Cisco Catalyst G-L3 Series Switches

Table Of Contents

Release Notes for Catalyst 4840G SLB Switch for Cisco IOS Release 12.0(13)WT6(1)

Contents

Introduction

System Requirements

Memory Requirements

Hardware Supported

Determining the Software Version

Feature Set for the Catalyst 4840G SLB Switch

Features Not Supported on the Catalyst 4840G SLB Switch

Limitations and Restrictions

Caveats

Open Caveats in Release 12.0(13)WT6(1)

Resolved Caveats in Release 12.0(13)WT6(1)

Open Caveats in Release 12.0(11.5)WX5(18)

Resolved Caveats in Release 12.0(11.5)WX5(18)

Additional Documentation

Obtaining Documentation

World Wide Web

Documentation CD-ROM

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco.com

Technical Assistance Center

Contacting TAC by Using the Cisco TAC Website

Contacting TAC by Telephone

Release Notes for Catalyst 4840G SLB Switch for Cisco IOS Release 12.0(13)WT6(1)

---

March 8, 2001

This document describes the software features of the current Catalyst 4840G server load balancing (SLB) switch and caveats for Cisco IOS Release 12.0(13)WT6(1).

Contents

This publication includes the following sections:

•Introduction

•System Requirements

•Feature Set for the Catalyst 4840G SLB Switch

•Features Not Supported on the Catalyst 4840G SLB Switch

•Limitations and Restrictions

•Caveats

•Additional Documentation

•Obtaining Documentation

•Obtaining Technical Assistance

Introduction

The Catalyst 4840G SLB switch is a high-performance SLB Layer 3 switch.

SLB and Layer 3 switching refer to a class of high performance switches optimized for a campus LAN or intranet, providing the switch both wire speed Ethernet routing and switching services as well as SLB.

SLB accommodates the increasing number of visitors to and amount of data on your enterprise web servers. These web servers must provide secure and reliable web and application hosting services to your Internet or intranet clients.

The SLB switch redistributes the requests (or hits) from clients evenly among all the servers in a server farm and achieves a balanced load for each server in the farm. In addition, all real servers appear as one virtual server, resulting in the need for only a single IP address and a single URL for an entire server farm.

System Requirements

This section describes the system requirements for the Catalyst 4840G SLB switch for Cisco IOS Release 12.0(13)WT6(1) and includes the following sections:

•Memory Requirements

•Hardware Supported

•Determining the Software Version

Memory Requirements

The standard default memory for the Catalyst 4840G SLB switch is 128 MB of SDRAM and 16 MB of onboard Flash memory. No Flash PC card is installed by default. In a future software release, the SLB switch will be able to accept an optional 8-, 16-, or 20-MB Type II Flash PC card.

Hardware Supported

The Catalyst 4840G SLB switch is a fixed configuration, Layer 3 10/100/1000 Ethernet SLB switch. There are 40 high-density 10/100BASE-T Fast Ethernet and 2 GBIC Gigabit Ethernet ports on this switch.

Determining the Software Version

To determine the version of the Cisco IOS software currently running on the Catalyst 4840G SLB switch, log in to the SLB switch and enter the show version EXEC command.

Feature Set for the Catalyst 4840G SLB Switch

Cisco IOS software is packaged in feature sets or software images that vary according to the platform. Table 1 lists the Cisco IOS software feature set available for the Catalyst 4840G SLB switch for Cisco IOS Release 12.0(13)WT6(1).

Table 1 Feature Set for the Catalyst 4840G SLB Switch for Cisco IOS Release
12.0(13)WT6(1) 

Feature Set
SLB Features
URL Load Balancing
Firewall Load Balancing
Multiple Firewall Load Balancing
HTTP Redirect
Dispatch and Directed mode load balancing
Round-robin and least connections server load balancing algorithms
Sticky connections
Buddy groups
Direct server access
Clients and servers in the same bridged domain as the load balancer
Clients and servers routed to the load balancer
40 Fast Ethernet server connections
2 Gigabit Ethernet client connections
10/100 client support
One million simultaneous connections
122 virtual server addresses
1,024 real server connections
Switch generated HTTP Health checks using HTTP Probe
Dynamic Feedback Protocol (DFP)
State-full redundancy between Catalyst 4840G switches
Hypertext Transfer Protocol (HTTP)
Hypertext Transfer Protocol-Server (HTTP-S)
Persistent TCP connections
Post Office Protocol 3 (POP3)
Simple Mail Transfer Protocol (SMTP)
Internet Message Access Protocol (IMAP)
Remote Access Dial-In User Service (RADIUS)
Domain Name System (DNS)
Network News Transfer Protocol (NNTP)
SLB Features (cont.)
File Transfer Protocol (FTP)
State-full backup
Layer 1 Features
10/100BASE-TX half duplex and full duplex
1000BASE-SX, LX, and long-haul full duplex
1000BASE-ZX extended distance
Layer 2 Bridging Features
Layer 2 transparent bridging
Layer 2 MAC address learning, aging, and switching by hardware
Spanning Tree Protocol (IEEE 802.1D) per bridge group
Support for a maximum of 16 active bridge groups
Up to 4,000 MAC addresses
Integrated routing and bridging (IRB)
24Kb content addressable memory (CAM) shared by Layer 2 entries and IP routing
Virtual LAN (VLAN) Features
Inter-Switch Link (ISL)-based VLAN trunking
802.1Q-based VLAN trunking
Layer 3 Routing, Switching, and Forwarding
IP routing and switching between Ethernet ports
24Kb content addressable memory (CAM) shared by Layer 3 entries and IP routing
Up to 18,000 IP routes
Up to 20,000 IP host entries
Supported Routing Protocols
Routing Information Protocol (RIP and RIP II)
Interior Gateway Routing Protocol (IGRP)
Enhanced Interior Gateway Routing Protocol (EIGRP)
Open Shortest Path First (OSPF)
Secondary addressing
Static routes
Fast EtherChannel Features
Bundling of up to four Fast Ethernet ports
Load sharing based on source and destination IP addresses of unicast packets
Load sharing for bridge traffic based on MAC addresses
ISL
IRB
Fast EtherChannel Features (cont.)
IEEE 802.1Q-based trunking
Up to 10 active Fast Etherchannel (FEC) port channels
Gigabit EtherChannel Features
Bundling the two Gigabit Ethernet ports
Load sharing based on source and destination IP addresses of unicast packets
Load sharing for bridge traffic based on MAC addresses
ISL
IRB
IEEE 802.1Q-based trunking
One active GEC interface channel in one system
Additional Protocols and Features
Bootstrap Protocol (BOOTP)
Cisco Discovery Protocol (CDP) support on Ethernet ports
Cisco Group Management Protocol (CGMP) server support
Dynamic Host Configuration Protocol (DHCP) relay
Hot Standby Routing Protocol (HSRP) over 10/100 Ethernet, Gigabit Ethernet, FEC, GEC, and Bridge Group Virtual Interface (BVI)
Internet Control Message Protocol (ICMP)
Internet Group Management Protocol (IGMP)
IRB routing mode support
Simple Network Management Protocol (SNMP)

Features Not Supported on the Catalyst 4840G SLB Switch

Table 2 lists the features that are not supported on the Catalyst 4840G SLB switch.

Table 2 Cisco 12.0(13)WT6(1) Features Not Supported on the
Catalyst 4840G SLB Switch

Layer 2 source MAC address filtering with standard Access Control Lists (ACLs)

Layer 3 filtering using ACLs: •IP simple ACL •IP extended ACL •TCP ACL based on TCP precedence, TCP port number, TCP ToS, and TCP flags •UDP ACL based on UDP port number •ICMP ACL •IPX standard ACL •Named ACL •IPX extended ACL

UDP turbo flooding

IEEE 802.1Q bridging

Border Gateway Protocol (BGP)

Port-based snooping

DEC spanning tree

IPX routing

AppleTalk 1 and 2 routing

AppleTalk Routing Table Maintenance Protocol (RTMP)

AppleTalk Update-based Routing Protocol (AURP)

Limitations and Restrictions

The following configuration limitations and restrictions apply to the Catalyst 4840G SLB switch:

•Servers should be evenly distributed among interfaces. The Catalyst 4840G SLB switch uses distributed processors for managing the 10/100 Ethernet ports. A set of four numerically adjacent ports (for example, ports 1, 2, 3, and 4) is assigned to each of these distributed processors. Cable servers to the Catalyst 4840G SLB switch are distributed across these sets of processors to maximize the performance capabilities of the switch. For example, if you had 10 servers to load balance, they might be cabled to the 40 ports to maximize performance at ports 1, 5, 9, 13, 17, 21, 25, 29, 33, and 37.

•Non-BVI configurations will have slightly better data throughput than BVI configurations. However, SLB connection setup and takedown performance is unaffected.

•The Catalyst 4840G SLB switch does not support 12V Flash PC cards; only 5V and 3.3V PCMCIA Flash cards are supported.

•URL load balancing does not support DFP.

•URL load balancing does not support backup connections.

•Firewall load balancing does not support TCP session reassignment.

•URL load balancing does not support TCP session reassignment.

•The Catalyst 4840G SLB switch does not support the 24 MB Type II Flash PC card.

•The Catalyst 4840G SLB switch is designed to be a L4-L7 switch, configuring large numbers of L3 routes can affect the L4-L7 performance. To help control the number of routes that can be programmed in the system and limit the amount of system resources used for L3 routing, preset the TCAM size used for L3 routing using the sdm size ip-prefix 2048 command.

Caveats

The following caveats are introduced on the Catalyst 4840G SLB switch with Cisco IOS Release 12.0(13)WT6(1).

Open Caveats in Release 12.0(13)WT6(1)

•If the Catalyst 4840 SLB switch fails it may lose its configuration. (CSCdt23666)

•It is not possible to have ISL or Dot1q encapsulation on the 10/100 ports at the same time as
URL load balancing, FEC, or FES support.

Workaround: To accommodate the different supported features on the 10/100 ports, you need to explicitly specify that the URL load balancing feature is enabled.

To enable URL load balancing, use the ip slb url-enable command.

To verify that URL load balancing is enabled, use the show ip slb enable-url command.

URL load balancing can be used simultaneously with the FEC or FES feature. To configure these features use the ip slb fast-ethernet client command. (CSCds65307)

•You cannot ping a virtual server from the SLB switch on which the server is configured. (CSCdr17118)

•The client network address for the HTTP Probe packets is not translated. If client NAT is configured on a server farm with HTTP Probe configured, the transmitted probe packets still have the SLB switch interface IP address as the source IP address. (CSCdr66428)

•The Catalyst 4840G SLB switch does not show up in the firewall load-balancing traceroute path. This is because TTL is not decremented in this nonrouting mode. The firewall does not do true routing; it load balances based on the route. (CSCdr86526)

•The connection object on slb-cpu (the load-balancing processor board), rather than the connection between client and server, is `stuck ' in the establish state. In other words, the information for these connections in the connection database is not cleaned up.

Workaround: There is a 60-minute timer that will clear this. (CSCdr95844)

•Any packets sent to a virtual server that contains IP options will not load balance. (CSCds10303)

•When the Catalyst 4840G SLB switch is deconfigured and the firewall is configured on the switch, the packets that are targeted to the firewall's IP address will not be load balanced.

Workaround: When the SLB configuration is removed and the firewall configuration added, reboot the switch once to avoid this problem. (CSCds32148)

•When configuring IOS-SLB FWLB with large numbers of firewall farms, reals, and probes, the following messages may be seen:

SLB config failed: unable to start slb

CASA-VS-4-UNEXPECTED: Unexpected error: Slb start called, ptr existed but not pending 
delete

If the Catalyst 4840G SLB switch displays these messages the existing FWLB configuration is not visible and no new FWLB configurations will be accepted.

Workaround: Reload the software on the Catalyst 4840G SLB switch. (CSCdt58536)

•When configuring IOS-SLB probes under heavy traffic the following message may be seen:

SLB config failed - unable to start slb

If the Catalyst 4840G SLB switch displays this message the existing SLB configuration is not visible and no new SLB configurations will be accepted.

Workaround: Reload the software on the Catalyst 4840G SLB switch. (CSCdt61516)

Resolved Caveats in Release 12.0(13)WT6(1)

•Cisco Security Advisory:

Cisco IOS Software TCP Initial Sequence Number Randomization Improvements

Revision 1.0: INTERIM

For Public Release 2001 February 27 20:00 US/Eastern (UTC+0500)

____________________________________________________________________________

Summary

Cisco IOS software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers.

This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminate on the affected Cisco device itself; it does not apply to TCP traffic forwarded through the affected device in transit between two other hosts.

To remove the vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is described in DDTS record CSCds04747.

Workarounds are available that limit or deny successful exploitation of the vulnerability by filtering traffic containing forged IP source addresses at the perimeter of a network or directly on individual devices.

This notice will be posted at http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml. (CSCds04747)

•The CLI allows you to configure unsupported ipx, mls rp, and cos commands. (CSCdp96592)

•The first connection to a real server that is attached to a Catalyst 4840G SLB switch through a BVI interface ordinarily will perform slowly due to incomplete ARP caches. The BVI-related ARP cache entry will time out quickly (every 3 or 4 seconds) unless traffic is flowing to the associated real server. (CSCdr64750)

•If you have SLB DFP connections and then disable IP routing and DFP, the switch will hang. You will then need to reboot. Packets sent to a virtual server that contain IP options will not load balance. (CSCds11720)

Open Caveats in Release 12.0(11.5)WX5(18)

•The CLI allows you to configure unsupported ipx, mls rp, and cos commands. (CSCdp96592)

•You cannot ping a virtual server from the SLB switch on which the server is configured. (CSCdr17118)

•The first connection to a real server that is attached to a Catalyst 4840G SLB switch through a BVI interface ordinarily will perform slowly due to incomplete ARP caches. The BVI-related ARP cache entry will time out quickly (every 3 or 4 seconds) unless traffic is flowing to the associated real server. (CSCdr64750)

•The client network address for the HTTP Probe packets is not translated. If client NAT is configured on a server farm with HTTP Probe configured, the transmitted probe packets still have the SLB switch interface IP address as the source IP address. (CSCdr66428)

•The Catalyst 4840G SLB switch does not show up in the firewall load-balancing traceroute path. This is because TTL is not decremented in this nonrouting mode. The firewall does not do true routing; it load balances based on the route. (CSCdr86526)

•The connection object on slb-cpu (the load-balancing processor board), rather than the connection between client and server, is `stuck ' in the establish state. In other words, the information for these connections in the connection database is not cleaned up.

Workaround: There is a 60-minute timer that will clear this. (CSCdr95844)

•Any packets sent to a virtual server that contain IP options will not load balance. (CSCds10303)

•If you have SLB DFP connections and then disable IP routing (no IP routing) and DFP (no IP SLB DFP), the switch will hang. You will then need to reboot. Packets sent to a virtual server that contains IP options will not load balance. (CSCds11720)

•When the Catalyst 4840G SLB switch is deconfigured and the firewall is configured on the switch, the packets that are targeted to the firewall's IP address will not be load balanced.

Workaround: When the SLB configuration is removed and the firewall configuration added, you need to reboot the switch once to avoid this problem. (CSCds32148)

Resolved Caveats in Release 12.0(11.5)WX5(18)

There are no resolved caveats introduced on the Catalyst 4840G SLB switch for Cisco IOS Release 12.0(11.5)WX5(18).

Additional Documentation

The following documents are available for Catalyst 4000 family switches:

•Catalyst 4000 Family Installation Guide

•Catalyst 4912G Installation Guide

•Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, and
Catalyst 2980 Switches

•Layer 3 Switching Software Configuration Guide - Catalyst 5000 Family, 4000 Family, 2926G Series, and 2948G Switches

•Command Reference—Catalyst 4000 Family, Catalyst 2948G, and Catalyst 2980 Switches

•System Message Guide—Catalyst 6000 Family, Catalyst 5000 Family, Catalyst 4000 Family, 2926G Series, and 2948G Switches

•Troubleshooting Tips—Catalyst 5000 Family, Catalyst 4000 Family, 2926G Series, and 2948G Switches

•For information about MIBs, refer to: http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

Obtaining Documentation

The following sections provide sources for obtaining documentation from Cisco Systems.

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at the following sites:

•http://www.cisco.com

•http://www-china.cisco.com

•http://www-europe.cisco.com

Documentation CD-ROM

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.

Ordering Documentation

Cisco documentation is available in the following ways:

•Registered Cisco Direct Customers can order Cisco Product documentation from the Networking Products MarketPlace:

http://www.cisco.com/public/ordsum.html

•Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:

http://www.cisco.com/go/subscription

•Nonregistered CCO users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, in North America, by calling 800 553-NETS(6387).

Documentation Feedback

If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.

You can e-mail your comments to bug-doc@cisco.com.

To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:

Cisco Systems, Inc.
Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website.

Cisco.com

Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.

Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online technical support, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.

Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.

To access Cisco.com, go to the following website:

http://www.cisco.com

Technical Assistance Center

The Cisco TAC website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.

Contacting TAC by Using the Cisco TAC Website

If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website:

http://www.cisco.com/tac

P3 and P4 level problems are defined as follows:

•P3—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.

•P4—You need information or assistance on Cisco product capabilities, product installation, or basic product configuration.

In each of the above cases, use the Cisco TAC website to quickly find answers to your questions.

To register for Cisco.com, go to the following website:

http://www.cisco.com/register/

If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following website:

http://www.cisco.com/tac/caseopen

Contacting TAC by Telephone

If you have a priority level 1(P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following website:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

P1 and P2 level problems are defined as follows:

•P1—Your production network is down, causing a critical impact to business operations if service is not restored quickly. No workaround is available.

•P2—Your production network is severely degraded, affecting significant aspects of your business operations. No workaround is available.

This document is to be used in conjunction with the Software Configuration Guide and the Command Reference publications for your switch.

AccessPath, AtmDirector, Browse with Me, CCDA, CCDE, CCDP, CCIE, CCNA, CCNP, CCSI, CD-PAC, CiscoLink, the Cisco NetWorks logo, the Cisco Powered Network logo, Cisco Systems Networking Academy, the Cisco Systems Networking Academy logo, Fast Step, Follow Me Browsing, FormShare, FrameShare, GigaStack, IGX, Internet Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ FastTrack, the iQ Logo, iQ Net Readiness Scorecard, MGX, the Networkers logo, Packet, PIX, RateMUX, ScriptBuilder, ScriptShare, SlideCast, SMARTnet, TransPath, Unity, Voice LAN, Wavelength Router, and WebViewer are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Discover All That's Possible, and Empowering the Internet Generation, are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastSwitch, IOS, IP/TV, LightStream, MICA, Network Registrar, Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. or its affiliates in the U.S. and certain other countries.

All other brands, names, or trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0102R)

Copyright © 1999-2001, Cisco Systems, Inc.
All rights reserved. Printed in USA.