=================================================================== WebOS 8.0.46 Fixes and Enhancements. Released On - 24 September 2000 ==================================== Bug 4813: DNS (UDP) reply packet in GSLB has incorrect source ip address. Switch would reply to DNS lookups with the primary IP address as the source, even if the request was sent to a different interface, causing the requestor to drop the reply packet. Now respond to DNS requests with same IP SA as IP DA of request. *Also allow VIR to accept/respond to DNS lookups for redundancy. No Bug#: FTP Parsing + VMA could cause Panic. With VMA, all server processing occurs on the RX processor. FTP parsing code was trying to process a frame that was in the TX queue, causing a Panic. Bug 4838: No ARP response for VIP if req sent to VMAC. Client processing was forwarding ARPs received for the VMAC (L4 MAC) to the master processor incorrectly, and they were ignored, thus an ARP refresh from a router would not get a response until it retried using the broadcast MAC address. Bug 4850: L7 code doesn't handle ACK/PUSH/FIN data packet correctly. If client sends over a request with ACK/PUSH and followed by an ACK/PUSH/FIN data packet, the switch did not forward the packet correctly. Fixed by wtnelson: Bug 4816: In a scripted health check, /cfg/dump will not display trailing quote after last line, if the last line of script is not a close. Even though the script "must" end with a close, a saved partial config would be mishandled without the closing quote. Bug 3887: SNMP get on SlbRealServerInfo returns incorrect values. Now correctly return values for slbRealServerInfoSwitchPort, slbRealServerInfoHealthLayer, slbRealServerInfoOverflow and slbRealServerInfoState. Bug 4801: URL parameters not read during /cfg/gtcfg Switch was not properly restoring httpslb configuration after gtcfg TFTP requests. Simplified code and handled multiple parameters correctly. =================================================================== WebOS 8.0.45 Fixes and Enhancements. Released On - 20 September 2000 ==================================== Bug 4773: POP3 health check incomplete. Added to previous fix - allow for spaces in username. Bug 4808: Switch panics after a random period of time with FTP NAT configured. FTP NAT code could create a session table loop during replacement of an entry, which would lead to a port processor looping, and eventually, a panic. Bug 4107: Port Mapping with DAM using pip method or slb+filt method fails. With DAM, all address/port translations are done on the Client port. The longer session table does not have enough space per entry to allow port mapping, so it is not allowed in the config unless... Some form of persistency, delayed binding, PIP, or filters are configured, in which case, the shorter table with more space per entry is invoked, permitting port mapping. Configuring PIP or filter did not correctly allow port mapping, which has now been fixed. =================================================================== WebOS 8.0.44 Fixes and Enhancements. Released On - 15 September 2000 ==================================== Bug 4683: CPU A is looping in slb_bind_server. The hash metric could loop forever if all servers failed while the hash was being computed. Bug 4684: SLB doesn't handle ICMP Destination Unreachable with DF bit w/VMA. Switch was not correctly examining packet to retrieve client IP from payload in order to forward the ICMP frames to the correct real server. Without this, server could not negotiate frame size. Bug 4738: WebUI shows up when going to the VIP/VSR. If the VSR was on a different subnet from the clients (or router), and the VSR was bounced from master to backup, the ARP entry for the VSR could get deleted due to a timing loophole, and the frames would be sent to the MP's interface instead of the VIP, causing webUI to pop up. Bug 4139: UDP SLB port mapping not working. Switch was not correctly translating vport to rport for UDP traffic. Bug 4511: After reboot configured network pref table disappears. If the SIP and netmask in the network pref table were both 0.0.0.0, the table could disappear after a reboot. Bug 4419:Reply to client via PIP has VRMAC instead of client MAC. Further fix to this problem. Bug 4732: Add support for FJ flash part for AD4/184. Allow AD4/184 switch to recognize Fujitsu as well as AMD flash. Bug 4666: Console hangs after entering ctrl-s, then ctrl-c. If a break was entered after console output was stopped by , the console thread was not resumed, with the result that the console port was hung till the next reboot. Bug 4737: Passive FTP-PARSING doesn't work with SERVER CLIENT on the same port. Fix problems with the wrap case where an incorrect pointer was used. Bug 4566: URL redir exclude cannot go to VIP. The combination of URL parsing Web Cache Redirection and a VIP in the same switch being the "origin server" would not work because the spliced connection bypassed the load balancing code. Now correctly switch back and forth between a cache on a switch, and a VIP in the same switch. Bug 4611: AceSwitch 184 NotCopy error in switch port trace buffer. The scratchpad (fast local CPU memory) was full, and one routine was not being loaded as a result. The less used part of the h_rx_mac_attn routine was moved out of the scratchpad to make room. Bug 4773: POP3 health check incomplete. Some POP servers do not send anything beyond "+OK", and we were not responding with the password to complete the login. Now only send a password if one is entered in the content string. This is because we can only count on +OK being sent by the POP server. This way the administrator can control whether or not a password is sent. =================================================================== WebOS 8.0.43 Fixes and Enhancements. Released On - 6 September 2000 ==================================== Bug 4419: Reply to client via PIP has VRMAC instead of client MAC. Replaced previous fix from 8.0.42, which was incomplete. When a server (or client) on an internal network needs to access Internet resources, its source IP is translated to the Proxy IP. In the case where the PIP was not on the same network as the Internet router, and the reply from the Internet was routed to the PIP via a VR on the switch, the VRMAC was not replaced by the client MAC. Bug 4594: No IF MAC entry in arp table when disabling VRRP and assign VIR IP to IF. Bug 4596: No VIP MAC entry in arp table when disabling VRRP and changing an Interface IP. When VRRP was disabled without disabling the individual VRs, it was possible that other ARP entries such as Interface or VIP MACs would be removed. Bug 4629:We need a 30 day BWM DEMO key. Increased the demo interval from one week to 30 days. ================================= Known problems with WebOS 8.0.43 ================================= Bug 4139: UDP SLB port mapping not working =================================================================== WebOS 8.0.42 Fixes and Enhancements. Released On - 1 September 2000 ==================================== Bug 4420: Fragmented UDP frames from server cause switch to panic. Fragmented frames from the real server would cause the server port to hang and the switch to watchdog. Bug 3558: Receiving rate at tagged port drops far below the hard limit. More fixes for this problem: Slow moving queues were holding excessive numbers of buffers, thus starving the faster queues of bandwidth. Change default buffer limit to 16K from 32K and reuse buffers within each queue to improve performance. Bug 4500: Trunk group disabled when one of trunk ports loses link. Losing link on the active Spanning Tree port for a trunk group would cause the other port(s) in the group to become disabled. Bug 4211: Radius health check does not work in 8.0.x (Duplicate of #4395) Switch was not listening on the correct Vports (1812 or 1645) for the RADIUS health check replies. Merged in prior fixes and enhancements from the 6.0 stream. Bug 4396: Graceful server failure should be disabled by default. In configurations such as Firewall load balancing, graceful server failure is not desirable: all sessions should switch to the remaining firewall(s) to preserve symmetry. Thus /cfg/slb/adv/grace now defaults to disabled, and it is now the user's responsibility to enable it when required for SLB. Bug 3370: Switch outputs an error when hit to accept the current value. When configuring the IP address for an interface or VIP, hitting to keep the existing address results in "Error: bad IP address" Bug 4589: Out of Flash Memory space for Switch Image. Removed little used statistics and links from WebUI because the 8.0 image on the AD3/180E uses all available flash memory, and space was needed to permit ongoing maintenance. Bug 3979: Unpredictable results when SLB HTTPS with PIPs Actual problem is that browsers using SSL 2.0 encrypt the Session ID. This results in the SSLID code being unable to allocate a server. Now hash SSL requests with no ID to a server based on client IP. Also when one-arming SSL with a PIP, and client/server on different VLANs, the reply was not switched to the client VLAN. Imported fix for #3806 into SSL code. Bug 4542: Create VLAN and move an IP interface to that VLAN in one step will cause a panic. Caused by a conflict where the same process was being multi-threaded. Flag added to prevent conflicting access to the process involved. Bug 4581: Switch panics with VRRP re-learn. When the backup switch became master, if the lookup for the MTU size for the interface failed, the switch would panic. Added protection against getting a Null pointer to the MTU size. Bug 4565: ASSERT panic while unattended in slb_real_up() Appears to have been a rare race condition where the service came up in the middle of updating the service tables. Protection added. Bug 4307:Target switch crashes during synchronization. Several potential conflicts such as messages being output to the console while the data was being transferred to the peer, not handling console thread timeout correctly during sync of large config, possibility for multiple apply/saves. All aspects of config sync were exercised and many problems eliminated. Un-numbered fix from engineering: Make sure layer 7 sequence buffer gets cleared when a server RST received and when a real server couldn't be found. =================================================================== WebOS 8.0.41 Fixes and Enhancements. Released On - 11 August 2000 ==================================== Bug 4397: Cannot tftp "boot" image since 8.0.34. File type check was being done incorrectly, causing "invalid software image" error. More fixes for both of these conditions: Bug 4038: When FTP parsing is enabled, ACK storm after some number of RETR. Bug 4039: FTP parsing drops further commands in same packet as PORT command. Rewrote active FTP parsing to handle frames with multiple commands. Fixed PORT command retransmission detection. Fixed frame length calculation error in active & pasv FTP. Implemented active & pasv mode switching. Kept track of PORT command and Passive reply to avoid wrong sequence number computation during retransmission. Bug 4188: Switch Panics when IF enabled and VLAN enabled and BGP running. Switch could panic when adding IP interfaces and VLANs while a BGP peer connection was established. =================================================================== WebOS 8.0.40 Fixes and Enhancements. Released On - 08 August 2000 ==================================== More fixes for both of these conditions: Bug 4038: When FTP parsing is enabled, ACK storm after some number of RETR. Bug 4039: FTP parsing drops further commands in same packet as PORT command. Fixed a problem where retransmission of the PORT command caused bad sequence numbers. Fixed a problem where fast aging started as soon as the FIN came through, which might not allow enough time for retransmission. Bug 3999: HTTP redirect fails when PIP is configured. If a PIP was configured to allow requests to be forwarded to another site, the redirection would fail when local real servers went down, and need a switch reboot after the servers came back up. Bug 4280: Frames for certain Non-TCP/UDP protocols bypass the filter. If the frame being processed was for an IP protocol type other than TCP/UDP/ICMP, and the frame wrapped from the end of the buffer to the beginning, the filter match would fail. Bug 3474: Cannot access VIP through filter at client port if DAM & VMA on. A URL parsing VIP could not be accessed through a port with filters enabled if VMA was on. Bug 3558: Receiving rate at tagged port drops far below the hard limit. Buffer sizes were not being correctly set for jumbo vs non-jumbo frames configured on the port, resulting in inefficient memory usage. =================================================================== WebOS 8.0.39 Fixes and Enhancements. Released On - 20 July 2000 ==================================== Bug 3889: URL SLB weighted roundrobin "sticks" to weighted servers. If a URL string match occurred, and the real server had a weight greater than 1, subsequent requests from the same client IP would go to the same server, regardless of URL, until the weight was used up. * Additional corner cases fixed. Bug 4040: Direct Server Return fails when Direct Access Mode is enabled. Direct Server Return works by sending traffic to the real servers by MAC address, and by the real servers being configured with both their own IP, and the VIP address, so that they will respond to the client "from the VIP". This allows return traffic to bypass the switch. The bug was that the Destination IP was being changed as well as the destination MAC (as we would in normal SLB) when DAM was on. (Version 8.0.38 was built with debug flags on - not released) =================================================================== WebOS 8.0.37 Fixes and Enhancements. Released On - 20 July 2000 ==================================== Bug 4138: New NAT session timeout parameter is not shown in '/cfg/dump' or '/cfg/slb/fil. Corrected to dump the new parameter (added by #4068) whenever it is not the default value. Bug 4084: URL SLB leaves open sessions at the server after splicing the TCP session. (Also refer bug 3206) When performing URL parsing of HTTP 1.1 sessions, if required content was on a different server, the connection on the old server was not reset because the RST packet was sent out of the wrong switch port. Bug 4140: 8.0.34/8.0.36: SSH - Failed HTTP health check when configuring FWLB. Bug 4150: FWLB health content check fails for AD3/180e using 8.0-SSH versions. AD3/180E SSH version does not have WebUI, therefore use of HTTP health checks for FWLB did not work. Added simple HTTP daemon to respond with "health.html". =================================================================== WebOS 8.0.36 Fixes and Enhancements. Released On - 18 July 2000 ==================================== Bug 4038: When FTP parsing is enabled, ACK storm after some number of RETR After some number of multiple gets, the sequence number of a rewritten frame would not be correctly calculated, which would result in an ACK storm for certain server types. Fixed additional corner cases. Bug 4112 AD3 SSH version (with SSH but without WebUI) does not display ID. Now displays "-SSH" right after the software verion number to distinguish the AD3-SSH version from the regular AD3 version of images. Bug 4117: Port names with spaces will cause errors. Port names were not enclosed in quotes in the config dump. Bug 4116: Switch panicked when synchronizing VRRP, SLB configs. Sending switch might send an NULL frame, or exit the sync process before the receiving switch had completed the task. Bug 4068: NAT PIP session timeout too short. Filter sessions, including dynamic (PIP) NAT, timeout in 4 minutes. Added timeout to filter config, adjustable from 4 to 30 minutes. Ensure that empty configs default to the minimum time of 4 minutes. Bug 3998: Any filter before a PIP NAT filter causes NAT not to work. When extra filters were present, an incorrect entry in the filter table was referenced. =================================================================== WebOS 8.0.35 Fixes and Enhancements. Released On - 16 July 2000 ==================================== Bug 3980: All services within a group are marked as FAILED. When all the services on a VIP are associated with one group, for any given real server, failure of any one service will result in all services being marked FAILED. This is done to ensure that services which need to be linked cannot be accessed separately (EG HTTP and HTTPS). To avoid confusion over what has failed, we now mark services which are up, but blocked as a result of an associated service on the same server being down with the tag BLOCKED instead of FAILED. Only actual failed services are now marked FAILED. Also prevent real server being marked UP after switching from ICMP to TCP health checks, when the services are down. Bug 4097: Did not always pass Switch source port to URL filtering. In certain conditions, we did not provide the source switch port to the URL parsing filters, URL based filtering only worked on port 1. Bug 4038: When FTP parsing is enabled, ACK storm after some number of RETR After some number of multiple gets, the sequence number of a rewritten frame would not be correctly calculated, which would result in an ACK storm for certain server types. Bug 4039: FTP parsing drops further commands in same packet as PORT command Code did not correctly parse or handle second and subsequent commands in the same packet as a PORT command. Extra commands were dropped. Now handles at least two commands in the same frame. =================================================================== WebOS 8.0.34 Fixes and Enhancements. Released On - 12 July 2000 ==================================== Bug 3832: ICMP header checksum is incorrect with DAM enabled. When the path between VIP and Client does not support the MTU (frame size) used by the real server, the ICMP "too big" message is translated and delivered to the correct real server. In Direct Access Mode, the checksum was not recalculated. Bug 3955: Panic when upgrading boot image via TFTP. Occasional panic when upgrading boot image - caused by failure to handle memory allocation error. Bug 3961: Switch incorrectly forwards frames on non configured port. A lookup routine was returning the last used Vport # instead of NULL, when the Vport was not found, resulting in calls to random ports occasionally being passed to a real server. Bug 3888:VIP incorrectly translates ports which are not configured. A lookup routine was returning the last used Vport # instead of NULL, when the Vport was not found, resulting in calls to random ports occasionally being connected to real servers on open ports. Bug 3897: Disabling telnet access not maintained through ptcfg & gtcfg. Telnet enable/disable state is now preserved along with other security information such as passwords when a config script is read into the switch (console, sync, gtcfg). Bug 3983: SCP or tftp of config causes DefGW to go down. Add/change/replace VLANs via config script, including the identical saved config, would render the VLANs inoperative from the "apply", until a reset was performed. Bug 3889: URL SLB weighted roundrobin "sticks" to weighted servers. If a URL string match occurred, and the real server had a weight greater than 1, subsequent requests from the same client IP would go to the same server, regardless of URL, until the weight was used up. * Additional corner cases fixed. Bug 3600: Backup Server does not get connections if disconnected/reconnected. When backup server was active, and it's connection was interrupted, traffic was not sent to it after coming back on line. Bug 3957: Switch watchdogs on telnet when large "diff" is in progress on the serial console. Conflict between two processes trying to use Standard I/O. Implemented check to prevent conflict. Bug 3978: FTP parsing information not included in Stat/TS Dumps. FTP parsing info/stats now included in the dumps. =================================================================== WebOS 8.0.33 Fixes and Enhancements. Released On - 27 June 2000 ==================================== Bug 3801: <6> Panic sequence also used by Cisco. When using Cisco terminal servers to connect to our console port, the use must enter <6> - in order to break the connection. Unless the <6> is very brief, a forced Panic occurs on the switch. Changed forced panic sequence to <->. Bug 3839: Port hangs under heavy load/ multicasts. Closed timing loophole in DMA write routine, where the software and hardware views of the DMA overflow ring could get out of sync, causing a flurry of DMA writes and overloading the Switch with high priority events, so that the port stops responding. Conditions which would exacerbate the problem are large numbers of 64 byte frames, usually in combination with a burst of multicasts and especially if a large number of real servers were configured for health checks. Bug 3751: Cannot ping VIP from within the switch. Fixed bug where MP could not ping the VIPs. Bug 3694: New server added to group does not get sessions. When ICMP health checks were in use, and a new server was configured into a group, it did not receive any sessions. Bug 3863: Static route with interface number '0' not applied after gtcfg If a config was converted from 6.0 to 8.0, static routes were not explicitly associated with IP interfaces. When the converted config was dumped out, the interface number was set to 0, and it caused problems when the config was read back in. No longer output interface number on static route if it is "0". Bug 3822: SSL persistency and Filtering cannot be combined on one port. Now allow combined feature. Bug 3889: URL SLB weighted roundrobin "sticks" to weighted servers. If a URL string match occurred, and the real server had a weight greater than 1, subsequent requests from the same client IP would go to the same server, regardless of URL, until the weight was used up. Bug 3446: Unable to delete group/name The "diff" flag was not being set for SLB group names. Bug 3409: imask incorrectly applied when checking for duplicate RIPs. If an imask (Makes a VIP cover an address range) exists on the switch, it is used in config validate to ensure that VIPs and their associated RIPs (adjusted for "width") did not overlap. The mask was also applied to RIPs that were not associated with VIPs making it impossible to configure RIPs other purposes such as redir. Bug 3795: Enhancements to dump file to provide additional ASCII trace data. =================================================================== WebOS 8.0.32 Fixes and Enhancements. Released On - 16 June 2000 ==================================== Bug 3641: L7 and tagged client port causes TCP checksum errors. If a client port was configured for 802.1q tagging, checksum recalculation would not occur correctly, and bad frames would be sent to the real servers. Bug 3791: Potential sequence # problem with HTTP/1.1 connection splicing. A code loophole was found and fixed, where sequence numbers might be calculated incorrectly in the case where the number wrapped. Bug 3708: Switch Panic when telnet using SSH with long password. Fixed memory leaks in SSH routines and put limit on number of characters that could be entered for password. Bug 3802: If VR is created before VIP, requires restart/ reset to work. When the Virtual router existed before the VIP was configured, The VSR (Virtual Server Router=Shared VIP) did not function correctly or use the correct (VR)MAC address until VRRP or the whole switch was restarted. Now we convert a VIR into a VSR if the VIP is configured after the VR. Bug 3805: When enabling GSLB demo key switch returns "DSLB enabled". Remnant of earlier name for the feature - fixed. Bug 3618: Trunking with Cisco 6500 causes ACEswitch to panic. When using Fast Etherchannel trunk between Alteon and Cat 6500 running version 5.2, switch could Panic. Bug 3824: /cfg/dump incorrectly formats 'fwlb' parameter New advanced filter menu item "fwlb" was not correctly formatted in a config dump (ptcfg), and would cause errors when config was read back in to switch. *NOTE* this parameter ONLY used when a redirect filter for a specific TCP port or protocol must hash on both source and destination addresses for FWLB. Normal redir any/any/any filter used for FWLB does not need this parameter. Bug 3803: Duplicated pings if two clients are connected to one port (via hub) with VMA & filtering enabled. In this combination, unless both client addresses hashed to the same (VMA) designated port that they were physically connected to, then the switch would forward the ping back to the originating port. Bug 3772: SLB fails when the server port is the (VMA) designated port. If the client address was such that VMA selects the port where the real server is located, AND if the VIP plus associated VSR had ODD IP addresses and VRID, then load balancing would fail. Additions: Make graceful server failure the default. Only increment server failures if syslog is true. Make IP forwarding ON the default. =================================================================== WebOS 8.0.31 Fixes and Enhancements. Released On - 9 June 2000 ==================================== Bug 3674: BWM - SNMP unable to read CurCfg TOSIn/TOSOut objects. Bug 3697: real server Ip addr missing from /info/slb/dump. Bug 3707: In FWLB, Backup Server 4 is still reported UP when Real Server 3 is restored. In a redundant (4 switch) FWLB configuration, real server 2 real server 1, and real 4 backs up real 3. After failure and restoral of real 3, real 4 stayed on line distorting the hash and causing some sessions to return via the wrong firewall. Bug 3714: Console vrrp alert : errored advertisements Previously reported any badly formed VRRP advertisements on our subnet(s) to the console, even if they were not for Virtual Routers configured on this switch. Now count and discard such packets without generating error message. Bug 3709: Create AD3 with SSH feature added but WebUI removed. Allow user the option of adding secure access to AD3/180E at the expense of losing WebUI, which is probably unused in a secure environment. Bug 3738: Switch does not accept static route config without interface #. The feature which allows the interface to be designated as part of a static route (mostly for FWLB), would not accept a route without the interface specified. Bug 3722: VRRP Sync Failure can retain tcp_buffer. A buffer used for transmission of the VRRP config sync to the peer switch might not be freed if a transmission error occurred. Bug 3255: DAM leaking packets from real servers. With DAM enabled, when users are accessing a web site through a slow link (such as a wireless modem or a 28.8 dial in) and clicking ahead before a page is fully loaded, packets sourced from the real servers may be seen untranslated at the client's location. Only occurs with DAM enabled and while using a slow Internet connection. If you believe you are seeing this problem, please contact Tech Support for details of the appropriate configuration parameter. ======================================================================