Table Of Contents
Release Note for the Cisco Global Site Selector, Release 3.1(x)
Contents
Upgrading or Downgrading the GSS Software
Operating Considerations for Software Version 3.1(x)
Licenses for the Integrated CNR Are No Longer Available
New SNMP Features in Software Version 3.1(0)
Software Version 3.1(1) Resolved Caveats, Open Caveats, and Command Changes
Resolved Caveats for Software Version 3.1(1)
Open Caveats for Software Version 3.1(1)
Command Changes for Software Version 3.1(1)
Software Version 3.1(0) Resolved Caveats and Open Caveats
Resolved Caveats for Software Version 3.1(0)
Open Caveat for Software Version 3.1(0)
Obtaining Documentation and Submitting a Service Request
Release Note for the Cisco Global Site Selector, Release 3.1(x)
September 30, 2009
Note 
The most current Cisco documentation for released products is available on Cisco.com.
Contents
This release note applies to the software versions 3.1(0) and 3.1(1) for the Cisco Global Site Selector (GSS).
For information on version 3.1(x) commands and features, refer to the GSS documentation located on Cisco.com. This document contains the following sections:
•Upgrading or Downgrading the GSS Software
•Operating Considerations for Software Version 3.1(x)
•Licenses for the Integrated CNR Are No Longer Available
•New SNMP Features in Software Version 3.1(0)
•Software Version 3.1(1) Resolved Caveats, Open Caveats, and Command Changes
•Software Version 3.1(0) Resolved Caveats and Open Caveats
•Obtaining Documentation and Submitting a Service Request
Upgrading or Downgrading the GSS Software
The Cisco Global Site Selector Administration Guide contains the required information to upgrade your GSS software. See Appendix A, "Performing GSS Software Upgrades and Downgrades" for information about the following topics:
•Understanding Cisco-supported hardware and software compatibility for the GSS.
•Understanding the software upgrade sequence to upgrade to either 3.1(0) or 3.1(1). A new feature of software version 3.1(1) is the ability to upgrade directly to this software version from version 1.3(3) or greater.
•Preparing the GSS for a software upgrade.
•Installing a new software image.
•Preparing to downgrade from software version 3.1(x).
•Downgrading software versions on GSS devices.
Operating Considerations for Software Version 3.1(x)
The operating considerations for software version 3.1(x)and higher are as follows:
•Cisco LocalDirector does not reply properly to TCP keepalives sent on port 23 from a GSS device. To correct this behavior, specify a different keepalive method with LocalDirector or directly probe the servers located behind LocalDirector. Refer to the LocalDirector documentation for more information.
•The GSS model 4480 cannot support all of the version 3.1(x) software functionality when it is operating as the primary GSSM; therefore, you cannot use this combination of hardware and software platforms as a primary or standby GSSM. Because the GSS 4480 is approaching its end-of-life target date, you must contact your Cisco representative regarding a hardware upgrade.
Licenses for the Integrated CNR Are No Longer Available
Prior to the release of GSS software version 3.1(0), Cisco announced the end-of-sale and end-of-life dates for the integrated version of CNR. As a result of this announcement, new SF-GSS-DNSLIC software licenses that enable the integrated CNR are no longer available. To request more information regarding this change, including guidance for migration options from the integrated version of CNR running on the GSS, send your request to ask-gss@cisco.com.
New SNMP Features in Software Version 3.1(0)
The GSS SNMP agent has been enhanced to enable support of the following MIB functions:
•CISCO-GSLB-DNS-MIB—Monitoring of DNS global statistics, GSLB answer statistics, and GSLB domain statistics.
•CISCO-PROCESS-MIB—Monitoring of the failure rate of GSS processes by polling SNMP MIBs.
•CISCO-IMAGE-MIB—Viewing of the list of features that the software image running on the GSS supports.
•ENTITY-MIB—Viewing comprehensive device information, including hardware and software details.
For additional information regarding the SNMP features that the GSS supports, see the following resources:
•For an overview of the SNMP features that the GSS supports, see the Global Site Selector Administration Guide at the following URL:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/gss4400series/v3.0/administration/guide/SNMP.html#wp999649
•For details about the objects that the GSS supports for each MIB type, go to the following site:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
From this site, choose GSS from the Cisco Secure and VPN Products drop-down list and then click on the associated Capability MIB. This site provides information about the supported GSS MIBs, Capability MIBs, and notifications. To find the actual MIB OIDs implemented in a MIB, see the corresponding Capability MIB, which describes both the capabilities of an agent with respect to the corresponding MIB module and the variations in the MIB implementations (if any).
Software Version 3.1(1) Resolved Caveats, Open Caveats, and Command Changes
The following sections contain the resolved caveats and open caveats, and command changes in software version 3.1(1):
•Resolved Caveats for Software Version 3.1(1)
•Open Caveats for Software Version 3.1(1)
•Command Changes for Software Version 3.1(1)
Resolved Caveats for Software Version 3.1(1)
This section lists the resolved caveats for software version 3.1(1).
•CSCsy76748—When you hard code the GSS 4490 Ethernet port and then reboot the GSS, the port configuration settings change. For example, if you hard code the port for 100 Mbps and full-duplex operation and then reboot the 4490, the port will operate at 100 Mbps and half-duplex operation. The GSS running configuration, however, will still show the port as being configured for 100 Mbps and full-duplex operation. Workaround: After a reboot, reconfigure the Ethernet port to its correct settings.
•CSCsy98600—When using TLSv1 or SSLv3, the GSS supports the following weak ciphers on port 3009:
–DES-CBC-SHA
–EDH-RSA-DES-CBC-SHA
–EXP-DES-CBC-SHA
–EXP-EDH-RSA-DES-CBC-SHA
Workaround: The GSS uses port 3009 for Cisco Application Networking Manager (ANM) connectivity only. Use an access control list (ACL) or a firewall to ensure that only authorized ANM devices access this port. If you are not using ANM to manage the GSS, use an ACL to prevent this issue.
•CSCsz70369—When a GSS 4492 is using version 3.1(0) software, the SNMP daemon does not start. The SNMP agent parses information available in the "/tmp/udi" file to return EntitiyMib OID values which were added in version 3.1(0). When the SNMP agent parses this information on GSS 4492 platforms with a VID of GSS-4492R-K9 V01, it becomes unresponsive.
•CSCta02427—When the running configuration contains a large number of ACLs or SNMP configurations, the TACACS configuration may not load when the GSS is rebooted, preventing the user from logging in to the GSS after the reboot. Workaround: Optimize the ACLs or SNMP configurations to reduce the number of configurations required.
•CSCta11321—When the GSS is configured for name server (NS) forwarding and it receives a TCP zone transfer request, it forwards the request to the name server and does not respond to other requests on other rules until it receives a response from the name server.
•CSCta35984—When TACACS+ authentication is enabled for SSH, the GSS file system may run out of inodes after repeated SSH login attempts because the GSS does not periodically purge the mailboxes it creates in /var/spool/mail that contain user password entries.
•CSCta61980—When using the GSS with the integrated version of CNR and the traffic pattern frequently uses the same trans ID to make several queries to different domains, the GSS does not clear the query entries. The query entries eventually consume all of the available space in the memory pool and the GSS becomes unresponsive.
•CSCtb09595—When the GSS receives an MX or PTR request to a DNS rule that is configured with a query type of "A" and there is no forwarding rule configured, the GSS response contains the request with the request bit set instead of an answer.
Open Caveats for Software Version 3.1(1)
This following open caveat is for software version 3.1(1):
•CSCtb43145—When a server response from a VIP contains more than a single packet, the GSS incorrectly reports the HTTP-HEAD keepalive as being offline. Workaround: Reduce the HTTP header size by eliminating cookies.
Command Changes for Software Version 3.1(1)
Table 1 shows the command that has been added in software version 3.1(1).
Table 1 CLI Command Change in Version 3.1(1)
Mode
|
Command and Syntax
|
Description
|
Global configuration
|
tacacs-server callerid-info-type {hostname | ipaddress}
|
Per CSCta39689, this new command enables you to instruct the GSS to insert either the client hostname or the client source IP address into the remote address header when the GSS makes an authentication request to a TACACS+ server. Prior to the introduction of this command, the GSS was capable of inserting the client hostname only.
The keywords for this command are as follows:
•hostname—Instructs the GSS to insert the client hostname in the rem_addr field of the TACACS+ authentication packet which gets displayed in the CallerId field on the access control server (ACS). This is the default setting.
•ipaddress—Instructs the GSS to insert the client source IP address in the rem_addr field of the TACACS+ authentication packet which gets displayed in the CallerId field on the ACS.
Note When you use the hostname keyword and the GSS cannot resolve the client source IP address to the client hostname, the GSS inserts the client source IP address.
The no form of this command is not permitted.
The output of the show tacacs, show running-config, and show startup-config commands contain the tacacs-server callerid-info-type command setting.
|
Software Version 3.1(0) Resolved Caveats and Open Caveats
The following sections contain the resolved and open caveats in software version 3.1(0):
•Resolved Caveats for Software Version 3.1(0)
•Open Caveat for Software Version 3.1(0)
Resolved Caveats for Software Version 3.1(0)
This section lists the resolved caveats for software version 3.1(0).
•CSCsw14463—The SNMP location and contact strings do not accept quotation marks.
•CSCsw40167—When the License Manager did not reply to the Config manager, the Config Manager entered a deadlock state.
•CSCsw98396—When the number of stale entries in the GSS-CNR interface memory pool exceeds 100, the cleanup manager does not remove all of the stale entries, which leads to memory pool depletion. When this problem occurs, new DNS requests are dropped.
•CSCsx66994—When installing an ISO image on the GSS 4490 hardware, the installation fails.
•CSCsu83379—Modifying a shared KAL-AP causes the answers to go offline.
•CSCsw16817—When user data containing improper quoting of shell metacharacters is passed to the GSS, shell access is allowed.
Open Caveat for Software Version 3.1(0)
This section describes the following open caveat for software version 3.1(0):
CSCsy76748—When you hard code the GSS 4490 Ethernet port and then reboot the GSS, the port configuration settings change. For example, if you hard code the port for 100 Mbps and full-duplex operation and then reboot the 4490, the port will operate at 100 Mbps and half-duplex operation. The GSS running configuration, however, will still show the port as being configured for 100 Mbps and full-duplex operation. Workaround: After a reboot, reconfigure the Ethernet port to its correct settings.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Pulse, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Fast Step, Follow Me Browsing, FormShare, GainMaker, GigaDrive, HomeLink, iLYNX, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0908R)
