Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco Application and Content Networking System (ACNS) Software

Release Notes for Cisco ACNS Software, Release 5.2

Downloads

Table Of Contents

Release Notes for Cisco ACNS Software, Release 5.2

Contents

Introduction

New and Changed Information

New Features

Hardware Supported

Important Notes

Media File System Issues When Downgrading to ACNS 5.0 Software

Websense Issues When Downgrading to ACNS 5.0 Software or ACNS 5.1 Software

Changes to WCCP Support

Multicast File Transfer Enhancements

Caveats

Open Caveats - ACNS Software, Release 5.2

Open ACNS-IP/TV Software Integration Caveats, Release 5.2

Other Open ACNS Software, Release 5.2 Caveats

Resolved Caveats - ACNS Software, Release 5.2

ACNS-IP/TV Software Integration Resolved Caveats

Acquisition and Distribution Resolved Caveats

Proxy and Caching Resolved Caveats

Management Resolved Caveats

Request Processing Resolved Caveats

DNS Resolved Caveats

ICAP Resolved Caveats

Media and Streaming Resolved Caveats

Rules Resolved Caveats

Documentation Updates

Downgrading ACNS 5.x Software

Related Documentation

Product Documentation Set

Hardware Documentation

Software Documentation

Online Help

Obtaining Documentation

Cisco.com

Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Obtaining Technical Assistance

Cisco Technical Support Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Release Notes for Cisco ACNS Software, Release 5.2

August 4, 2005

ACNS Build 5.2.1-b7

Note The most current Cisco documentation for released products is available at Cisco.com at http://www.cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were printed.

Contents

These release notes contain information about the Cisco Application and Content Networking System (ACNS) software, Release 5.2. These release notes describe the following topics:

Introduction

New and Changed Information

Important Notes

Caveats

Documentation Updates

Related Documentation

Obtaining Documentation

Documentation Feedback

Cisco Product Security Overview

Obtaining Technical Assistance

Obtaining Additional Publications and Information

Introduction

ACNS software combines the technologies of demand-pull caching and pre-positioning for accelerated delivery of web applications, objects, files, and streaming media; ACNS software runs on Cisco Content Engines, Content Distribution Manager, and Content Router hardware platforms.

These release notes are intended for administrators who will be configuring, monitoring, and managing devices that are running ACNS 5.2 software. These release notes describe the new product features, the supported hardware, and the open and resolved caveats regarding ACNS software, Release 5.2.

New and Changed Information

This section describes new and changed features in the ACNS 5.2 release. It also lists the supported hardware.

New Features

Table 1 lists the new features in ACNS software, Release 5.2.

Table 1 New Features in ACNS 5.2 Software 

Feature Type
Features

Feature-rich server and proxy

 

HTTP server and proxy

Demand-pull caching features:

Forward and reverse proxy caching

Transparent (Web Cache Communication Protocol [WCCP] Version 2), nontransparent (browser proxy configuration), and Layer 4 redirection

HTTP 1.0 and 1.1 web caching, FTP-over-HTTP proxy, HTTPS tunneling, and Internet Cache Protocol (ICP)

Caches files served with HTTP 1.1 chunked encoding

Rules Template for cache policies and rules

Type of Service (ToS) and differentiated services code point (DSCP) set by a cache hit or cache miss, URL, file type, or domain to classify traffic using the Rules Template

IP spoofing that presents clients IP addresses for easy tracking of users

Split DNS that allows you to configure a Content Engine with multiple DNS servers based on domain name

DNS caching that enables the Content Engine to cache DNS entries to avoid multiple WAN accesses for DNS server resolution (for proxy and WCCP mode)

Content pre-positioning features:

Web content preloading through the CLI or the local Content Engine GUI

For a small number of Content Engines, preload HTTP, FTP, and Microsoft Media Server (MMS) files through preload URL list files

Intelligent content pre-positioning through content acquisition and distribution

For a large number of Content Engines, HTTP delivery of static files for any file format that is managed by the Content Distribution Manager

Bandwidth controls, day-of-week and time-of-day scheduling, replication status, and authentication support

HTTPS server and proxy

Terminates and stores content served through HTTPS (Secure Socket Layer [SSL]) at branch offices

SSL termination of SSL 2.0, 3.0, TLS 1.0

Cost-effective software-based termination of HTTPS for up to 200 users

Transparent (WCCP) or proxy configuration support

Demand-pull caching and pre-positioning support

Backend SSL support to origin servers

Secured import and storage of keys and certificates with certificate management GUI

Support of all major certificate authorities for origin server certificates (for example, Verisign and Entrust) for reverse proxy SSL as well as enterprise self-issued certificates for forward proxy SSL

Maximum of 255 key pairs (keys and certificates) supported

Bulk encryption supported: RC4, DES, DES3

Hash algorithm supported: MD5, SHA1

Native FTP proxy

Native FTP (port 20, 21), active and passive modes

Demand-pull caching supported

Transparent (WCCP) redirection support with basic authentication

Transactions logged to HTTP logs

Native TFTP server and gateway

Serving of software images and configuration files to routers, switches, IP phones, and set top boxes (STBs)

Demand-pull caching and pre-positioning supported

Non-transparent (proxy) redirection supported

Content expiration, logs, and backend HTTP authentication supported

Windows file system server

Access files from a Windows file share with Common Internet File System (CIFS) file path support

Pre-positioning supported, including the ability to acquire files from a Windows file share for distribution to the edge

Access control, NTLM user authentication, and access logs supported

NFS/CIFS

Content Engine acts as a Network File System (NFS)/CIFS client and mounts file systems from a network-attached storage (NAS) device as external storage

Pre-positioned content, and Windows Media Technologies (WMT) and RealProxy content supported

Comprehensive streaming media support

Concurrent streaming of RealNetworks, WMT, Cisco Streaming Engine (compatible with Apple Computers QuickTime and MPEG-4), and HTTP

Live splitting (auto setup with tree structure and live event scheduling GUI), IP multicast, and video on demand (VOD) can all be delivered in both proxy and server mode for RealNetworks, WMT, and the Cisco Streaming Engine

Rule-based filtering for MMS and the Real-Time Streaming Protocol (RTSP)

Streaming bandwidth throttles, including restrictions based on the time of day for all streaming protocols

Cisco Streaming Engine: (no additional license fee)

VOD server for standards-based hinted MPEG-4, MPEG-2, MPEG-1, and QuickTime video over RTP/RTSP to Apple Computer QuickTime-compatible players

Live-stream pull splitting (unicast in) and push splitting (multicast or unicast in) with multicast and unicast out of the Content Engine to the connected clients

Interoperates with IP/TV 5.2 Broadcast Server, IP/TV Program Manager, and IP/TV Viewer

Standards-based (ISO/IEC) MPEG encoder interoperability: Compatible with ISO/International Electrotechnical Commission (IEC) MPEG-4 Advanced Simple AV Profile (ISMA v1.0) and ISO/IEC MPEG-4 Advanced 2D level 1 as well as MPEG-1 and MPEG-2 profiles

RealNetworks Helix Universal Gateway (additional license fee)

RealNetworks RTP/RTSP delivery over TCP or User Datagram Protocol (UDP)

Live-stream pull splitting (unicast in) and push splitting (multicast or unicast in) with multicast and unicast out of the Content Engine to the connected clients

Encoder failover

Content pre-positioning for VOD streaming of RealNetworks format of RTP/RTSP content

Support for MMS, QuickTime, and RTSP through manual configuration

Microsoft Windows Media server and proxy (additional license fee)

Windows Media MMS delivery over TCP, UDP, or HTTP

Content pre-positioning for VOD streaming

Variable-bit-rate support

Content Engine as a live stream source (publishing point)

Support for live-stream pull splitting, including multicast or unicast into the Content Engine and multicast or unicast out of the Content Engine to connected clients

Certified by Microsoft

Windows Media Version 9 encoder interoperability for MMS, including Windows Media Codec Version 7, 8, and 9

WMT upstream proxy bandwidth controls

Fast start support through MMS-over-HTTP

HTTP paced delivery of MPEG, Advanced Streaming Format (ASF), RealNetworks and QuickTime movie format files

MPEG video display for retail kiosks

Predefined playlists with multiple video clips and time-of-day setting, centrally managed by the Content Distribution Manager, multiple playlists per Content Engine

One video stream per audio video (AV)-decoder card option or Content Engine: integrated MPEG-1 and -2 decoders, National Television Standards Committee (NTSC) and Phase Alternating Line (PAL) TV output

Set top box (STB) interoperability:

Playlists exported to STBs through the program application programming interface (API)

Content Engine acts as the TFTP server for set top box software image and configuration files

Powerful streaming automation

Program import, export, scheduling API:

XML-based API for creating, managing, and scheduling programs

Live and scheduled rebroadcast, multicast, and stream splitting programs support

Cisco Streaming Engine and WMT support

Playlists exported to set top boxes

Manifest API

XML-based API to manage pre-positioning of video files for VOD serving by the Content Engines, including bandwidth, content expiration and user authentication policies for acquisition, distribution and stream serving

Cisco Streaming Engine, WMT, and RealNetworks protocol and file formats support

Live streaming redundancy

Redundant encoders specified in the program API or live event scheduling GUI

Root Content Engine failover: contact origin server

Intermediate Content Engine failover: go to parent Content Engine or fail over to other Content Engines in the same location

Client Content Engine failover: roll over to unicast from multicast, includes next-click failover

Turnkey IP/TV software, Release 5.2 integration

ACNS software and Content Engine replace IP/TV Archive Server

Interoperates with IP/TV Release 5.2 Broadcast Server and extends its reach to multicast islands with Cisco Streaming Engine stream splitting and streaming automation

IP/TV software, Release 5.2 Program Manager:

Inserts content into an ACNS network using the manifest file and the program API

IP/TV Program Manager as a personality of the Content Engine

Publishes URLs to QuickTime players and IP/TV Release 5.2 Viewers

Superior management

Scalable content acquisition and distribution

Content acquisition from origin servers by root Content Engines for HTTP, HTTPS, FTP, MMS, and CIFS (Windows file sharing)

Easy to use GUI that builds an acquisition list of origin server files or web pages to crawl

Channel-based control with bandwidth-shaping, priority, scheduling, content expiration, and authentication policies

Secured content distribution with HTTPS

Hierarchical tree distribution for scalability and optimal performance

Multicast replication option available (additional license fee) with intelligent on-demand carousels for retransmissions and hot standby multicast sender failover

Multiple, flexible client request redirections:

Transparent edge intercept with advanced WCCP Version 2 that includes the following:

Scalable clustering (WCCP flow protection and WCCP slow start)

Fault tolerance (WCCP multihome router support and client bypass)

TCP tuning knobs

WCCP standby mode for easy maintenance

Nontransparent edge intercept with browser proxy configuration, including support for proxy autoconfiguration (PAC) file delivery by Content Engines

Content routing with DNS intercept and HTTP redirect with the Content Router that uses the coverage zone file to specify the client source-IP addresses and which Content Engines serve that zone

Dynamic proxy autoconfiguration uses coverage zone information to automatically generate custom PAC files at Content Engines designated as PAC file servers to redirect client browsers to local Content Engines

CLI similar to that of Cisco IOS software for individual Content-Engine and Content Distribution Manager-configuration management

Interactive setup utility that is available through the CLI

Online Quick Start wizards that are available through the Content Distribution Manager GUI

Integrated graphical alert system for proactive warning of problems with devices or content replication

Remote device management

Role-based administration

Device group configuration

Autoregistration of devices from the Content Distribution Manager GUI

 

Extended SNMP Version 2 and Version 3 MIBs

Local Content Engine GUI, SSH Version 1 and 2, HTTPS, and Telnet access

CiscoWorks2000 Resource Management Essentials (RME) Version 3.4 support for Content Engines and Content Distribution Manager: CLI editor, inventory, network configuration, syslog analyzer, and device availability

CiscoWorks2000 CiscoView support of Content Engines: a graphical SNMP-based device management tool that provides real-time views of the operational status of Content Engines

Comprehensive industry-standard logging

Transaction logging and log pushing through FTP, interoperate with reporting partners for customizable performance and activity reports

HTTP cache transaction logs: Squid logs, W3C-compliant Apache common logs

WMT proxy and server logs: standard WMS Version 9 format

RealServer and proxy logs: standard RealNetworks format

Configurable log formats: referrer headers and user agent headers

Secure content access management

Administrator authentication

RADIUS and TACACS+ client authentication against an Lightweight Directory Access Protocol (LDAP) or Active Directory database

TACACS+ supports authentication and accounting

User authentication

RADIUS and TACACS+ client authentication against an LDAP or Active Directory database

Full NT LAN Manager (NTLM) authentication for the following: NTLM object caching, NTLM pass-through, and user authentication for WMT streaming

Basic, NTLM, and LDAP authentication against an Active Directory database. Basic and NTLM authentication against Windows NT domain controller (DC). Both user and group authentication are supported.

Load balancing of NTLM domain controllers for scalability and redundancy

NTLM authentication supported for demand-pull caching and pre-positioning

LDAP enhancements

LDAP password expiration

iPlanet single sign-on

LDAP attribute for accept use policy

 

Web filtering (URL and file type)

Websense Enterprise Version 5.2 server and client content-filtering support on Content Engine (additional per 100-user license fee)—Embedded in the Content Engine and does not require a separate (external) Websense server. Websense Version 5.2 includes dynamic protocol management for instant messaging, peer-to-peer and malicious applications, bandwidth optimizer, real-time analyzer, file type management and central policy distribution, and a network agent that runs on the Content Engine.

Secure Computing SmartFilter Version 4.0 server and client content-filtering support (additional per-user license fee)—On-box (internal) Content Engine solution that does not require separate SmartFilter server. Administrator Console Version 4.0 is enhanced for central device policies, LDAP group-authentication support and extensive customizable reporting tools.

N2H2 Internet Filtering Protocol Version 1.0 client content-filtering support on Content Engine—Requires a separate (external) N2H2 server.

ICAP Version 1.0

Scales antivirus servers and caches clean content

Request modification (REQMOD) and response modification (RESPMOD) supported

Load balancing and failover of ICAP servers

Demand-pull caching and pre-positioning supported

Tested with Trend Micro and Symantec antivirus products

Access control lists (ACLs) to control access to Content Engine interfaces

Permit or deny Telnet, SSH, SNMP, TFTP, WCCP, and Content Distribution Manager traffic per interface

Standard and extended IP access lists for inbound and outbound traffic

Alarm reporting

ACNS applications can now raise and clear alarms to report failures detected within the ACNS software or hardware.

Alarms are classified by severity (critical, major or minor) depending on their impact

Notification mechanisms include the following:

ACNS devices can be configured to send SNMP traps to your SNMP manager when alarms are raised or cleared. This informs you about problems as they occur, and enables you to respond more quickly.

If you are using a Content Distribution Manager to manage your ACNS system, the new system status bar notifies you when there are alarms on the managed ACNS devices, regardless of whether SNMP traps are configured. The status bar, which is always visible when you are logged into the Content Distribution Manager GUI, automatically refreshes every two minutes to reflect changes in the alarm status for all the managed ACNS devices.

Each ACNS device supports a set of CLI commands that enables you to obtain alarm status and details on demand.


Table 2 lists the caching, filtering, and authentication mechanisms supported by standalone Content Engines (Content Engines that are not registered with a Content Distribution Manager) or registered Content Engines that are running ACNS software, Release 5.2 or later.

An asterisk (*) indicates that a feature is supported for that particular protocol for standalone Content Engines as well as registered Content Engines. WCCP means transparent support. Content Engines also support local list filtering with all of the listed protocols except for FTP-WCCP (native FTP).

Table 2 Caching, Filtering, and Authentication Mechanisms - Support Matrix with Respect to Different Protocols 

   
Filtering
   
Proxy Authentication
Protocol
Caching
N2H2
Websense
SmartFilter
RADIUS
LDAP
NTML
TACACS+

HTTP

*

*

*

*

*

*

*

*

FTP-over-HTTP

*

*

*

*

*

*

*

*

HTTPS-over-HTTP

*

*

*

*

*

*

*

*

RTSPG

*

             

MMSU

*

             

MMST

*

             

MMS-over-HTTP

*

     

*

*

   

HTTP-WCCP

*

 

*

*

*

*

*

*

FTP-WCCP
(native FTP)

*

             

HTTPS-WCCP

*

 

*

*

       

RTSPG-WCCP

*

             

MMSU-WCCP

*

             

MMST-WCCP

*

             

MMS-over-HTTP
-WCCP

*

     

*

*

   

Hardware Supported

ACNS software, Release 5.2 supports the following hardware platforms. All of the listed platforms also support ACNS software, Release 5.1.x except for the CE-511 and CE-566. The CE-511 and CE-566, which are both new platforms that are supported in the ACNS software, Release 5.2, do not support ACNS 5.1.x software.

NM-CE-BP-SCSI

CE-565-K9

NM-CE-BP-80G

CE-565A-72GB-K9

NM-CE-BP-40G

CE-565A-144GB-K9

NM-CE-BP

CE-590

CDM-4630

CE-590-DC

CDM-4650

CE-7320

CE-507

CE-7305-K9

CE-507AV

CE-7305A-K9

CE-510-K9

CE-7325-K9

CE-510A-80GB-K9

CE-560

CE-510A-160GB-K9

CE-560AV

CE-511

CE-7325A-K9

CE-566-K9

CR-4430


Important Notes

This section emphasizes important information regarding ACNS 5.2 software.

Media File System Issues When Downgrading to ACNS 5.0 Software

If you have configured the media file system (mediafs) with ACNS 5.1 software or later, and then downgrade to ACNS 5.0 software, the mediafs disk space assignment is lost and it reverts to ACNS network file system (cdnfs) disk space. (The mediafs is used for on-demand content that is fetched through the two streaming protocols [RTSP and WMT]. The cdnfs is used for pre-positioned content in the ACNS network.)

This situation occurs because of a design change that was implemented in ACNS 5.1 software. Because ACNS 5.0 software is not compatible with this change, the disk space becomes assigned to cdnfs instead of mediafs. To work around this problem, follow these steps:

1. After you downgrade to ACNS 5.0 software, use the CLI (disk config EXEC command) or the GUI to assign the mediafs disk space.

Use the Content Distribution Manager GUI for Content Engines that are registered with a Content Distribution Manager. Use the Content Engine GUI for standalone Content Engines (that is, Content Engines that are not registered with a Content Distribution Manager and are being managed through the Content Engine GUI or CLI).

2. Reboot the Content Engine for the disk configuration changes to take effect.

Websense Issues When Downgrading to ACNS 5.0 Software or ACNS 5.1 Software

If the local (internal) Websense server is enabled on the Content Engine and you downgrade from the ACNS 5.2.x software to ACNS 5.0 software or ACNS 5.1 software, the WebsenseEnterprise directory is removed from the Content Engine and the local Websense server stops working. Note that the ACNS 5.2.x software does not generate an error message indicating that the WebsenseEnterprise directory has been removed.

To avoid this problem when downgrading from ACNS 5.2.x software to ACNS software 5.1 or ACNS 5.0 software, follow these steps:

1. Disable the local (internal) Websense server on the Content Engine.

2. Deactivate the Websense services on the Content Engine.

3. Install the ACNS 5.1 software or ACNS 5.0 software downgrade image on the Content Engine.

Changes to WCCP Support

In ACNS software releases earlier than Release 5.2, a maximum of eight active WCCP services were supported by a WCCP Version 2-enabled router and a Content Engine. In ACNS 5.2 software, up to 25 active WCCP Version 2 services can be supported. In ACNS 5.2 software, there are currently 17 WCCP Version 2 services that can be configured.

The type of WCCP services supported by a Content Engine and a WCCP-enabled router varies based on whether WCCP Version 1 or Version 2 is used, as indicated in Table 3. All of the services except for the standard web-cache service (service 0) requires that WCCP Version 2 (instead of WCCP Version 1) be running on the router and the standalone Content Engine for a particular WCCP service to be supported. These services are called "predefined" WCCP services.

Table 3 Supported WCCP Services with ACNS Software, Release 5.2 

Service Number
Service Name
Type of Service
Service Description

0

web-cache

Predefined

Web caching service that permits WCCP Version 1 or Version 2-enabled router to redirect HTTP traffic to a single port on the Content Engine. The Content Engine is functioning as a transparent forward proxy server. Only a single WCCP-enabled router is supported with WCCP Version 1, whereas multiple WCCP-enabled routers (those on the router list) are supported with WCCP Version 2.

The Content Engine listens for redirected HTTP requests on the standard HTTP port (default port 80). To enable the Content Engine to listen for WCCP intercepted HTTP traffic on ports other than the default port, configure the custom-web-cache service or a user-defined WCCP service (services 90 to 97).

53

dns

Predefined

DNS caching service that permits WCCP Version 2-enabled routers to redirect client requests transparently to a Content Engine for the Content Engine to resolve the DNS name. After the Content Engine resolves the DNS name, it stores the resolved DNS name locally so that it can use these resolved names for future DNS requests.

60

ftp

Predefined

Caching service that permits WCCP Version 2-enabled routers to redirect native FTP requests transparently to a single port on the Content Engine. The Content Engine retrieves the requested FTP content, stores a copy locally, and serves the requested content to the requestor.

70

https-cache

Predefined

Caching service that permits WCCP Version 2-enabled routers to intercept port 443 TCP traffic and redirect this HTTPS traffic to the Content Engine (acting as a transparent forward proxy server that is configured for HTTPS transparent caching). The Content Engine retrieves the requested content, stores a copy locally (HTTPS transparent caching), and serves the requested content to the client.

In ACNS 5.2 software, another interception mode (the accept-all mode) was added for the WCCP https-cache service. This mode was added to support the filtering of HTTPS traffic. This mode works the same way as the traditional WCCP services (for example, the web-cache service that intercepts all web traffic by default).

By default, the Content Engine accepts all HTTPS traffic. 

ContentEngine(config)# wccp https-cache ?

  accept-all       Accept all https traffic by default

  mask             Specify mask used for CE assignement

  router-list-num  Router list number

If the wccp https-cache accept-all global configuration command is used, the HTTPS cache (the Content Engine that has the https-cache service configured and enabled) operates in "accept-all" mode (all HTTPS traffic is intercepted by the Content Engine), otherwise the Content Engine (the HTTPS cache) works in "accept-only" mode, as in ACNS 5.1.x software.

The Content Engine listens for redirected HTTPS requests on the standard HTTPS port (default port 443). To intercept HTTPS traffic on ports other than the default port, configure a user-defined WCCP service (services 90 to 97).

80

rtsp

Predefined

Media caching service that permits WCCP Version 2-enabled routers to redirect RTSP client requests transparently to a single port on a Content Engine (RealMedia transparent caching).

The Content Engine listens for redirected RTSP requests on the standard RTSP port (default port 554). To intercept RTSP traffic on ports other than the default port (port 554), configure a user-defined WCCP service (services 90 to 97).

81

mmst

Predefined

Media caching service that permits WCCP Version 2-enabled routers to use MMST redirection to redirect WMT client requests transparently to a single port on a Content Engine (a transparent proxy server that is configured for WMT transparent caching).

Note MMST is the Microsoft Media Server protocol with transport over TCP.

82

mmsu

Predefined

Media caching service that permits WCCP Version 2-enabled routers to use MMSU redirection to redirect WMT client requests transparently to a single port on a Content Engine (a transparent proxy server that is configured for WMT transparent caching).

Note MMSU is the Microsoft Media Server protocol with transport over UDP.

90-97

User-
configurable

User-
defined

Eight user-defined (dynamic) WCCP services that each support multiple ports (up to eight ports per WCCP service). In order to configure these services (services 90 to 97), you must create one port list for each user-defined service that will be used (for example, create port list number 1 for service 90). The port list contains the port numbers on which the WCCP Version 2-enabled router will support WCCP redirection for that particular WCCP service. When configuring these user-defined services, you must specify whether the traffic is to be redirected to the HTTP caching application, HTTPS caching application, or the streaming application on the Content Engine.

To configure the Content Engine to cache web traffic using multiple ports, configure a user-defined WCCP service (services 90 to 97) Use these user-defined WCCP services to support WCCP redirection of HTTP, MMS, HTTPS, and RTSP requests on multiple ports (up to eight ports per service) for standard WCCP services (for example, the https-cache, rtsp, mmst, and reverse-proxy services) that ordinarily only support a single port.

98

custom-
web-cache

Predefined

Caching service that permits WCCP Version 2-enabled routers to redirect HTTP traffic to a Content Engine on multiple ports other than port 80. The Content Engine is functioning as a transparent forward proxy server. This service allows you to support WCCP redirection of HTTP requests on multiple ports (up to eight ports) without having to configure a user-defined WCCP service (services 90 to 97).

99

reverse-proxy

Predefined

Caching service that permits WCCP Version 2-enabled routers to redirect HTTP reverse proxy traffic to a Content Engine (a transparent reverse proxy server) on a single port (port 80). To intercept reverse proxy traffic on ports other than the default port (port 80), configure a user-defined WCCP service (services 90 to 97).


Multicast File Transfer Enhancements

ACNS 5.2 software supports new multicast file transfer features that enhance the reliability and performance of multicast file distribution in the ACNS 5.2 network. In earlier ACNS software releases (Release 5.0 and Release 5.1), the file transfer session depended on a window of time to resend the missing packets. The sender had to transmit the packets within this window of time for each retransmission request (NACK) from receiver Content Engines. If a multicast receiver joined the session too late and missed blocks of data that were outside the transmission window, the sender would not resend the missing blocks. The receiver could not receive the entire file, and the transmission failed. The receiver had to wait until a subsequent carousel pass to recover the missed files. The receiver could only receive the entire file or nothing. A slow receiver often failed to receive a large file if the receiving rate lagged behind the sending rate.

The multicast file transfer enhancements in ACNS 5.2 software resolve these issues by eliminating the window of time for file transmissions. This feature is called checkpoint. Checkpoint allows the sender to divide the transferring file into blocks and to retransmit any and all blocks until the transfer session ends. At any time during the transfer session, a receiver can request retransmission of any block that it has missed. Also, receiver Content Engines can receive the blocks of a transfer in any order. Data transmission can occur over a longer period, and receivers can recover missed data blocks to successfully complete the transfer in most situations. Thus, file transfers are much more resistant to loss of data.

This feature also solves the problem of a multicast receiver joining a transfer session late. (In an extreme example, even if a receiver joins so late that the sender has multicast nearly all of a very large file, the receiver can still receive the data. Also, the receiver can request retransmission for all the blocks it has missed.) Even if a receiver goes offline and restarts during a transfer, it can recover missing data without requesting retransmission of the blocks it has already received.

Note Because of these enhancements, receivers using ACNS 5.2 software cannot interact with senders using ACNS 5.0 or 5.1 software. The ACNS 5.2 multicast receiver will ignore files sent from an ACNS 5.0 or 5.1 multicast sender. However, an ACNS 5.2 multicast sender can interoperate with ACNS 5.0 or 5.1 multicast receivers because the software detects the lower software version and disables the checkpoint feature. Therefore, we recommend that you upgrade your multicast sender to ACNS 5.2 software first and then upgrade your receivers to ACNS 5.2 software.

Caveats

This section lists and describes the open and resolved caveats in ACNS software, Release 5.2. Caveats describe unexpected behavior in ACNS 5.2 software. Severity 1 caveats are the most serious; Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats.

Open Caveats - ACNS Software, Release 5.2

This section lists caveats that have not been resolved in ACNS software, Release 5.2. The open caveats are grouped into two categories:

Open ACNS-IP/TV Software Integration Caveats, Release 5.2

Other Open ACNS Software, Release 5.2 Caveats

Open ACNS-IP/TV Software Integration Caveats, Release 5.2

This section lists and describes the caveats that are open in ACNS software, Release 5.2, and are related to ACNS-IP/TV software integration.

CSCec52492

Symptom: Requests for on-demand programs from clients in an ACNS network are sent to IP/TV Program Manager. IP/TV Program Manager treats these requests as standalone IP/TV on-demand program requests and directs them to the IP/TV Broadcast Server that can serve the request. This causes bandwidth issues and affects the functioning of IP/TV Server.

Condition: This problem occurs when IP/TV has been integrated in an ACNS network. It occurs when requests for on-demand programs that are exported to the ACNS network reach IP/TV Program Manager instead of being routed to the Content Engine that has the programs. This problem is related to routing failure or a routing error.

Workaround: Configure routing correctly in ACNS networks so that on-demand requests are directed to the nearest Content Engine that is capable of serving the program. Alternatively, you can change the proximity settings in IP/TV Program Manager so that it does not redirect the on-demand program requests to IP/TV Broadcast Servers. However, the second approach can also affect the serving of standalone on-demand programs.

Other Open ACNS Software, Release 5.2 Caveats

This section lists and describes the caveats that are open in ACNS software, Release 5.2 and are not related to ACNS-IP/TV software integration.

CSCdy82311

Symptom: Content cannot be acquired using strong authentication from secure origin servers that use certificates from nonstandard certificate authorities (CAs). If strong authentication was chosen for content acquisitions from such a site, the acquirer error statistics will contain a 401 (Unauthorized) error code, and the acquirer error log contains the following error message: 

Strong Cert Authentication rejects certificate due to error: ssl error code

Condition: This problem occurs if the origin server uses a certificate that is not known as a standard certificate to the ACNS software acquirer. For content acquisition from secure sites over HTTPS using strong authentication, only sites with certificates from standard certificate authorities are supported.

Note With strong authentication, if any errors occur during certificate verification by the ACNS acquirer, then content from that site will not be acquired. With weak authentication, certain errors (for example, a certificate has expired, certificate is not yet valid, and a subject issuer mismatch has occurred) are allowed during certificate verification.

Workaround: Use one of these workarounds:

Use weak authentication.

On the secure server, use a certificate that was generated by one of the standard certificate authorities. ACNS network administrators should refer to the following information to determine which CA certificate to install on their origin servers. Note that the certificate list differs based on the version of the ACNS software. For the ACNS 5.1.x software and later releases, refer to the certificate list in the Cisco ACNS Software Upgrade and Maintenance Guide, Release 5.x.

CSCea51815

Symptom: When a Content Engine model CE-565 is attached to a Storage Array SA-7 device, if too large a cache file system (cfs) partition is configured, and a combined streaming and caching workload is used, then a lower HTTP performance is observed.

Condition: This problem occurs when the CE-565 has Windows Media Technologies (WMT) enabled; a combined streaming and caching workload is used, and the Content Engine is attached to an SA-7 device.

Note The Storage Array device is used for the cache file system (cfs).

Workaround: Allocate less space to the cfs if a Storage Array is attached to the Content Engine.

CSCec52221

Symptom: Windows Media Technologies (WMT) is enabled with no media file system (mediafs) after you downgrade from ACNS 5.1b300 software to ACNS 5.0.7b8 software.

Condition: This problem occurs if you upgrade from ACNS 5.0.7b8 to ACNS 5.1bx software, configure the disk, and then downgrade to ACNS 5.0.7b4 software.

Workaround: Reconfigure the disk with a mediafs partition and reload the software.

CSCec52319

Symptom: Using FTP inside the .meta file to have the Content Engine obtain the .bin file for a Content Distribution Manager GUI-initiated upgrade is unsuccessful if the user's home directory differs from the FTP root.

Condition: Either you receive an error in the Content Distribution Manager GUI when you are creating the definition for the upgrade (when the .bin file does not exist in the user's home directory), or the Content Engine displays an error message on the upgrade (when the .bin file does not exist in the FTP root directory).

Workaround: Copy the .bin file to both the FTP root and the user's home directory, or use a user whose home directory is the FTP root.

CSCed34718

Symptom: If you edit a file-based scheduled program and the Quality of Service (QoS) feature is configured, the revised program retains the QoS configuration even if you disable the QoS feature.

Condition: This problem occurs only with file-based scheduled programs; it does not occur with live programs.

Workaround: The only known workaround is re-creation. To remove the QoS configuration, delete the program and then re-create the program without configuring the QoS feature.

CSCed68360

Symptom: A constant stream of bandwidth error messages (one about every 2 seconds) is reported in the syslog. As the following sample messages indicate, these messages are not very useful. 

Feb 11 13:24:26 webcache01 bandwd: %CE-BANDWD-3-115002: BANDWD: Trying again in two 
seconds 

Feb 11 13:24:28 webcache01 bandwd: %CE-BANDWD-3-115003: BANDWD: verification 
registration failed, err=30

Condition: None.

Workaround: There is no known workaround.

CSCed68727

Symptom: The Content Distribution Manager only checks if coverage zone files refer to invalid Content Engines after there is a fresh import. When there is a configuration change that can cause already imported coverage zone files to refer to invalid Content Engines, the Content Distribution Manager does not check or display the correct error message until the next fresh import.

Conditions: This problem occurs if there is a coverage zone configuration change that causes already-imported coverage zone files to refer to invalid Content Engines.

Workaround: There is no known workaround.

CSCed77655

Symptom: The Content Engine stops spoofing the client IP address, and uses its own IP address to fetch content from the origin server.

Condition: The http l4-switch spoof-client-ip enable global configuration command turns on IP spoofing on a Content  Engine that is functioning as a caching engine. When a rule action use-server global configuration command is used, the Content Engine stops spoofing the client IP address and instead uses its own IP address to fetch the content.

Workaround: There is no known workaround.

CSCed84227

Symptom: The network management system (NMS) host does not know where SNMP traps are coming from.

Condition: This problem occurs if there are two interfaces and you configure interface redundancy using both interfaces. You must use a dummy address for the physical addresses. You then configure a real address that floats between the two interfaces. If you then configure SNMP traps, the traps are being sourced from the dummy address and not the routable address. Therefore, the NMS host does not know where the trap is coming from.

Workaround: There is no known workaround.

CSCee17283

Symptom: The cdnfs files are turned into directories (which is visible if you enter the cdnfs browse EXEC command on the Content Engine).

Conditions: This problem is rare and only occurs when the file system corruption has caused a directory entry that should be a file to actually be a subdirectory. This only occurs if multiple cdnfs entries are being updated and the Content Engine crashes (for example, the Content Engine crashes because of a power failure).

Workaround: Enter the cdnfs cleanup start EXEC command on the Content Engine.

CSCee25042

Symptom: Even though you entered the url-filter wmt bad-sites-deny global configuration command on the Content Engine, the Content Engine is not filtering requests for content that is pre-positioned in its wmt_vod directory.

Condition: This problem occurs in the following situation:

a. You pre-position a file (for example, file.asf) on the Content Engine in its wmt_vod directory.

b. After pre-positioning the file, you configure the bad site list for URL filtering using mmst://Content Engine IP address/wmt_vod/file.asf.

c. A user makes a content request for this URL (that is, mmst://Content Engine IP address/wmt_vod/file.asf).

Workaround: Configure the bad site list using mmst://127.0.0.1/wmt_vod/file.asf instead of mmst://Content Engine IP address/wmt_vod/file.asf.

CSCee38190

Symptom: A WMT live stream in a managed live event environment is accessible for a period longer than the scheduled duration.

Condition: This problem only occurs with WMT live programs that have unicast access enabled. In this situation, streams can be accessible for up to 24 hours after the last playtime of the event if "Auto Delete" is set to true or can be accessible indefinitely if "Auto Delete" is set to false.

Workaround: Control the live stream source through the schedule for the event. Typically, this involves starting and stopping the WMT encoder.

CSCee40593

Symptom: Syslog messages contain the following text: 

uns-server: %CE-CDNFS-0-480000: uns_read_meta: WOW! url mismatch: wanted 'URL>', swaw 
'^C'

Condition: This problem occurs because of file system corruption; the cdnfs metadata files have the wrong content (the content is internally consistent but is in the incorrect file). This problem occurs infrequently. For example, it can occur if the cdnfs content is being updated and a crash occurred because of a kernel panic (which occurs infrequently).

Workaround: Although there is no known workaround to stop the syslog messages shown above, lookups for the target URL (listed in the syslog message) may succeed if the ACNS software has created a new cdnfs entry for the target URL.

A way to test this is to use the cdnfs lookup url EXEC command and see if the URL is found. If the URL is not found, a way to force it to be replicated is to modify the file on the origin server (for example, by using the touch command on a UNIX-based origin server).

Alternatively, you can enter the acquisition-distribution database-cleanup start command on the affected Content Engine; this queries the cdnfs for all the objects that are supposed to be on the Content Engine. Missing objects should be detected and replicated.

CSCee49106

Symptom: The content replication status can show an incorrect manifest item count.

Condition: This problem can occur if too many channels share the same content (for example, if over 100 channels share the same 30 files in each channel). Even though all 100 channels should show the 30 files that were acquired and distributed, it takes an extended period (days) before the correct manifest item count is displayed.

Workaround: Reduce the number of channels that share the same contents.

CSCee56998

Symptom: The CPU usage on the Content Engine hits a peak of 100%.

Condition: This problem can occur if the internal (local) Websense server is enabled on the NM-CE-BP models.

Workaround: There is no known workaround.

CSCee67227

Symptom: If you specify "foo" as a folder URL in the manifest file, and there is a single item redirection from foo to foo/ by the web server, the ACNS acquirer fails to process such redirections and generates a 716 error message. If you are using the quick crawl tool in the Channel Content window, some of the files also report 716 error messages.

Condition: This problem occurs if you are using the quick crawl tool and there is a single item redirect from foo to foo/. However, if foo is a link from a crawl job, single item redirections from foo to foo/ are allowed.

Workaround: Specify foo/ in the manifest file, or specify a crawl job instead of using the quick crawl tool.

CSCee67330

Symptom: NTLM authentication fails and the pop-up window is displayed again.

Condition: This problem occurs if NTLM authentication is being used and the specified domain name is longer than 50 characters.

Workaround: For NTLM authentication, use a domain controller (DC) that has a domain name shorter than 35 characters.

CSCee68339

Symptom: Proxy requests to the Content Engine proceed to allow mode (if allow mode is enabled) or are blocked (if allow mode is disabled) when the Websense URL filtering mechanism is configured to use the local Websense server.

Because the connections from the Content Engine to the Websense server time out, all requests go to allow mode until all 40 connections are exhausted. (This makes it appear as if the Websense server is not responding.) After all 40 connections are attempted, the Content Engine successfully connects to the Websense server and works properly thereafter.

Condition: This problem can occur under the following conditions:

The Content Engine is configured to use the local (internal) Websense server for URL filtering.

The local Websense server is running on the Content Engine.

There are long periods of inactivity.

The cache process has difficulty connecting to the local Websense server.

Workaround: Reconfigure Websense URL filtering on the Content Engine so that the Content Engine will attempt to establish new connections to the Websense server.

CSCee71157

Symptom: Channel routing causes loops for several Content Engines.

Condition: This problem can occur if there are Content Engines that are running ACNS software, Release 5.1.x or earlier, and these Content Engines are registered with a Content Distribution Manager that is running ACNS software, Release 5.2.

Workaround: Upgrade the Content Engines to ACNS software, Release 5.2. Currently, a Content Distribution Manager that is running ACNS software, Release 5.2 does not propagate some configuration changes to Content Engines that are running ACNS software releases earlier than Release 5.2. Therefore, Content Engines that are running ACNS software, Release 5.1.x or earlier, may not recognize that the root Content Engine was changed from one Content Engine to another. Consequently, routing loops can develop within the system.

CSCee78190

Symptom: When a root Content Engine is downgraded from ACNS 5.2 software to ACNS 5.1 software, some channels are disabled and some content fails to be acquired.

Condition: This problem occurs when the manifest file URL is a Server Message Block (SMB) URL with a uniform naming convention (UNC) path format (for example, \\host\share\file), or when an item or crawl task specified in either the src or start-url attribute has a UNC path format.

Because ACNS 5.1 software does not support SMB file acquisition, the root Content Engine running ACNS 5.1 software is not able to fetch the manifest file or acquire content from the SMB shares.

Workaround: Either before or after you downgrade the root Content Engine from ACNS 5.2 to ACNS 5.1 software, remove the SMB URL from the Manifest URL field in the Channel configuration window of the Content Distribution Manager GUI and use a URL with supported protocols (HTTP, FTP, or HTTPS).

Note From an ACNS 5.1 Content Distribution Manager GUI, choose Channels > Channels > Edit Channel.

From an ACNS 5.2 Content Distribution Manager GUI, choose Content > Channels > Edit Channel > Channel Content.

Edit the manifest file by removing content items and crawl tasks that have UNC formatted paths.

Use the acquirer start-channel EXEC command to initiate channel acquisition and verify that the workaround is successful.

CSCee81376

Symptom: The CMS service on the Content Distribution Manager cannot start and fails to create the CMS database backup file.

Condition: This problem can occur if the ACNS network configuration is very large (for example, with 2000 configured Content Engines) and the sysfs partition is 2 GB or less.

Workaround: Create a sysfs partition that is greater than 2 GB.

CSCee90245

Symptom: NTLM authentication occurs even though you disabled it on the Content Engine.

Condition: This problem occurs very rarely. In very rare situations, even though you entered the no ntlm server enable global configuration command to disable NTLM proxy authentication on the Content Engine, NTLM proxy authentication is still not turned off. In such cases, NTLM authentication can still occur, although the output of the show running EXEC command shows that the NTLM server is not enabled on the Content Engine.

Workaround: Enter the no ntlm server enable global configuration command again on the Content Engine.

CSCee92250

Symptom: ICAP-related transaction logs appear only for response modification (RESPMOD) transactions and not for request modification (REQMOD) transactions.

Condition: This problem occurs on all Content Engines which are running ACNS software, Release 5.0 or later, which have the ICAP service and ICAP transaction logging enabled.

Workaround: There is no known workaround.

CSCee92698

Symptom: The ICAP service is enabled on the Content Engine, but the Content Engine is unable to retrieve the content.

Condition: This problem can occur if the Content Engine is running ACNS 5.x software, and you configure two or more ICAP services to subscribe to the same vectoring point (the response modification [RESPMOD] vectoring point).

Workaround: There is no known workaround.

CSCee92917

Symptom: A cleanup of the sysfs partition removes all pre-positioned RealMedia contents from the /local1/real_vod/ directory on the Content Engine.

Condition: This problem occurs if the sysfs partition is saturated because of the population of content in the real_vod directory.

Workaround: There is no known workaround.

CSCef11091

Symptom: The WCCP cache farm (that is, a cluster of Content Engines that are running WCCP) is formed using the assignment method even though you specified the mask-assignment assign-method- strict option when configuring the WCCP service.

Condition: This problem occurs if the WCCP cache farm is associated with Cisco routers instead of switches.

Workaround: There is no known workaround. Mask assignment was only designed for Catalyst 6000 switches, and is not supported by Cisco routers.

CSCef16345

Symptom: The stream scheduler in the edge Content Engine retrieves stale Session Description Protocol (SDP) information from its forwarder and stores it in its local1/cse_live/ucast folder if the encoding is modified through IP/TV Program Manager. All further RTSP requests are served with this stale SDP content.

Condition: This problem occurs if the stream scheduler retrieves stale SDP information from its forwarder because the program has been edited and the encoding changed for a program. This occurs if the Content Distribution Manager notification at the edge Content Engine triggers the stream scheduler before the same occurs at the root Content Engine. Consequently, the edge Content Engine obtains the SDP content from its forwarder, which is valid content at that moment.

Workaround: Reload the Content Engine.

CSCef27174

Symptom: After you reload a parent Content Engine in a live split-tree type environment, its children Content Engines lose their RTSP connections to this parent and do not attempt to reestablish these RTSP connections after the parent comes back up.

Condition: This problem only occurs if the Cisco Streaming Engine is restarted on the parent Content Engine (for example, the Content Engine is reloaded, or you enter a clear statistics EXEC command on the Cisco Streaming Engine).

Workaround: Initiate the live split again by using the Content Distribution Manager GUI to change one of the program's attributes (for example, its description). The change in the program's attribute is sent to the individual Content Engines, and the program is triggered again.

CSCef37606

The Content Engine becomes unresponsive, and it takes a long time for commands to be executed.

Condition: This problem occurs when the load that is running on the Content Engine is almost as high as the maximum permissible load for a Content Engine, and you then enable ICAP (especially with request modification [REQMOD] transactions). This causes the Content Engine to go into an overload state and not recover easily.

Workaround: The load on the Content Engine with ICAP enabled (for the response modification [RESPMOD] transactions) should be kept to 50 percent of the load that it can handle without ICAP.

CSCef37947

Symptom: A URL in the Synchronized Multimedia Inte