|
|
April 7, 2000
These release notes provide the current open caveats for the Cisco Cache Engine 500 series software version 2.1.0.
 |
Note The most current Cisco Documentation is on Cisco Connection Online at http://www.cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were printed. |
These release notes describe the following topics:
The Cisco Systems next-generation Cache Engine 500 series solutions enable service providers and enterprises to accelerate web content delivery, optimize WAN bandwidth utilization, and control access to content. The Cisco network caching solution is architected and optimized to work as a single caching system by pairing the following:
As of the printing of this release note, Cache Engine software version 2.1.0 can operate with the following models of the Cache Engine:
|
Note Cisco recommends that you install the most recent software version available for your model of the Cache Engine. |
To determine the version of the software currently running on the Cisco Cache Engine, log on to the Cache Engine and enter the show version EXEC command.
Cache Engine software can be downloaded from the Cisco Systems Software Center at the following URL:
http://www.cisco.com/cgi-bin/tablebuild.pl/cache-engine
Software Release 2.1.0 introduces the following new features:
The Cisco Cache Engine 570 is designed to handle up to 400 TPS at a transmission speed of 22 Mb/s.
Cache Engine Software Release 2.1.0 permits the administrator to define the maximum size of objects to cache. Objects above the specified size are not cached.
The object parameter has been added to the http global configuration command.
The object parameter has been added to the show http EXEC command.
The object parameter has been added to the show statistics http EXEC command.
On the Cache Engine Management Interface GUI, the Maximum size a cacheable object option has been added to the HTTP Freshness page in the CACHING menu. With this feature the user can either specify the size limit of cacheable object or specify no limit.
Denial-of-Service (DoS) attacks can disable a host or a network by consuming critical resources, altering configuration information, or by destruction of physical network components.
The Cache Engine protects against the well-known DoS attacks listed in Table 1.
| Type of DoS Attack Prevented | Description of Attack |
|---|---|
Bonk | Uses IP and bad packet construction |
Fraggle | Uses UDP and spoofed IP address (variant of Smurf) |
LAND | Uses TCP and spoofed IP addresses |
Ping-of-Death | Uses ICMP and huge IP packet size |
Ping-Pong | Uses UDP and spoofed IP address |
Smurf | Uses ICMP and spoofed IP address |
SYN Flooding | Uses TCP and excessive connection requests |
Tear-Drop | Uses IP and bad packet construction |
New statistics were added to the show statistics tcp as follows:
console#show statistics tcp
. . .
0 half open connections dropped
0 dropped due to rexmit thresh exceeded
0 dropped due to bad foreign address
5 good address hash count
0 good address hash collisions
0 good address hash deletions
. . .
| DoS Related TCP Statistic | Explanation |
|---|---|
dropped due to rexmit thresh exceeded | Half-open connections dropped from a full queue due to exceeded retransmission threshold. |
dropped due to bad foreign address | Half-open connections dropped from a full queue due to foreign address not in good address table. |
good address hash count | Entries in good address table currently in use. |
good address hash collisions | Number of times an entry collision occurred during insertion into good address table. |
good address hash deletions | Number of times an entry was explicitly removed from the good address table. |
A Cache Engine can now export transaction logs to external servers, or multiple Cache Engines can export their transaction log files to the same server. Up to four external FTP servers can be configured. Transaction log files are transferred by FTP.
The universal configuration command transaction-logs has been changed. The show transaction-logging command has been updated to display information on exported log files. The export option has been added to the show statistics transaction-log command to display the status of logging attempts to export servers.
In the CACHING menu on the Transaction Logs page, up to four FTP servers can be configured to accept transaction log files. To disable the export of transaction logs while saving the current configuration, click the Off Radio button in the Transaction Log FTP Export field.
Cache Engine software version 2.1.0 can now transparently pass Type of Service (ToS) information between a client and a remote server. The incoming ToS of packets received from the client request to the Cache Engine is used as the outgoing ToS in packets sent to the server. There are no command line or graphic user interface changes for this feature.
A sanitized transaction log disguises the network identity of a client by changing the IP address and username (if applicable) in the transaction logs. The IP address is changed to 0.0.0.0.
The sanitized parameter has been added to the transaction-logs global configuration command.
In the Transaction Logs page in the CACHING menu, a radio button is provided to enable and disable the Sanitize transaction logs feature.
Client abort processing occurs when a client of the Cache Engine aborts the download of a cacheable object before the download is complete. Typically a client aborts a download by clicking the Stop icon on the browser, or by closing the browser during a download. Release 2.1.0 provides user-defined thresholds to determine whether or not the Cache Engine will complete the download. When the download of an object aborts before being completed, the object is not stored on the Cache Engine or counted in the hit-rate statistics.
The cache-on-abort option has been added to the http global configuration command.
The cache-on-abort option was added to the show http global configuration command.
The Cache on Abort page has been added to the of the CACHING menu of the management GUI.
With this feature users can specify an exclusion list of IP addresses or domain names (in the form mydomain.com), for which the Cache Engine will not perform RADIUS authentication. The maximum number of excluded domains is 64. The Selective Radius Authentication feature can be disabled without deleting the domains.
The Cache Engine currently supports Remote Authentication Dial-In User Service (RADIUS) authentication. RADIUS clients run on Cisco Cache Engines. When enabled, these clients send authentication requests to a central RADIUS server, which contains all user authentication and network service access information. Selective RADIUS authentication allows users to access intranet servers without requiring authentication, and can limit RADIUS authentication to those users that access external web servers.
The radius universal configuration command has been changed.
The show radius command has been updated to display the list of local domains excluded from RADIUS authentication.
On the Cache Engine Management Interface GUI, on the CACHING menu, under the RADIUS option, a Do not perform RADIUS Authentication for the following domains checkbox has been added. Click this box to exclude the domains entered in the adjacent list box from RADIUS authentication. Each IP address or domain name in the list box should be delimited by a carriage-return.
This feature permits traffic from specified sources to bypass the Cache Engine. The type of traffic sources are as follows:
Wildcarding of either the source or destination field is not supported.
A statically configurable list of source and destination addresses helps to isolate instances of misbehaving clients and servers.
The global configuration command bypass static has been added.
To display static configuration list items, use the show bypass list command.
The total number of entries in the bypass list is now reported in the show bypass summary command.
To clear all Static Configuration lists and counters, use the clear bypass command.
The static bypass configuration list feature is not implemented in software version 2.1.0.
Software version 2.1.0 enables a Cache Engine to use either a UNIX or Windows NT Websense server as a filtering engine. The Cache Engine can then enforce the filtering policy configured on the Websense server. Refer to the Websense documentation for further information on Websense filtering policies.
The websense option has been added to the url-filter global configuration command.
Websense configuration options have been added to the URL Filtering page of the CACHING menu.
To prevent broken TCP connection, software version 2.1.0 implements a clean shutdown of WCCP. After a reload or wccp version command the Cache Engine continues servicing the flows it is handling and starts to bypass new flows. When the number of existing flows go down to zero, the Cache Engine takes itself out of the cluster by informing the lead Cache Engine to redistribute the buckets it was handling. This prevents broken connections as the Cache Engine shuts down. The connections will still be broken if the Cache Engine crashes or is rebooted without WCCP being cleanly shutdown. The clean shutdown can be aborted while in progress.
The wccp cleanshutdown global configuration command has been added.
The Enable WCCP page of the WCCP menu provides clean shutdown options.
Within a cluster of Cache Engines TCP connections are redirected to other Cache Engine as units are added or removed. A Cache Engine can be overloaded if too quickly reassigned new traffic or introduced abruptly into a fat pipe. The WCCP slow start performs the following tasks to prevent a Cache Engine from being overwhelmed when it comes online or is reassigned new traffic:
Slow start is applicable only in the following cases:
In all other cases Slow Start is not necessary and all the Cache Engines could be assigned their share of the buckets right away.
Enable slow start with the wccp slow-start global configuration command.
There is no GUI configurable option for the WCCP slow start feature in release 2.1.0.
The Cache Engine 570 may log an erroneous CPU fan failure message in the syslog file. For example,
Tue Apr 11 15:17:27 2000 ... web-cache-2.ce.ca 73:CPU Fan Failed!
If the Cache Engine is functioning, ignore the message. It does not indicate a danger to the continued, safe operation of the Cache Engine.
The following are open caveats for software version 2.1.0:
console(config)# no wccp web-cache
console(config)# wccp web-cache router 1
|
Note Wait 30 seconds between stopping and starting WCCP. The wccp keywords and options apply to the example Cache Engine only. Use the keywords and options appropriate to the configuration of each Cache Engine. |
You can access the most current Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly. Therefore, it is probably more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Registered CCO users can order the Documentation CD-ROM and other Cisco Product documentation through our online Subscription Services at http://www.cisco.com/cgi-bin/subcat/kaojump.cgi.
Nonregistered CCO users can order documentation through a local account representative by calling Cisco's corporate headquarters (California, USA) at 408 526-4000 or, in North America, call 800 553-NETS (6387).
Cisco provides Cisco Connection Online (CCO) as a starting point for all technical assistance. Warranty or maintenance contract customers can use the Technical Assistance Center. All customers can submit technical feedback on Cisco documentation using the web, e-mail, a self-addressed stamped response card included in many printed docs, or by sending mail to Cisco.
Cisco continues to revolutionize how business is done on the Internet. Cisco Connection Online is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
CCO's broad range of features and services helps customers and partners to streamline business processes and improve productivity. Through CCO, you will find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online support services, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on CCO to obtain additional personalized information and services. Registered users may order products, check on the status of an order and view benefits specific to their relationships with Cisco.
You can access CCO in the following ways:
You can e-mail questions about using CCO to cco-team@cisco.com.
The Cisco Technical Assistance Center (TAC) is available to warranty or maintenance contract customers who need technical assistance with a Cisco product that is under warranty or covered by a maintenance contract.
To display the TAC web site that includes links to technical support information and software upgrades and for requesting TAC support, use www.cisco.com/techsupport.
To contact by e-mail, use one of the following:
| Language | E-mail Address |
|---|---|
English | tac@cisco.com |
Hanzi (Chinese) | chinese-tac@cisco.com |
Kanji (Japanese) | japan-tac@cisco.com |
Hangul (Korean) | korea-tac@cisco.com |
Spanish | tac@cisco.com |
Thai | thai-tac@cisco.com |
In North America, TAC can be reached at 800 553-2447 or 408 526-7209. For other telephone numbers and TAC e-mail addresses worldwide, consult the following web site: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml.
This document is to be used in conjunction with the documents listed in the "Obtaining Documentation" section.
Access Registrar, AccessPath, Any to Any, AtmDirector, Browse with Me, CCDA, CCDE, CCDP, CCIE, CCNA, CCNP, CCSI, CD-PAC, the Cisco logo, Cisco Certified Internetwork Expert logo, CiscoLink, the Cisco Management Connection logo, the Cisco NetWorks logo, the Cisco Powered Network logo, Cisco Systems Capital, the Cisco Systems Capital logo, Cisco Systems Networking Academy, the Cisco Systems Networking Academy logo, the Cisco Technologies logo, ConnectWay, Fast Step, FireRunner, Follow Me Browsing, FormShare, GigaStack, IGX, Intelligence in the Optical Core, Internet Quotient, IP/VC, Kernel Proxy, MGX, Natural Network Viewer, NetSonar, Network Registrar, the Networkers logo, Packet, PIX, Point and Click Internetworking, Policy Builder, Precept, RateMUX, ScriptShare, Secure Script, ServiceWay, Shop with Me, SlideCast, SMARTnet, SVX, The Cell, TrafficDirector, TransPath, ViewRunner, Virtual Loop Carrier System, Virtual Voice Line, VisionWay, VlanDirector, Voice LAN, Wavelength Router, Workgroup Director, and Workgroup Stack are trademarks; Changing the Way We Work, Live, Play, and Learn, Empowering the Internet Generation, The Internet Economy, and The New Internet Economy are service marks; and ASIST, BPX, Catalyst, Cisco, Cisco IOS, the Cisco IOS logo, Cisco Systems, the Cisco Systems logo, the Cisco Systems Cisco Press logo, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastLink, FastPAD, FastSwitch, GeoTel, IOS, IP/TV, IPX, LightStream, LightSwitch, MICA, NetRanger, Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any of its resellers. (0003R)
Copyright © 2000, Cisco Systems, Inc.
All rights reserved.
Posted: Sat Sep 28 03:15:28 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.