ServerIron ADX 12.2.00 Release Notes - Netadm€¦ · Brocade, the B-wing symbol, ServerIron ADX,...

Software Release 12.2.0 for Brocade ServerIron ADX Series Application Delivery Controllers Release Notes v1.1

July 7, 2010

Document Title Summary of Changes Publication Date

Software Release v12.2.0 for Brocade ServerIron ADX Application Switches Release Notes v1.1

Updated defects list July 7, 2010

Software Release v12.2.0 for Brocade ServerIron ADX Application Switches Release Notes v1.0

Initial release June 24, 2010

Document History

Brocade ServerIron ADX Series v12.2.0 Release Notes v 1.1 of 41

Copyright © 2010 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, ServerIron ADX, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron, SecureIron, ServerIron, ServerIron ADX, StorageX, and TurboIron are registered trademarks, and DCFM, Extraordinary Networks, and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their respective owners.

Notice: The information in this document is provided “AS IS,” without warranty of any kind, including, without limitation, any implied warranty of merchantability, noninfringement or fitness for a particular purpose. Disclosure of information in this material in no way grants a recipient any rights under Brocade's patents, copyrights, trade secrets or other intellectual property rights. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use.

The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that accompany it.

Notice: The product described by this document may contain “open source” software covered by the GNU General Public License or other open source license agreements. To find-out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.

Export of technical data contained in this document may require an export license from the United States Government.


Contents Supported Devices for Brocade ServerIron ADX 12.2.0 ......................................................................... 5 About This Release ..................................................................................................................................... 5 Summary of Enhancements in ServerIron ADX 12.2.0 ............................................................................ 5 Feature Support .......................................................................................................................................... 6

New Features of this Release (12.2.0) ....................................................................................................................... 6

ServerIron ADX 1008-1 ............................................................................................................................................ 6

Capacity On Demand ................................................................................................................................................. 6

Application Resource Broker .................................................................................................................................... 6

IPv6-4 Gateway ......................................................................................................................................................... 7

Layer 7 CSW extension for TCP or UDP based (other than HTTP) applications ..................................................... 7

Response Time Predictor ........................................................................................................................................... 8

Cache Persistence using URL hashing ...................................................................................................................... 8

Cache Capacity-based traffic distribution .................................................................................................................. 8

Increased hash size for large TCS deployments ........................................................................................................ 8

Direct-attached cache server configuration with TCS ............................................................................................... 9

Port Range ................................................................................................................................................................. 9

Simplified Next Hop Definition for Reverse SLB Traffic ......................................................................................... 9

Increased number of virtual (VE) interfaces .............................................................................................................. 9

Hardware-based Pass-through Multicast traffic switching ........................................................................................ 9

Identifying Transport protocol for Application Server port ..................................................................................... 10

Application server port holddown timer .................................................................................................................. 10

Setting Quality of Service DSCP value for SIP health checks ................................................................................ 10

Quality of Service DSCP marking for SLB packets ................................................................................................ 10

SSL certificate management enhancements ............................................................................................................. 10

Web User Interface Enhancements .......................................................................................................................... 10

Brief Summary of Software Features ...................................................................................................................... 11

Required Software Images ....................................................................................................................... 13 Image Files for TrafficWorks 12.2.0 ....................................................................................................................... 13

Qualified USB Drives with the Release................................................................................................................... 13

Factory Pre-loaded Software ................................................................................................................................... 13

Upgrading from release 12.1.0x to 12.2.0 or later .................................................................................. 14 Upgrading a single management module from release 12.1.0x to 12.2.0 or later .................................................... 14

Upgrading dual management modules from release 12.1.0x to 12.2.0 ................................................................... 14

Upgrading from 12.0.0 to 12.2.0 or later ................................................................................................. 15 Upgrade via an interface module port ...................................................................................................................... 16


Upgrade dual Management Modules via an interface module port ......................................................................... 17

Technical Support ..................................................................................................................................... 19 Closed defects in releases 12.1.0a through 12.1.0c (ported to 12.2.00) .............................................. 20 Closed with code ....................................................................................................................................... 26 Closed without code ................................................................................................................................. 33 Open Defects in the ServerIron ADX 12.2.0 ............................................................................................ 33


Supported Devices for Brocade ServerIron ADX 12.2.0 This software release applies to the following Brocade ServerIron ADX controllers:

• Brocade ServerIron ADX 1000 • Brocade ServerIron ADX 4000 • Brocade ServerIron ADX 8000 • Brocade ServerIron ADX 10000

About This Release This release supports a Layer 2 software image and a Layer 3 Software Image.

Summary of Enhancements in ServerIron ADX 12.2.0

This release note includes a list of supported features in Brocade ServerIron ADX software release 12.2.0. For specific details of the features, and all other information required to operate the devices, refer to the following manuals:

• Brocade ServerIron ADX Server Load Balancing Guide • Brocade ServerIron ADX Advanced Server Load Balancing Guide • Brocade ServerIron ADX Global Server Load Balancing Guide • Brocade ServerIron ADX Security Guide • Brocade ServerIron ADX Administration Guide • Brocade ServerIron ADX Switching and Routing Guide • Brocade ServerIron ADX Firewall Load Balancing Guide • Brocade ServerIron ADX Graphical User Interface Guide • Brocade ServerIron ADX Hardware Installation Guide • IronWare MIB Reference


Feature Support The section describes the feature highlights in this release. Features or options not listed in this section or documented in the Brocade ServerIron ADX Configuration Guides are not supported.

New Features of this Release (12.2.0)

This section describes all of the new features that have been added with release 12.2.0.

ServerIron ADX 1008-1

Starting with software release 12.2.0, a new entry-level platform, the Brocade ServerIron ADX SI-1008-1 is added to the Brocade ServerIron ADX 1000 family. Although the ServerIron ADX SI-1008-1 is pre-equipped with sixteen 1 Gigabit Ethernet copper ports, two 10Gig ports (no optics), 4 application cores and SSL hardware, only the first eight 1 Gigabit Ethernet ports and one internal application core is enabled at the factory. Optionally, the SSL hardware and/or PREM features can also be activated at the factory. The remaining unused ports and application cores can be enabled through a field-upgradeable software license key. This allows users to grow from the entry-level ServerIron ADX 1008-1 to the high-end ServerIron ADX 1216-4 through a simple license upgrade.

Capacity On Demand

With Capacity-on-Demand, the Brocade ServerIron ADX offers on-demand feature activation through a simple-and-easy field-installable software license key. This enables administrators to begin their deployments with the capacity they need today and to expand system performance at a later date as business needs grow. Upgrades available through software license key allow you to double or quadruple the system performance by activating additional application cores, increase the port density or add software features. Any of these upgrades can be performed in any combination depending on your business application needs.

Application Resource Broker

The Brocade Application Resource Broker (ARB) is an infrastructure software component which enables shared or virtualized IT infrastructures with capabilities to provision virtual machine resources (VM’s) automatically based on fluctuations in application traffic demand as observed by ServerIron ADX or polled from infrastructure managers. It is delivered as a product extension to Brocade ServerIron ADX application delivery devices and advanced load-balancing, network switches. ARB leverages the Brocade ServerIron ADX’s unique position in the application and infrastructure network to monitor application traffic and infrastructure capacity and inform both ServerIron ADXs and infrastructure managers to provision/provide VM’s from standby resource pools when required to efficiently meet client load or demand for an application. Application Resource Broker also provides application-centric visibility ranging from the ability to automatically associate which virtual machines roll-up to support any application service and it also collects and stores historical performance metrics to aid in determining baselines, future capacity planning and billing initiatives. For this first release, only VMware and VMware vCenter/vSphere are supported.

Specifically, ARB gathers application infrastructure response times, traffic load and application configurations from ServerIron ADXs across the network and gathers infrastructure utilization (e.g. virtual machine CPU utilization) from infrastructure managers like VMware vCenter. These application metrics are polled at regular intervals and analyzed by the ARB’s decision engine. Through a vSphere plug-in for VMware environments provided in this release, it provides an interface for operations to configure decision engine rules for log alerts and provisioning actions based on crossing these threshold metrics. When these thresholds are crossed for increasing traffic load, it initiates requests to power-up VM(s) with the same application service from resource pools and also informs


ServerIron ADXs to add these new application resources into a respective load balancing pool so they can start serving traffic immediately

IPv6-4 Gateway

Software release 12.2.0, extends the IPv6 server load balancing capabilities of the ServerIron ADX. The following is a brief summary of the IPv6 features added in this release:

• IPv6 Server Load Balancing - 664 (IPv6 VIP to IPv4 Real servers) • IPv6 Server Load Balancing - 664+6 (IPv6 VIP to IPv4 and IPv6 Real servers) • IPv6 Syn-Proxy • Default gateway setting through upstream router advertisements

A sample IPv6 gateway configuration is shown below. Please refer to ServerIron guides for details.

! server source-nat server source-nat-ip 10.10.10.100 255.255.0.0 0.0.0.0 port-range 2 port-alloc-per-real ! server real rs1 10.10.1.40 port http port http url "HEAD /" ! server real rs2 10.10.1.41 port http port http url "HEAD /" ! server virtual vs1 2012::face port http bind http rs1 http rs2 http !

Layer 7 CSW extension for TCP or UDP based (other than HTTP) applications

With software release 12.2.0, the Brocade ServerIron ADX extends its layer 7 Content Switching (CSW) capabilities for any TCP or UDP based applications in addition to HTTP based applications. This allows administrators to define application data based business rules for TCP or UDP applications. For example, in an environment running a Financial Information eXchange (FIX) application, the Layer 7 CSW functions can be utilized to distribute traffic among FIX application servers based on the SenderCompID value in the connecting FIX client traffic.

A brief sample configuration is shown below. Please refer to the serverIron guides for details.

!

csw-rule “FIX-R1” tcp-content pattern “49=”

offset 0 dpeth 200

!

csw-policy “FIX-P1” protocol any

scan-wait-data 200

match “FIX-R1” persist offset 0 terminator “56=”

!


server virtual VIP101 30.1.1.100

port 5000

port5000 csw-policy “FIX-P1”

port 5000 csw

bind 5000 RS-101 5000 RS-102 5000

!

Response Time Predictor

This new load-balancing algorithm (predictor) enables the Brocade ServerIron ADX to distribute traffic among multiple backend application servers based on their application response time. The ServerIron ADX tracks the round-trip time observed with the application server health check, uses it as a dynamic weight for that server, and then distributes traffic among all servers based on the respective dynamic weights. For well-known protocols, the ServerIron ADX uses round-trip time against the layer 7 health checks; and for other protocols it relies on the round-trip time against layer 4 health checks. This predictor can’t be used with the UDP-based applications or when health checks are disabled.

Cache Persistence using URL hashing

The Brocade ServerIron ADX offers persistence for cache servers based on the source and/or destination IP address of the traffic flows. Starting with software release 12.2.0, the ServerIron ADX can also provide persistence based on layer 7 data inside HTTP requests. This helps minimize content duplication among cache servers which reduces WAN bandwidth consumption.

The cache persistence can be based on one of the following values:

• Complete URI (includes host, path and parameters) • Path only • Path and parameters • Host name only • Host name and path information

Additionally, the Brocade ServerIron ADX can be configured to persist based on source and/or destination IP addresses while conducting layer 7 based cache switching.

Cache Capacity-based traffic distribution

Starting with software release 12.2.0, the Brocade ServerIron ADX polls capacity of cache servers and adjusts traffic distribution among these cache servers based on their current load. It utilizes SNMP to gather this information from a cache server. The information received through SNMP is used along with the health information of the cache server before sending it client traffic flows.

Increased hash size for large TCS deployments The Brocade ServerIron ADX utilizes an internal hash mechanism to achieve traffic persistence with TCS. It creates an association between hash buckets and available cache servers. The hash buckets generally get equal distribution among cache servers. In the event of a cache failure, the hash buckets of the failed cache are re-distributed among the remaining available cache servers.


Prior to software release 12.2.0, the internal hash bucket size was 256. The hash mechanism discussed earlier works well for deployments with 16 or cache servers. In a larger cache server farm deployment, the hash bucket size of 256 may result in uneven traffic distribution in case one of the cache servers fail. Starting release 12.2.0, the hash bucket size can be adjusted to be up to 16,384 in a Layer 4 TCS configuration. This helps achieve even distribution of traffic among cache servers even during a cache failure.

Direct-attached cache server configuration with TCS Starting with software release 12.2.0, the Brocade ServerIron ADX extends support for transparent cache switching (TCS) topologies that involve direct connectivity of cache servers to the two ServerIron ADX units configured in high-availability mode.

Port Range The port range feature in software release 12.2.0 enables the configuration of multiple application ports on a Brocade ServerIron ADX with similar characteristics. This feature is useful in deployments with tens or hundreds of application ports. With port range, an administrator can create bundles of up to 50 ports in a group and then associate this group to real and virtual servers. The administrator can also define parameters such as associated transport protocol and health check timer/frequency to these groups. Member ports inside a port range group inherit any characteristics assigned to the port range group.

Refer to the sample configuration below. Please refer to the configuration guide for details. !

Port-range pr1

Port 8051 to 8100

!

server real rs1 10.0.0.1

port-range pr1

!

Server virtual vs1 10.0.0.101

Bind-range pr1 rs1 pr1

!

Simplified Next Hop Definition for Reverse SLB Traffic

Starting with software release 12.2.0, the Brocade ServerIron ADX offers an additional simplified way for specifying a next-hop address for reverse SLB traffic. Unlike the policy-based routing method, this approach does not require the definition of route maps or access control lists. This function is only available with the Layer 3 router code.

Increased number of virtual (VE) interfaces

With software release 12.2.0, the number of virtual interfaces (a.k.a. VE interfaces) in layer 3 router code is raised to 1024. Additionally, the system has added flexibility to number them up to 4095. Note that only 64 of these total 1024 VE interfaces/subnets can be used with source NAT.

Hardware-based Pass-through Multicast traffic switching Starting with software release 12.2.0, the Brocade ServerIron ADX enables hardware forwarding of pass-through multicast traffic. This prevents overloading of the management processor when subjected to multicast traffic.


Identifying Transport protocol for Application Server port

By default, the Brocade ServerIron ADX does not distinguish between transport layers and forwards both TCP and UDP bound traffic to the backend application servers. Starting with software release 12.2.0, the ServerIron ADX can be configured to distribute traffic based on the underlying transport layer.

Application server port holddown timer

Software release 12.2.0 adds a hold-down timer for the application server ports (real server ports). When enabled, it prevents a failed real port from resuming the active state until the hold-down timer expires. The hold-down timer along with the force-delete command ensures that all of the pre-existing sessions of a failed server are timed out and not re-used within the hold-down time even if the failed port resumes.

Setting Quality of Service DSCP value for SIP health checks

Software release 12.2.0 allows the Brocade ServerIron ADX to set a DSCP value for SIP health check packets. The QoS enabled infrastructure can then provide preferential treatment for these packets.

Quality of Service DSCP marking for SLB packets

Software release 12.2.0 allows the Brocade ServerIron ADX to mark DSCP bits for regular server load balancing packets. This functionality can be utilized with direct server return (DSR) topologies to mark health check and SLB packets, and achieve the desired routing behavior.

SSL certificate management enhancements

Starting with software release 12.2.0, the ServerIron ADX supports up-to 32 distinguished names (DN) while conducting client certificate authentication. Additionally, the certificate chain depth has been raised from 4 to 10. The default system value is still 4, but can be raised (if required) to 10.

Web User Interface Enhancements The enhanced web interface for ServerIron ADX in software release 12.2.0 allows for software image upgrade through a GUI. The web interface also supports application templates that allow simple and easy configuration of basic L4 SLB for HTTP and other protocols.


Brief Summary of Software Features

The following is a brief highlight of features available with Brocade ServerIron ADX:

• Server Load Balancing (SLB) : A variety of load balancing algorithms (predictors)

Inline and Direct Server Return (DSR) modes

Local and remote servers

Primary and backup servers

Sticky and concurrent connections

Port tracking

Port aliasing

Stateless SLB

• Application Health Checks : L2/3 ARP & ICMP checks

Layer 4 TCP/UDP health checks

Layer 7 application health checks

Port profiles

Port policies

Element health checks

Boolean health checks

• Layer 7 Content Switching (CSW) for application data aware traffic distribution : CSW for http protocol CSW for non-http applications such as FIX protocol

• High Availability (HA) modes : Hot-Standby Symmetric active standby Symmetric-active –active

• Secure Socket Layer (SSL) offload • IPv6 Server Load Balancing :

IPv666 (IPv6 VIP to IPv6 Real) SLB IPv664 (IPv6 VIP to IPv4 Real) SLB Static routing and OSPFv3 support for IPv6 VRRP-E and HA support for IPv6 IPv6 management

• Global Server Load Balancing for multi-site redundancy • Transparent Cache Switching (for traffic distribution among cache servers) • Security :

Hardware based Syn-attack (Syn-Proxy) and other DoS attack prevention


Syn-Defence for DSR topologies Transaction and Connection Rate Limiting Management Traffic Attack Protection Service Port Attack Protection Access Control Lists (ACLs) IP NAT SPAM mitigation using PBSLB

• Management : Telnet, SSHv2, SNMP, Syslog Web user interface Brocade INM

• Switching & Routing : Static Routing RIP, OSPFv2, OSPFv3 VRRP VRRP-E for IPv4 and IPv6 Route-only Spanning Tree Protocol – STP and RSTP VLAN Trunks (LACP and Etherswitch/Etherserver trunks) Tagging

• SIP server load balancing (for VOIP deployments) • Firewall load balancing


Required Software Images The ServerIron ADX Series of applications delivery controllers are upgraded using a single software image. This image is downloaded to the ServerIron ADX switch as either a Primary or Secondary. The default booting image is the Primary while the ServerIron ADX switch can be configured to boot from the Secondary.

Image Files for TrafficWorks 12.2.0

The following Switch Software Image Files are available for ServerIron ADX 12.2.0.

Device Layer 2 (switch image) Layer 3 (router image) Boot Image File

ServerIron ADX Series: All models

ASM12200.bin ASR12200.bin Included inside system image*

* Release 12.2.0 involves a boot code update.

Note: Brocade recommends using the latest software versions to get the greatest benefit from the ServerIron Application Delivery Controller. Check Brocade’s knowledge portal for latest versions available.

Qualified USB Drives with the Release The external USB sticks (drives) that use a SmartModular or Unigen chip are qualified for use with ServerIron ADX. The external USB hard drives are not supported with Brocade ServerIron ADX.

Factory Pre-loaded Software

ServerIron ADX Application switches are pre-loaded with a switch image on both primary and secondary flash.

• If you place an order for a ServerIron ADX bundled with a PREM license, then the PREM license is activated on the unit. The unit still ships with layer 2 switch code on both primary and secondary flash. If desired, upgrade the unit to layer 3 code by downloading the code from the Brocade knowledge portal.


Upgrading from release 12.1.0x to 12.2.0 or later The following procedures describe how to upgrade from release 12.1.0x to 12.2.0 or later in either a single or dual management module configuration.

Upgrading a single management module from release 12.1.0x to 12.2.0 or later 1. Copy the correct Brocade ServerIron ADX software image to a TFTP server.

2. Use the copy tftp flash command to download the software image to the ServerIron ADX from the TFTP server.

ServerIronADX# copy tftp flash 1.1.1.1 asm12200.bin primary

In the example above the software image is downloaded to flash as “primary”. When the ServerIron ADX reloads, it will boot using the primary image. Optionally, you can download the image as secondary by executing the following command.

ServerIronADX# copy tftp flash 1.1.1.1 asm12200.bin secondary

3. Reload the system.

Note : If the image was copied as secondary in Step 2, execute the following commands prior to reloading the ServerIron ADX.

ServerIronADX (config)# boot system flash secondary ServerIronADX# write memory ServerIronADX# reload

After reboot, the version checker may flag a warning message indicating a boot code mismatch. In such an event, follow Step 4 to upgrade the boot code.

4. Message from version checker

If, after reloading the system as described in Step 3, you receive an ALERT message from the version checker stating that the boot code is mismatched, enter the following command at the application prompt to upgrade the boot code:

ServerIronADX# boot upgrader flash <primary | secondary>

When the system boots up through upgrader, enter:

MP-appl# upgrade all

Once the upgrade is complete, reload the unit.

Upgrading dual management modules from release 12.1.0x to 12.2.0

This procedure applies to a ServerIron ADX system with 2 management modules installed.

1. Copy the correct Brocade ServerIron ADX software image to a TFTP server.

2. At the active management module, copy the 12.2.00 images to primary and secondary. ServerIronADX# copy tftp flash 1.1.1.1 ASM12200.bin primary ServerIronADX# copy tftp flash 1.1.1.1 ASM12200.bin secondary

Wait for the new images on the active management module to be synced over to the standby management


module. The following message will be displayed when the management modules are synced: ServerIronADX# sync secondary image: file not same sync to standby: secondary image ... done. …

It may take several minutes for this message to display. Do not proceed to the next step until it does.

3. Reload both management modules and they will both come up with the new application image.

One managment module will be in active mode and the other will be in standby mode.

After reboot, the version checker may flag a warning message indicating a boot code mismatch. In such an event, follow Steps 4 - 6 to upgrade the boot code.

4. Reload both managment modules and interrupt the normal boot cycle (for both) by pressing ‘b’ to enter the monitor mode.

ServerIronADX# reload Are you sure? (enter 'y' or 'n'): y Running Config data has been changed. Do you want to continue the reload without saving the running config? (enter 'y' or 'n'): y Halt and reboot ServerIron Boot Code Version 12.1.0 Enter 'a' to stop at memory test Enter 'b' to stop at boot monitor ***** Interrupted by entering 'b' ***** BOOT INFO: load monitor from boot flash, cksum = 60f8 BOOT INFO: verify flash files...................... Monitor> TSEC 0: 100 BASE-TX BP GE 0 Link Up Monitor>

Check that both management modules (MPs) are in monitor mode before proceding to the next step. Proceding before both MPs are in monitor mode will cause the upgrade process to fail and render the system unstable.

5. On one of the management modules, enter the following command at the monitor prompt to upgrade the boot code:

monitor> boot upgrader flash <primary | secondary>

When the system boots up through upgrader, enter: MP-appl# upgrade all

6. Repeat Step 5 at the monitor prompt of the second management module.

7. Reload both management modules and use the show version command to verify that they are running the correct image.

Upgrading from 12.0.0 to 12.2.0 or later Your ServerIron ADX may be running boot code version 12.0.00 (dob12000). This requires a one-time upgrade to boot code version 12.1.00 (dob12100). When upgrading the boot image, make sure that there are no power failures. A power failure during the upgrade procedure can result in the corruption of the existing boot code and may require you to RMA the management module.


Upgrade via an interface module port NOTE : You must access the system via a console port while performing this upgrade. 1. Make sure that both the primary and secondary flash images (currently installed) are version 12.0.00.

These images can be of any 12.0.00 revison (a, b, c etc).

2. Check that the system is configured to boot from primary flash. To be sure, issue the following command and save the configuration. ServerIronADX# no boot system flash secondary ServerIronADX# write memory

3. Copy the 12.1.00 upgrader image from a TFTP server to secondary flash, as shown. ServerIronADX# copy tftp flash 1.1.1.1 A1B12100.bin secondary

4. Boot the system from the secondary flash (that contains the upgrader image installed in Step 3). ServerIronADX# boot system flash secondary

The boot system flash secondary command forces the system to reboot from secondary flash regardless of the setting in the startup-config file.

The system reboots and enters the upgrade mode. 5. Enter the upgrade all command at the console.

6. Once the upgrade process is complete, use the reload command to boot the system.

The system will boot-up from the primary image which still contains 12.0.00 code. The system image at this stage is 12.0.00 and the boot code is 12.1.00.

7. Execute the show version command to confirm that the boot code upgrade has occurred correctly.

8. Copy the 12.2.00 application image to primary and secondary flash from a TFTP server, as shown. ServerIronADX# copy tftp flash 1.1.1.1 ASM12200.bin primary ServerIronADX# copy tftp flash 1.1.1.1 ASM12200.bin secondary

This procedure overwrites the 12.0.00 image on primary flash and the upgrader image on the secondary flash.

9. Execute the show flash command to verify that the image files have been copied correctly.

The display should appear as follows : ServerIronADX# show flash Active management module: Compressed Pri Code size = 23311360, Version 12.2.00B2T401 May 23 2010 11:20:26 PST label: ASM12200 Compressed Sec Code size = 23311360, Version 12.2.00B2T401 May 23 2010 11:20:26 PST label: ASM12200 ...

If the show flash command display is as shown below, the secondary image is not the application image and you will need to copy an application image to the secondary. ServerIronADX# show flash Active management module: Compressed Pri Code size = 23311360, Version 12.2.00B2T401 Feb 12 2010 11:20:26 PST label:mp ASM12100B2 Compressed Pri Code size = 6823553, Version 12.1.00T401 Oct 29 2009 10:12:47 PST label:mp

10. Reboot the system from the either primary or secondary flash.


After reboot, the version checker will flag a warning message indicating a boot code mismatch. Follow step 11 to upgrade the boot code.

11. Message from version checker

After reloading the system as described in step #10, there is an ALERT message from the version checker, stating that the boot code is mismatched. Enter the following command at the application prompt to upgrade the boot code:

ServerIronADX# boot upgrader flash <primary | secondary>



Once the upgrade is complete reload the unit.

12. After a successful reboot, use the show version command to verify that the ServerIron ADX is running the correct image.

Upgrade dual Management Modules via an interface module port

This procedure applies to a ServerIron ADX with 2 management modules installed.

NOTE : You must access both systems via their management module console ports while performing this upgrade.

1. Make sure that both the primary and secondary flash images (currently installed) on both the active and standby management modules are version 12.0.00.

These images can be of any 12.0.00 revison (a, b, c etc).

2. On the active managment module, copy the 12.1.00 upgrader image from a TFTP server to secondary flash, as shown. ServerIronADX# copy tftp flash 1.1.1.1 A1B12100.bin secondary ................................................................................ ................................................................................ .................................. TFTP to Flash Done. done.

3. The system now initiates synchronization of the new secondary image (i.e. A1B12100.bin) from the active management module to the second management module. .

The following message will be displayed when the management modules are synced: ServerIronADX#sync secondary image: file not same

sync to standby: secondary image ... done.

It may take several minutes for this message to display. Do not proceed to the next step until it does.

4. Reload both managment modules and interrupt the normal boot cycle (for both) by pressing ‘b’ to enter the monitor mode.

ServerIronADX# reload Are you sure? (enter 'y' or 'n'): y Running Config data has been changed. Do you want to continue the reload without saving the running config? (enter 'y' or 'n'): y Halt and reboot


ServerIron Boot Code Version 12.0.0 Enter 'a' to stop at memory test Enter 'b' to stop at boot monitor ***** Interrupted by entering 'b' ***** BOOT INFO: load monitor from boot flash, cksum = 60f8 BOOT INFO: verify flash files...................... Monitor> TSEC 0: 100 BASE-TX BP GE 0 Link Up Monitor>

Check that both management modules (MPs) are in monitor mode before proceding to the next step. Proceding before both MPs are in monitor mode will cause the upgrade process to fail and render the system unstable.

5. Boot one of the management modules (it doesn’t matter which) from the secondary flash (containing the upgrader image installed in Step 2). Monitor> boot system flash secondary

The boot system flash secondary command forces the system to reboot from secondary flash regardless of the setting in the startup-config file.

The system reboots and enters the upgrade mode.

6. Enter the upgrade all command at the console of the managment module that was just rebooted..

7. Reload the management module and place it back into montior mode as in Step 4.

8. Go to the console of the management module that hasn’t been upgraded and perform the boot from the secondary flash and upgrade all as performed on the first management module is Step 5 and Step 6.

9. Reload both management modules from the primary image.

Both management modules will come up with the existing 12.0.00 image from the primary. One of the management modules will be in active mode and the other will be in standby mode. The system image at this stage is 12.0.00 and the boot code is 12.1.00.

10. At the active management module, copy the 12.2.00 images to primary and secondary. ServerIronADX# copy tftp flash 1.1.1.1 ASM12200.bin primary ServerIronADX# copy tftp flash 1.1.1.1 ASM12200.bin secondary

Wait for the new images on the active management module to be synced over to the standby management module. The following message will be displayed when the management modules are synced: ServerIronADX#sync secondary image: file not same sync to standby: secondary image ... done. …

It may take several minutes for this message to display. Do not proceed to the next step until it does. 11. Reload both management modules and they will both come up with the new application image.

One managment module will be in active mode and the other will be in standby mode.

After reboot, the version checker will flag a warning message indicating a boot code mismatch. Follow step 12 to upgrade the boot code.

12. After reboot, the version checker will flag a warning message indicating a boot code mismatch.

13. Reload both management modules and place them in monitor mode as described in Step 4.


14. On one of the management modules, enter the following command at the monitor prompt to upgrade the boot code:

monitor> boot upgrader flash <primary | secondary>



15. Repeat Step 14 at the monitor prompt of the second management module.

16. Reload both management modules and use the show version command to verify that they are running the correct image.

Technical Support

Contact your switch supplier for hardware, firmware, and software support, including product repairs and part ordering. To expedite your call, have the following information immediately available:

General Information

• Technical Support contract number, if applicable • Switch model • Switch operating system version • Error numbers and messages received • Detailed description of the problem, including the switch or network behavior immediately following the

problem, and specific questions • Description of any troubleshooting steps already performed and the results • Switch Serial Number


Closed defects in releases 12.1.0a through 12.1.0c (ported to 12.2.00)

The table below lists the software issues that were fixed in release 12.1.0a through 12.1.0c and incorporated into release 12.2.00. The P column indicates the priority of the software fix, as follows:

• 0 = Critical

• 1 = Major

• 2 = Medium

• 3 = Minor

The table is sorted by Category, then by Priority, then by Bug ID.

Category P Description Bug ID #

AAA 0 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: A ServerIron ADX configured with AAA accounting may cause memory corruption over a period of time due to certain user activity and communication failures between the ServerIron ADX and Accounting server. This can lead to running-config corruption such as Telnet, SSH, AAA etc.

Resolution: Fixed in Release 12.2.0.

111019


Symptom: A console port of a ServerIron ADX that is configured with AAA authentication with a TACACS+ server, stops responding when the console session times out.


110942


Symptom: AAA authentication for telnet breaks when the tacacs-server enable vlan <vlan-id> command is removed.


110946


Symptom: Where AAA authentication is configured, junk characters are inserted into the password field when entering enable mode and before entering an enable password.


111026



ARP 0 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: A ServerIron ADX may delete a MAC entry due to an uninitialized CAM MASK under certain circumstances such as hot-swapping line cards.


111053

CLI 2 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: Output from the show server real | in Name command displays unnecessary output when a large number of real servers are configured.


110858

ECMP 2 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: When a new ECMP default route is added, traffic is not always load balanced over the new path.


110777

ECMP, Trunking 1 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: When a primary trunk port is brought down in an ECMP configuration, IP load balancing no longer occurs over the trunk port.

Resolution: Fixed in Release 12.2.0

110794

FWLB 0 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: A ServerIron ADX configured with FWLB in a High-availability setup may perform a system reset under certain conditions.


289267

GSLB 1 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: The default binding in a VIP causes the GSLB health check for that VIP to be always active.


107222

L7 Switching 1 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: A ServerIron ADX enabled with TCS and L7 switching such as CSW may perform a system reset upon receiving an HTTP request without host-header if csw-hash needs to be performed for "url host" or "url host-and-path".


297086




Symptom: A response rewrite policy breaks if a real server responds with an “HTTP 100 continue” message for a POST request with a non-zero content length.


111024


Symptom: A ServerIron ADX configured for content switching (CSW) with log action without specifying log format string does not send logging information to the SYSLOG server.


110948

NAT 2 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: A ServerIron does not synchronize IP NAT sessions in a High-Availability setup such as an Active-Active setup when the active-active port is configured to be a member of an LACP and a tagged VLAN.


110929

SLB 1 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: When a ServerIron ADX configured with the “Dynamic Weighted” predictor method and advanced L7 switching, such as CSW, it sends all traffic to the first real server and doesn’t perform load balancing.


111025


Symptom: While sending out an ICMP redirect message to the host, a ServerIron may send a large number of ARP requests even though the ARP entry is in a PENDING state. The ServerIron ADX sends out as many ARP requests as the ICMP redirect messages for the same IP address while ARP is in the PENDING state.


110968


Symptom: Output from the show server bind command for a Virtual server configured without sym-priority displays it as a symmetric Virtual server.


110956



SLB Layer-7 Switching

1 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: The ServerIron ADX waits for more data if the size of the last packet of the last chunk is less than or equal to 2 bytes.


110854

SLB Layer-7 Switching - Trunking


Symptom: With source-nat and trunk server load balancing configured. a ServerIron ADX does not distribute reverse SLB traffic evenly.


110839



Symptom: A ServerIron ADX configured with CSW and trunk-server load balancing does not distribute CSW traffic evenly across all ports of the trunk.


110815



Symptom: A ServerIron ADX configured with CSW and trunk-server load balancing in a one-armed design with a single VLAN does not distribute reverse CSW traffic.


110816

SYN-Proxy 1 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: In TCP SYN-PROXY mode, the ip tcp syn-proxy syn-ack-window-size command does not work.


290815

SNMP 0 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: A ServerIron ADX may perform a system reset when it receives an SNMP packet with the source-ip address: “0.0.0.0”.


297730


Symptom: A ServerIron ADX not enabled for IPv6, may perform a system reset during buffer allocation for an IPv6 SNMP packet.


297734




Symptom: When the MIB object OID snL4BindingRealServerPortState is in the “disabled(0)” state, it is being shown as “failed (2)” state.


110822

SNMP Management


Symptom: A ServerIron ADX may perform a system reset when a user tries to perform an SNMP query with snL4RealServerPortCfgEntry_get and where the IP address of the real server is “0.0.0.0”.


110928

SYN Proxy 0 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: A ServerIron ADX configured with TCP SYN-PROXY for pass-through traffic may perform an Application CPU reset, when it receives a piggybacked HTTP request fragmented over multiple packets from the client.


110916

System 0 Module: ADX1000

Symptom: A reset may occur with the ServerIron ADX 1000 system if it observes single-bit or multi-bit memory errors.


290148

System 1 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: A ServerIron ADX randomly prints SYSLOG messages showing a power supply going down and then coming back up. The “Show chassis” command output indicates that the power supply is “OK”.


110936


Symptom: While issuing the show server real command, the ServerIron ADX might print the following log message on the console:

“INFO: all 17 display buffers are busy, please try later”


288796




Symptom: Output from the show cpu command doesn't show CPU utilization proportional to the amount of packets actually handled.


110450


Symptom: In certain system crash scenarios, packet headers are not printed in the crash dump display.


110778

TCS 0 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: With TCS configured, an Application CPU may perform a system reset when the destination MAC address for the next hop is not available.

Resolution: Fixed in Release 12.1.00c.

111000

TCS L7 Switching


Symptom: A ServerIron ADX configured with TCS and L7 switching may drop the HTTP request if it is delayed for more than 20 seconds after TCP 3-way handshake is completed.


296341

Trunking 1 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: With CSW enabled, BP generated packets and packets originated by a Real Server follow on different ports of the trunk.

Resolution: Fixed in Release 12.1.00a

110878

Web Management 3 Module: ADX1000, ADX4000, ADX8000 & ADX10000

Symptom: A user cannot save the configuration changes made via Web management.


110967


Closed with code Defect ID: DEFECT000297724 Technical Severity: Critical Summary: After reload, ServerIron ADX is unable to pass traffic on tagged interfaces where ACL’s (access-list)

are applied Symptom: After reload, ServerIron ADX is unable to pass traffic on tagged interfaces where ACL’s (access-list)

are applied. Workaround: Need to rebind ACL after reload with the command "ip rebind-acl all". Feature: ACL Function: IPv4 ACL Service Request ID: 247747 Reported In Release: SI 12.1.00 Probability: High Defect ID: DEFECT000300899 Technical Severity: Critical Summary: With certain ServerIron ADX chassis MAC addresses, AXP CAM programming is not done correctly. Symptom: When customer enabled FTP port under server "cache-name" on the ServerIron ADX then the pass-

through DNS traffic started failing as it started dropping the DNS response packets. Feature: AXP CAM Function: CAM entry management Service Request ID: 250054 Reported In Release: SI 12.1.00 Defect ID: DEFECT000297789 Technical Severity: High Summary: User can not make changes to Virtual Server configuration via WEB GUI. Symptom: WEB GUI displays an error after changes are made and update button is hit Workaround: The only work-around is to try to make these config changes via CLI such as via CONSOLE, SSH

or TELNET. Feature: Web Management Function: L4-7 Pages Service Request ID: 245218 Reported In Release: SI 12.1.00 Probability: High Defect ID: DEFECT000300122 Technical Severity: High Summary: SNMPGET may perform a system reset after a reboot or dynamic change of the virtual server

configuration Symptom: ServerIron ADX crashes while performing continuous SNMP GET query and modifying virtual server

configuration dynamically at the same time. Workaround: Disable SNMP on the ServerIron ADX during the virtual server config change.

Define an access-list to block all SNMP traffic to ServerIron ADX. Feature: SNMP Management Function: Engine Service Request ID: 249636 Reported In Release: SI 12.1.00 Defect ID: DEFECT000300876 Technical Severity: High Summary: ServerIron ADX allows only one user to be logged into it at a given time via WEB GUI. Symptom: ServerIron ADX allows only one user to be logged into it at a given time via WEB GUI. Previous user

will get disconnected before another user gets connected. Workaround: no Feature: Web Management Function: L4-7 Pages Service Request ID: 249328 Reported In Release: SI 12.1.00 Defect ID: DEFECT000301191 Technical Severity: High


Summary: ServerIron ADX does not use correct source-mac address when it uses source-ip address of the "VE interface" while sending out packet generated by itself.

Symptom: ServerIron ADX does not use source-mac address of the "VE interface" when it uses source-ip address of the "VE interface" while sending out self-generated packets such as for Health check.

Feature: L2 Forwarding Function: MP L2 forwarding Service Request ID: 250596 Reported In Release: SI 12.1.00 Defect ID: DEFECT000301531 Technical Severity: High Summary: ServerIron ADX performs system reset when user tries to do SNMP GET query for

snL4WebCacheGroupEntry Symptom: ServerIron ADX performs system reset when user tries to do SNMP GET query for

snL4WebCacheGroupEntry. Feature: SNMP Management Function: Layer4-7 Mib Service Request ID: 00251051 Reported In Release: SI 12.1.00 Probability: High Defect ID: DEFECT000301965 Technical Severity: High Summary: ServerIron ADX responds with TCP RESET for client connections to VIP when syn-proxy is

configured along with global default TRL even though TRL is not applied to the interface. Symptom: Traffic to the Virtual IP fails Workaround: Reload the ServerIron after configuring default TRL. Feature: Conn Limit Function: TCP Conn Rate Service Request ID: 251495 Reported In Release: SI 12.1.00 Probability: High Defect ID: DEFECT000295270 Technical Severity: High Summary: longest match first for response-rewirte fails when server sends response with chunk, and packets split

at longer matched pattern Symptom: Longest match first criteria fails for response rewrite when server sends response with chunk, and

packets split at longer matched pattern Feature: Response rewrite Function: response body rewrite Reported In Release: SI 12.2.00 Defect ID: DEFECT000296200 Technical Severity: High Summary: Response rewrite fails when server is sending response in chunks and the last byte "\n" is in a separate

packet. Symptom: Response rewrite fails when server is sending response in chunks and the last byte "\n" is in a separate

packet. Feature: Response rewrite Function: response body chunk encoding Reported In Release: SI 12.2.00 Defect ID: DEFECT000296207 Technical Severity: High Summary: Response rewrite fails when server is sending response with matching pattern at the beginning of

response and it is split into 2 packets. Symptom: Response rewrite fails when server is sending response with matching pattern at the beginning of

response and it is split into 2 packets Feature: Response rewrite Function: response body rewrite Reported In Release: SI 12.2.00


Defect ID: DEFECT000301891 Technical Severity: High Summary: Bp crash when "apply port-range" is issued if Port-range ports on a VIP are in the Closing state Symptom: Under certain conditions, Application processor may reset if "apply port-range" command is issued

while virtual/real ports are in closing state. Workaround: The following steps can be used as workaround.

--> Disable virtual server that is configured with the port-range that is modified. This will not allow any new connection to this virtual server. --> Wait till all the existing sessions are aged out or clear the sessions of bound real servers. --> Then issue the "apply port-range" command.

Feature: L4 SLB Function: Port Range Reported In Release: SI 12.2.00 Defect ID: DEFECT000301941 Technical Severity: High Summary: Some AXP counters pertaining to Syn Proxy feature do not increment correctly. Related counters in

"show server tcp-attack" do not increment as well. Symptom: The output of "show server synproxy" and "show server tcp-attack" displays some counters related to

the number of SYN packets received by AXP in the ServerIron. These counters do not increment properly. However, functionality is not affected and traffic is successfully processed by AXP and passed on to BP.

Feature: SYN-Proxy Function: CLI Reported In Release: SI 12.2.00 Defect ID: DEFECT000302458 Technical Severity: High Summary: 6-6-6: FTP SLB does not work with syn-proxy enabled Symptom: FTP-SLB for 6-6-6 traffic fails with SynProxy configured. Feature: SYN-Proxy Function: Hardware SYN-Cookie Reported In Release: SI 12.2.00 Defect ID: DEFECT000294399 Technical Severity: Medium Summary: port policy, http status code configuration issue Symptom: While configuring the ADx in certain way some http status-codes may not make it to config Feature: L4 SLB Function: SCALABILITY Service Request ID: 228094 Reported In Release: SI 12.1.00 Defect ID: DEFECT000295230 Technical Severity: Medium Summary: for minimum-healthy-real-server check show command is not displaying the correct state of vip port Symptom: for minimum-healthy-real-server check show command is not displaying the correct state of vip port Feature: Health checks Function: L2 health checks Reported In Release: SI 12.1.00 Defect ID: DEFECT000295420 Technical Severity: Medium Summary: IPv6 DSR healthcheks are not happening for the loopback address, ADX is sending syn to the physical

address of real server Symptom: In IPv6 DSR config healthcheks are not happening for the loopback address, SI is sending syn to the

physical address Feature: IPv6 mgmt stack Function: Stack reachability


Reported In Release: SI 12.1.00 Defect ID: DEFECT000295618 Technical Severity: Medium Summary: IPv6 ACL logging does not log anything when a Deny clause is hit....... Symptom: Log action doesn't work when traffic hits IPv6 ACL deny rules. No problem with IPv4 ACL deny rules. Feature: ACL Function: IPv6 ACL Reported In Release: SI 12.1.00 Defect ID: DEFECT000295868 Technical Severity: Medium Summary: dns health check doesn't work properly if a dns profile is defined with "udp l4-check-only" and server

no-fast-bringup in config Symptom: dns health check doesn't work properly if a dns profile is defined with "udp l4-check-only" and server

no-fast-bringup in config Feature: Health checks Function: L2 health checks Reported In Release: SI 12.1.00 Defect ID: DEFECT000296022 Technical Severity: Medium Summary: in trunk config mode, if try to switch to intf level of config, doberman is in undefined config mode, not

in config mode, nor enable mode Symptom: Users gets in un-defined config mode when she tries to switch from trunk-config-mode to multi-

interface-config-mode. User can issue "exit" to get out of this mode. Feature: SYN-Proxy Function: Software SYN-Cookie Reported In Release: SI 12.1.00 Defect ID: DEFECT000296096 Technical Severity: Medium Summary: On hot standby HA set-up, copy image from tftp to fl followed by "sh flash" causes HA failover Symptom: On hot standby HA set-up, copy image from tftp to flash followed by issuing "sh flash" causes HA

failover. Workaround: User has to wait for 40-50 seconds before issuing "show flash" command after the completion of

image copy. Feature: HA-Hotstandby Function: Failover handling Reported In Release: SI 12.2.00 Defect ID: DEFECT000296195 Technical Severity: Medium Summary: TCS+CSW: TCS sessions are not being synched to peer with server active-active port configured Symptom: TCS sessions are not being synched to peer in active-active CSW+TCS configuration. In case of L4

TCS (no CSW), configuring active-active port will enable session synchronization. In case of CSW+TCS configuration, users have to configure port profile for TCS ports and then enable "session-sync" for each port.

Workaround: In case of CSW+TCS configuration, users have to configure port profile for TCS ports and then enable "session-sync" for each port.

Feature: TCS Function: TCS + URL switching Reported In Release: SI 12.1.00 Defect ID: DEFECT000297629 Technical Severity: Medium Summary: ipv4 source-nat-ip may not pingable from real server, but server load balancing using this source-nat-ip

should not effected Symptom: ipv4 source-nat-ip may not pingable from real server, but server load balancing using this source-nat-ip

should not effected Feature: Source NAT Function: Source NAT CAM entries


Reported In Release: SI 12.2.00 Defect ID: DEFECT000301258 Technical Severity: Medium Summary: After a disable/enable of a module containing a trunk, the trunking config is gone.... Symptom: Trunk level configuration is not saved upon hot swap of a line-card module. For example, when one

port of a trunk is disabled and then the line-card is hot swapped, the disabled trunk port will become enabled upon line-card bring-up.

Workaround: User has to reconfigure trunk level configuration after line-card is up. Other workaround is to reload ServerIron-ADX.

Feature: Trunk Function: Trunk Deploy Reported In Release: SI 12.2.00 Defect ID: DEFECT000301724 Technical Severity: Medium Summary: The error "incomplete command" is seen upon executing the command "username public privilege

<level> nopassword" Symptom: An "incomplete command" error may be displayed after executing "username public privilege 5

nopassword". The username is added to running config despite the error message though. Workaround: Customer should use "TAB" on the keyboard for any of the keyword in the command except in the

end. Feature: AAA Function: RADIUS Authentication Service Request ID: 00251107 Reported In Release: SI 12.1.00 Defect ID: DEFECT000290181 Technical Severity: Medium Summary: Alias port binding by using real-port on Remote server for source-nat traffic, sessions are not synced

in HA setup. Symptom: When using Alias port binding by using real-port command on Remote server and using source-nat

traffic, sessions are not synced in HA setup. Feature: HA-Hotstandby Function: New Session Synchronization Reported In Release: SI 12.2.00 Defect ID: DEFECT000294828 Technical Severity: Medium Summary: While doing SCP of a file which is not existing on machine to SI , SSH session might get hung Symptom: While doing SCP of a file which is not existing on machine to SI , SSH session might get hung Feature: SSL Key/Cert Management Function: Scp key/cert files Reported In Release: SI 12.1.00 Defect ID: DEFECT000301987 Technical Severity: Medium Summary: When the alias-port is binded first without binding the actual port of a real server to a virtual server

port, or when using an invalid port alias configuration, the port-holddown feature is activating even without the port-holddown configuration.

Symptom: When the alias-port is binded first without binding the actual port of a real server to a virtual server port, or when using an invalid port alias configuration, the port-holddown feature is activating even without the port-holddown configuration

Feature: SLB Function: Server holddown timer Reported In Release: SI 12.2.00 Defect ID: DEFECT000302516 Technical Severity: Medium Summary: Deletion of a RS with a host-range will not fully delete the host-range "Special ip".. Symptom: if a real/remote server having the host-range command is deleted from the configuration, server hosts


that fall under that host-range are not deleted internally. This will prevent the user from configuring real/remote servers with IP addresses belonging to that host-range.

Workaround: The workaround for this issue is to first delete the host-range feature from the RS and then delete the RS afterwards.

Feature: L4 SLB Function: Host Range Reported In Release: SI 12.2.00 Defect ID: DEFECT000298137 Technical Severity: Medium Summary: After ServerIron ADX is reloaded, OSPF does not come up if MD-5 authentication is configured. Symptom: After ServerIron ADX is reloaded, OSPF does not come up if MD-5 authentication is configured. Workaround: Remove and add OSPF configuration under the interface.

Do not configure MD5-Authentication Feature: OSPF Function: PROTOCOL Service Request ID: 248278 Reported In Release: SI 12.1.00 Probability: High Defect ID: DEFECT000298904 Technical Severity: Medium Summary: ServerIron ADX CLI, does not change the prompt to Role Based Mode (RBM) once the username is

defined. Symptom: ServerIron ADX CLI, does not change the prompt to Role Based Mode (RBM) once the username is

defined. Due to this customer is not able to configure RBM on the ServerIron ADX. Workaround: Configure using the following steps:

ADX-4-1(config)#username u1 privilege 1 password passw0rd ADX-4-1(config)#username u1 ADX-4-1(config-role-user-u1)#

Feature: MP System Function: CLI Service Request ID: 248863 Reported In Release: SI 12.1.00 Defect ID: DEFECT000299442 Technical Severity: Medium Summary: Due to Web Management permission issues in Role Based mode, some of the displays are greyed out. Symptom: When user logs in to ServerIron ADX with the Role Based Mode and hits APPLY button for "real

server", or "virtual server" then it shows as greyed out in this user’s default context. Workaround: no Feature: Web Management Function: L4-7 Pages Service Request ID: 00248565 Reported In Release: SI 12.1.00 Probability: Low Defect ID: DEFECT000299911 Technical Severity: Medium Summary: ServerIron ADX performs system reset while binding a real server with port SSH, if global port profile

for SSH is defined before binding. Symptom: ServerIron ADX performs system reset while binding a real server with port SSH, if global port profile

for SSH is defined before binding. Workaround: Remove the global port profile for SSH if it is already defined before binding the real server with

SSH port defined. Feature: Health checks Function: L7 health checks Service Request ID: 248570 Reported In Release: SI 12.1.00


Defect ID: DEFECT000300095 Technical Severity: Medium Summary: ServerIron ADX display buffers get full after running "repeat-show" command with count more than

or equal to 10. Symptom: ServerIron prints error message such "INFO: all 17 display buffers are busy, please try later." when

issued "repeat-show" command with count more than or equal to 10. Workaround: Execute the command in privilege mode, "dm display-buffer reset" to release the display buffers. Feature: CLI Function: DISPLAY Service Request ID: 00249176 Reported In Release: SI 12.1.00 Defect ID: DEFECT000300103 Technical Severity: Medium Summary: ServerIron ADX in standby mode may perform a reset on Application CPU while deleting a SIP

session under certain circumstances. Symptom: ServerIron ADX in standby mode may perform a reset on Application CPU while deleting a SIP

session under certain circumstances. Feature: SIP LB Function: TCP processing Service Request ID: 249326 Reported In Release: SI 12.1.00 Defect ID: DEFECT000299853 Technical Severity: Medium Summary: Even though ServerIron ADX boot code is backward compatible it still prints error message suggesting

to mismatch in the boot code and system image. Symptom: When customer downgraded from 12.1.00c to 12.1.00b, the alert message is seen during bootup such

as " ALERT: The version checker found ..." even though it is running with latest boot code. Feature: Boot Code Function: Boot Flash Service Request ID: 00249569 Reported In Release: SI 12.1.00 Defect ID: DEFECT000289268 Technical Severity: Medium Summary: ServerIron loses certain SSL buffers when CRL (Certificate Revocation List) is downloaded. Symptom: SSL connections started failing over the period of time due to SSL buffer loss. Workaround: Remove configuration from the ServerIron ADX that requires CRL download. Feature: SSL Function: Certificate Management Service Request ID: 236423 Reported In Release: SI 12.1.00 Probability: High Defect ID: DEFECT000299555 Technical Severity: Medium Summary: In an High-Availability setup such as Hot-Standby, Active ServerIron ADX does not route traffic

between hosts in different VLANs even though the default-gateway of the hosts is pointing to "source-standby-ip".

Symptom: In an High-Availability setup such as Hot-Standby, Active ServerIron ADX does not route traffic between hosts in different VLANs even though the default-gateway of the hosts is pointing to "source-standby-ip".

Feature: IP Forwarding Function: BP L3 Forwarding Service Request ID: 244331 Reported In Release: SI 12.1.00

Defect ID: DEFECT000301273 Technical Severity: High


Summary: For IPv6 SLB, persist-hash fails resulting into a different server for the same client. Symptom: When persist-hash is configured under the vip port ,connections from the same IPv6 client are not sent

to the same real server. Connections are sent out to different real servers . Workaround: Don't use persist-hash SLB with IPv6. Don't use any IP or network hash-based SLB with IPv6. Feature: IPV6 L4/7 Function: Ipv6 address maps Service Request ID: 248665 Reported In Release: SI 12.1.00

Closed without code Defect ID: DEFECT000299090 Technical Severity: Medium Summary: ServerIron ADX configured with TRUNKING may perform system reset while forwarding packets

over trunk ports due to invalid port data structure during ARP movement. Symptom: ServerIron ADX configured with TRUNKING may perform system reset while forwarding packets

over trunk ports due to invalid port data structure during ARP movement. Reason Code: Already Fixed in Release Feature: ARP Function: ARP learning Reported In Release: SI 12.1.00 Service Request ID: 00248435

Open Defects in the ServerIron ADX 12.2.0 This section lists defects with Critical, High, and Medium Technical Severity open in version 12.2.0 for ServerIron ADX application switches. While these defects are still formally “open,” they are unlikely to impede Brocade customers in their deployment of version 12.2.00 and have been deferred to a later release.

None of these defects have the requisite combination of probability and severity to cause significant concern to Brocade customers.

Defect ID: DEFECT000297724 Technical Severity: Critical Summary: After reload, ServerIron ADX is unable to pass traffic on tagged interfaces where ACL’s (access-list)

are applied Symptom: After reload, ServerIron ADX is unable to pass traffic on tagged interfaces where ACL’s (access-list)

are applied. Workaround: Need to rebind ACL after reload with the command "ip rebind-acl all". Feature: ACL Function: IPv4 ACL Service Request ID: 247747 Reported In Release: SI 12.1.00 Probability: High


Defect ID: DEFECT000300899 Technical Severity: Critical Summary: With certain ServerIron ADX chassis MAC addresses, AXP CAM programming is not done correctly. Symptom: When customer enabled FTP port under server "cache-name" on the ServerIron ADX then the pass-

through DNS traffic started failing as it started dropping the DNS response packets. Feature: AXP CAM Function: CAM entry management Service Request ID: 250054 Reported In Release: SI 12.1.00 Defect ID: DEFECT000297789 Technical Severity: High Summary: User can not make changes to Virtual Server configuration via WEB GUI. Symptom: WEB GUI displays an error after changes are made and update button is hit Workaround: The only work-around is to try to make these config changes via CLI such as via CONSOLE, SSH

or TELNET. Feature: Web Management Function: L4-7 Pages Service Request ID: 245218 Reported In Release: SI 12.1.00 Probability: High Defect ID: DEFECT000300122 Technical Severity: High Summary: SNMPGET may perform a system reset after a reboot or dynamic change of the virtual server

configuration Symptom: ServerIron ADX crashes while performing continuous SNMP GET query and modifying virtual server

configuration dynamically at the same time. Workaround: Disable SNMP on the ServerIron ADX during the virtual server config change.

Define an access-list to block all SNMP traffic to ServerIron ADX. Feature: SNMP Management Function: Engine Service Request ID: 249636 Reported In Release: SI 12.1.00 Defect ID: DEFECT000300876 Technical Severity: High Summary: ServerIron ADX allows only one user to be logged into it at a given time via WEB GUI. Symptom: ServerIron ADX allows only one user to be logged into it at a given time via WEB GUI. Previous user

will get disconnected before another user gets connected. Workaround: no Feature: Web Management Function: L4-7 Pages Service Request ID: 249328 Reported In Release: SI 12.1.00 Defect ID: DEFECT000301191 Technical Severity: High Summary: ServerIron ADX does not use correct source-mac address when it uses source-ip address of the "VE

interface" while sending out packet generated by itself. Symptom: ServerIron ADX does not use source-mac address of the "VE interface" when it uses source-ip address

of the "VE interface" while sending out self-generated packets such as for Health check. Feature: L2 Forwarding Function: MP L2 forwarding Service Request ID: 250596 Reported In Release: SI 12.1.00


Defect ID: DEFECT000301531 Technical Severity: High Summary: ServerIron ADX performs system reset when user tries to do SNMP GET query for

snL4WebCacheGroupEntry Symptom: ServerIron ADX performs system reset when user tries to do SNMP GET query for

snL4WebCacheGroupEntry. Feature: SNMP Management Function: Layer4-7 Mib Service Request ID: 00251051 Reported In Release: SI 12.1.00 Probability: High Defect ID: DEFECT000301965 Technical Severity: High Summary: ServerIron ADX responds with TCP RESET for client connections to VIP when syn-proxy is

configured along with global default TRL even though TRL is not applied to the interface. Symptom: Traffic to the Virtual IP fails Workaround: Reload the ServerIron after configuring default TRL. Feature: Conn Limit Function: TCP Conn Rate Service Request ID: 251495 Reported In Release: SI 12.1.00 Probability: High Defect ID: DEFECT000295270 Technical Severity: High Summary: longest match first for response-rewirte fails when server sends response with chunk, and packets split

at longer matched pattern Symptom: Longest match first criteria fails for response rewrite when server sends response with chunk, and

packets split at longer matched pattern Feature: Response rewrite Function: response body rewrite Reported In Release: SI 12.2.00 Defect ID: DEFECT000296200 Technical Severity: High Summary: Response rewrite fails when server is sending response in chunks and the last byte "\n" is in a separate

packet. Symptom: Response rewrite fails when server is sending response in chunks and the last byte "\n" is in a separate

packet. Feature: Response rewrite Function: response body chunk encoding Reported In Release: SI 12.2.00 Defect ID: DEFECT000296207 Technical Severity: High Summary: Response rewrite fails when server is sending response with matching pattern at the beginning of

response and it is split into 2 packets. Symptom: Response rewrite fails when server is sending response with matching pattern at the beginning of

response and it is split into 2 packets Feature: Response rewrite Function: response body rewrite Reported In Release: SI 12.2.00


Defect ID: DEFECT000301891 Technical Severity: High Summary: Bp crash when "apply port-range" is issued if Port-range ports on a VIP are in the Closing state Symptom: Under certain conditions, Application processor may reset if "apply port-range" command is issued

while virtual/real ports are in closing state. Workaround: The following steps can be used as workaround.

--> Disable virtual server that is configured with the port-range that is modified. This will not allow any new connection to this virtual server. --> Wait till all the existing sessions are aged out or clear the sessions of bound real servers. --> Then issue the "apply port-range" command.

Feature: L4 SLB Function: Port Range Reported In Release: SI 12.2.00 Defect ID: DEFECT000301941 Technical Severity: High Summary: Some AXP counters pertaining to Syn Proxy feature do not increment correctly. Related counters in

"show server tcp-attack" do not increment as well. Symptom: The output of "show server synproxy" and "show server tcp-attack" displays some counters related to

the number of SYN packets received by AXP in the ServerIron. These counters do not increment properly. However, functionality is not affected and traffic is successfully processed by AXP and passed on to BP.

Feature: SYN-Proxy Function: CLI Reported In Release: SI 12.2.00 Defect ID: DEFECT000302458 Technical Severity: High Summary: 6-6-6: FTP SLB does not work with syn-proxy enabled Symptom: FTP-SLB for 6-6-6 traffic fails with SynProxy configured. Feature: SYN-Proxy Function: Hardware SYN-Cookie Reported In Release: SI 12.2.00 Defect ID: DEFECT000294399 Technical Severity: Medium Summary: port policy, http status code configuration issue Symptom: While configuring the ADx in certain way some http status-codes may not make it to config Feature: L4 SLB Function: SCALABILITY Service Request ID: 228094 Reported In Release: SI 12.1.00 Defect ID: DEFECT000295230 Technical Severity: Medium Summary: for minimum-healthy-real-server check show command is not displaying the correct state of vip port Symptom: for minimum-healthy-real-server check show command is not displaying the correct state of vip port Feature: Health checks Function: L2 health checks Reported In Release: SI 12.1.00


Defect ID: DEFECT000295420 Technical Severity: Medium Summary: IPv6 DSR healthcheks are not happening for the loopback address, ADX is sending syn to the physical

address of real server Symptom: In IPv6 DSR config healthcheks are not happening for the loopback address, SI is sending syn to the

physical address Feature: IPv6 mgmt stack Function: Stack reachability Reported In Release: SI 12.1.00 Defect ID: DEFECT000295618 Technical Severity: Medium Summary: IPv6 ACL logging does not log anything when a Deny clause is hit....... Symptom: Log action doesn't work when traffic hits IPv6 ACL deny rules. No problem with IPv4 ACL deny rules. Feature: ACL Function: IPv6 ACL Reported In Release: SI 12.1.00 Defect ID: DEFECT000295868 Technical Severity: Medium Summary: dns health check doesn't work properly if a dns profile is defined with "udp l4-check-only" and server

no-fast-bringup in config Symptom: dns health check doesn't work properly if a dns profile is defined with "udp l4-check-only" and server

no-fast-bringup in config Feature: Health checks Function: L2 health checks Reported In Release: SI 12.1.00 Defect ID: DEFECT000296022 Technical Severity: Medium Summary: in trunk config mode, if try to switch to intf level of config, doberman is in undefined config mode, not

in config mode, nor enable mode Symptom: Users gets in un-defined config mode when she tries to switch from trunk-config-mode to multi-

interface-config-mode. User can issue "exit" to get out of this mode. Feature: SYN-Proxy Function: Software SYN-Cookie Reported In Release: SI 12.1.00 Defect ID: DEFECT000296096 Technical Severity: Medium Summary: On hot standby HA set-up, copy image from tftp to fl followed by "sh flash" causes HA failover Symptom: On hot standby HA set-up, copy image from tftp to flash followed by issuing "sh flash" causes HA

failover. Workaround: User has to wait for 40-50 seconds before issuing "show flash" command after the completion of

image copy. Feature: HA-Hotstandby Function: Failover handling Reported In Release: SI 12.2.00 Defect ID: DEFECT000296195 Technical Severity: Medium Summary: TCS+CSW: TCS sessions are not being synched to peer with server active-active port configured Symptom: TCS sessions are not being synched to peer in active-active CSW+TCS configuration. In case of L4

TCS (no CSW), configuring active-active port will enable session synchronization. In case of CSW+TCS configuration, users have to configure port profile for TCS ports and then enable "session-sync" for each port.

Workaround: In case of CSW+TCS configuration, users have to configure port profile for TCS ports and then enable "session-sync" for each port.

Feature: TCS Function: TCS + URL switching Reported In Release: SI 12.1.00


Defect ID: DEFECT000297629 Technical Severity: Medium Summary: ipv4 source-nat-ip may not pingable from real server, but server load balancing using this source-nat-ip

should not effected Symptom: ipv4 source-nat-ip may not pingable from real server, but server load balancing using this source-nat-ip

should not effected Feature: Source NAT Function: Source NAT CAM entries Reported In Release: SI 12.2.00 Defect ID: DEFECT000301258 Technical Severity: Medium Summary: After a disable/enable of a module containing a trunk, the trunking config is gone.... Symptom: Trunk level configuration is not saved upon hot swap of a line-card module. For example, when one

port of a trunk is disabled and then the line-card is hot swapped, the disabled trunk port will become enabled upon line-card bring-up.

Workaround: User has to reconfigure trunk level configuration after line-card is up. Other workaround is to reload ServerIron-ADX.

Feature: Trunk Function: Trunk Deploy Reported In Release: SI 12.2.00 Defect ID: DEFECT000301724 Technical Severity: Medium Summary: The error "incomplete command" is seen upon executing the command "username public privilege

<level> nopassword" Symptom: An "incomplete command" error may be displayed after executing "username public privilege 5

nopassword". The username is added to running config despite the error message though. Workaround: Customer should use "TAB" on the keyboard for any of the keyword in the command except in the

end. Feature: AAA Function: RADIUS Authentication Service Request ID: 00251107 Reported In Release: SI 12.1.00 Defect ID: DEFECT000290181 Technical Severity: Medium Summary: Alias port binding by using real-port on Remote server for source-nat traffic, sessions are not synced

in HA setup. Symptom: When using Alias port binding by using real-port command on Remote server and using source-nat

traffic, sessions are not synced in HA setup. Feature: HA-Hotstandby Function: New Session Synchronization Reported In Release: SI 12.2.00 Defect ID: DEFECT000294828 Technical Severity: Medium Summary: While doing SCP of a file which is not existing on machine to SI , SSH session might get hung Symptom: While doing SCP of a file which is not existing on machine to SI , SSH session might get hung Feature: SSL Key/Cert Management Function: Scp key/cert files Reported In Release: SI 12.1.00


Defect ID: DEFECT000301987 Technical Severity: Medium Summary: When the alias-port is binded first without binding the actual port of a real server to a virtual server

port, or when using an invalid port alias configuration, the port-holddown feature is activating even without the port-holddown configuration.

Symptom: When the alias-port is binded first without binding the actual port of a real server to a virtual server port, or when using an invalid port alias configuration, the port-holddown feature is activating even without the port-holddown configuration

Feature: SLB Function: Server holddown timer Reported In Release: SI 12.2.00 Defect ID: DEFECT000302516 Technical Severity: Medium Summary: Deletion of a RS with a host-range will not fully delete the host-range "Special ip".. Symptom: if a real/remote server having the host-range command is deleted from the configuration, server hosts

that fall under that host-range are not deleted internally. This will prevent the user from configuring real/remote servers with IP addresses belonging to that host-range.

Workaround: The workaround for this issue is to first delete the host-range feature from the RS and then delete the RS afterwards.

Feature: L4 SLB Function: Host Range Reported In Release: SI 12.2.00 Defect ID: DEFECT000298137 Technical Severity: Medium Summary: After ServerIron ADX is reloaded, OSPF does not come up if MD-5 authentication is configured. Symptom: After ServerIron ADX is reloaded, OSPF does not come up if MD-5 authentication is configured. Workaround: Remove and add OSPF configuration under the interface.

Do not configure MD5-Authentication Feature: OSPF Function: PROTOCOL Service Request ID: 248278 Reported In Release: SI 12.1.00 Probability: High Defect ID: DEFECT000298904 Technical Severity: Medium Summary: ServerIron ADX CLI, does not change the prompt to Role Based Mode (RBM) once the username is

defined. Symptom: ServerIron ADX CLI, does not change the prompt to Role Based Mode (RBM) once the username is

defined. Due to this customer is not able to configure RBM on the ServerIron ADX. Workaround: Configure using the following steps:

ADX-4-1(config)#username u1 privilege 1 password passw0rd ADX-4-1(config)#username u1 ADX-4-1(config-role-user-u1)#

Feature: MP System Function: CLI Service Request ID: 248863 Reported In Release: SI 12.1.00


Defect ID: DEFECT000299442 Technical Severity: Medium Summary: Due to Web Management permission issues in Role Based mode, some of the displays are greyed out. Symptom: When user logs in to ServerIron ADX with the Role Based Mode and hits APPLY button for "real

server", or "virtual server" then it shows as greyed out in this user’s default context. Workaround: no Feature: Web Management Function: L4-7 Pages Service Request ID: 00248565 Reported In Release: SI 12.1.00 Probability: Low Defect ID: DEFECT000299911 Technical Severity: Medium Summary: ServerIron ADX performs system reset while binding a real server with port SSH, if global port profile

for SSH is defined before binding. Symptom: ServerIron ADX performs system reset while binding a real server with port SSH, if global port profile

for SSH is defined before binding. Workaround: Remove the global port profile for SSH if it is already defined before binding the real server with

SSH port defined. Feature: Health checks Function: L7 health checks Service Request ID: 248570 Reported In Release: SI 12.1.00 Defect ID: DEFECT000300095 Technical Severity: Medium Summary: ServerIron ADX display buffers get full after running "repeat-show" command with count more than

or equal to 10. Symptom: ServerIron prints error message such "INFO: all 17 display buffers are busy, please try later." when

issued "repeat-show" command with count more than or equal to 10. Workaround: Execute the command in privilege mode, "dm display-buffer reset" to release the display buffers. Feature: CLI Function: DISPLAY Service Request ID: 00249176 Reported In Release: SI 12.1.00 Defect ID: DEFECT000300103 Technical Severity: Medium Summary: ServerIron ADX in standby mode may perform a reset on Application CPU while deleting a SIP

session under certain circumstances. Symptom: ServerIron ADX in standby mode may perform a reset on Application CPU while deleting a SIP

session under certain circumstances. Feature: SIP LB Function: TCP processing Service Request ID: 249326 Reported In Release: SI 12.1.00 Defect ID: DEFECT000299853 Technical Severity: Medium Summary: Even though ServerIron ADX boot code is backward compatible it still prints error message suggesting

to mismatch in the boot code and system image. Symptom: When customer downgraded from 12.1.00c to 12.1.00b, the alert message is seen during bootup such

as " ALERT: The version checker found ..." even though it is running with latest boot code. Feature: Boot Code Function: Boot Flash Service Request ID: 00249569 Reported In Release: SI 12.1.00


Defect ID: DEFECT000289268 Technical Severity: Medium Summary: ServerIron loses certain SSL buffers when CRL (Certificate Revocation List) is downloaded. Symptom: SSL connections started failing over the period of time due to SSL buffer loss. Workaround: Remove configuration from the ServerIron ADX that requires CRL download. Feature: SSL Function: Certificate Management Service Request ID: 236423 Reported In Release: SI 12.1.00 Probability: High Defect ID: DEFECT000299555 Technical Severity: Medium Summary: In an High-Availability setup such as Hot-Standby, Active ServerIron ADX does not route traffic

between hosts in different VLANs even though the default-gateway of the hosts is pointing to "source-standby-ip".

Symptom: In an High-Availability setup such as Hot-Standby, Active ServerIron ADX does not route traffic between hosts in different VLANs even though the default-gateway of the hosts is pointing to "source-standby-ip".

Feature: IP Forwarding Function: BP L3 Forwarding Service Request ID: 244331 Reported In Release: SI 12.1.00

ServerIron ADX 12.2.00 Release Notes - Netadm€¦ · Brocade, the B-wing symbol, ServerIron ADX,...

Documents

Transcript of ServerIron ADX 12.2.00 Release Notes - Netadm€¦ · Brocade, the B-wing symbol, ServerIron ADX,...