 Feedback
|
Table Of Contents
Release Notes for Cisco ACNS Software, Release 5.1.15
New CLI Command to Change the TCP Memory Limit
Media File System Issues When Downgrading to the ACNS 5.0 Software
Websense Issues When Downgrading to the ACNS 5.0 Software or the ACNS 5.1 Software
Open Caveats - ACNS 5.1.15 Software
Open ACNS-IP/TV 5.1.15 Software Integration Caveats
Other Open ACNS 5.1.15 Software Caveats
Resolved Caveats - ACNS 5.1.15 Software
Acquisition and Distribution Resolved Caveats
Media and Streaming Resolved Caveats
Proxy and Caching Resolved Caveats
New Ability to Change the TCP Memory Limit in the ACNS 5.1.15 Software Release
Configuring URL-Based Monitoring
TACACS+ Enable Password Attribute
Configuration Requirements for Managed Live Events
Multicast Sender Interoperability
Restrictions Regarding Native FTP Caching in ACNS 5.1 and 5.1.x Software
FTP Caching Support in the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1
FTP Caching Support in the Cisco ACNS Software Command Reference, Release 5.1 Publication
Group-Type Patterns in Rule Pattern Lists
SmartFilter Software and the rule action no-auth Command Rule Interaction
Bandwidth Configuration for Interfaces and Content Services
Default Port of the Content Engine GUI
Playing Nonhinted IP/TV On-Demand Programs over an ACNS Network
Restriction on IP/TV Program Manager Configuration
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Release Notes for Cisco ACNS Software, Release 5.1.15
August 4, 2005
ACNS Build 5.1.15b5
Note
The most current Cisco documentation for released products is available at Cisco.com at http://www.cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were printed.
Contents
These release notes contain information about the Cisco Application and Content Networking System (ACNS) 5.1.15 software. These release notes describe the following topics:
•
•
•
Introduction
The ACNS software combines the technologies of demand-pull caching and pre-positioning for accelerated delivery of web applications, objects, files, and streaming media; the ACNS software runs on Cisco Content Engines, Content Distribution Manager, and Content Router hardware platforms.
These release notes are intended for administrators who will be configuring, monitoring, and managing devices that are running the ACNS 5.1.15 software. These release notes describe the open and resolved caveats regarding the ACNS 5.1.15 software.
New and Changed Information
This section describes new and changed features in the ACNS 5.1.15 software. It also lists the supported hardware:
•
New CLI Command to Change the TCP Memory Limit
In the ACNS 5.1.15 software release, the ability to change the TCP memory limit on a Content Engine was added. To support this new feature, the tcp memory-limit global configuration command was added.
Note
To display the currently configured values for the TCP memory limit, enter the show tcp EXEC command.
Hardware Supported
The ACNS 5.1.15 software supports the same hardware platforms that were supported in the ACNS 5.1, 5.1.3, 5.1.5, 5.1.7, 5.1.9, 5.1.11, and 5.1.13 software releases. The following hardware platforms are supported:
Important Notes
This section emphasizes important information regarding the ACNS 5.1.15 software release:
•
•
Media File System Issues When Downgrading to the ACNS 5.0 Software
If you have configured the media file system (mediafs) with the ACNS 5.1 software and later releases, and then downgrade to the ACNS 5.0 software, the mediafs disk space assignment is lost and it reverts to ACNS network file system (cdnfs) disk space. (The mediafs is used for on-demand content that is fetched through the two streaming protocols [RTSP and WMT]. The cdnfs is used for pre-positioned content in the ACNS network.)
This situation occurs because of a design change that was implemented in the ACNS 5.1 software release. Because the ACNS 5.0 software release is not compatible with this change, the disk space becomes assigned to cdnfs instead of mediafs. To work around this problem, follow these steps:
1.
Use the Content Distribution Manager GUI for Content Engines that are registered with a Content Distribution Manager. Use the Content Engine GUI for standalone Content Engines (that is, Content Engines that are not registered with a Content Distribution Manager and are being managed through the Content Engine GUI or CLI).
2.
Websense Issues When Downgrading to the ACNS 5.0 Software or the ACNS 5.1 Software
If the local (internal) Websense server is enabled on the Content Engine and you downgrade from the the ACNS 5.2.x software to either the ACNS 5.0 software or the ACNS 5.1 software, the WebsenseEnterprise directory is removed from the Content Engine and the local Websense server stops working. Note that the ACNS 5.2.x software does not generate an error message indicating that the WebsenseEnterprise directory has been removed.
To avoid this problem when downgrading from the ACNS 5.2.x software to either the ACNS 5.1 software or the ACNS 5.0 software, follow these steps:
1.
2.
3.
Caveats
This section lists and describes the open and resolved caveats in the ACNS 5.1.15 software release. Caveats describe unexpected behavior in the ACNS 5.1.15 software. Severity 1 caveats are the most serious; Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats.
Open Caveats - ACNS 5.1.15 Software
This section lists caveats that have not been resolved in the ACNS 5.1.15 software release. The open caveats are grouped into two categories:
•
•
Open ACNS-IP/TV 5.1.15 Software Integration Caveats
This section lists and describes caveats that are open in the ACNS 5.1.15 software release and are related to ACNS-IP/TV software integration:
•
Symptom: Requests for on-demand programs from clients in an ACNS network are sent to IP/TV Program Manager. IP/TV Program Manager treats these requests as standalone IP/TV on-demand program requests and directs them to the IP/TV Broadcast Server that can serve the request. This situation causes bandwidth issues and affects the functioning of IP/TV Server.
Condition: This problem occurs when IP/TV has been integrated in an ACNS network. It occurs when requests for on-demand programs that are exported to the ACNS network reach IP/TV Program Manager instead of being routed to the Content Engine that has the programs. This problem is related to a routing failure or a routing error.
Workaround: Configure routing correctly in ACNS networks so that on-demand requests are directed to the nearest Content Engine that is capable of serving the program. Alternatively, you can change the proximity settings in IP/TV Program Manager so that it does not redirect the on-demand program requests to IP/TV Broadcast Servers. However, the second approach can also affect the serving of standalone on-demand programs.
•
Symptom: When you are upgrading IP/TV Version 3.5 to Version 5.1, the functionality of the IP/TV Archive Server is replaced by Content Engines in the ACNS network. The Content Engines need to have the content present on a broadcast server but broadcast servers often have limited disk space.
Condition: This problem is only applicable if you are planning to upgrade from IP/TV Version 3.5 to Version 5.1 software, which will require that you use broadcast servers that have limited disk space.
Workaround: Import this data into your ACNS network by moving the media to a web server (origin server), and then creating a manifest file and an associated channel.
•
Symptom: For ACNS-based IP/TV scheduled programs that use live-split-only content delivery mode, IP/TV Program Manager allocates multicast addresses to individual streams that are never used along the content delivery path.
Condition: The problem is observed with live-split-only programs.
Workaround: There is no known workaround.
Other Open ACNS 5.1.15 Software Caveats
This section lists and describes caveats that are open in the ACNS 5.1.15 software release and are not related to ACNS-IP/TV software integration:
•
Symptom: Content cannot be acquired using strong authentication from secure origin servers that use certificates from nonstandard certificate authorities (CAs). If strong authentication was chosen for content acquisitions from such a site, the acquirer error statistics will contain a 401 (Unauthorized) error code, and the acquirer error log contains the following error message:
Strong Cert Authentication rejects certificate due to error: ssl error codeCondition: This problem occurs if the origin server uses a certificate that is not known as a standard certificate to the ACNS acquirer. For content acquisition from secure sites over HTTPS using strong authentication, only sites with certificates from standard certificate authorities are supported.
Note
Workaround: Use one of these workarounds:
–
–
•
Symptom: When a Content Engine model CE-565 is attached to a Storage Array SA-7 device, if too large a cache file system (cfs) partition is configured, and a combined streaming and caching workload is used, then a lower HTTP performance is observed.
Condition: This problem occurs when the CE-565 has Windows Media Technologies (WMT) enabled; a combined streaming and caching workload is used, and the Content Engine is attached to an SA-7 device.
Note
Workaround: Allocate less space to the cfs if a Storage Array is attached to the Content Engine.
•
Symptom: Windows Media Technologies (WMT) is enabled with no media file system (mediafs) after you downgrade from the ACNS 5.1b300 software to the ACNS 5.0.7b8 software.
Condition: This problem occurs if you upgrade from the ACNS 5.0.7b8 to the ACNS 5.1bx software, configure the disk, and then downgrade to the ACNS 5.0.7b4 software.
Workaround: Reconfigure the disk with a mediafs partition and reload the software.
•
Symptom: Using FTP inside the .meta file to have the Content Engine obtain the .bin file for a Content Distribution Manager GUI-initiated upgrade is unsuccessful if the user's home directory differs from the FTP root.
Condition: This problem occurs in either of the following situations:
–
–
Workaround: Copy the .bin file to both the FTP root and the user's home directory, or use a user whose home directory is the FTP root.
•
Symptom: The following error is reported when the ceApiServlet is called:
type Exception reportmessagedescription The server encountered an internal error () that prevented it fromfulfilling this request.exceptionjava.lang.NullPointerExceptionCondition: This problem occurs if the Content Engine does not have an explicit management IP address configured.
Workaround: Configure a management IP address for the Content Engine's Activation page.
•
Symptom: If you edit a file-based scheduled program and the Quality of Service (QoS) feature is configured, the revised program retains the QoS configuration even if you disable the QoS feature.
Condition: This problem occurs only with file-based scheduled programs; it does not occur with live programs.
Workaround: The only known workaround is re-creation. To remove the QoS configuration, delete the program and then re-create the program without configuring the QoS feature.
•
Symptom: The API program is created with multicast settings, with no multicast address ports specified within the program file. The program address pool is configured, including the pool TTL.
Condition: This problem occurs if the program multicast TTL is set to 255 instead of the address pool TTL value.
Workaround: Set the required TTL value within the program file.
•
Symptom: A constant stream of bandwidth error messages (one about every 2 seconds) is reported in the syslog. As the following sample messages indicate, these messages are not very useful.
Feb 11 13:24:26 webcache01 bandwd: %CE-BANDWD-3-115002: BANDWD: Trying again in two secondsFeb 11 13:24:28 webcache01 bandwd: %CE-BANDWD-3-115003: BANDWD: verification registration failed, err=30Condition: None.
Workaround: There is no known workaround.
•
Symptom: The Content Engine stops spoofing the client IP address and uses its own IP address to fetch content from the origin server.
Condition: The http l4-switch spoof-client-ip enable global configuration command turns on IP spoofing on a Content Engine that is functioning as a caching engine. When a rule action user-server global configuration command is used, the Content Engine stops spoofing the client IP address and instead uses its own IP address to fetch the content.
Workaround: There is no known workaround.
•
Symptom: The network management system (NMS) host does not know where SNMP traps are coming from.
Condition: This problem occurs if there are two interfaces and you configure interface redundancy using both interfaces. You must use a dummy address for the physical addresses. You then configure a real address that floats between the two interfaces. If you then configure SNMP traps, the traps are being sourced from the dummy address and not the routable address. Therefore, the NMS host does not know where the trap is coming from.
Workaround: There is no known workaround.
•
Symptom: You experience problems when trying to add rules that have the pipe character (|).
Condition: You cannot add rules that contain the pipe character (|).
Workaround: To achieve the OR functionality, add multiple rules that do not contain the pipe character (|).
•
Symptom: The cache process restarts when the ICAP feature is enabled.
Condition: The problem occurs if the ICAP functionality is in an unstable state.
Workaround: Reboot the Content Engine to restart the ICAP daemon and bring it back to its normal state.
•
Symptom: Syslog messages contain the following text:
uns-server: %CE-CDNFS-0-480000: uns_read_meta: WOW! url mismatch: wanted '<URL>', swaw '^C'Condition: This problem occurs because of an apparent file system corruption; the cdnfs metadata files have the wrong content (the content is internally consistent but in the wrong file). This problem happens infrequently. For example, in this case, cdnfs content was being updated and a crash occurred because of a kernel panic (which occurs infrequently).
Workaround: Although there is no known workaround to stop the syslog messages shown above, lookups for the target URL listed in the syslog message may succeed if the ACNS software has created a new cdnfs entry for the target URL.
A way to test this is to use the cdnfs lookup url EXEC command and see if the URL is found. If the URL is not found, a way to force it to be replicated is to modify the file on the origin server (for example, by using the touch command on a UNIX-based origin server).
Alternatively, you can enter the acquisition-distribution database-cleanup start command on the affected Content Engine to query the cdnfs for all the objects that are supposed to be on the Content Engine. Missing objects should be detected and replicated.
•
Symptom: Proxy requests to the Content Engine proceed to allow mode (if allow mode is enabled) or are blocked (if allow mode is disabled) when the Websense URL filtering mechanism is configured to use the local Websense server.
Because the connections from the Content Engine to the Websense server time out, all requests go to allow mode until all 40 connections are exhausted. (This situation makes it appear as if the Websense server is not responding.) After all 40 connections are attempted, the Content Engine successfully connects to the Websense server and works properly thereafter.
Conditions: This problem can occur under the following conditions:
•
•
•
•
Workaround: Reconfigure Websense URL filtering on the Content Engine so that the Content Engine will attempt to establish new connections to the Websense server.
•
Symptom: The current connection request to a URL remains up and the Content Engine tries to obtain the data until the server read/write timeout occurs. Subsequent requests to the same URL also remain up until the server read/write timeout for the first request occurs.
Conditions: This problem can occur if the primary outgoing HTTP proxy server fails and a request is issued to a URL that is serviced by this proxy server. Even though the show http proxy EXEC command shows the primary outgoing proxy as "failed," the Content Engine sends subsequent requests to the same URL instead of redirecting these requests to a standby outgoing HTTP proxy server.
Workaround: There is no known workaround.
•
Symptom: It is not possible to access a portion of a pre-positioned file from a rewritten URL.
Condition: This problem occurs because the URL rewrite/redirect needs to be processed first.
Workaround: Use the URL preload feature instead of the Content Distribution Manager pre-positioning feature.
•
Symptom: A live stream does not recover after being interrupted.
Condition: This problem occurs if the live stream is a Cisco Streaming Engine live-split program and the program is interrupted after playback has been started.
Workaround: Restart the Cisco Streaming Engine on all of the Content Engines (starting with the root Content Engine and continuing down through the split hierarchy of Content Engines).
•
Symptom: The client receives an unexpected 400 bad request HTTP response from the origin server when the request is going through a Content Engine.
Condition: This problem can occur if the client sends an unnecessary carriage-return and line feed (\r\n) in between the end of one request and the beginning of another request. These extra characters have been seen using the following version of the browser:
Internet Explorer
Version: 6.0.2800.1106.xpsp2.040919-1003
Cipher Strength: 128-bit
Update Versions:; SP1; Q832894; Q837009; Q831167; Q823353; Q871260;
Workaround: Disable persistent connections on the client side by entering one of the following configuration mode commands:
–
–
•
Symptom: Websense is not running properly. After you perform an upgrade of the ACNS software on the Content Engine, the config.xml file is corrupted. The output of the show websense and show running EXEC commands can display contradictory information.
Condition: This problem can occur if you upgrade the Content Engine from the ACNS 5.1.9 software release to the ACNS 5.1.13 software and later releases.
Workaround: After you complete the ACNS software upgrade, reinstall the Websense components on the Content Engine.
•
Symptom: The Content Engine does not export the transaction logs when the transaction log export feature is enabled.
Condition: This problem only occurs if there are Cisco Streaming Engine log files in the /local1/logs/cisco-streaming-engine directory.
Workaround: To work around this problem, follow these steps:
a.
ContentEngine(config)# no rtsp server cisco-streaming-engine enableb.
c.
ContentEngine# cd /local1/logs/cisco-streaming-engineContentEngine# delfile cseaccess*ContentEngine# delfile ftp_export.statusd.
ContentEngine(config)# no transaction-logs export enableContentEngine(config)# transaction-logs export enableOn the next schedule export, any file that has been archived but not yet exported will be exported. To perform an export prior to the next scheduled export time (to force an export that is referred to as an on-demand export), enter the transaction-logs force export EXEC command.
•
Symptom: Windows Media players experience problems when playing WMT content after you have performed an upgrade of the ACNS software. The player only plays the streams for a few minutes and then the connection is lost.
Condition: This problem only occurs if the clients are using Windows Media Player 6.4, and you have upgraded the Content Engine from the ACNS 4.2 software to the ACNS 5.1.11 software and later releases.
Workaround: Change the client to have a buffer of 10 seconds instead of 5 seconds.
•
Symptom: When you click links from the table of contents or the index of the ACNS Content Distribution Manager online help, the links open in the same pane, that is, the left pane, which contains the table of contents and the index, instead of opening in the right pane, which contains the help topics.
Condition: This problem occurs after you install Microsoft security update MS05-026. This security patch disables cross-frame navigation features that are based on HTML Help ActiveX control (HHCTRL).
Workaround: To reenable cross-frame navigation features that are based on HHCTRL, modify your Windows registry as explained in Microsoft Knowledge Base article 896905, which is available at this URL:
http://support.microsoft.com/kb/896905/
•
Symptom: Websense Manager cannot connect to the local Websense server (the Websense server runs as a separate process on the Content Engine instead of running on a separate system).
Condition: This problem occurs if an external IP address is used from the Websense Manager to connect to the local Websense server (Version 5.0.1) that is running on the Content Engine.
Workaround: There is no known workaround.
•
Symptom: The Websense policy server and user server generate core files.
Condition: This problem occurs when the Websense server is running on the ACNS 5.1.x software with a version of the Websense Manager that is earlier than Version 5.0.1 build 20030722. This problem does not exist when the Websense server is running on the ACNS 5.0.3 software.
Workaround: Download Websense Manager Version 5.0.1 build 20030722.
•
Symptom: If there is a WCCP transparent proxy between the ACNS network root Content Engine and the content origin server, and the proxy requires Microsoft NT LAN Manager (NTLM) authentication, then the ACNS network acquirer may fail to acquire content in the following scenario:
1.
2.
3.
Condition: This problem occurs with the ACNS 5.1.x software.
Workaround: Restart the acquirer through the acquisition-distribution stop and acquisition-distribution start commands.
•
Symptom: In the ACNS 4.2 software, rules are configured only for HTTP and not for streaming protocols. If a Content Engine that is configured with rules and is running the ACNS 4.2 software is upgraded to the ACNS 5.1.x software, then these rules are configured with the protocol type "all."
Condition: This problem occurs when the software is upgraded to the ACNS 5.1.x software from the ACNS 4.2 software.
Workaround: If you do not want the rule to be applied for some of the rule actions, you can change the rule configuration as required.
•
Symptom: An FTP client application stops receiving data for a data transfer operation such as a directory listing (ls) or file transfer (GET). The same symptom can occur for FTP-over-HTTP data transfers from the FTP server to the Content Engine.
Condition: For FTP client applications, the Content Engine must be using the FTP proxy through WCCP redirection, configured for following the FTP client's mode for establishing a data connection. The FTP client application must have also been set to use active mode to the FTP server.
ContentEngine(config)# wccp ftp router-list-num numberContentEngine(config)# wccp version 2ContentEngine(config)# ftp proxy active-mode enableFor FTP-over-HTTP data transfers, the Content Engine must be configured for an FTP incoming proxy and configured to use active mode to the FTP server. The client browser must be configured to use the Content Engine FTP proxy for FTP URLs.
ContentEngine(config)# ftp proxy incoming portContentEngine(config)# ftp proxy active-mode enableThe symptoms can occur with the configurations described above and when the FTP server starts sending data packets that are received out of order by the Content Engine before the Content Engine sends the TCP connection establishment SYN-ACK packet to the FTP server.
Workaround: Remove the Content Engine active mode configuration by entering the following configuration command:
ContentEngine(config)# no ftp proxy active-mode enableWhen this symptom occurs on an FTP client application, press Ctrl-C simultaneously to stop the partial data transfer operation.
When this symptom occurs on a browser configured for FTP-over-HTTP, click the STOP button to stop the partial data transfer operation.
•
Symptom: In the ACNS 5.0 software, only "AND" is allowed between the group of patterns with the same pattern list number. When you downgrade from the ACNS 5.1 software to the ACNS 5.0 software, the ORing of patterns configuration is not supported and is converted to ANDing of patterns as follows:
–
rule action block pattern-list 3 protocol httprule pattern-list 3 url-regex senrule pattern-list 3 domain ciscoIn the ACNS 5.1 software, the default behavior is ORing of patterns.
–
rule action block pattern-list 3 protocol httprule pattern-list 3 url-regex senrule pattern-list 3 domain ciscoIn the ACNS 5.0 software, the only behavior is ANDing of patterns.
Condition: The problem occurs when the configuration on the Content Engine has many pattern lists that are configured (ORed together) in the ACNS 5.1 software and the Content Engine is downgraded to the ACNS 5.0 software. Then only the first pattern-list configuration is used.
Workaround: There is no known workaround.
•
Symptom: After a Content Engine is downgraded from the ACNS 5.1 software to the ACNS 4.2 software, some patterns in the pattern list are lost as follows:
–
rule action block pattern-list 3 protocol httprule pattern-list 3 url-regex senrule pattern-list 3 domain cisco–
rule block url-regex senCondition: This problem occurs when the configuration on the Content Engine has many pattern lists that are configured (ORed together) in the ACNS 5.1 software, and the Content Engine is downgraded to the ACNS 4.2 software. Then only the first pattern-list configuration is used. All other pattern lists are lost.
Workaround: There is no known workaround.
•
Symptom: When a rule with the redirect action is configured with a URL of 0 and with a matching pattern, the cache process crashes if the request matches the pattern.
Condition: This problem occurs when you configure a numeric value of 0 for the redirected URL (for example, if www.yahoo.com is redirected to 0). If you want the Content Engine to redirect URL x to URL y, then you can configure the rule redirect action. While doing so, you must configure URL x and URL y.
Workaround: There is no known workaround.
•
Symptom: When MPEG-2 is specified as the preferred format in a channel, the programs cannot be created in that channel.
Condition: This problem occurs only if MPEG-2 is the preferred format.
Workaround: When MPEG-2 is chosen as the preferred format for a channel-based program, the default bandwidth is set to 1150 (the default for non-MPEG-2 programs). The default bandwidth for MPEG-2-based programs should be 2000 for MPEG-2 half duplex, and 3000 for MPEG-2 full duplex. Manually set the bandwidth while creating the program as follows:
–
–
•
Symptom: If Quality of Service (QoS) for MP2T audio-only programs is set, QoS parameters are not included in the Session Description Protocol (SDP) information for the program. Consequently, the MP2T stream is streamed without the intended QoS characteristics.
Condition: The problem is observed with MP2T audio-only programs and when the audio QoS option is specified.
Workaround: There is no known workaround.
•
Symptom: The manifest validator fails to fetch the XML file if the source is authenticated.
Condition: This problem occurs only if the file is located at an authenticated location.
Workaround: Put a copy of the manifest file in a nonauthenticated location to use the manifest validator.
Resolved Caveats - ACNS 5.1.15 Software
This section lists the caveats that have been resolved in the ACNS 5.1.15 software release. The resolved caveats are grouped into the following categories:
•
•
•
Acquisition and Distribution Resolved Caveats
•
With pre-positioned content, Content Engines can occasionally return incomplete objects with an HTTP/500 "Internal Server Error" error message.
•
If there is an error in the coverage zone file, the file is fetched from the origin server regardless of whether the file has changed.
DNS Resolved Caveats
•
In a forward proxy setup, the output of the show statistics dns EXEC command shows two DNS lookups for each HTTP request.
ICAP Resolved Caveats
•
When the Content Engine is operating in proxy mode and the ICAP service is enabled on it, RealPlayer cannot properly handle RTSP-over-HTTP requests.
Media and Streaming Resolved Caveats
•
When content routing is used as the redirection method for pre-positioned WMT content, the content might be played back continuously twice instead of once for the end user. This problem can occur when content routing is being used and the pre-positioned WMT content is being served by the Windows Media server on the Content Engine.
•
RTSP requests are failing when the RTSP gateway, which is running on the Content Engine, is used. This problem occurs when a request is using non-standard RTSP ports, which are not allowed through the firewall (the RTSP gateway is not properly handling the switch from RTSP to RTSP-over-HTTP).
•
The show statistics wmt streamstat EXEC command can show an incorrect incoming bandwidth counter if the Content Engine is under a heavy load and is running the ACNS 5.1.11 software and later releases. This problem was fixed in the ACNS 5.1.15 software release.
•
Windows Media clients go into a buffering state when watching a live stream. This problem can occur if the clients are accessing the stream through Content Engines that are running the ACNS 5.1.x software, and if the Windows Media server version 9.0 is the final origin server for the stream. This problem was fixed in the ACNS 5.1.15 software release.
•
Windows Media Technologies (WMT) fails to route around the primary source stream Content Engine after a failover occurs. This problem only occurs when the primary Content Engine fails prior to any connection to it. Connectivity is only restored after the primary Content Engine is recovered.
•
In the case of WMT live using content routing, the HTTP failover URL does not work. In the case of a WMT live using content routing, after the initial communication between the client and the Content Router, the client is redirected to the Content Engine. When the Content Engine receives this request, it sends back an .asx file with two URLs in it. One is an MMS URL and the other is an HTTP URL. In the case of WMT live, this HTTP URL is not valid. If the client fails over to this URL if the MMS fails, the stream will not be served by the Content Engine. This problem was fixed in the ACNS 5.1.15 software release.
•
Windows Media player files are not being downloaded properly. This problem can occur if you have entered the wmt disallowed-client-protocols http global configuration command on the Content Engine and the Content Engine is rebooted.
•
The media player goes into a buffering state for managed live programs that are created with a broadcast publishing point as the source. This problem occurs with files that contain a large number of script events, which are used as the source for creating the publishing point in a Windows Media server.
Proxy and Caching Resolved Caveats
•
FTP-over-HTTP fails for certain URLs. This problem can occur when a CWD command (an FTP command) to a directory in the path component of that URL fails but the actual file can be retrieved using the RETR fullpathname command.
•
Even though you have configured the rule to use the x-forwarded-for header, SmartFilter IP-based filtering does not work. This problem occurs if the clients (the end users who are requesting content) are behind the downstream proxy, and filtering is being performed at the upstream proxy.
•
When Content Engines enter or exit a WCCP cache farm, this event can result in inconsistent views of bucket ownership on the Content Engines. In this situation, the clients of HTTP or streaming services may see broken pages or broken connections.
•
File transfers of large files fail and connection reset error messages are generated. This problem occurs with HTTP, native FTP, and FTP-over-HTTP proxies (Content Engines) that are running the ACNS 5.1.x software. This problem was fixed in the ACNS 5.1.15 software release.
•
The Content Engine forwards a request from an HTTP 1.0 client and also sends the server an Expect: 100-Continue header, which is invalid for an HTTP 1.0 request. In the ACNS 5.1.15 software release, the Content Engine forwards the request from the HTTP 1.0 client but does not send the server the invalid Expect: 100-Continue header.
•
A web application does not work through the Content Engine. This problem can occur if authentication is enabled on the Content Engine that is returning an HTTP 1.0 response (the 407 Proxy Authentication Required message is sent as an HTTP 1.0 response). Because the web application will only accept HTTP 1.1 responses, it kills the session.
•
If the connection from the Content Engine to the origin server is reset by the server, the Content Engine might retry the request by opening another connection without any confirmation interaction with the original client. This problem can cause the server to process duplicate requests.
•
When the Content Engine is being used as a proxy for FTP (FTP-over-HTTP), an FTP-over-HTTP request fails because the FTP reply is too long (the reply to one of the CWD commands when going to a specific URL is greater than 4096 bytes).
•
The internal Websense server on the Content Engine is not responding to a block page message. This problem can occur if certain clients do not behave properly and fail to send the requested data back to the Websense block page server. The block page server is not timing out these requests, reaches a limit, and then stops responding.
•
Every two seconds, syslog messages such as the following, are being continuously generated:
Jan 16 01:37:02 CE7325-CE1 bandwd: %CE-BANDWD-3-115003: BANDWD: verification registration failed, err=30Jan 16 01:37:02 CE7325-CE1 bandwd: %CE-BANDWD-3-115002: BANDWD: Trying again in two seconds•
When the Content Engine is handling chunked HTTP responses, the HTTP GET responses may fail and the connection is terminated. No user intervention is required because the cache process is automatically restarted.
•
A client might hang when it is waiting to receive a close to the connection from a Content Engine, which has received a 304 response from the origin server.
Rules Resolved Caveats
•
The use proxy rules configuration does not work if the use proxy failover rules configuration is also configured with the same pattern list number. For example, if a configuration such as the following exists and pattern list 1 is used, then the use-proxy failover action (shown in "a" of this example) takes precedence over the use-proxy action (shown in "b" of this example) and the second CLI is never executed (it becomes a dummy rule):
a.
failover pattern-list 1b.
pattern-list 1•
The Content Engine enters into kernel debugging (kdb) mode.
•
The no proxy rule action does not work for transparently redirected proxy style requests. This problem occurs if there is a pattern configured for a domain name, such as abccorp.com, and a request is given to a source that is not a FQDN (for example, http://www).
Other Resolved Caveats
•
NTLM authentication stops working. The syslog.txt shows the following message:
NTLM: query_smb: Username can't be an empty stringThe syslog.txt also shows the following message several times:
open_smb: Fail to add handle into conn table•
If a Content Engine is running the ACNS 5.1.9 software or a later release, and you have configured the IP Differentiated Services (DSCP) client value, the configured IP DSCP client value is not retained after a reboot. This problem was fixed in the ACNS 5.1.15 software release.
•
The Content Engine runs out of disk space on the system file system (sysfs) and messages such as the following are generated:
Sysfs space dangerously low. Either remove some files on the SYSFS manually, or increase the SYSFS spaceThere is a file /local1/service_logs/sysmon_start_log_latest which contains many lines of the following:sysmon: Stuck in loop checking klog_fd•
If a Layer 4 switch is being used to transparently redirect content requests to the Content Engine, the Content Engine can stop responding and you cannot connect to it through a console or a Telnet session.
•
When there is a high TCP memory usage, the Content Engine can hang or enter into kernel debug mode.
•
In rare circumstances, the Content Engine may not let anyone log in. This problem only occurs if all of the following conditions exist:
–
–
–
–
This problem was fixed in the ACNS 5.1.15 software release.
Documentation Updates
This section describes the following documentation updates:
•
•
•
•
•
•
•
•
•
•
•
•
•
New Ability to Change the TCP Memory Limit in the ACNS 5.1.15 Software Release
This documentation update applies to the following three ACNS 5.1 software guides:
•
•
•
In the ACNS 5.1.15 software release, the ability to change the TCP memory limit on a Content Engine was added. To support this new feature, the tcp memory-limit global configuration command was added.
Note
ACNS 5.1.13 TV-Out Changes
This documentation update applies to the following two ACNS 5.1 software guides:
•
•
The TV-output service supports the local playback of pre-positioned MPEG content through a hardware decoder. The hardware decoder converts the digital information into an analog TV signal. The TV-out service is only functional if the Content Engine is equipped with a supported MPEG hardware decoder. The tvout enable global configuration command is used to enable the TV-output service on a Content Engine that is registered with a Content Distribution Manager.
Note
The changes that are related to the TV-output service are as follows:
•
•
•
ContentEngine# show hardware...Total 1 CPU.1024 Mbytes of Physical memory.1 CD ROM drive (CD-224E)1 AV card (Vela II)2 GigabitEthernet interfaces1 Console interface2 USB interfaces [Not supported in this version of software]The following PCI cards were found:PCI-Slot-1 MPEG-Decoder-AV [1105:8476 (Sigma Designs, Inc.) (rev 3)]PCI-Slot-2 SCSIManufactured As: Pre-FCS 565 [867383Z]...
Note
•
ContentEngine# show hardware.CPU 0 is GenuineIntel Intel(R) Celeron(R) CPU 1.70GHz (rev 1) running at 1699MHz.Total 1 CPU.1024 Mbytes of Physical memory.1 CD ROM drive (CD-224E)1 AV card (Vela II) [***Revision not supported in this version of software***]2 GigabitEthernet interfaces1 Console interface2 USB interfaces [Not supported in this version of software]The following PCI cards were found:...•
ContentEngine# show tvout...TV-out model: ce565-002 (sigma)[***Hardware revision level not supported in this version of software***]TV-out service is not enabledTV-out signal: ntscTV-out service is not running...Configuring URL-Based Monitoring
This documentation update applies to the following three ACNS 5.1 software guides:
•
•
•
In the ACNS 5.1.13 software, the ability to configure a Content Engine to monitor the performance of specific URLs was added. To support this new feature, the following CLI changes were made:
•
ContentEngine(config)# http monitor url ?WORD URL for monitoringThe http monitor url url command has two command options, the acceptable-delay and interval options. As the following sample output indicates, the acceptable-delay option is used to specify the acceptable delay in seconds (the maximum number of seconds that the specified monitored URL should be retrieved within). The default acceptable delay is 60 seconds.
Content Engine(config)# http monitor url http://www.abc.com/ ?acceptable-delay Threshold time in seconds before which the URL should be retrieved.(default is 60 seconds)interval Interval in seconds for monitoring the URL.(default is 60 seconds)<cr>As the following sample command output indicates, the acceptable-delay option is used to specify the acceptable delay, which is the maximum number of seconds that the specified URL should be retrieved within:
Content Engine(config)# http monitor url http://www.abc.com/ acceptable-delay ?<1-3600> Acceptable delay in seconds
Note
As the following sample command output indicates, the interval option specifies the monitoring interval (that is, how frequently the Content Engine should monitor requests for a specific URL). The monitoring interval is specified in seconds. The default monitoring interval is 60 seconds.
ContentEngine(config)# http monitor url http://www.abc.com/ acceptable-delay 100 interval ?<1-3600> Monitor interval in secondsIn the following example, the Content Engine is configured to monitor the URL named "http://www.abc.com/" using the default values (an interval of 60 seconds and an acceptable delay of 60 seconds):
http monitor url http://www.abc.com/In the following example, the Content Engine is configured to monitor the URL named "http://www.abc.com/." The Content Engine is configured to wait up to 100 seconds for the URL to be retrieved and to monitor requests for this URL every 100 seconds.
ContentEngine(config)# http monitor url http://www.abc.com/ acceptable-delay 100 interval 100If it takes more than 100 seconds for the URL to be retrieved, the specified acceptable delay is exceeded. The Content Engine tracks the response time (minimum and maximum delay time) as well as the number of times that the acceptable delay is exceeded for a particular URL. These statistics are shown in the output from the new show statistics http monitor EXEC command. (An example of the output from the show statistics http monitor EXEC command is provided below.)
•
ContentEngine# show statistics http monitorHTTP Monitor URL statistics---------------------------Monitor URL = http://www.abc.com/Total requests = 118Failed requests = 30Requests above acceptable delay = 37Minimum response time = 8.183 secondsMaximum response time = 210.021 secondsMonitor URL = http://www.abccorp.com/Total requests = 275Failed requests = 44Requests above acceptable delay = 26Minimum response time = 0.071 secondsMaximum response time = 164.061 seconds"Failed requests" are requests that did not succeed (for example, the request failed to resolve the domain name of that URL).
"Requests above acceptable delay" are the requests that took longer than the specified acceptable delay (the maximum number of seconds specified by the acceptable-delay setting).
•
ContentEngine# show running-configuration! ACNS version 5.1.13!!hostname sust-7320-ce1!http persistent-connections timeout 300http proxy incoming 8080http proxy outgoing preserve-407http tcp-keepalive enablehttp monitor url http://www.abc.com/ interval 100 acceptable-delay 100http monitor url http://www.abccorp.com/!ftp proxy incoming 8080!clock timezone US/Eastern -5 0!!...Only the non-default values are displayed in the output from the show running-configuration command. Consequently, because the Content Engine was configured to use the default values to monitor the URL "http://www.abccorp.com," the above sample output does not display these values for that URL.
•
ContentEngine# show http monitorMonitor URL: http://www.abc.com/Monitor Interval: 100Acceptable Delay: 100Monitor URL: http://www.abccorp.com/Monitor Interval: 60Acceptable Delay: 60Downgrading ACNS 5.x Software
This documentation update applies to the following three ACNS 5.1 software guides:
•
•
•
If you have configured the mediafs with the ACNS 5.1 software or later, and then downgrade to the ACNS 5.0 software, the mediafs disk space assignment is lost and it reverts to cdnfs disk space.
If the local (internal) Websense server is enabled on the Content Engine and you downgrade from the ACNS 5.2.x software to either the ACNS 5.0 software or the ACNS 5.1 software, the WebsenseEnterprise directory is removed from the Content Engine and the local Websense server stops working. For more information, see the "Websense Issues When Downgrading to the ACNS 5.0 Software or the ACNS 5.1 Software" section.
TACACS+ Enable Password Attribute
This documentation update applies to the following three ACNS 5.1 software guides:
•
•
•
The ACNS software CLI EXEC mode is used for setting, viewing, and testing system operations. It is divided into two access levels, user and privileged. To access privileged-level EXEC mode, enter the enable EXEC command at the user access level prompt and specify a privileged EXEC password (superuser or admin-equivalent password) when prompted for a password.
In TACACS+ there is an "enable password" feature that allows an administrator to define a different enable password for each user. If an ACNS user logs in to the Content Engine with a normal user account (privilege level of 0) instead of an admin or admin-equivalent user account (privilege level of 15), the user must enter the admin password in order to access privileged-level EXEC mode.
ContentEngine> enablePassword:
This caveat applies even if these ACNS users are using TACACS+ for login authentication.
Pre-Positioned Content
This documentation update applies to the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.
In the ACNS 5.1.x software releases earlier than the ACNS 5.1.5 software release, pre-positioned content is served only on ports that are standard for the protocol. If the incoming URL contains a port number other than the standard port for that protocol (for example, HTTP uses port 80, RTSP uses port 554, and WMT uses port 1755), then the Content Engine does not attempt to serve the content from the pre-positioned file system (cdnfs). Instead, the Content Engine tries to serve the content from the cache file system (cfs) or tries to fetch the content from the origin server, depending on the existing configuration of the Content Engine.
In the ACNS 5.1.5 software, the ignoreOriginPort attribute was added to support the playback of pre-positioned content using nonstandard ports. The ignoreOriginPort attribute controls content playback and allows the use of nonstandard ports to play back pre-positioned content. In releases of the ACNS software prior to the ACNS 5.1.5 software release, playback of pre-positioned content using nonstandard ports was not supported.
The ignoreOriginPort attribute is supported under the following tags in the manifest file:
•
•
•
•
The ignoreOriginPort attribute is optional. Valid values for the ignoreOriginPort attribute are true or false. The default is false. In the following example, the ignoreOriginPort attribute is specified in the <item> tag and is set to true:
<item scr="<http//10.77.155.211/abc.html>http//10.77.155.211/abc.html" ignoreOriginPort="true" />If an item is acquired with the attribute set to true (ignoreOriginPort=true), then the content is played back even if the incoming URL that was used to request the content contains a nonstandard port. For example, if content is acquired as follows:
<http//www.foo.com/abcd.xml>http//www.foo.com/abcd.xmlthen the content can be played back as follows:
<http//www.foo.comXXXX/abcd.xml>http//www.foo.comXXXX/abcd.xmlwhere XXXX is the port number.
For more information about using a manifest file to acquire and distribute content in an ACNS 5.1 network, refer to Chapter 7, "Creating Manifest Files," in the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.
Configuration Requirements for Managed Live Events
This documentation update applies to the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.
If you have channels for live programs configured in your ACNS 5.1 network, make sure that there are no external proxy servers physically located between your ACNS 5.1 receiver Content Engines and your ACNS 5.1 root Content Engine that require proxy authentication. Also, make sure that proxy authentication is not enabled on any receiver Content Engines that might be in the logical, hierarchical path between the root Content Engine and the receiver Content Engine that is going to serve the live stream to the requesting clients. If a live stream encounters any device that requires proxy authentication, the stream will be dropped before it reaches its destination.
If your network is set up with intermediary devices that require proxy authentication, you can work around the problem by configuring rules to bypass authentication on these devices.
For example, to enable the formation of a unicast splitting tree and, in turn, enable live broadcasting from all receiver Content Engines, you can specify the following rule on all of the parent Content Engines in the channel:
ContentEngine(config)# rule pattern-list 1 downstream-CE-ipaddressContentEngine(config)# rule no-auth pattern-list 1cdn-url Attribute Description
This documentation update applies to the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.
With the ACNS software, you can use cdn-url as an optional attribute of distributed content. This option only works when the media is pre-positioned on the Content Engine and the origin server does not have to be contacted for any reason to fulfill the request. You cannot use the cdn-url attribute if the origin server needs to be contacted to fulfill the request, for example, in such situations as the following:
•
•
•
Note
On page 7-44, replace the bulleted item under the "Item" section with the following:
•
The cdn-url attribute is optional and is used when content needs to be acquired from one URL (the content acquisition URL) and published using another URL (the publishing URL). The cdn-url attribute is the relative ACNS network URL that end users use to access this content. If no cdn-url attribute is specified, then the src attribute is used as the relative ACNS network URL.
In the following sample manifest file, the content item being acquired contains the file path /RemAdmin/InternalReview/firstpage.htm. By specifying a new file path (RemAdmin/Production/firstpage.htm) using the cdn-url attribute, the publishing URL disguises the fact that the content originated from an internal review.
<CdnManifest><server name="ultra-server"><host name="http://ultra-server" /></server><item src="RemAdmin/InternalReview/firstpage.htm" cdn-url="RemAdmin/Production/firstpage.htm" /></CdnManifest>In the preceding example, src is the content acquisition URL and cdn-url is the publishing URL.
Note
If the content is live or requires playback authentication, the origin server from which the content is acquired must be contacted. Therefore, two URLs must exist for the same content item, and the URL specified in the cdn-url attribute must exist on the origin server at all times.
For example, if the content item "RemAdmin/Production/firstpage.htm" requires playback authentication, this content must exist on the "ultra-server" origin server. Otherwise, pre-positioned content playback will fail.
In general, you should not use the cdn-url, cdnPrefix, or srcPrefix attributes if playback authentication is required or if the content is live.
If you use FTP to acquire content and the content type is not specified in the manifest file and the cdn-url attribute is used to alter your publishing URL, the cdn-url attribute must have the correct file path extension (for example, .jpg). Otherwise, the incorrect content type will be generated and you cannot play the content.
The following example correctly shows the publishing URL with the same file path extension (.jpg) as that of the origin server URL:
<item src="ftp://ftp-server.abc.com/pictures/pic.jpg" cdn-url="pic.jpg" />The following example is incorrectly written, because it does not specify the file path extension (.jpg) in the cdn-url attribute:
<item src="ftp://ftp-server.abc.com/pictures/pic.jpg" cdn-url="pic" />Multicast Sender Interoperability
This documentation update applies to the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1. The following is additional information regarding multicast sender interoperability:
•
Symptom:
–
–
Note
Case 1: The primary sender is using an ACNS software release earlier than the ACNS 5.1.x software release. The backup sender is running the ACNS 5.1.x software release, as is the receiver.
–
–
–
Case 2: Both the primary sender and the backup sender are using the ACNS 5.1.x software. The receiver is using an ACNS software release earlier than the ACNS 5.1.x software.
–
–
Case 3: Both the primary sender and the receiver are using an ACNS software release earlier than the ACNS 5.1.x software release. The backup sender is using the ACNS 5.1 software.
–
–
–
Condition 2: Although you may have received a warning message from the Content Distribution Manager, you can still configure a Content Engine as a backup sender if the Content Engine is registered with a Content Distribution Manager running the ACNS 5.1.x software and the Content Engine is running ACNS software earlier than the ACNS 5.1.x software. Cases 4 through 6 discuss the backup sender operating under these conditions.
Symptom: The Content Distribution Manager does not send related configuration information and configuration changes to the Content Engine that is running an earlier software version. This situation results in the Content Engine not being able to identify itself as the multicast backup sender. This scenario might also occur if a backup sender using the ACNS 5.1.x software is downgraded to an earlier software version through the Content Engine CLI.
Case 4: Both the primary sender and the backup sender are using an ACNS software release earlier than the ACNS 5.1.x software. The receiver is running the ACNS 5.1 software.
–
–
Case 5: The primary sender and the receiver are using the ACNS 5.1 software. The backup sender is using an ACNS software release earlier than the ACNS 5.1.x software.
–
–
Case 6: The primary sender is using the ACNS 5.1.x software. Both the backup sender and the receiver are using an ACNS software release earlier than the ACNS 5.1.x software.
–
–
Condition 3: The Content Distribution Manager is using an ACNS software release earlier than the ACNS 5.1.x software. In software releases earlier than the ACNS 5.1.x software, only one sender is configurable for each multicast cloud.
Case 7: The sender is using the ACNS 5.1.x software. The receiver is using a software release earlier than the ACNS 5.1.x software.
The sender behaves like a primary sender running the ACNS 5.1.x software. That is, it sends the first round of content without requiring a NACK to trigger the carousel pass. However, the sender is unable to continue making carousel passes because the receiver is unable to send NACKs.
Case 8: Both the sender and the receiver are using the ACNS 5.1.x software.
The sender is able to perform carousel passes and the receiver is able to send NACKs for missing content; however, there is no support for a backup sender or for configuring the NACK interval multiplier.
Case 9: The sender is using an ACNS software release earlier than the ACNS 5.1.x software. The receiver is using the ACNS 5.1.x software.
–
–
Workaround for Cases 1 through 9: Upgrade both senders and receivers to the ACNS 5.1.x software. Upgrade the sender first, and then upgrade the receivers.
Workarounds for Case 7 only:
–
–
FTP Caching Support
This documentation update applies to the following three ACNS 5.1 software guides unless otherwise stated:
•
•
•
A Content Engine that is running the ACNS 5.1 software can be configured for FTP caching in either of the following two usage modes:
•
•
In both of these usage modes, the Content Engine uses the FTP protocol to retrieve and locally cache the content of the FTP requests. These two usage modes differ in the protocol used by the client to issue the FTP request. In FTP-over-HTTP mode, clients use their browsers (the HTTP protocol) to issue FTP requests. In native FTP mode, clients use the native FTP protocol to issue FTP requests, as shown in the following example:
ContentEngine# ftp server.cisco.com
Note
Native FTP requests are logged in the HTTP transaction log on the Content Engine.
FTP-over-HTTP Caching Support
The ACNS 5.1 software supports proxying and caching of FTP URL client requests using proxy-mode HTTP requests when URLs specify the FTP protocol (for example, ftp://ftp.mycompany.com/ftpdir/ftp_file). For instance, the following is an example of an FTP-over-HTTP request that allows the end user to use a browser to access public files from an FTP server:
ftp://ftp.funet.fi/pub/cbm/crossplatform/converters/unix/For these requests, the client uses HTTP as the transport protocol with the Content Engine, whereas the Content Engine uses FTP with the FTP server. When the Content Engine receives an FTP request from the web client, it first looks in its cache. If the object is not in its cache, it fetches the object from an upstream FTP proxy server (if one is configured) or directly from the origin FTP server.
The FTP proxy supports anonymous as well as authenticated FTP requests. Only base64 encoding is supported for authentication. The FTP proxy accepts all FTP URL schemes defined in RFC 1738. In the case of a URL in the form ftp://user@site/dir/file, the proxy sends back an authentication failure reply and the browser supplies a popup window for the user to enter login information.
The FTP proxy supports commonly used MIME types, attaches the corresponding header to the client, chooses the appropriate transfer type (binary or ASCII), and enables the browser to open the FTP file with the configured application. For unknown file types, the proxy uses binary transfer as the default and instructs the browser to save the downloaded file instead of opening it. The FTP proxy returns a formatted directory listing to the client if the FTP server replies with a known format directory listing. The formatted directory listing has full information about the file or directory and provides the ability for users to choose the download transfer type.
Native FTP Caching Support
On page 2-8 of the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1, and on page 2-120 ("Usage Guidelines") of the Cisco ACNS Software Command Reference, Release 5.1 publication, replace the information about native FTP caching with the following information.
The Content Engine operating as an FTP proxy supports passive and active mode for fetching files and directories. In native FTP caching mode, if the ftp proxy active-mode enable global configuration command is used, then the Content Engine uses the same mode with the FTP server for the data connection as the client used to reach the Content Engine, which can be either active or passive. If the ftp proxy active-mode enable command is not used, the Content Engine uses passive mode with the FTP server for the data connection.
As the following partial output of the show ftp command shows, if you have used the ftp proxy active-mode enable command, the Content Engine (the nontransparent proxy server that is functioning as a native FTP proxy server) adheres to the client's mode (active or passive):
•
•
ContentEngine# show ftpFTP Configuration-----------------WCCP FTP service status: ENABLEDMaximum size of a FTP cacheable object: 204800 KBytesFTP data connection mode with Server: Adhere to Client's mode (active or passive)The format of the URL that the Content Engine (nontransparent proxy server that is functioning as a native FTP proxy server) creates for a native FTP request depends on the FTP login name and the transfer mode (binary or ACSII file transfer mode).
•
•
ftp://*user*:*password*@10.100.200.5/home/myhome/mybinfile.obj;type=iThe URL for an "anonymous" user login and an ACSII file transfer mode will not have any fields embedded in the URL, as shown in the following example:
ftp://10.100.200.5/home/myhome/mytextfile.txtThe following two examples demonstrate the use of native FTP with a Content Engine. In the first example, the user logs in with an actual username name ("huff") and is able to retrieve the requested file (test.c) from the FTP server. Note that in this case, the current directory for the user named "huff" is "/home/huff."
ContentEngine# ftp server.cisco.comConnected to server.cisco.com.220 server.cisco.com FTP server (Version wu-2.6.0(1) Mon Feb 28 10:30:36 EST 2000) ready.Name (server:huff): huff331 Password required for myserver.Password:230 User huff logged in.Remote system type is UNIX.Using binary mode to transfer files.ftp> pwd257 "/home/huff" is current directory.ftp> get /tmp/test.c200 PORT command successful.150 Opening BINARY mode data connection for /tmp/test.c (645 bytes).226 Transfer complete.645 bytes received in 0.00077 seconds (8.2e+02 Kbytes/s)ftp> quitContentEngine#In the second example (shown below), the user logs in as an anonymous user and cannot retrieve the requested file (test.c) because the file is not located in the document root directory of the FTP server ("/"), which is the current directory for any anonymous user.
ContentEngine# ftp server.cisco.comConnected to server.cisco.com.220 server.cisco.com FTP server (Version wu-2.6.0(1) Mon Feb 28 10:30:36 EST 2000) ready.Name (server:huff): anonymous331 Guest login ok, send your complete e-mail address as password.Password: test@cisco.com230 Guest login ok, access restrictions apply.Remote system type is UNIX.Using binary mode to transfer files.ftp> pwd257 "/" is current directory.ftp>ftp> passivePassive mode onftp> get(remote-file) /tmp/test.c(local-file) test.clocal: test.c remote: /tmp/test.c227 Entering Passive Mode (172.31.255.255)550 /tmp/test.c: No such file or directory.ftp>ContentEngine#In the ACNS 5.1 software release, the wccp ftp router-list-number and wccp ftp mask global configuration commands were added to support native FTP caching on a Content Engine that is operating in transparent proxy mode.
The wccp ftp command is used to configure the WCCP interception of FTP protocol traffic from FTP clients to FTP servers.
ContentEngine(config)# wccp ftp ?mask Specify mask used for CE assignmentrouter-list-num Router list numberContentEngine(config)# wccp ftp mask ?dst-ip-mask Specify sub-mask used in packet destination-IP addresssrc-ip-mask Specify sub-mask used in packet source-IP addressContentEngine(config)# wccp ftp router-list-num ?<1-8> Router List NumberThe following example shows how to configure native FTP caching on a WCCP Version 2 router:
1.
Router(config)# ip wccp 602.
Router(config)# interface type number3.
Router(config-if)# ip wccp 60 redirect out
The associated show wccp services EXEC command was modified in the ACNS 5.1 software release to show the configuration information associated with the FTP proxy.
ContentEngine# show wccp servicesServices configured on this Content EngineWeb CacheCustom Web CacheFTP CacheRTSPThe show wccp modules EXEC command was modified in the ACNS 5.1 software release to include an entry for the FTP caching service.
ContentEngine# show wccp modulesModules registered with WCCP on this Content EngineModule Socket Expire(sec) Name Supported Services------ ------ ----------- --------------- ------------------5 6 3 FTP Proxy FTP Cache1 7 3 RTSP Proxy RTSP0 8 3 HTTP Proxy Web CacheReverse ProxyCustom Web CacheWCCPv2 Service 90WCCPv2 Service 91WCCPv2 Service 92WCCPv2 Service 93WCCPv2 Service 94WCCPv2 Service 95WCCPv2 Service 96WCCPv2 Service 97ContentEngine# show wccp masks ?custom-web-cache Custom web caching serviceftp FTP Proxy caching servicereverse-proxy Reverse Proxy web caching servicertsp Media caching serviceweb-cache Standard web caching serviceFor more information about these commands, refer to the Cisco ACNS Software Command Reference, Release 5.1.
Restrictions Regarding Native FTP Caching in ACNS 5.1 and 5.1.x Software
Restrictions regarding native FTP caching support in the ACNS 5.1 and 5.1.x software releases are as follows:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
FTP Caching Support in the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1
Updates to the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1 regarding FTP caching support are as follows:
•
•
•
•
The ftp proxy active-mode global configuration command applies to FTP (native FTP) caching as well as to FTP-over-HTTP caching.
–
–
•
•
ContentEngine# show ftpFTP over HTTP Configuration---------------------------FTP heuristic age-multipliers: directory-listing 30% file 60%Maximum time to live in days: directory-listing 3 file 7Minimum time to live for all objects in minutes: 30Incoming Proxy-Mode:Configured Proxy mode FTP connections on ports: 80 8080Outgoing Proxy-Mode:Not using outgoing proxy mode.Active mode of FTP transfer is enabledMaximum size of a FTP cacheable object is 204800 KBytesNo object is revalidated on each requestFTP Configuration-----------------WCCP FTP service status: ENABLEDMaximum size of a FTP cacheable object: 204800 KBytesFTP data connection mode with Server: Adhere to Client's mode (active or passive)•
0
Web caching
53
DNS caching
60
FTP caching
80
RTSP
81
MMST
82
MMSU
90-97
User-configurable
98
Custom web caching
99
Reverse proxy web caching
•
1.
Router(config)# ip wccp 602.
Router(config)# interface type number3.
Router(config-if)# ip wccp 60 redirect outFTP Caching Support in the Cisco ACNS Software Command Reference, Release 5.1 Publication
Updates to the Cisco ACNS Software Command Reference, Release 5.1 publication regarding FTP caching support are as follows:
•
•
The ftp proxy active-mode command applies to FTP (native FTP) caching as well as FTP-over-HTTP caching as follows.
–
–
•
•
ContentEngine# show ftpFTP over HTTP Configuration---------------------------FTP heuristic age-multipliers: directory-listing 30% file 60%Maximum time to live in days: directory-listing 3 file 7Minimum time to live for all objects in minutes: 30Incoming Proxy-Mode:Configured Proxy mode FTP connections on ports: 80 8080Outgoing Proxy-Mode:Not using outgoing proxy mode.Active mode of FTP transfer is enabledMaximum size of a FTP cacheable object is 204800 KBytesNo object is revalidated on each requestFTP Configuration-----------------WCCP FTP service status: ENABLEDMaximum size of a FTP cacheable object: 204800 KBytesFTP data connection mode with Server: Adhere to Client's mode (active or passive)•
ContentEngine# show wccp servicesServices configured on this Content EngineWeb CacheCustom Web CacheFTP CacheRTSP•
ContentEngine# show wccp routersRouter Information for Service: FTP CacheRouters Configured and Seeing this Content Engine(1)Router Id Sent To Recv ID0.0.0.0 10.1.94.1 00000000Routers not Seeing this Content Engine10.1.94.1Routers Notified of but not Configured-NONE-Multicast Addresses Configured-NONE-•
Note
•
Group-Type Patterns in Rule Pattern Lists
A group-type pattern is one of the types of rule patterns that you can add to a pattern list. The default operation for the group-type pattern is an OR operation.
In the "List of Rule Patterns" section on page 14-4 of the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1, replace the syntax description for the group-type pattern with the following description:
In the "Patterns" section on page 2-281 of the Cisco ACNS Software Command Reference, Release 5.1 publication, replace the bulleted description for the group-type pattern with the following description:
•
SmartFilter Software and the rule action no-auth Command Rule Interaction
This documentation update applies to the following three ACNS 5.1 software guides:
•
•
•
The rule action no-auth global configuration command permits specific login and content requests to bypass authentication and authorization features such as LDAP, RADIUS, SSH, or TACACS+. In the following example, any requests from the source IP address (src-ip) 172.16.53.88 are not authenticated:
ContentEngine(config)# rule enableContentEngine(config)# rule action no-auth pattern-list 1 protocol allContentEngine(config)# rule pattern-list 1 src-ip 172.16.53.88 255.255.255.255If the ACNS 5.1 software is configured for authentication and SmartFilter URL filtering, requests that are allowed to bypass authentication will also bypass the SmartFilter URL filter.
Bandwidth Configuration for Interfaces and Content Services
On page 3-19 of the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1, the tip states that Gigabit Ethernet interfaces run only at 1000 Mbps. This restriction only applies to a Content Engine CE-7320 model that has an optical Gigabit Ethernet interface; the speed of this interface cannot be changed.
For newer models of the Content Engine (for example, the CE-510, CE-565, CE-7305, and CE-7325) that have a Gigabit Ethernet interface over copper, this restriction does not apply; you can configure these Gigabit Ethernet interfaces to run at 10, 100, or 1000 Mbps. Note that on these newer Content Engine models, the 1000 Mbps setting implies autosense (for example, you cannot configure the Gigabit Ethernet interface to run at 1000 Mbps and half duplex). The ACNS 5.x software automatically enables autosense if the speed is set to 1000 Mbps.
pace Command
The pace global configuration command is no longer supported as a separate command in the ACNS 5.1 software and later releases. The functions of the pace command have been incorporated into the bitrate and bandwidth global configuration commands.
Updates to the Cisco ACNS Software Command Reference, Release 5.1 publication are as follows:
•
•
Note
•
pre-load Command
In the pre-load url-list-file path global configuration command, the value for path can be a URL as well as a local file path.
In the Cisco ACNS Software Command Reference, Release 5.1 publication, in the "pre-load" section on page 2-238, replace the syntax description for path with the following description:
In the ACNS 5.1.5 software release, the pre-load depth-level-default command was enhanced to support 0 as a preload depth level. Setting the depth level default to 0 would be useful if you have specified URLs in preload.txt files and you do not want the Content Engine to try to preload other URLs.
In the Cisco ACNS Software Command Reference, Release 5.1 publication, in the "pre-load" section on page 2-236, replace the syntax description for path with the following description if you are using the ACNS 5.1.5 software and later releases:
depth-level-default
Configures the default depth level.
level_number
Depth level of URL download (0-20). The default is 3.
For the ACNS 5.1.1 or 5.1.3 software, the valid values for the preload depth level default are still 1 to 20; 0 is not supported.
NTLM Preload Support
This documentation update applies to the following ACNS 5.1 software guides:
•
•
In the ACNS 5.1 software release, support for preloading NTLM authenticated objects was added. This feature allows NTLM authenticated objects (authenticated objects that reside on the servers that authenticate NTLM only) to be preloaded on a Content Engine.
An entry in a URL list file has the following format:
URL [depth] [domain-name:host-name:host-domain-name]
hostname and host-domain-name can be null; however, domain name is required if NTLM credentials have been configured. (The separator is required.)
http//www.cisco.com 3 apac::If NTLM-related information is not present in the preload URL list file entry, the authentication scheme falls back to basic authentication.
To preload authenticated content on the Content Engine, you must specify the username and password in the URL list file as follows:
http://username:password@www.authenticatedsite.com/depth_level
Note
show statistics icap Command
This documentation update applies to the Cisco ACNS Software Command Reference, Release 5.1 publication.
In the ACNS 5.1 software release, the show statistics icap EXEC command was added. You can use this command to display ICAP-related statistics for the Content Engine. This command has no arguments or keywords. There is no default behavior or values.
The following is an example of the output of the show statistics icap command:
ContentEngine# show statistics icapICAP-client statistics (http proxy)---------------Total requests for V1 via RPC: 0Time per ICAP request (last 1k reqs): 0ICAP daemon connection error: 0Bad packets from ICAP daemon: 0Error parsing HTTP req hdr from ICAP: 0ICAP daemon internal error: 0Total requests via outgoing proxy: 0ICAP daemon overloaded: 0Other errors: 0ICAP Daemon statistics---------------Total requests served: 0Total requests served: 0Average latency in milliseconds: 0.000000ICAP Service statistics-----------------------Service -- servforicapService Errors: 0Service Bypasses: 0Server -- icap://1.2.3.4/servforicapTotal Reqmods (0), Total Respmods (0)Modifications (Reqmod - 0), (Respmod - 0)No Modifications (Reqmod - 0), (Respmod - 0)Error Responses (Reqmod - 0), (Respmod - 0)Server Errors: 0Server Bypasses: 0Options Req Success: 0Options Req Failed: 8569Max Conn Available 0Used Connections: 0Total Bytes sent: 0Total Bytes received: 0Total BPS sent: 0.000000Total BPS received: 0.000000Server State: DISCONNECTEDContentEngine#Default Port of the Content Engine GUI
On page 12-28 of the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1, replace the tip with the following:
Tip
Playing Nonhinted IP/TV On-Demand Programs over an ACNS Network
This documentation update applies to the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.
The Cisco Streaming Engine supports only hinted files (MOV and hinted MP4 files) for streaming.
Note
If you are creating a file-based IP/TV program for streaming over an ACNS network, make sure that you use only hinted files such as those with .mov or .mp4 extensions. However, you can pre-position on-demand programs based on nonhinted files such as .mpg files on Content Engines in an ACNS network. Pre-positioned on-demand programs based on nonhinted files are not listed in the IP/TV Viewer program listings or in the web-based program guide.
To watch IP/TV on-demand programs based on nonhinted files when IP/TV is integrated with an ACNS network, use the TV-output feature of the ACNS software. For more information on enabling the TV-output feature and creating playlists, refer to Chapter 11 of the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.
Restriction on IP/TV Program Manager Configuration
This documentation update applies to the following ACNS 5.1 software guides:
•
•
If a program that you want to deliver over an ACNS network uses live multicast mode, you must use the same multicast IP address for the audio, video, and SlideCast streams.
This restriction on IP/TV Program Manager configuration does not apply if the Content Engine used for live splitting is running ACNS 5.1.5 and later software. However, this restriction still applies if the Content Engine is running ACNS 5.1.1 software, even if you are running IP/TV 5.1.5 and later software on IP/TV Program Manager.
Related Documentation
Your product shipped with a minimal set of printed documentation. The printed documentation provides enough information for you to install and initially configure your product.
Product Documentation Set
In addition to these release notes, the product documentation set includes:
•
•
Refer to the Documentation Guide for a complete documentation roadmap and URL documentation links for this product.
Hardware Documentation
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Software Documentation
•
•
•
•
•
•
•
Online Help
•
•
Note
The Content Distribution Manager GUI and the Content Engine GUI both have context-sensitive online help that can be accessed by clicking the HELP button.
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/techsupport
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Product Documentation DVD
Cisco documentation and additional literature are available in the Product Documentation DVD package, which may have shipped with your product. The Product Documentation DVD is updated regularly and may be more current than printed documentation.
The Product Documentation DVD is a comprehensive library of technical product documentation on portable media. The DVD enables you to access multiple versions of hardware and software installation, configuration, and command guides for Cisco products and to view technical documentation in HTML. With the DVD, you have access to the same documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .pdf versions of the documentation available.
The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.
Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/
Cisco Marketplace:
http://www.cisco.com/go/marketplace/
Ordering Documentation
Beginning June 30, 2005, registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Cisco will continue to support documentation orders using the Ordering tool:
•
http://www.cisco.com/en/US/partner/ordering/
•
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
•
Documentation Feedback
You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.
You can send comments about Cisco documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you can perform these tasks:
•
•
•
A current list of security advisories and notices for Cisco products is available at this URL:
If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:
•
An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.
•
In an emergency, you can also reach PSIRT by telephone:
•
•
Tip
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.htm
The link on this page has the current PGP key ID in use.
Obtaining Technical Assistance
Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.
Cisco Technical Support & Documentation Website
The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•
http://www.cisco.com/go/marketplace/
•
•
•
http://www.cisco.com/go/iqmagazine
or view the digital edition at this URL:
http://ciscoiq.texterity.com/ciscoiq/sample/
•
•
http://www.cisco.com/en/US/products/index.html
•
http://www.cisco.com/discuss/networking
•
http://www.cisco.com/en/US/learning/index.html
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R)
