Release Note for the Cisco Global Site Selector, Release 3.2(0.1.4)

Table of Contents

Release Note for the Cisco Global Site Selector, Release 3.2 (0.1.4)

Contents

Upgrading or Downgrading the GSS Software

Operating Considerations for Software Version 3.2(0)

Software Version 3.2 (0.1.4) Resolved and Open Caveats

Resolved Caveats for Software Version 3.2 (0.1.4)

Open Caveats for Software Version 3.2 (0.1.4)

Obtaining Documentation and Submitting a Service Request

Release Note for the Cisco Global Site Selector, Release 3.2 (0.1.4)

---

November 8, 2014

---

Note The most current Cisco documentation for released products is available on Cisco.com. For the complete set of Cisco Global Site Selector user documentation, go to the following URL:
http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_support_series_home.html

---

Contents

This release note applies to software version 3.2 (0.1.4) for the Cisco Global Site Selector (GSS).

This document contains the following sections:

• Upgrading or Downgrading the GSS Software
• Operating Considerations for Software Version 3.2(0)
• Software Version 3.2 (0.1.4) Resolved and Open Caveats
• Obtaining Documentation and Submitting a Service Request

Upgrading or Downgrading the GSS Software

Table 1 provides information about the upgrade sequence for previous software versions before you upgrade to version 3.2(0).

 

Table 1 GSS Software Upgrade Sequence for 3.2(0)

From version . . .	To version . . .
1.0(x) or 1.1 (prior to 1.1.(1.7.0))	1.1.(1.7.0)
1.1.(1.7.0)	1.2.(2.2.0)
1.2 (x) where x = 1 or 2	1.3(3)
1.3(3)	3.1(2)
2.0(1)	3.2(0)
2.0(2)
2.0(3)
2.0(4)
2.0(5)
3.0(1)
3.0(2)
3.1(0)
3.1(1)
3.1(2)

The Cisco Global Site Selector Administration Guide (Software Version 3.1(1)) contains the required information to upgrade your GSS software.

---

Note The Cisco Global Site Selector Administration Guide (Software Version 3.1(1)) does not include specific information related to software version 3.2(0); however, the software upgrade and downgrade information that the guide contains can be applied to software version 3.2(0).

---

See Appendix A, “Performing GSS Software Upgrades and Downgrades” in the guide for information about the following topics:

• Understanding Cisco-supported hardware and software compatibility for the GSS.
• Understanding the software upgrade sequence to upgrade to either 3.1(0) or 3.1(1). A new feature of software version 3.1(1) is the ability to upgrade directly to this software version from version 1.3(3) or greater.
• Preparing the GSS for a software upgrade.
• Installing a new software image.
• Preparing to downgrade.
• Downgrading software versions on GSS devices.

Operating Considerations for Software Version 3.2(0)

The operating considerations for software version 3.1(x) and later are as follows:

• Cisco LocalDirector does not reply properly to TCP keepalives sent on port 23 from a GSS device. To correct this behavior, specify a different keepalive method with LocalDirector or directly probe the servers located behind LocalDirector. Refer to the LocalDirector documentation for more information.
• The GSS model 4480 cannot support all of the version 3.1(x) or later software functionality when it is operating as the primary GSSM; therefore, you cannot use this combination of hardware and software platforms as a primary or standby GSSM. Because the GSS 4480 is approaching its end-of-life target date, you must contact your Cisco representative regarding a hardware upgrade.

 

Software Version 3.2 (0.1.4) Resolved and Open Caveats

The following sections contain the resolved and open caveats for software version 3.2 (0.1.4):

• Resolved Caveats for Software Version 3.2 (0.1.4)
• Open Caveats for Software Version 3.2 (0.1.4)

Resolved Caveats for Software Version 3.2 (0.1.4)

This section lists the resolved caveats for software version 3.2 (0.1.4):

• CSCts43873 — GSS fails to respond to DNS queries with Sticky enabled
• CSCtr84553 — Proximity fails sometimes when deleted PDB
• CSCur02747 — GSS - CVE-2014-7169 & CVE-2014-6271

Open Caveats for Software Version 3.2 (0.1.4)

This section lists the open caveats for software version 3.2 (0.1.4):

• CSCur28817 — GSS: evaluation of SSLv3 POODLE vulnerability (CVE-2014-3566). Though GSS is vulnerable to SSLv3 protocol theoretically, GSS GUI is not compromised with any security levels as HTTPs cookies doesn't reveal much useful information and MIMA is least possible over the management interface. The Curl (client) which is used for the https keepalive probe, is set with TLSv1 as default.

Workaround: Make sure client connects GSS using TLS, external filter can block the SSLv3 Handshake Protocol.

• CSCur31385 — GSS - CVE-2014-6277. As per REDHAT, after integrating SHELLSHOCK Patches, this CVE is not treated as a vulnerability issue, instead these are treated as a normal BASH defect.

Workaround : None

• CSCtc76185 — When using the CLI to manage the GSS, on rare occasions the answer suspend functions does not work.
  Workaround: Use the GSS GUI to suspend the answer.
• CSCte43718 —When an answer group change is being made on the GSS GUI, GSS is seeing dnsserver cores, which can be traced back to the change. This issues is not seen with 4492 GSS devices.
  Workaround: None.
• CSCtf78828 —GSS uses a variable “numInUse” to track number of answers available to return to the D-proxy based on keepalive checks. When a CSM real bounces in and out of service, a failure can occur that results in the GSS not returning the valid online CSM answer. In a round robin rule, the GSS will not hand out the CSM answer even though the answer is online. This issues is not seen with 4492 GSS devices.
  Workaround: None.
• CSCtg97066 —When the GSS is integrated with TACACS+ and the user is accessing the GSS GUI, on rare occasions the Tomcat process restarts and generates a core.
  Workaround: None.
• CSCtj86311 —When an HTTP-HEAD KAL response from a VIP is delayed (because FW drops first 3 SYNs), the GSS mis-handles the TCP session and marks the KAL as failed.
  Workaround: None.
• CSCtk56123 —When sticky and proximity are enabled on GSS and under the DNS rule, “Wait” is enabled, the GSS stops serving answers (DNS request timeout on the client end) for some clients.
  Workaround: Disable sticky or proximity, or disable the “Wait”.
• CSCtl11705 —The GSS is unresponsive; no response from console, GUI, or SSH and DNS requests also go unanswered.
  Workaround: Reboot the GSS to recover.
• CSCtz88393—In GSS 3.x and earlier versions, if an AAAA query hits the GSS box and if the NS Forward DNS clause is selected, the AAAA queries will not be forwarded to the corresponding Name Server. Instead, an NOERROR will be returned by GSS.

Workaround: None

 

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)