad site settings (the disabling occurs, but the related file settings persist).

Condition: This problem occurs if the HTTP, RTSP, and WMT good and bad site settings were originally added through the CLI, and the local central management (LCM) feature is enabled on the Content Distribution Manager.

Workaround: First, submit the Content Distribution Manager URL Filter form at least once for the following reasons: (a) no modifications at all (just click Submit), (b) you have modified the other protocol settings, or (c) you have modified the target setting. Second, delete the target settings through the CLI.

CSCin60178

Symptom: A JavaScript error occurs when you try to click the Load Plugin option in the Program Review window or the Play icon in the Program Guide windows.

Condition: This problem occurs only when you are trying to load the IP/TV plug-in in Netscape Navigator 4.7x.

Workaround: Use Internet Explorer or Netscape 7 instead to watch programs through the IP/TV plug-in.

Resolved Caveats - ACNS Software, Release 5.1

CSCdy02581

WCCP bypass did not function properly when bypassing large packets from the client. Therefore, the client never received an acknowledgment from the server for the data sent.

CSCdy89507

When ACNS network users used an external authentication server such as TACACS+, RADIUS, NTLM, or LDAP for authentication, authorization, and accounting of user accounts, the authentication server settings could not be changed.

CSCdz32182

When you tried to add port 8443 for incoming HTTPS proxy requests on a Content Engine using the https proxy incoming 8443 global configuration command, the following message appeared:

Port 8443 is reserved for application the Cdm_UI_http

CSCdz35191

For pre-positioned Windows Media content, if the content was defined in the manifest file to be WMT over HTTP play and if NTLM authentication was enabled from the Content Distribution Manager, the Content Engine failed to handle the authentication with the origin server properly. You were repeatedly prompted for a username and password even though you had already entered the proper username and password.

CSCdz44596

A multicast receiver Content Engine obtained content through unicast before the multicast sender had delivered the content through multicast. This problem occurred when the Content Engine had a parent forwarder that was not the multicast sender and had already received the content.

CSCdz67216

The CLI did not allow you to assign a device group, and it reported only the first Content Engine with insufficient space.

CSCdz74319

You received a DNS failure message when the cache process was unable to resolve the host names presented in the URL.

CSCdz75101

An error alert on the system log page indicated a failure to configure an IP address. The Content Distribution Manager accepted invalid IP addresses entered for the NTLM authentication server.

CSCdz76591

When you attempted to copy a file from the FTP server and install the software release file on the Content Engine, using the copy ftp install {hostname | ip-address} remotefiledir remotefilename command, the following error message appeared:

ruby_upgrade: cannot create lock file 'ruby_upgrade.lck' : Permission denied

CSCdz86310

When you used the CLI commands to configure certain settings for RealProxy, RealServer, or WMT, the following message appeared:

The evaluation has already expired

However, when the same settings were configured using the GUI, no error message was displayed, but an error was recorded in the System Message Log window in the Content Distribution Manager GUI.

CSCea14491

If the server responded with a "100 Continue" message for a POST request from a user, the Content Engine stopped parsing all requests on the connection, and subsequent requests were not handled properly.

CSCea25617

When the disable local login authentication EXEC command was used to disable local authentication, TACACS+ authentication was assumed to have been already enabled, and the CLI allowed users to disable local authentication for login. In this case, you could never log in to the Content Engine, because there were no configured TACACS+ servers and local authentication was also disabled.

CSCea27285

Users could not play live streaming content from a Windows Media Server that was trying to obtain a stream from a Content Engine broadcast station alias.

CSCea27565

The F1 key might not have worked with certain terminal settings to access the BIOS menu. This symptom occurred on either the CE-7305 or the CE-7325 only.

CSCea36192

When you enabled streaming (RTSP, WMT, and the Cisco Streaming Engine) on the Content Engine Network Module from the Content Distribution Manager GUI, some of the streaming configuration settings were lost. This occurred if you performed an upgrade or downgrade of ACNS software after applying the settings.

CSCea43509

The Content Distribution Manager GUI showed that an upgrade on a Content Engine had failed when the upgrade had in fact been successful. However, the CLI on the Content Engine showed the correct upgrade information.

CSCea46917

The Windows Media Player would continue to wait forever to play a media file if the source was a media file that was configured to play in a loop from the Windows Media Server, and if the Content Engine was configured for the unicast-in multicast-out multicast delivery of streaming media.

CSCea59264

When you submitted the changes in the WMT Multicast Stations window in the Content Distribution Manager, the ACNS software displayed an error message.

CSCea60143

When you used the Content Distribution Manager GUI to perform a software upgrade or downgrade, the status was displayed as "update failed" in device listing windows, such as the Content Engines window. This failure occurred when the software upgrade or downgrade encountered an error on the target device.

CSCea88122

After thousands of playlist position changes for a playlist that was scheduled to loop playback continuously or for an extended period, the TV-out service ran out of memory. Interruption in playback occurred, and core files were generated.

CSCea88838

The Content Engine did not accept the DHCP address, and the CMS was not enabled. This resulted in the Content Distribution Manager indicating that the device was inactive.

CSCea89557

The acquirer check-time-for-old-content [channel-id channel_num | channel-name channel_name] EXEC command did not work. The following messages were displayed when the command was used with valid root Content Engine channel ID and names:

ContentEngine# acquirer check-time-for-old-content channel-id 291          
Unable to get the channel information record for channel= 291
This CE is not the root CE for this channel = 291
Failed to check the last modified time in DB 

ContentEngine# acquirer check-time-for-old-content channel-name channeltest
Unable to get the channel information record for channel= 291
This CE is not the root CE for this channel = 291
Failed to check the last modified time in DB 

CSCea90203

When you used the no interface PortChannel global configuration command to disable a nonexistent port channel, a socket write error occurred.

CSCea93249

Installing an upgraded version of ACNS software, Release 5.0.x deleted all content in the existing SmartFilter directory. Therefore, if SmartFilter software had been previously installed for URL filtering, installation of a newer version of ACNS software, Release 5.0.x caused filtering to be disabled.

CSCeb02494

A multi-bit-rate media file, after being preloaded, returned a partial cache hit upon a proxy-style request.

CSCeb07223

When the network experienced significant packet loss, the multicast sender may have sent a few bytes fewer than the actual file size. This caused multicast reception to fail on all receivers.

CSCeb34946

Content Engine AV units were unable to play audio-only files.

CSCeb35954

The show websense-server EXEC command showed the number of licensed users as zero.

CSCeb37567

Unicast distribution was temporarily interrupted. This occurred when there was no multicast sender configured at the beginning of distribution.

CSCeb48853

Services did not start in the ACNS software, and no message was displayed.

CSCeb49014

All content was deleted when a new root Content Engine was selected or the old root Content Engine went offline and a temporary root Content Engine was selected, and if the channel was using a crawl job to acquire content.

CSCeb56333

An SNMP query to the ccmHistoryEventTable on a Content Engine returned Management Information Base (MIB) instances with a fixed index. According to the CISCO-CONTENT-ENGINE-MIB definition, each new event stored in this table should have been assigned a progressive unique index.

CSCeb60677

The Content Engine loaded HTTP pages very slowly for certain websites. This symptom occurred when Internet Explorer accessed any website that required a Windows Media Player upgrade. While loading the site, Internet Explorer tried to access http://codecs.microsoft.com and http://activex.microsoft.com to upgrade Windows Media Player, resulting in slow loading of the web page.

CSCeb77349

When a Content Engine was configured for RADIUS authorization, the Content Engine sent two distinct access requests to the AAA server. The second access request was identical to the first, except for the RADIUS ID. This caused problems with One-Time-Password (OTP) servers, which did not accept the second request (carrying an identical password to the first one), and sent back an access reject response, causing the Content Engine to deny access to the user.

CSCeb79059

The new format of the syslog messages in the ACNS 5.1 software release is compatible with IOS syslog messages and CiscoWorks 2000 (CW2K) syslog messages. Consequently, the logging cw2k global configuration command was removed from the set of ACNS 5.1 CLI commands because it is no longer needed in the ACNS 5.1 release.

CSCec21671

The Content Engine GUI loaded slowly, and some images on the GUI did not load. This problem occurred when TACACS+ was enabled as the primary authentication method for login and configuration access to the Content Engine.

CSCec24833

When reverse DNS lookup failed, the ACNS software could not serve pre-positioned content to WMT Player Version 6 or Version 9. The reverse DNS lookup code was removed from the ACNS 5.1 software, which solved this problem.

CSCec26282

Users could not go to websites by using the PAC file that contained the nearest_proxies macro.

CSCec31432

The transaction log showed a cache miss for Range requests to pre-positioned content. This problem occurred when a request for pre-positioned content contained HTTP Range headers.

CSCed56585

When a single-bit-rate file was played back in WMT Player Version 9 and HTTP was used for playback, the fast forward and rewind functions did not work properly. Consequently, you had to manually disable HTTP as the client protocol (by entering the wmt disallowed-client-protocols HTTP global configuration command) to force the player to automatically roll over to the MMS protocol for playback. Because this problem has been resolved, you can now use WMT Player Version 9 to play back streamed multi-bit-rate encoded content properly.

CSCec78732

LDAP authentication occasionally experienced long delays, and users would see several prompts before they were authenticated.

CSCin14344

No CLI command was available in ACNS software, Release 5.0 and later releases to clear WCCP generic routing encapsulation (GRE) packet-related information. Although a CLI command (show wccp gre EXEC command) was available to display the WCCP GRE counters, there was no CLI command currently available to clear them.

CSCin19219

Any changes in the Content Engine DNS cache configuration did not take effect immediately. This situation occurred when you used the dns listen and dns pin global configuration commands to configure an IP address and port number to listen for requests and map the IP addresses to their corresponding host names.

CSCin28274

Under certain conditions, if the user configured one valid and one invalid FTP server for exporting transaction logs, the show statistics transaction-logs EXEC command displayed the entry for the valid FTP server twice. As a result of the duplicate entry, the counters were not correspondingly incremented with the number of files that were exported through FTP.

CSCin30153

The client did not receive a requested object if the Websense server was not reachable or if the Websense server timeout value was greater than the configured default timeout value.

CSCin35914

The Software Update File Registration window in the Content Distribution Manager displayed the following error message for a valid meta file URL:

Transaction not completed
sun.net.ftp.FtpProtoclException:port

This occurred when the Content Distribution Manager host name contained numeric values.

CSCin41994

If the cdnfs browse EXEC command was used and the filename or the directory name of pre-positioned content contained a space, the command did not display the information contained in the file, nor did it browse through the cdnfs files and directories.

CSCin42531

In the Bandwidth Setting for the Device Groups window, when you tried to navigate to any window using the pagination counter at the bottom of the window, an error message appeared.

Documentation Updates

This section describes documentation updates.

TACACS+ Enable Password Attribute

Pre-Positioned Content

Configuration Requirements for Managed Live Events

cdn-url Attribute Description

Multicast Sender Interoperability

FTP Caching Support

Group-Type Patterns in Rule Pattern Lists

SmartFilter Software and the rule action no-auth Command Rule Interaction

Bandwidth Configuration for Interfaces and Content Services

pace Command

pre-load Command

NTLM Preload Support

show statistics icap Command

Default Port of the Content Engine GUI

Playing Nonhinted IP/TV On-Demand Programs over an ACNS Network

Restriction on IP/TV Program Manager Configuration

TACACS+ Enable Password Attribute

This documentation update applies to the following three ACNS Release 5.1 software guides:

Cisco ACNS Software Deployment and Configuration Guide, Release 5.1

Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1

Cisco ACNS Software Command Reference, Release 5.1

The ACNS software CLI EXEC mode is used for setting, viewing, and testing system operations. It is divided into two access levels, user and privileged. To access privileged-level EXEC mode, enter the enable EXEC command at the user access level prompt and specify a privileged EXEC password (superuser or admin-equivalent password) when prompted for a password.

In TACACS+ there is an "enable password" feature that allows an administrator to define a different enable password for each user. If an ACNS user logs in to the Content Engine with a normal user account (privilege level of 0) instead of an admin or admin-equivalent user account (privilege level of 15), the user must enter the admin password in order to access privileged-level EXEC mode.

ContentEngine> enable

Password:

This caveat applies even if these ACNS users are using TACACS+ for login authentication.

Pre-Positioned Content

This documentation update applies to the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.

In ACNS 5.1.x software earlier than Release 5.1.5, pre-positioned content is served only on ports that are standard for the protocol. If the incoming URL contains a port number other than the standard port for that protocol (for example, HTTP uses port 80, RTSP uses port 554, and WMT uses port 1755), then the Content Engine does not attempt to serve the content from the pre-positioned file system (cdnfs). Instead, the Content Engine tries to serve the content from the cache file system (cfs) or tries to fetch the content from the origin server, depending on the existing configuration of the Content Engine.

In ACNS software, Release 5.1.5, the ignoreOriginPort attribute was added to support the playback of pre-positioned content using nonstandard ports. The ignoreOriginPort attribute controls content playback and allows the use of nonstandard ports to play back pre-positioned content. In releases of ACNS software prior to Release 5.1.5, playback of pre-positioned content using nonstandard ports was not supported.

The ignoreOriginPort attribute is supported under the following tags in the manifest file:

<options> tag

<item> tag

<crawler> tag

<item-group> tag

The ignoreOriginPort attribute is optional. Valid values for the ignoreOriginPort attribute are true or false. The default is false. In the following example, the ignoreOriginPort attribute is specified in the <item> tag and is set to true.

<item scr="<http//10.77.155.211/abc.html>http//10.77.155.211/abc.html" 
ignoreOriginPort="true" />

If an item is acquired with the attribute set to true (ignoreOriginPort=true), then the content is played back even if the incoming URL that was used to request the content contains a nonstandard port. For example, if content is acquired as:

<http//www.foo.com/abcd.xml>http//www.foo.com/abcd.xml

then the content can be played back as:

<http//www.foo.comXXXX/abcd.xml>http//www.foo.comXXXX/abcd.xml

where XXXX is the port number.

For more information about using a manifest file to acquire and distribute content in an ACNS 5.1 network, refer to Chapter 7, "Creating Manifest Files," in the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.

Configuration Requirements for Managed Live Events

This documentation update applies to the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.

If you have channels for live programs configured in your ACNS 5.1 network, make sure that there are no external proxy servers physically located between your ACNS 5.1 receiver Content Engines and your ACNS 5.1 root Content Engine that require proxy authentication. Also, make sure that proxy authentication is not enabled on any receiver Content Engines that might be in the logical, hierarchical path between the root Content Engine and the receiver Content Engine that is going to serve the live stream to the requesting clients. If a live stream encounters any device that requires proxy authentication, the stream will be dropped before it reaches its destination.

If your network is set up with intermediary devices that require proxy authentication, you can work around the problem by configuring rules to bypass authentication on these devices.

For example, to enable the formation of a unicast splitting tree and, in turn, enable live broadcasting from all receiver Content Engines, you can specify the following rule on all of the parent Content Engines in the channel:

ContentEngine(config)# rule pattern-list 1 downstream-CE-ipaddress 
ContentEngine(config)# rule no-auth pattern-list 1

cdn-url Attribute Description

This documentation update applies to the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.

With ACNS software, you can use cdn-url as an optional attribute of distributed content. This option only works when the media is pre-positioned on the Content Engine and the origin server does not have to be contacted for any reason to fulfill the request. You cannot use the cdn-url attribute if the origin server needs to be contacted to fulfill the request, for example, in such situations as the following:

Authenticated requests for pre-positioned content

Redirection to an origin server (for example, if the pre-positioning is incomplete)

Live streaming and splitting


Note Do not use the cdn-url attribute in the specified situations.


On page 7-44, replace the bulleted item under the "Item" section with the following.

cdn-url

The cdn-url attribute is optional and is used when content needs to be acquired from one URL (the content acquisition URL) and published using another URL (the publishing URL). The cdn-url attribute is the relative ACNS network URL that end users use to access this content. If no cdn-url attribute is specified, then the src attribute is used as the relative ACNS network URL.

In the following sample manifest file, the content item being acquired contains the file path /RemAdmin/InternalReview/firstpage.htm. By specifying a new file path (RemAdmin/Production/firstpage.htm) using the cdn-url attribute, the publishing URL disguises the fact that the content originated from an internal review.

<CdnManifest>
<server name="ultra-server">
	<host name="http://ultra-server" />
</server>
<item src="RemAdmin/InternalReview/firstpage.htm" 
cdn-url="RemAdmin/Production/firstpage.htm" />
</CdnManifest>

In the preceding example, src is the content acquisition URL and cdn-url is the publishing URL.


Note The content item file path (RemAdmin/InternalReview/firstpage.htm) is controlled by the manifest file. The cdn-url attribute associates a file path with the content item in the manifest file. The manifest file allows the file path for the cdn-url attribute to be specified independently of the file path from which the content items are to be acquired from the origin server (src attribute), allowing the publishing URL to differ from the content acquisition URL. (Refer to the "Generate the Publishing URL" section on page 6-9 in the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.)


If the content is live or requires playback authentication, the origin server from which the content is acquired must be contacted. Therefore, two URLs must exist for the same content item, and the URL specified in the cdn-url attribute must exist on the origin server at all times.

For example, if the content item "RemAdmin/Production/firstpage.htm" requires playback authentication, this content must exist on the "ultra-server" origin server. Otherwise, pre-positioned content playback will fail.

In general, you should not use the cdn-url, cdnPrefix, or srcPrefix attributes if playback authentication is required or if the content is live.

If you use FTP to acquire content and the content type is not specified in the manifest file and the cdn-url attribute is used to alter your publishing URL, the cdn-url attribute must have the correct file path extension (for example, .jpg). Otherwise, the incorrect content type will be generated and you cannot play the content.

The following example correctly shows the publishing URL with the same file path extension (.jpg) as that of the origin server URL.

<item src="ftp://ftp-server.abc.com/pictures/pic.jpg"  cdn-url="pic.jpg" />

The following example is incorrectly written, because it does not specify the file path extension (.jpg) in the cdn-url attribute.

<item src="ftp://ftp-server.abc.com/pictures/pic.jpg"  cdn-url="pic" />

Multicast Sender Interoperability

This documentation update applies to the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1. The following is additional information regarding multicast sender interoperability.

Condition 1: The ACNS network is set up for multicast distribution with Content Engines subscribed to multicast-enabled channels. Multicast sender and receiver Content Engines are running mixed versions of ACNS software. All Content Engines have been successfully enabled for multicasting. The Content Distribution Manager is running ACNS 5.1.x software.

Symptom:

Only senders running ACNS 5.1.x software support failover to a backup sender. Only receivers running ACNS 5.1.x software can send negative acknowledgements (NACKs).

If both the primary sender and the backup sender are actively sending the same file, the receiver Content Engine locks out one of the two and receives one copy of the file from the first sender.


Note Cases 1 through 6 assume that you are using a Content Distribution Manager that is running ACNS 5.1.x software.


Case 1: The primary sender is using an ACNS software release earlier than ACNS 5.1.x. The backup sender is using ACNS 5.1.x software, as is the receiver.

The backup sender considers the primary sender inactive and becomes active after the configured failover period.

The primary sender periodically sends multicast files as configured in the carousel pass and multicast-out bandwidth settings.

The receiver tries to send a NACK to the primary sender, but receives NACK failures and begins sending NACKs to the backup sender. The backup sender responds to the NACK.

Case 2: Both the primary sender and the backup sender are using ACNS 5.1.x software. The receiver is using an ACNS software release earlier than ACNS Release 5.1.x.

Failover works between the primary and backup senders, but neither the primary sender nor the backup sender ever receives a NACK response from the receiver.

The primary sender sends out the first carousel pass for content without the need for a NACK, so the receiver might be able to obtain content if it joins the group promptly. If it does not, the receiver is not able to obtain content.

Case 3: Both the primary sender and the receiver are using an ACNS software release earlier than ACNS Release 5.1.x. The backup sender is using ACNS 5.1 software.

The backup sender considers the primary sender inactive and becomes active after the configured failover grace period. The backup sender continues to wait for a NACK response from the receiver before sending the multicast, but the receiver is unable to send a NACK.

The primary sender periodically sends multicast files as configured in the carousel pass and multicast-out bandwidth settings.

The receiver should be able to obtain content from the primary sender.

Condition 2: Although you may have received a warning message from the Content Distribution Manager, you can still configure a Content Engine as a backup sender if the Content Engine is registered with a Content Distribution Manager running ACNS 5.1.x software and the Content Engine is running ACNS software earlier than ACNS Release 5.1.x. Cases 4 through 6 discuss the backup sender operating under these conditions.

Symptom: The Content Distribution Manager does not send related configuration information and configuration changes to the Content Engine running the earlier software version. This results in the the Content Engine not being able to identify itself as the multicast backup sender. This scenario might also occur if a backup sender using ACNS 5.1.x software is downgraded to an earlier software version through the Content Engine CLI.

Case 4: Both the primary sender and the backup sender are using an ACNS software release earlier than ACNS Release 5.1.x. The receiver is running ACNS 5.1 software.

The receiver alternates attempts to send NACKs between the primary sender and the backup sender but is unsuccessful.

The primary sender periodically sends multicast files as configured in the carousel and multicast-out bandwidth settings.

Case 5: The primary sender and the receiver are using ACNS 5.1 software. The backup sender is using an ACNS software release earlier than ACNS Release 5.1.x.

The primary sender considers the backup sender inactive after the configured failover grace period.

The receiver can successfully send NACKs only to the primary sender. If the primary sender fails, the receiver sends the NACKs to the backup sender, and when it receives a NACK failure as expected, the receiver retries the primary sender. The receiver alternates sending NACKs between the senders until the primary sender becomes active again.

Case 6: The primary sender is using ACNS 5.1.x software. Both the backup sender and the receiver are using an ACNS software release earlier than ACNS Release 5.1.x.

The primary sender considers the backup sender inactive and becomes active after the configured failover grace period. The primary sender sends the first carousel pass of content without needing to receive a NACK. The primary sender then waits for the receiver's NACK to trigger further carousel passes if more than one carousel pass is configured.

The receiver never sends a NACK to the primary sender or the backup sender.

Condition 3: The Content Distribution Manager is using an ACNS software release earlier than ACNS Release 5.1.x. In software releases earlier than ACNS Release 5.1.x, only one sender is configurable for each multicast cloud.

Case 7: The sender is using ACNS 5.1.x software. The receiver is using a software release earlier than ACNS Release 5.1.x.

The sender behaves like a primary sender running ACNS 5.1.x software. That is, it sends the first round of content without requiring a NACK to trigger the carousel pass. However, the sender is unable to continue making carousel passes because the receiver is unable to send NACKs.

Case 8: Both the sender and the receiver are using ACNS 5.1.x software.

The sender is able to perform carousel passes and the receiver is able to send NACKs for missing content; however, there is no support for a backup sender or for configuring the NACK interval multiplier.

Case 9: The sender is using an ACNS software release earlier than ACNS Release 5.1.x. The receiver is using ACNS 5.1.x software.

The sender periodically sends multicast files as configured in the carousel pass and multicast-out bandwidth settings so that the receiver can obtain content.

The receiver tries to send NACKs to the sender but continually fails and retries.

Workaround for Cases 1 through 9: Upgrade both senders and receivers to ACNS 5.1.x software. Upgrade the sender first, and then upgrade the receivers.

Workarounds for Case 7 only:

Use the distribution multicast resend EXEC command on the sender Content Engine to trigger a multicast carousel pass manually.

Upgrade both senders and receivers to ACNS 5.1.x software. Upgrade the sender first, and then upgrade the receivers.

FTP Caching Support

This documentation update applies to the following three ACNS 5.1 software guides unless otherwise stated:

Cisco ACNS Software Deployment and Configuration Guide, Release 5.1

Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1

Cisco ACNS Software Command Reference, Release 5.1

A Content Engine that is running ACNS 5.1 software can be configured for FTP caching in either of the following two usage modes:

FTP-over-HTTP mode. The Content Engine (nontransparent proxy server) caches the contents of the specified FTP URLs that are sent to it directly by clients that are using the HTTP protocol. This allows users to use their browsers (HTTP protocol) to access files (to send and receive files) on remote FTP servers.

Native FTP mode. The Content Engine (transparent proxy server) caches the contents of the FTP requests that are sent from clients in the native FTP protocol.

In both of these usage modes, the Content Engine uses the FTP protocol to retrieve and locally cache the content of the FTP requests. These two usage modes differ in the protocol used by the client to issue the FTP request. In FTP-over-HTTP mode, clients use their browsers (the HTTP protocol) to issue FTP requests. In native FTP mode, clients use the native FTP protocol to issue FTP requests, as shown in the following example:

ContentEngine# ftp server.cisco.com


Note In ACNS 5.1 software, native FTP caching is only supported in transparent proxy mode; it is not supported in nontransparent proxy mode. In ACNS 5.1 software, transparent redirection of FTP requests is supported only by WCCP Version 2; transparent redirection through a Layer 4 switch is not supported.

Native FTP requests are logged in the HTTP transaction log on the Content Engine.


FTP-over-HTTP Caching Support

The ACNS 5.1 software supports proxying and caching of FTP URL client requests using proxy-mode HTTP requests when URLs specify the FTP protocol (for example, ftp://ftp.mycompany.com/ftpdir/ftp_file). For instance, the following is an example of an FTP-over-HTTP request that allows the end user to use a browser to access public files from an FTP server:

ftp://ftp.funet.fi/pub/cbm/crossplatform/converters/unix/

For these requests, the client uses HTTP as the transport protocol with the Content Engine, whereas the Content Engine uses FTP with the FTP server. When the Content Engine receives an FTP request from the web client, it first looks in its cache. If the object is not in its cache, it fetches the object from an upstream FTP proxy server (if one is configured), or directly from the origin FTP server.

The FTP proxy supports anonymous as well as authenticated FTP requests. Only base64 encoding is supported for authentication. The FTP proxy accepts all FTP URL schemes defined in RFC 1738. In the case of a URL in the form ftp://user@site/dir/file, the proxy sends back an authentication failure reply and the browser supplies a popup window for the user to enter login information.

The FTP proxy supports commonly used MIME types, attaches the corresponding header to the client, chooses the appropriate transfer type (binary or ASCII), and enables the browser to open the FTP file with the configured application. For unknown file types, the proxy uses binary transfer as the default and instructs the browser to save the downloaded file instead of opening it. The FTP proxy returns a formatted directory listing to the client if the FTP server replies with a known format directory listing. The formatted directory listing has full information about the file or directory and provides the ability for users to choose the download transfer type.

Native FTP Caching Support

On page 2-8 of the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1, and on page 2-120 ("Usage Guidelines") of the Cisco ACNS Software Command Reference, Release 5.1 publication, replace the information about native FTP caching with the following information.

The Content Engine operating as an FTP proxy supports passive and active mode for fetching files and directories. In native FTP caching mode, if the ftp proxy active-mode enable global configuration command is used, then the Content Engine uses the same mode with the FTP server for the data connection as the client used to reach the Content Engine, which can be either active or passive. If the ftp proxy active-mode enable command is not used, the Content Engine uses passive mode with the FTP server for the data connection.

As the following partial output of the show ftp command shows, if you have used the ftp proxy active-mode enable command, the Content Engine (the nontransparent proxy server that is functioning as a native FTP proxy server) adheres to the client's mode (active or passive):

The Content Engine (the native FTP proxy server) performs an active-mode data transfer to or from the FTP server if the FTP client issues an active-mode data transfer request.

The Content Engine performs a passive-mode data transfer to or from the FTP server if the FTP client issues a passive-mode data transfer request.

ContentEngine# show ftp

FTP Configuration
-----------------

WCCP FTP service status:                 ENABLED
Maximum size of a FTP cacheable object:  204800 KBytes
FTP data connection mode with Server:    Adhere to Client's mode (active or passive)

Note that the format of the URL that the Content Engine (nontransparent proxy server that is functioning as a native FTP proxy server) creates for a native FTP request depends on the FTP login name and the transfer mode (binary or ACSII file transfer mode).

If the FTP login name is an actual username instead of "anonymous," then the string "*user*:*password*@" is included in the URL before the host.

If the mode used to transfer the file is binary mode, then the string ";type=i" is included at the end of the URL. The following is an example of the URL format that the Content Engine creates for a specific user when binary mode is being used.

ftp://*user*:*password*@10.100.200.5/home/myhome/mybinfile.obj;type=i

The URL for an "anonymous" user login and an ACSII file transfer mode will not have any fields embedded in the URL, as shown in the following example:

ftp://10.100.200.5/home/myhome/mytextfile.txt

The following two examples demonstrate the use of native FTP with a Content Engine. In the first example, the user logs in with an actual username name ("huff") and is able to retrieve the requested file (test.c) from the FTP server. Note that in this case, the current directory for the user named "huff" is "/home/huff."

ContentEngine# ftp server.cisco.com
Connected to server.cisco.com.
220 server.cisco.com FTP server (Version wu-2.6.0(1) Mon Feb 28 10:30:36 EST 2000) ready.
Name (server:huff): huff
331 Password required for myserver.
Password:
230 User huff logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/home/huff" is current directory.
ftp> get /tmp/test.c
200 PORT command successful.
150 Opening BINARY mode data connection for /tmp/test.c (645 bytes).
226 Transfer complete.
645 bytes received in 0.00077 seconds (8.2e+02 Kbytes/s)
ftp> quit
ContentEngine#

In the second example (shown below), the user logs in as an anonymous user and cannot retrieve the requested file (test.c) because the file is not located in the document root directory of the FTP server ("/"), which is the current directory for any anonymous user.

ContentEngine# ftp server.cisco.com
Connected to server.cisco.com.
220 server.cisco.com FTP server (Version wu-2.6.0(1) Mon Feb 28 10:30:36 EST 2000) ready.
Name (server:huff): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password: test@cisco.com
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
ftp>
ftp> passive
Passive mode on
ftp> get
(remote-file) /tmp/test.c
(local-file) test.c
local: test.c remote: /tmp/test.c
227 Entering Passive Mode (172.31.255.255)
550 /tmp/test.c: No such file or directory.
ftp>
ContentEngine#

In ACNS 5.1 software, the wccp ftp router-list-number and wccp ftp mask global configuration commands were added to support native FTP caching on a Content Engine that is operating in transparent proxy mode.

The wccp ftp command is used to configure the WCCP interception of FTP protocol traffic from FTP clients to FTP servers.

ContentEngine(config)# wccp ftp ?
  mask             Specify mask used for CE assignment
  router-list-num  Router list number
ContentEngine(config)# wccp ftp mask ?
  dst-ip-mask      Specify sub-mask used in packet destination-IP address
  src-ip-mask      Specify sub-mask used in packet source-IP address
ContentEngine(config)# wccp ftp router-list-num ?
  <1-8>            Router List Number

The following example shows how to configure native FTP caching on a WCCP Version 2 router:

1. Turn on native FTP caching. The service group number for this service is 60.

Router(config)# ip wccp 60

2. Specify an interface on which the native FTP caching service will run.

Router(config)# interface type number

3. Configure the router to use the outbound interface for the FTP caching service.

Router(config-if)# ip wccp 60 redirect out

The associated show wccp services EXEC command was modified in ACNS software, Release 5.1 to show the configuration information associated with the FTP proxy.

ContentEngine# show wccp services 
Services configured on this Content Engine
        Web Cache
        Custom Web Cache
        FTP Cache
        RTSP

The show wccp modules EXEC command was modified in ACNS software, Release 5.1 to include an entry for the FTP caching service:

ContentEngine# show wccp modules 

Modules registered with WCCP on this Content Engine

Module	Socket	Expire(sec)	Name	Supported Services
------	------	-----------	---------------	------------------
5	6	3	FTP Proxy	FTP Cache

1	7	3	RTSP Proxy	RTSP

0	8	3	HTTP Proxy	Web Cache
	Reverse Proxy
	Custom Web Cache
	WCCPv2 Service 90
	WCCPv2 Service 91
	WCCPv2 Service 92
	WCCPv2 Service 93
	WCCPv2 Service 94
	WCCPv2 Service 95
	WCCPv2 Service 96
	WCCPv2 Service 97

ContentEngine# show wccp masks ?
  custom-web-cache  Custom web caching service
  ftp               FTP Proxy caching service
  reverse-proxy     Reverse Proxy web caching service
  rtsp              Media caching service
  web-cache         Standard web caching service

For more information about these commands, refer to the Cisco ACNS Software Command Reference, Release 5.1.

Restrictions Regarding Native FTP Caching in ACNS 5.1 and 5.1.x Software

Restrictions regarding native FTP caching support in ACNS 5.1 and 5.1.x software are:

Maximum FTP object size of 200 megabytes

No support for bandwidth control for FTP client requests and FTP server pulls

No support for the Type of Service (ToS) bit for FTP client requests

No support for pre-positioned files in the cdnfs

No support for the Internet Content Adaptation Protocol (ICAP)

No support for nontransparent proxy

No support for proxy authentication

No support for the Internet Cache Protocol (ICP)

No support for healing mode

No support for Layer 4 switch FTP redirection

No support for FTP request proxy rules

No support for MIN-TTL and AGING-HEURISTIC-TTL cache control knob configurations

No support for any URL filtering schemes (good list, bad list, N2H2, Websense, and SmartFilter)

No support for caching files from a Macintosh FTP server

No support for "offline" operation for the FTP proxy server

FTP Caching Support in the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1

Updates to the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1 regarding FTP caching support are:

On page 2-7, in the "FTP and Caching" section, the information about configuring FTP incoming ports and the Rules Template only applies to FTP-over-HTTP caching. It does not apply to native FTP caching.

In the "FTP Proxy Configuration Examples" section on page 5-12, the examples of how to use the ftp proxy global configuration commands only apply to a Content Engine that is operating in FTP-over-HTTP mode. The ftp object max-size command applies to Content Engines that are operating in either FTP-over-HTTP mode or native FTP mode.

The "Configuring FTP Connection Settings Using the Content Engine GUI" section on page 10-2 applies only to FTP-over-HTTP caching for nontransparent proxy mode. The FTP inbound and outbound proxy configuration apply only to FTP URLs over HTTP (FTP-over-HTTP).

In the "Configuring FTP Connection Settings Using CLI Commands" section on page 10-3, the ftp proxy incoming and ftp proxy outgoing global configuration commands apply only to FTP-over-HTTP caching.

The ftp proxy active-mode global configuration command applies to FTP (native FTP) caching as well as to FTP-over-HTTP caching.

In FTP-over HTTP caching mode, if the ftp proxy active-mode global configuration command is used, the Content Engine first attempts to use active mode with the FTP server for the data connection. If the active mode fails, the Content Engine attempts to use passive mode for the data connection. If this command is not configured, the Content Engine first attempts to use passive mode with the FTP server for the data connection, and then automatically switches to active mode if passive mode is not supported by the FTP server.

In native FTP caching mode, if the ftp proxy active-mode command is used, then the Content Engine uses the same mode with the FTP server for the data connection as the client used to reach the Content Engine, which can be either active or passive. If this command is not configured, the Content Engine uses passive mode with the FTP server for the data connection.

In the "Setting FTP Cache Freshness" section on pages 10-4 through 10-7, the ftp object max-size global configuration command is the only mentioned command that applies to both native FTP caching and FTP-over-HTTP caching. All of the other mentioned commands (for example, the ftp age-multiplier command, the ftp max-ttl command, the ftp object command, the ftp proxy command, the ftp reval-each-request command, and the ftp min-ttl command) apply only to FTP-over-HTTP caching.

On page 10-7, replace the sample output of the show ftp EXEC command with the following sample output. The following example shows that the output of the show ftp command differentiates between the configuration that is applicable to FTP-over-HTTP client requests and the one that applies to FTP (native FTP) client requests:

ContentEngine# show ftp
FTP over HTTP Configuration
---------------------------

FTP heuristic age-multipliers: directory-listing 30% file 60%
Maximum time to live in days: directory-listing 3 file 7
Minimum time to live for all objects in minutes: 30
Incoming Proxy-Mode:
  Configured Proxy mode FTP connections on ports: 80 8080 
Outgoing Proxy-Mode:
  Not using outgoing proxy mode.
Active mode of FTP transfer is enabled
Maximum size of a FTP cacheable object is 204800 KBytes
No object is revalidated on each request

FTP Configuration
-----------------

WCCP FTP service status:                 ENABLED
Maximum size of a FTP cacheable object:  204800 KBytes
FTP data connection mode with Server:    Adhere to Client's mode (active or passive)

On page C-4, replace the WCCP Service Groups table with the following table that has the WCCP FTP caching service (service group number 60) added to it. You can configure a router that is running WCCP Version 2 to run any of the cache-related services listed in the following table. WCCP Version 1 routers support only the web cache service (service group 0).

Service Group Number
Description of Services

0

Web caching

53

DNS caching

60

FTP caching

80

RTSP

81

MMST

82

MMSU

90-97

User-configurable

98

Custom web caching

99

Reverse proxy web caching


On page C-9, add native FTP caching to the list of services that you can configure on a router that is running WCCP Version 2. The following is an example of how to configure native FTP caching on a router running WCCP Version 2.

1. Turn on native FTP caching. The service group number for this service is 60.

Router(config)# ip wccp 60

2. Specify an interface on which the native FTP caching service will run.

Router(config)# interface type number

3. Configure the router to use the outbound interface for the native FTP caching service.

Router(config-if)# ip wccp 60 redirect out

FTP Caching Support in the Cisco ACNS Software Command Reference, Release 5.1 Publication

Updates to the Cisco ACNS Software Command Reference, Release 5.1 publication regarding FTP caching support are:

On pages 2-118 through 2-119, replace the syntax description of the options for the ftp global configuration command with the following revised description that indicates whether an option applies to FTP-over-HTTP caching only (FTP-over-HTTP only), or both native FTP caching and FTP-over-HTTP caching (FTP and FTP-over-HTTP):

age-multiplier

FTP caching heuristic modifiers. (FTP-over-HTTP only)

max-ttl

Sets the maximum Time To Live for objects in the cache. (FTP-over-HTTP only)

min-ttl

Sets the minimum Time To Live for FTP objects in the cache.
(FTP-over-HTTP only)

object

Sets the configuration of FTP objects. (FTP and FTP-over-HTTP)

max-size

Sets the maximum size of a cacheable object. (FTP and FTP-over-HTTP)

proxy

Sets the proxy configuration parameters. (FTP and FTP-over-HTTP)

active-mode

Configures the FTP mode for establishing the data connection. (FTP and FTP-over-HTTP)

anonymous-pswd

Sets the anonymous password string (for example, wwwuser@cisco.com). (FTP-over-HTTP only)

incoming

Sets the incoming port for proxy-mode requests. (FTP-over-HTTP only)

outgoing

Sets the parameters to direct outgoing FTP requests to another proxy server. (FTP-over-HTTP only)

reval-each-request

Sets the scope of revalidation for every request. (FTP-over-HTTP only)


On page 2-120, note the following new usage guideline regarding the ftp proxy active-mode global configuration command.

The ftp proxy active-mode command applies to FTP (native FTP) caching as well as FTP-over-HTTP caching.

In FTP-over-HTTP caching mode, if the ftp proxy active-mode global configuration command is used, the Content Engine first attempts to use active mode with the FTP server for the data connection. If the active mode fails, the Content Engine attempts to use passive mode for the data connection. If this command is not used, the Content Engine first attempts to use passive mode with the FTP server for the data connection, and then automatically switches to active mode if passive mode is not supported by the FTP server.

In native FTP caching mode, if this command is used, then the Content Engine uses the same mode with the FTP server for the data connection as the client used to the Content Engine, which can be either active or passive. If this command is not used, the Content Engine uses passive mode with the FTP server for the data connection.

On page 2-121, the examples of how to use the ftp proxy global configuration commands apply only to a Content Engine that is operating in FTP-over-HTTP mode. The ftp object max-size global configuration command applies to Content Engines that are operating in either FTP-over-HTTP mode or native FTP mode.

On page 2-331, replace the sample output of the show ftp EXEC command with the following sample output. As the following example shows, the output of the show ftp command differentiates between the configuration that is applicable to FTP-over-HTTP client requests and that for FTP (native FTP) client requests:

ContentEngine# show ftp
FTP over HTTP Configuration
---------------------------

FTP heuristic age-multipliers: directory-listing 30% file 60%
Maximum time to live in days: directory-listing 3 file 7
Minimum time to live for all objects in minutes: 30
Incoming Proxy-Mode:
  Configured Proxy mode FTP connections on ports: 80 8080 
Outgoing Proxy-Mode:
  Not using outgoing proxy mode.
Active mode of FTP transfer is enabled
Maximum size of a FTP cacheable object is 204800 KBytes
No object is revalidated on each request

FTP Configuration
-----------------

WCCP FTP service status:                 ENABLED
Maximum size of a FTP cacheable object:  204800 KBytes
FTP data connection mode with Server:    Adhere to Client's mode (active or passive)

On page 2-469, replace the sample output of the show wccp services EXEC command with the following:

ContentEngine# show wccp services 
Services configured on this Content Engine
        Web Cache
        Custom Web Cache
        FTP Cache
        RTSP

On page 2-469, replace the partial output from the show wccp routers EXEC command with the following:

ContentEngine# show wccp routers
Router Information for Service: FTP Cache
        Routers Configured and Seeing this Content Engine(1)
                Router Id        Sent To        Recv ID
                0.0.0.0         10.1.94.1       00000000
        Routers not Seeing this Content Engine
                10.1.94.1
        Routers Notified of but not Configured
                -NONE-
        Multicast Addresses Configured
                -NONE-

In ACNS 5.1 software, the debug ftp-proxy EXEC command was added. On page 2-88 of the Cisco ACNS Software Command Reference, Release 5.1 publication, add the following options to the debug command options table:

ftp-proxy

Debugs the native FTP functions (includes such functions as fetching and caching files from an FTP server, posting files to an FTP server, and performing directory listings on an FTP server).

all

Debugs all native FTP functions.

cache

Debugs the cache proxy that is used for native FTP caching (the cache proxy resides on the Content Engine that is operating in nontransparent proxy mode to support native FTP requests).

client

Debugs the native FTP client. In native FTP mode, clients use the native FTP protocol to issue FTP requests, as shown in the following example:

ContentEngine# ftp server.cisco.com

control-proxy

Debugs the control proxy that is used for native FTP caching (the control proxy resides on the Content Engine that is operating in nontransparent proxy mode to support native FTP requests).

parser

Debugs the parser that is used for native FTP caching.

proxy-comm

Debugs the proxy communications used for native FTP functions.

server

Debugs the native FTP server.



Note All of the output of the debug ftp-proxy command is written to the file /local1/errorlog/ftp-ctlproxy-errorlog.current with the following exceptions. The output of the debug ftp-proxy cache command and portions of the debug ftp-proxy proxy-comm command output are written to the syslog at debug priority level.


On page 2-88 of the Cisco ACNS Software Command Reference, Release 5.1 publication, replace the description of the debug ftp EXEC command with the following:

ftp

Debugs the FTP functions for FTP-over-HTTP requests (includes fetching and caching files from an FTP server).

all

Debugs all FTP functions for FTP-over-HTTP requests.

cache

Debugs the FTP cache (the Content Engine that is operating in nontransparent proxy mode to cache the contents of the FTP-over-HTTP requests).

client

Debugs the FTP client (end users who are issuing the FTP-over-HTTP request from their browsers).

server

Debugs the FTP server (for FTP-over-HTTP requests).


Group-Type Patterns in Rule Pattern Lists

A group-type pattern is one of the types of rule patterns that you can add to a pattern list. The default operation for the group-type pattern is an OR operation.

In the "List of Rule Patterns" section on page 14-4 of the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1, replace the syntax description for the group-type pattern with the following description:

group-type

Specifies whether the pattern list is an AND or OR type. The default is OR.


In the "Patterns" section on page 2-281 of the Cisco ACNS Software Command Reference, Release 5.1 publication, replace the bulleted description for the group-type pattern with the following description:

Group-type—Specifies whether the pattern list is an AND or OR type. The default is OR.

SmartFilter Software and the rule action no-auth Command Rule Interaction

This documentation update applies to the following three ACNS 5.1 software guides:

Cisco ACNS Software Deployment and Configuration Guide, Release 5.1

Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1

Cisco ACNS Software Command Reference, Release 5.1

The rule action no-auth global configuration command permits specific login and content requests to bypass authentication and authorization features such as LDAP, RADIUS, SSH, or TACACS+. In the following example, any requests from the source IP address (src-ip) 172.16.53.88 are not authenticated.

ContentEngine(config)# rule enable
ContentEngine(config)# rule action no-auth pattern-list 1 protocol all
ContentEngine(config)# rule pattern-list 1 src-ip 172.16.53.88 255.255.255.255

If ACNS 5.1 software is configured for authentication and SmartFilter URL filtering, requests that are allowed to bypass authentication will also bypass the SmartFilter URL filter.

Bandwidth Configuration for Interfaces and Content Services

On page 3-19 of the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1, the tip states that Gigabit Ethernet interfaces run only at 1000 Mbps. This restriction only applies to a Content Engine CE-7320 model that has an optical Gigabit Ethernet interface; the speed of this interface cannot be changed.

For newer models of the Content Engine (for example, the CE-510, CE-565, CE-7305, and CE-7325) that have a Gigabit Ethernet interface over copper, this restriction does not apply; you can configure these Gigabit Ethernet interfaces to run at 10, 100, or 1000 Mbps. Note that on these newer Content Engine models, the 1000 Mbps setting implies autosense (for example, you cannot configure the Gigabit Ethernet interface to run at 1000 Mbps and half duplex). The ACNS 5.x software automatically enables autosense if the speed is set to 1000 Mbps.

pace Command

The pace global configuration command is no longer supported as a separate command in ACNS software, Release 5.1 and later. The functions of the pace command have been incorporated into the bitrate and bandwidth global configuration commands.

Updates to the Cisco ACNS Software Command Reference, Release 5.1 publication are as follows:

On page 2-6, ignore the description and cross-reference to the pace command in Table 2-1.

On page 2-39, replace the syntax description in the "bitrate" section with the following revised description:

http

Configures the maximum pacing bit rate in kilobits per second (kbps) for large files sent using the HTTP protocol.

default

Sets the default bit rate in kbps for large files.

bitrate

Bit rate in kbps (0-2000000).

wmt

Configures the bit rate in kbps for large files sent using the WMT protocol.

incoming

Sets the incoming bit rate settings.

bitrate

Incoming bit rate in kbps (0-2147483647).

outgoing

Sets the outgoing bit rate settings.

bitrate

Outgoing bit rate in kbps (0-2147483647).



Note The aggregate bandwidth used by all concurrent users is still limited by the default device bandwidth, or by the limit configured using the bandwidth command.


On page 2-223, ignore the entire "pace" command section.

pre-load Command

In the pre-load url-list-file path global configuration command, the value for path can be a URL as well as a local file path.

In the Cisco ACNS Software Command Reference, Release 5.1 publication, in the "pre-load" section on page 2-238, replace the syntax description for path with the following description:

path

Path of the file containing the URL list or a URL.


In ACNS 5.1.5 software, the pre-load depth-level-default command was enhanced to support 0 as a preload depth level. Setting the depth level default to 0 would be useful if you have specified URLs in preload.txt files and you do not want the Content Engine to try to preload other URLs.

In the Cisco ACNS Software Command Reference, Release 5.1 publication, in the "pre-load" section on page 2-236, replace the syntax description for path with the following description if you are using ACNS 5.1.5 or later software:

depth-level-default

Configures the default depth level.

level_number

Depth level of URL download (0-20). The default is 3.


For ACNS 5.1 or 5.1.3 software, the valid values for the preload depth level default are still 1 to 20; 0 is not supported.

NTLM Preload Support

This documentation update applies to the following ACNS 5.1 software guides:

Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1

Cisco ACNS Software Command Reference, Release 5.1

In ACNS 5.1 software, support for preloading NTLM authenticated objects was added. This feature allows NTLM authenticated objects (authenticated objects that reside on the servers that authenticate NTLM only) to be preloaded on a Content Engine.

An entry in a URL list file has the following format:

URL [depth] [domain-name:host-name:host-domain-name]

hostname and host-domain-name can be null; however, domain name is required if NTLM credentials have been configured. (The separator is required.)

http//www.cisco.com 3 apac::

If NTLM-related information is not present in the preload URL list file entry, the authentication scheme falls back to basic authentication.

To preload authenticated content on the Content Engine, you must specify the username and password in the URL list file as follows:

http://username:password@www.authenticatedsite.com/depth_level


Note To enable the Content Engine to fetch specified objects and to store these preloaded objects in its local cache, you must use the http cache-authenticated ntlm global configuration command.


show statistics icap Command

This documentation update applies to the Cisco ACNS Software Command Reference, Release 5.1 publication.

In ACNS software, Release 5.1, the show statistics icap EXEC command was added. You can use this command to display ICAP related statistics for the Content Engine. This command has no arguments or keywords. There is no default behavior or values.

The following is an example of the output of the show statistics icap command.

ContentEngine# show statistics icap
ICAP-client statistics (http proxy)
---------------

Total requests for V1 via RPC:         0
Time per ICAP request (last 1k reqs):  0
ICAP daemon connection error:          0
Bad packets from ICAP daemon:          0
Error parsing HTTP req hdr from ICAP:  0
ICAP daemon internal error:            0

Total requests via outgoing proxy:     0
ICAP daemon overloaded:                0
Other errors:                          0

ICAP Daemon statistics
---------------

Total requests served:                 0
Total requests served:                 0
Average latency in milliseconds:       0.000000
ICAP Service statistics
-----------------------

  Service -- servforicap
   Service Errors:     0
   Service Bypasses:   0
    Server -- icap://1.2.3.4/servforicap
         Total Reqmods (0), Total Respmods (0)
         Modifications (Reqmod - 0), (Respmod - 0)
         No Modifications (Reqmod - 0), (Respmod - 0)
         Error Responses (Reqmod - 0), (Respmod - 0)
         Server Errors:             0
         Server Bypasses:           0
         Options Req Success:       0
         Options Req Failed:        8569
         Max Conn Available         0
         Used Connections:          0
         Total Bytes sent:          0
         Total Bytes received:      0
         Total BPS sent:            0.000000
         Total BPS received:        0.000000
         Server State:              DISCONNECTED
ContentEngine#

Default Port of the Content Engine GUI

On page 12-28 of the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1, replace the tip with the following:


Tip To access the Content Engine GUI, enter the Content Engine IP address and append the default port number 8003 as the URL address in your browser of choice. For example, enter https://CEIPaddress:8003 as the URL.


Playing Nonhinted IP/TV On-Demand Programs over an ACNS Network

This documentation update applies to the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.

The Cisco Streaming Engine supports only hinted files (MOV and hinted MP4 files) for streaming.


Note Hinted files contain hint tracks, which store packetization information that tells the streaming server how to package the media data. The streaming server uses the packetization information in the hint tracks to stream the media data to the network.


If you are creating a file-based IP/TV program for streaming over an ACNS network, make sure that you use only hinted files such as those with .mov or .mp4 extensions. However, you can pre-position on-demand programs based on nonhinted files such as .mpg files on Content Engines in an ACNS network. Pre-positioned on-demand programs based on nonhinted files are not listed in the IP/TV Viewer program listings or in the web-based program guide.

To watch IP/TV on-demand programs based on nonhinted files when IP/TV is integrated with an ACNS network, use the TV-out feature of the ACNS software. For more information on enabling the TV-out feature and creating playlists, refer to Chapter 11 of the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.

Restriction on IP/TV Program Manager Configuration

This documentation update applies to the following ACNS 5.1 software guides:

Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.

Cisco ACNS Software Program Manager for IP/TV User Guide, Release 5.1

If a program that you want to deliver over an ACNS network uses live multicast mode, you must use the same multicast IP address for the audio, video, and SlideCast streams.

This restriction on IP/TV Program Manager configuration does not apply if the Content Engine used for live splitting is running ACNS 5.1.5 or later software. However, this restriction still applies if the Content Engine is running ACNS 5.1.1 software, even if you are running IP/TV 5.1.5 or later software on IP/TV Program Manager.

Related Documentation

Your product shipped with a minimal set of printed documentation. The printed documentation provides enough information for you to install and initially configure your product.

Product Documentation Set

In addition to these release notes, the product documentation set includes:

Documentation Guide

Regulatory Compliance and Safety Information for the Cisco Content Networking Product Series

Refer to the Documentation Guide for a complete documentation roadmap and URL documentation links for this product.

Hardware Documentation

Cisco Content Engine 7305 and 7325 Hardware Installation Guide

Installing the Cisco Content Engine 7305 and 7325

Installing Field-Replaceable Units in the Cisco Content Engine 7305 and 7325

Cisco Content Engine 7320 Product Description Note

Cisco Content Engine 510 and 565 Hardware Installation Guide

Installing the Cisco Content Engine 510 and 565

Installing Field-Replaceable Units in the Cisco Content Engine 510 and 565

Cisco Storage Array Installation and Configuration Guide

Release Notes for Cisco Content Delivery Manager 4630

Cisco Content Distribution Manager 4650 Product Description Note

Cisco Content Distribution Manger 4630 Hardware Installation Guide

Cisco Content Router 4430 Hardware Installation Guide

Cisco Content Engine 500 Series Hardware Installation Guide

Release Notes for the Cisco Content Engine 500 Series

Cisco Content Networking Hardware Installation Guide for the Seven-Rack Unit Chassis

Software Documentation

Cisco ACNS Software Deployment and Configuration Guide, Release 5.1

Cisco ACNS Software Caching and Streaming Configuration Guide, Release 5.1

Cisco ACNS Software Command Reference, Release 5.1

Cisco ACNS Software Migration Guide, Release 5.1

Cisco ACNS Software API Guide, Release 5.1

Release Notes for Cisco ACNS Software, Release 5.1. (the release notes you are reading now)

Online Help

Content Distribution Manager GUI online help system for centrally managed ACNS networks

Content Engine GUI online help system for locally deployed Content Engines


Note The term "locally deployed Content Engine" refers to a Content Engine that was initially configured with the autoregistration feature turned off so that the Content Engine would not automatically register with the Content Distribution Manager. Because the Content Engine did not register with the Content Distribution Manager, it can be individually managed through the Content Engine CLI or GUI as a locally deployed device. The Content Engine GUI allows you to remotely configure, manage, and monitor locally deployed Content Engines through your browser.

The Content Distribution Manager GUI and the Content Engine GUI both have context-sensitive online help that can be accessed by clicking the HELP button.


Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/techsupport

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Product Documentation DVD

Cisco documentation and additional literature are available in the Product Documentation DVD package, which may have shipped with your product. The Product Documentation DVD is updated regularly and may be more current than printed documentation.

The Product Documentation DVD is a comprehensive library of technical product documentation on portable media. The DVD enables you to access multiple versions of hardware and software installation, configuration, and command guides for Cisco products and to view technical documentation in HTML. With the DVD, you have access to the same documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .pdf versions of the documentation available.

The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.

Cisco Ordering tool:

http://www.cisco.com/en/US/partner/ordering/

Cisco Marketplace:

http://www.cisco.com/go/marketplace/

Ordering Documentation

Beginning June 30, 2005, registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:

http://www.cisco.com/go/marketplace/

Cisco will continue to support documentation orders using the Ordering tool:

Registered Cisco.com users (Cisco direct customers) can order documentation from the Ordering tool:

http://www.cisco.com/en/US/partner/ordering/

Instructions for ordering documentation using the Ordering tool are at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 1 800 553-NETS (6387).

Documentation Feedback

You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.

You can send comments about Cisco documentation to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you can perform these tasks:

Report security vulnerabilities in Cisco products.

Obtain assistance with security incidents that involve Cisco products.

Register to receive security information from Cisco.

A current list of security advisories and notices for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:

Emergencies — security-alert@cisco.com

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.

Nonemergencies — psirt@cisco.com

In an emergency, you can also reach PSIRT by telephone:

1 877 228-7302

1 408 525-6532


Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive information that you send to Cisco. PSIRT can work from encrypted information that is compatible with PGP versions 2.x through 8.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.htm

The link on this page has the current PGP key ID in use.


Obtaining Technical Assistance

Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Technical Support & Documentation Website

The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do


Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.


Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

or view the digital edition at this URL:

http://ciscoiq.texterity.com/ciscoiq/sample/

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL:

http://www.cisco.com/en/US/products/index.html

Networking Professionals Connection is an interactive website for networking professionals to share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:

http://www.cisco.com/discuss/networking

World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html