Sun Microsystems Secure Application Switch N1000 Release Notes Download Page 33 | Manualshive

Page: 33 / 38

background image

Sun Secure Application Switch – Release Notes for v3.2.1

21

sun(config-vSwitch-example loadBalance)#

healthCheckProfile

hc.shrc script scriptFile /ftl0/user/local/shrc.tcl

(7625/6592850)

Load Balancing

Opera Web browsers continue to request TCP data even when receiving a TCP-RST.
This can cause the browser to appear hung. (2844/6351904)

UDP load balancing (including RADIUS and DNS) does not support frames with IP
options. (4469/6351907)

For two or more FTPBL VirtualServices with the same IP address and different ports,
you cannot assign the same or overlapping ftpDataPortRanges. (7552/6505412)

Ports

Auto-negotiation does not work using the NS-83820 Fiber NIC and the Finisar SFF
optical GBIC (part number FTRJ-8519-3). The SFF optical GBIC PicoLight, (part
numbers: PL-XPL-00-S13-05 & PL-XPL-S23-28) will auto-negotiate with the NS-83820
Fiber NIC. (5682/6351875)

Jumbo frames directed to the switch IP address are dropped. (1665/6351881)

RealService

If you attempt to disable a RealService or host that is used by a Virtual service (VS)
with the longRxTimer value set longer than the default (64 seconds), an error
message will be displayed. To disable the RealService, you must remove it from the
service group, then disable it. (7328/6507197)

FWLB connections are long-lived, thus affecting the session counters for real
services. The initial FWLB flow is persistent (long-lived), which counts as one
connection. This causes the Cumulative Open Sessions and Current Open Sessions to
increment. When more packets go through that same flow, a 90-second session flow
is created, which also counts as an opened connection. These flows will also
increment the Cumulative Open/Current Open Session counters. New flows with
the same source/destination address, protocol and vRouter ID will hit the FWLB
persistent entry and immediately create specific 90-second session flows (refreshed
by traffic). The Cumulative Open/Current Open Session counters will increment. If
traffic subsides, all the 90-second session flows time out, incrementing the
Cumulative Closed Session counter, leaving the persistent FWLB flows still as open

«
...
31
32
33
34
35
...
»

Summary of Contents for Secure Application Switch N1000

Page 1: ...Sun Microsystems Inc www sun com Submit comments about this document at http www sun com hwdocs feedback Sun Secure Application Switch Release Notes for v3 2 1 Part No 819 6643 12 August 2007 Revision A ...

Page 2: ...ALLY INVALID Copyright 2007 Sun Microsystems Inc 4150 Network Circle Santa Clara Californie 95054 Etats Unis Tous droits réservés Sun Microsystems Inc détient les droits de propriété intellectuels relatifs à la technologie incorporée dans le produit qui est décrit dans ce document En particulier et ce sans limitation ces droits de propriété intellectuelle peuvent inclure un ou plus des brevets amé...

Page 3: ...saveToFile Command 4 Behavior Change Show switchservices chassis cpuLoad Command 4 Behavior Change Default vRouter for Virtual Services 4 Long Lived Sessions 4 SNAT Active Standby Behavior in Redundant Configuration 5 Outgoing DNAT IP Address Is the Same as Virtual Service IP Address 5 Auto Dump 5 Supported Hardware 5 Transceivers 6 Software Information 6 Migrating From Software Version 2 0 to Ver...

Page 4: ...g a Version 3 0 or 3 1 Configuration 15 System Management 16 Command line Interface CLI 17 Web Interface 17 SNMP 17 Supported Operating Systems and Web Browsers 18 Operating Systems and Web Browsers 18 Flash Software 18 Known Issues With This Release 19 ACLs 19 ARP 19 Configuration 20 Firewall Load Balancing 20 FTP 20 Health Checks 20 Load Balancing 21 Ports 21 RealService 21 Routing 22 Traceroute...

Page 5: ...Contents v Virtualization 23 L2 to L3 Scale 23 Load Balance Configuration 24 Documentation Updates 24 Configuration and Implementation Guide and Getting Started Guides Translated Versions 25 ...

Page 6: ...vi Sun Secure Application Switch Release Notes for v3 2 1 August 2007 ...

Page 7: ...comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if it is not installed and used in accordance with the instruction manual it may cause harm...

Page 8: ...lication Switch Release Notes for v3 2 1 August 2007 BSMI Class A Notice The following statement is applicable to products shipped to Taiwan and marked as Class A on the product compliance label GOST R Certification Mark ...

Page 9: ...on Switch N1216 N1216 N1216V N1400 N1000 N1400V EN300 386 V 1 3 2 2003 2005 Required Limits EN55022 1994 A1 1995 A2 1997 Class A EN61000 3 2 2000 Pass EN61000 3 3 1995 A1 2000 Pass IEC61000 4 2 6 kV Direct 8 kV Air IEC61000 4 3 3 V m 80 1000 MHz 10 V m 800 960 MHz and 1400 2000 MHz IEC61000 4 4 1 kV AC and DC Power Lines 0 5 kV Signal Lines IEC61000 4 5 2 kV AC Line Gnd 1 kV AC Line Line and Outdo...

Page 10: ...ÜV Rheinland Certificate No S72051919 EN60950 2001 1st Edition CB Scheme Certificate No US TÜVR 2479 Evaluated to all CB Countries UL 60950 1st Edition 2001 CSA C22 2 No 60950 01 03 File CO 72051920 01 S S Dennis P Symanski DATE Manager Compliance Engineering Sun Microsystems Inc 4150 Network Circle MPK15 102 Santa Clara CA 95054 USA Tel 650 786 3255 Fax 650 786 3723 Donald Cameron DATE Program Ma...

Page 11: ...e Application Switch N2000 Series EN300 386 V 1 3 2 2003 2005 Required Limits EN55022 1994 A1 1995 A2 1997 Class A EN61000 3 2 2000 Pass EN61000 3 3 1995 A1 2000 Pass IEC61000 4 2 6 kV Direct 8 kV Air IEC61000 4 3 3 V m 80 1000 MHz 10 V m 800 960 MHz and 1400 2000 MHz IEC61000 4 4 1 kV AC and DC Power Lines 0 5 kV Signal Lines IEC61000 4 5 2 kV AC Line Gnd 1 kV AC Line Line and Outdoor Signal Line...

Page 12: ...V Rheinland Certificate No S 72042727 EN60950 1999 3rd Edition CB Scheme Certificate No US TÜVR 2047 Evaluated to all CB Countries UL 60950 2000 1st Edition CSA C22 2 No 60950 00 00 File E 234800 A1 UL 1 S S Dennis P Symanski DATE Manager Compliance Engineering Sun Microsystems Inc 4150 Network Circle MPK15 102 Santa Clara CA 95054 USA Tel 650 786 3255 Fax 650 786 3723 Donald Cameron DATE Program ...

Page 13: ...h provides these services on a flexible virtualized basis within the convenience of a single enclosure and with industry leading speed security and availability The Sun Secure Application Switch includes the N1000 Series and the N2000 Series The N1000 Series includes the N1216 and the N1400 switch The N2000 Series includes the N2040 switch and the N2120 switch When it is necessary to differentiate...

Page 14: ...sit the Sun Download Center at the following URL http www sun com downloads TABLE P 1 Related Documentation Title Part Number Format Location You can also order at no cost a Documentation CD part number X3796A that includes these documents Go to http www sun com products networking switches for additional information Sun Secure Application Switch Getting Started Guide 819 3042 Printed PDF Ship Kit...

Page 15: ...part number of your document with your feedback Sun Secure Application Switch Release Notes for v3 2 1 part number 819 6643 New Features in This Release The 3 2 1 release includes the following new software features Configuration Synchronization on page 4 Behavior Change Show runningConfig saveToFile Command on page 4 Behavior Change Show switchservices chassis cpuLoad Command on page 4 Behavior C...

Page 16: ...n 3 2 1 the show switchservices chassis cpuLoad command no longer exists Use the show switchservices chassis module command instead to perform similar actions Behavior Change Default vRouter for Virtual Services When creating a virtual service the default vRouter has changed from system shared to the user defined vRouter that is associated with the vSwitch Long Lived Sessions If long lived session...

Page 17: ... created and generated Supported Hardware The Sun Secure Application Switch consists of two hardware platforms Sun N1000 Series includes the N1216 and the N1400 models The N1216 provides two pluggable Gigabit Ethernet copper or fiber ports sixteen 10 100 Mbps ports and a full complement of system and port status LEDs The N1400 provides 4 Gigabit Ethernet copper or fiber ports and a full complement...

Page 18: ...1A FINSAR FTLF 8519P2BCL X2001AZ FIBERXON FTM 8012C SLG X2001AZ Copper FINSAR FCMJ 8521 3 X2002A FINSAR FCLF8521 3 X2002AZ FIBERXON FTM C012R LMG X2002AZ You can use other transceivers but only the ones listed above have been fully tested If required you can purchase these transceivers from Sun or directly from approved vendors Software Information This software release V3_2R1 works with both the ...

Page 19: ...0 Configuration You can copy your configuration file for backup or archive purposes You have two options Make a copy of the cdb dat file Note that this file is machine specific and can only be restored to the original machine on which it was used 1 Telnet to the Sun Secure Application Switch 2 Access the directory containing the cdb dat file sun config cd ftl0 config 3 Copy the cdb dat file to a l...

Page 20: ...r Web site at the following URL http www sun com downloads After the page loads click Networking and scroll down to Network Connectivity to access the software link 3 Reboot the switch After installing the version 3 2 1 software the configuration database will automatically be upgraded to the 3 x format Note The cdb file name will remain the same after the upgrade Importing a Version 2 0 Configura...

Page 21: ...P_VERSION predicate variable The HTTP_VERSION variable has been removed and replaced with more refined variables For objectRules used in requestPolicies use REQUEST_VERSION For objectRules used in responsePolicies use RESPONSE_VERSION The old value is similar to the following Expressions used to classify the application data stream loadBalance objectRule name orVersion predicate HTTP_VERSION eq 1 ...

Page 22: ...es vs1 vs2 5 Update the command for any advanced virtual service settings In this step you have to change the following commands a If disableSynCookies is present reverse the value change true to false or false to true These lines might appear multiple times up to once per virtual service The old value format looks similar to the following Virtual service advanced settings advanced disableSynCooki...

Page 23: ...0 0 localPort 80 remoteAddress 0 0 0 0 remotePort 0 state listen tcp connections localAddress 0 0 0 0 localPort 443 remoteAddress 0 0 0 0 remotePort 0 state listen tcp connections localAddress 10 8 170 123 localPort 23 remoteAddress 129 148 185 228 remotePort 1516 state established 7 Update the command for the OSPF advertisements In this step you have to change the following commands a Change the ...

Page 24: ...ntPort 41440 sesStatus active sessions clientIp 129 148 30 165 clientPort 41440 exit 9 Verify that the configuration file was imported correctly sun config show runningConfig password MyPassword 10 Remove advanced options for non terminated virtualServices L4SLB and TDLB In this example Incorrect Virtual Service configuration loadBalance virtualService name L4SLB_VS appServiceType L4SLB ipAddress ...

Page 25: ...ce virtualService name L4SLB_VS appServiceType L4SLB ipAddress 10 1 0 213 serviceGroupName L4SLB_VS adminState enabled disableDelay 0 protocol TCP port 80 vRouter LB_ServiceLan default clientSrcIPRange 0 0 0 0 255 255 255 255 synRateLimit unlimited loadBalance virtualService name L4SLB_VS Virtual service advanced settings Migrating From Software Version 3 0 or 3 1 to Version 3 2 1 Configuration Mo...

Page 26: ...rule expression changes are not required Installing Version 3 2 1 Software 1 Obtain and install the V3_2R1 software release from the Sun Download Center You can access the Sun Download Center Web site at the following URL http www sun com downloads After the page loads click Networking and scroll down to Network Connectivity to access the software link 2 Reboot the switch After installing the vers...

Page 27: ...1 0 213 serviceGroupName L4SLB_VS adminState enabled disableDelay 0 protocol TCP port 80 vRouter LB_ServiceLan default clientSrcIPRange 0 0 0 0 255 255 255 255 synRateLimit unlimited loadBalance virtualService name L4SLB_VS Virtual service advanced settings Note The cdb file name will remain the same after the upgrade Importing a Version 3 0 or 3 1 Configuration If you have installed version 3 2 1...

Page 28: ...Virtual Service configuration loadBalance virtualService name WMA STREAM HTTP_213 appServiceType L4SLB ipAddress 10 49 0 213 serviceGroupName WMA STREAM HTTP adminState enabled disableDelay 0 protocol TCP port 80 vRouter LB_ServiceLan default clientSrcIPRange 0 0 0 0 255 255 255 255 synRateLimit unlimited loadBalance virtualService name WMA STREAM HTTP_213 Virtual service advanced settings System ...

Page 29: ...Application Switch commands Web Interface The Sun Secure Application Switch Manager Web interface is a graphical user interface GUI that enables you to configure and manage the Sun Secure Application Switch using a browser The Web interface supports all management capabilities provided by the CLI Instead of entering information on a command line you navigate menus and supply information in data en...

Page 30: ...d Web Browsers Microsoft Windows 98 2000 XP Vista Internet Explorer 5 5 6 x and 7 x NetscapeTM 6 2 7 x MozillaTM 1 x Firefox 1 x and 2 x Opera 6 x 7 x 8 x and 9 x Macintosh OSX v10 1 Internet Explorer 5 2 Netscape 7 x Mozilla 1 x Firefox 1 x Red Hat Linux Netscape 7 1 Mozilla 1 x Opera 6 x Solaris 9 and 10 Mozilla 1 4 and 1 7 Firefox 1 x Flash Software The minimum Macromedia Flash version required...

Page 31: ...ted and reported through the syslog facility 4226 156609 Routed traffic on a single vRouter only hits either the ingress inbound or the egress outbound when it should hit both rules The first rule loaded either ingress or egress will match the incoming packet flow 6614 6351901 ARP ARP responses with multicast MAC addresses are not automatically installed To resolve this issue manually enter the st...

Page 32: ...efault gateway a default route for each firewall should be defined If a firewall real service is disabled or deleted the associated route for the firewall must be deleted as well 7250 6483927 FTP The FTP client on the switch is not accessible through the Web interface The FTP client must be used within the CLI 3778 6351865 Health Checks If you are using a script for Scripted Health Checks and one ...

Page 33: ...tempt to disable a RealService or host that is used by a Virtual service VS with the longRxTimer value set longer than the default 64 seconds an error message will be displayed To disable the RealService you must remove it from the service group then disable it 7328 6507197 FWLB connections are long lived thus affecting the session counters for real services The initial FWLB flow is persistent lon...

Page 34: ...dy received a RIP update containing a route with a short mask for the same gateway This compliance problem should have no negative network impact 2457 6351892 Traceroute and InterRealm Routing IRR There exists two know issues with traceroute and InterRealm Routing When traceroute is performed from an external host PC and the path uses IRR ICMP TTL expired or port unreachable messages when using UD...

Page 35: ... workstation performance to deteriorate until the browser window is closed 5927 6351858 Online Help requires that JavaScriptTM is enabled on your Web browser 2104 1351860 Configuration Scaling Management System vSwitch One management vRouter Four shared vRouters 100 user accounts used for login access to the switch 10 concurrent CLI sessions 10 concurrent HTTP management sessions Virtualization Us...

Page 36: ...est policies 1024 per vSwitch 4096 total Response policies 1024 per vSwitch Request transforms 1024 per vSwitch Response transforms 1024 per vSwitch Object rules 1000 per vSwitch Configurable health checks 512 per vSwitch Active health checks 1024 per vSwitch Keep alives 1 probe or 1 list of up to 5 HTTP probes 1 per vSwitch 1024 bit certificates 512 per vSwitch Note The scaling numbers outlined a...

Page 37: ...oducts networking switches for information For 4 x you can also order at no cost a Documentation CD part number X3797A that includes these documents Go to http www sun com products networking switches for information Sun Secure Application Switch Getting Started Guide 819 3042 Printed PDF Ship Kit Online Sun Secure Application Switch Configuration and Implementation Guide 819 7595 PDF Online Sun S...

Page 38: ...26 Sun Secure Application Switch Release Notes for v3 2 1 August 2007 ...

Reviews:

No comments

Related manuals for Secure Application Switch N1000

Brand: Audio Authority Pages: 12

EX ZS 92 S 22 VD F

Brand: steute Pages: 28

Brand: MuxLab Pages: 32

TradeSwitch2-USB

Brand: G&D Pages: 88

Brand: Woxcon Pages: 42

Brand: JetNet Pages: 20

Brand: Penguin Computing Pages: 71

Brand: Linksys Pages: 4

Brand: WaveSplitter Pages: 35

EPS-1XPB-1XPL-M1-24V

Brand: Larson Electronics Pages: 2

Brand: Plantronics Pages: 17

PDT-NSU-7104-MP-SF-I

Brand: Parallax Pages: 13

Brand: F&F Pages: 15

Brand: Mo-vis Pages: 109

Brand: Rosewill Pages: 5

Brand: TV One Pages: 32

DirectForce Pro

Brand: VRS Pages: 5

Brand: Raritan Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands