=================================================================== WebOS 8.0.41 Fixes and Enhancements. Born On - 11 August 2000 ==================================== Bug 4397: Cannot tftp "boot" image since 8.0.34. File type check was being done incorrectly, causing "invalid software image" error. More fixes for both of these conditions: Bug 4038: When FTP parsing is enabled, ACK storm after some number of RETR. Bug 4039: FTP parsing drops further commands in same packet as PORT command. Rewrote active FTP parsing to handle frames with multiple commands. Fixed PORT command retransmission detection. Fixed frame length calculation error in active & pasv FTP. Implemented active & pasv mode switching. Kept track of PORT command and Passive reply to avoid wrong sequence number computation during retransmission. Bug 4188: Switch Panics when IF enabled and VLAN enabled and BGP running. Switch could panic when adding IP interfaces and VLANs while a BGP peer connection was established. ==================================== Known problems with WebOS 8.0.41 ==================================== Bug 4420: IP fragments from real servers cause port failure/Panic. Do not configure applications which send UDP fragments. Bug 4395: RADIUS health check fails. Use ICMP health checks for RADIUS servers until a fix is released. Bug 3558: Corner cases associated with multiple unequal queues on a port. 3558, 4420 and 4395 should be fixed in 8.0.42. =================================================================== WebOS 8.0.40 Fixes and Enhancements. Born On - 08 August 2000 ==================================== More fixes for both of these conditions: Bug 4038: When FTP parsing is enabled, ACK storm after some number of RETR. Bug 4039: FTP parsing drops further commands in same packet as PORT command. Fixed a problem where retransmission of the PORT command caused bad sequence numbers. Fixed a problem where fast aging started as soon as the FIN came through, which might not allow enough time for retransmission. Bug 3999: HTTP redirect fails when PIP is configured. If a PIP was configured to allow requests to be forwarded to another site, the redirection would fail when local real servers went down, and need a switch reboot after the servers came back up. Bug 4280: Frames for certain Non-TCP/UDP protocols bypass the filter. If the frame being processed was for an IP protocol type other than TCP/UDP/ICMP, and the frame wrapped from the end of the buffer to the beginning, the filter match would fail. Bug 3474: Cannot access VIP through filter at client port if DAM & VMA on. A URL parsing VIP could not be accessed through a port with filters enabled if VMA was on. Bug 3558: Receiving rate at tagged port drops far below the hard limit. Buffer sizes were not being correctly set for jumbo vs non-jumbo frames configured on the port, resulting in inefficient memory usage. =================================================================== WebOS 8.0.39 Fixes and Enhancements. Born On - 20 July 2000 ==================================== Bug 3889: URL SLB weighted roundrobin "sticks" to weighted servers. If a URL string match occurred, and the real server had a weight greater than 1, subsequent requests from the same client IP would go to the same server, regardless of URL, until the weight was used up. * Additional corner cases fixed. Bug 4040: Direct Server Return fails when Direct Access Mode is enabled. Direct Server Return works by sending traffic to the real servers by MAC address, and by the real servers being configured with both their own IP, and the VIP address, so that they will respond to the client "from the VIP". This allows return traffic to bypass the switch. The bug was that the Destination IP was being changed as well as the destination MAC (as we would in normal SLB) when DAM was on. (Version 8.0.38 was built with debug flags on - not released) =================================================================== WebOS 8.0.37 Fixes and Enhancements. Born On - 20 July 2000 ==================================== Bug 4138: New NAT session timeout parameter is not shown in '/cfg/dump' or '/cfg/slb/fil. Corrected to dump the new parameter (added by #4068) whenever it is not the default value. Bug 4084: URL SLB leaves open sessions at the server after splicing the TCP session. (Also refer bug 3206) When performing URL parsing of HTTP 1.1 sessions, if required content was on a different server, the connection on the old server was not reset because the RST packet was sent out of the wrong switch port. Bug 4140: 8.0.34/8.0.36: SSH - Failed HTTP health check when configuring FWLB. Bug 4150: FWLB health content check fails for AD3/180e using 8.0-SSH versions. AD3/180E SSH version does not have WebUI, therefore use of HTTP health checks for FWLB did not work. Added simple HTTP daemon to respond with "health.html". =================================================================== WebOS 8.0.36 Fixes and Enhancements. Born On - 18 July 2000 ==================================== Bug 4038: When FTP parsing is enabled, ACK storm after some number of RETR After some number of multiple gets, the sequence number of a rewritten frame would not be correctly calculated, which would result in an ACK storm for certain server types. Fixed additional corner cases. Bug 4112 AD3 SSH version (with SSH but without WebUI) does not display ID. Now displays "-SSH" right after the software verion number to distinguish the AD3-SSH version from the regular AD3 version of images. Bug 4117: Port names with spaces will cause errors. Port names were not enclosed in quotes in the config dump. Bug 4116: Switch panicked when synchronizing VRRP, SLB configs. Sending switch might send an NULL frame, or exit the sync process before the receiving switch had completed the task. Bug 4068: NAT PIP session timeout too short. Filter sessions, including dynamic (PIP) NAT, timeout in 4 minutes. Added timeout to filter config, adjustable from 4 to 30 minutes. Ensure that empty configs default to the minimum time of 4 minutes. Bug 3998: Any filter before a PIP NAT filter causes NAT not to work. When extra filters were present, an incorrect entry in the filter table was referenced. =================================================================== WebOS 8.0.35 Fixes and Enhancements. Born On - 16 July 2000 ==================================== Bug 3980: All services within a group are marked as FAILED. When all the services on a VIP are associated with one group, for any given real server, failure of any one service will result in all services being marked FAILED. This is done to ensure that services which need to be linked cannot be accessed separately (EG HTTP and HTTPS). To avoid confusion over what has failed, we now mark services which are up, but blocked as a result of an associated service on the same server being down with the tag BLOCKED instead of FAILED. Only actual failed services are now marked FAILED. Also prevent real server being marked UP after switching from ICMP to TCP health checks, when the services are down. Bug 4097: Did not always pass Switch source port to URL filtering. In certain conditions, we did not provide the source switch port to the URL parsing filters, URL based filtering only worked on port 1. Bug 4038: When FTP parsing is enabled, ACK storm after some number of RETR After some number of multiple gets, the sequence number of a rewritten frame would not be correctly calculated, which would result in an ACK storm for certain server types. Bug 4039: FTP parsing drops further commands in same packet as PORT command Code did not correctly parse or handle second and subsequent commands in the same packet as a PORT command. Extra commands were dropped. Now handles at least two commands in the same frame. =================================================================== WebOS 8.0.34 Fixes and Enhancements. Born On - 12 July 2000 ==================================== Bug 3832: ICMP header checksum is incorrect with DAM enabled. When the path between VIP and Client does not support the MTU (frame size) used by the real server, the ICMP "too big" message is translated and delivered to the correct real server. In Direct Access Mode, the checksum was not recalculated. Bug 3955: Panic when upgrading boot image via TFTP. Occasional panic when upgrading boot image - caused by failure to handle memory allocation error. Bug 3961: Switch incorrectly forwards frames on non configured port. A lookup routine was returning the last used Vport # instead of NULL, when the Vport was not found, resulting in calls to random ports occasionally being passed to a real server. Bug 3888:VIP incorrectly translates ports which are not configured. A lookup routine was returning the last used Vport # instead of NULL, when the Vport was not found, resulting in calls to random ports occasionally being connected to real servers on open ports. Bug 3897: Disabling telnet access not maintained through ptcfg & gtcfg. Telnet enable/disable state is now preserved along with other security information such as passwords when a config script is read into the switch (console, sync, gtcfg). Bug 3983: SCP or tftp of config causes DefGW to go down. Add/change/replace VLANs via config script, including the identical saved config, would render the VLANs inoperative from the "apply", until a reset was performed. Bug 3889: URL SLB weighted roundrobin "sticks" to weighted servers. If a URL string match occurred, and the real server had a weight greater than 1, subsequent requests from the same client IP would go to the same server, regardless of URL, until the weight was used up. * Additional corner cases fixed. Bug 3600: Backup Server does not get connections if disconnected/reconnected. When backup server was active, and it's connection was interrupted, traffic was not sent to it after coming back on line. Bug 3957: Switch watchdogs on telnet when large "diff" is in progress on the serial console. Conflict between two processes trying to use Standard I/O. Implemented check to prevent conflict. Bug 3978: FTP parsing information not included in Stat/TS Dumps. FTP parsing info/stats now included in the dumps. =================================================================== WebOS 8.0.33 Fixes and Enhancements. Born On - 27 June 2000 ==================================== Bug 3801: <6> Panic sequence also used by Cisco. When using Cisco terminal servers to connect to our console port, the use must enter <6> - in order to break the connection. Unless the <6> is very brief, a forced Panic occurs on the switch. Changed forced panic sequence to <->. Bug 3839: Port hangs under heavy load/ multicasts. Closed timing loophole in DMA write routine, where the software and hardware views of the DMA overflow ring could get out of sync, causing a flurry of DMA writes and overloading the Switch with high priority events, so that the port stops responding. Conditions which would exacerbate the problem are large numbers of 64 byte frames, usually in combination with a burst of multicasts and especially if a large number of real servers were configured for health checks. Bug 3751: Cannot ping VIP from within the switch. Fixed bug where MP could not ping the VIPs. Bug 3694: New server added to group does not get sessions. When ICMP health checks were in use, and a new server was configured into a group, it did not receive any sessions. Bug 3863: Static route with interface number '0' not applied after gtcfg If a config was converted from 6.0 to 8.0, static routes were not explicitly associated with IP interfaces. When the converted config was dumped out, the interface number was set to 0, and it caused problems when the config was read back in. No longer output interface number on static route if it is "0". Bug 3822: SSL persistency and Filtering cannot be combined on one port. Now allow combined feature. Bug 3889: URL SLB weighted roundrobin "sticks" to weighted servers. If a URL string match occurred, and the real server had a weight greater than 1, subsequent requests from the same client IP would go to the same server, regardless of URL, until the weight was used up. Bug 3446: Unable to delete group/name The "diff" flag was not being set for SLB group names. Bug 3409: imask incorrectly applied when checking for duplicate RIPs. If an imask (Makes a VIP cover an address range) exists on the switch, it is used in config validate to ensure that VIPs and their associated RIPs (adjusted for "width") did not overlap. The mask was also applied to RIPs that were not associated with VIPs making it impossible to configure RIPs other purposes such as redir. Bug 3795: Enhancements to dump file to provide additional ASCII trace data. =================================================================== WebOS 8.0.32 Fixes and Enhancements. Born On - 16 June 2000 ==================================== Bug 3641: L7 and tagged client port causes TCP checksum errors. If a client port was configured for 802.1q tagging, checksum recalculation would not occur correctly, and bad frames would be sent to the real servers. Bug 3791: Potential sequence # problem with HTTP/1.1 connection splicing. A code loophole was found and fixed, where sequence numbers might be calculated incorrectly in the case where the number wrapped. Bug 3708: Switch Panic when telnet using SSH with long password. Fixed memory leaks in SSH routines and put limit on number of characters that could be entered for password. Bug 3802: If VR is created before VIP, requires restart/ reset to work. When the Virtual router existed before the VIP was configured, The VSR (Virtual Server Router=Shared VIP) did not function correctly or use the correct (VR)MAC address until VRRP or the whole switch was restarted. Now we convert a VIR into a VSR if the VIP is configured after the VR. Bug 3805: When enabling GSLB demo key switch returns "DSLB enabled". Remnant of earlier name for the feature - fixed. Bug 3618: Trunking with Cisco 6500 causes ACEswitch to panic. When using Fast Etherchannel trunk between Alteon and Cat 6500 running version 5.2, switch could Panic. Bug 3824: /cfg/dump incorrectly formats 'fwlb' parameter New advanced filter menu item "fwlb" was not correctly formatted in a config dump (ptcfg), and would cause errors when config was read back in to switch. *NOTE* this parameter ONLY used when a redirect filter for a specific TCP port or protocol must hash on both source and destination addresses for FWLB. Normal redir any/any/any filter used for FWLB does not need this parameter. Bug 3803: Duplicated pings if two clients are connected to one port (via hub) with VMA & filtering enabled. In this combination, unless both client addresses hashed to the same (VMA) designated port that they were physically connected to, then the switch would forward the ping back to the originating port. Bug 3772: SLB fails when the server port is the (VMA) designated port. If the client address was such that VMA selects the port where the real server is located, AND if the VIP plus associated VSR had ODD IP addresses and VRID, then load balancing would fail. Additions: Make graceful server failure the default. Only increment server failures if syslog is true. Make IP forwarding ON the default. =================================================================== WebOS 8.0.31 Fixes and Enhancements. Born On - 9 June 2000 ==================================== Bug 3674: BWM - SNMP unable to read CurCfg TOSIn/TOSOut objects. Bug 3697: real server Ip addr missing from /info/slb/dump. Bug 3707: In FWLB, Backup Server 4 is still reported UP when Real Server 3 is restored. In a redundant (4 switch) FWLB configuration, real server 2 real server 1, and real 4 backs up real 3. After failure and restoral of real 3, real 4 stayed on line distorting the hash and causing some sessions to return via the wrong firewall. Bug 3714: Console vrrp alert : errored advertisements Previously reported any badly formed VRRP advertisements on our subnet(s) to the console, even if they were not for Virtual Routers configured on this switch. Now count and discard such packets without generating error message. Bug 3709: Create AD3 with SSH feature added but WebUI removed. Allow user the option of adding secure access to AD3/180E at the expense of losing WebUI, which is probably unused in a secure environment. Bug 3738: Switch does not accept static route config without interface #. The feature which allows the interface to be designated as part of a static route (mostly for FWLB), would not accept a route without the interface specified. Bug 3722: VRRP Sync Failure can retain tcp_buffer. A buffer used for transmission of the VRRP config sync to the peer switch might not be freed if a transmission error occurred. Bug 3255: DAM leaking packets from real servers. With DAM enabled, when users are accessing a web site through a slow link (such as a wireless modem or a 28.8 dial in) and clicking ahead before a page is fully loaded, packets sourced from the real servers may be seen untranslated at the client's location. Only occurs with DAM enabled and while using a slow Internet connection. If you believe you are seeing this problem, please contact Tech Support for details of the appropriate configuration parameter. ======================================================================