Cisco LocalDirector Version 3.1.4
Release Notes

The alias ip address command allows a virtual server to be placed on an IP network that is different from the real server's IP network without the use of a router.
Use the failover alias ip address command to set up an alias on the standby failover unit and take advantage of one of the following attributes:
- multiple IP addresses
- dispatched mode
- allowing a failover unit to be on a network that is different from a real server's network.

: A maximum of 256 aliases are allowed.

Virtual servers can be grouped together with the buddy command. Certain commands and parameters (such as the sticky command) that affect one virtual server affect all other virtual servers in the buddy group.
The dynamic-feedback command configures a TCP connection between LocalDirector and a server running the Dynamic Feedback Agent. The Dynamic Feedback Agent provides statistical information to LocalDirector about the availability of servers in a server farm. LocalDirector maintains the connection to the Dynamic Feedback Agent server, updates the Dynamic Feedback Agent internal status about the availability of servers, and makes load balancing decisions based on the information it receives. This process ensures that the most available server is chosen to provide future connections.
New default values can be set for some LocalDirector commands. Once a new value is set, the new value is active until the value is changed with the default command.
LocalDirector can set an IP precedence value in the IP header to and from virtual servers with the color command. This allows packet prioritization for different types of services on virtual servers. The Cisco Policy Manager software, version 1.0, can be used with LocalDirector to support a graphical user interface (GUI) version of this feature.
The Cisco Appliance Server Architecture (CASA) architecture is now supported by LocalDirector. The CASA allows a stand-alone LocalDirector to implement Cisco Network Director Service Manager functionality.

Modified Features

The following changes have been made to existing LocalDirector features for the 3.1.1 release:

The LocalDirector version 2.1 implementation of the sticky command has been expanded to use the SSL session ID as a key for stateful sticky connections (instead of the client IP address). This allows the sticky command to effectively load balance traffic when proxy servers are in use. LocalDirector supports SSL3 servers and SSL2/3 (hybrid) clients.
LocalDirector load balances the User Datagram Protocol (UDP) protocol. A new field, protocol, can be specified for virtual servers and real servers. The virtual and real commands can use the default TCP protocol (using the tcp keyword), or if the protocol keyword set to udp, LocalDirector will load balance the UDP flows.
LocalDirector supports the following industry-standard modes of load balancing. These modes of load balancing are set with the redirection command:
- Directed mode---Uses Network Address Translation (NAT) to translate the IP headers in packets. NAT, supported in LocalDirector since version 1.0, reduces system administration time by providing a quick setup with no network address changes.
- Dispatched mode---Substitutes the MAC address of the server in the packet for the destination address, thus preserving the IP header information. Dispatched mode increases traffic throughput. However, dispatched mode also requires that the aliased IP address on a real server match the virtual IP address on LocalDirector. Dispatched mode should be used for UDP and for TCP when the IP address information needs to remain unchanged.
The service virtual_id ftp-proxy command specifies that the virtual_id provides FTP service. LocalDirector monitors the control connection by proxying it, making this service pretty effective. The trade-off is that each FTP session now consumes more resources in LocalDirector.
The out-of-service command has added the following options: oos, maintenance, sticky, and failed.

Important Notes

The following sections contain important notes about the Cisco LocalDirector.

LocalDirector User Interface, Versions 2.2.x and 2.1.x, cannot be used with any LocalDirector version 3.1 release.
A Netscape 4.04 browser with the Apache webserver does not work with the sticky SSL feature. The SSL handshake occurs and data is sent from the client, but the connection pauses at that point. The server is apparently unable to work with the data received from the client.

: This problem is inherent in the Netscape/Apache combination, and occurs whether or not LocalDirector is present. [CSCdk91721]

LocalDirector supports the SSL version 2/3 hybrid client hello message, which allows the client to send a Version 2 hello message as long as the client is capable of communicating with the server using Local Director version 3 after the handshake.

We have found that Internet Explorer (4.0) does not work with IIS because the server responds to the client's Version 2 hello message with a version 2 server hello message. [CSCdm46555]

The table below shows which combination of browsers and servers are performing correctly:

Browser	Apache	IIS
Netscape Navigator	works	works
Opera	works	works
Microsoft Internet Explorer	works	works if SSL version 2 is turned off (see CSCdm46555 ReleaseNote or Microsoft customer service document Q187498 for instructions)

If you are using the Dynamic Feedback Protocol (DFP) or SNMP to automatically change the weight of a real server, you can manually change that server's weight by using the weight command. The next time a "dynamic weight" is sent through SNMP or DFP, LocalDirector will use that dynamic weight.

: This provides the ability to manually override the dynamic weight being fed into LocalDirector.

The Opera browser does not always use the same SSL session ID from the server. Consecutive connections to a secure virtual server using SSL sticky does not always result in a return to the same real server. This is due to the way Opera handles session IDs: Opera uses a new session ID, thus creating a new sticky association. [CSCdm49617]
The resolution for setting the default interval for UDP connections on real servers is the adjustment of the TIMEOUT knob for the real machines. [CSCdm15526]
Using the older specification for the port parameter (that is, ip_address port instead of the new invocation ip_address:port) causes certain commands, including the no sticky command, to ignore the command altogether without generating error messages. Older configuration files should be checked to ensure the new style for specifying the port is used.

: This is not a LocalDirector problem. This problem is due to the way the CLI reads virtual machine types. The LocalDirector does not know if a port or sticky timer is being specified in the CLI. To remove a sticky timer, specify the following syntax:
no sticky [virt:port:bindid]. [CSCdk90873]

Caveats

Caveats describe unexpected behavior in Cisco LocalDirector 3.1. This section contains open and resolved caveats for the Cisco Local Director version 3.1.

Open Caveats-Version 3.1.4

This section describes possibly unexpected behavior by Cisco LocalDirector version 3.1.4.

CSCdm48348

: The number of sticky connection objects on a standby unit increases faster than the number of sticky connection objects on a primary unit.

CSCdp34739

: Robust FTP is not implemented for static reals.

CSCdm04760

: When using the static command, the LocalDirector does not translate the IP address in the data portion of the packet. This inability to translate the IP addresses causes FTP problems when a server inside the LocalDirector initiates an FTP session.

CSCdp24275

: Pings from standby units usually fail. Arp and bridge tables are not updated when the IP address being pinged is on the same subnet as an alias of the LocalDirector.

CSCdm41158

: Fragmented proxy packets (SSL sticky or robust FTP packets) are not processed correctly if the first packet received is out of sequence and does not contain the entire TCP header.

CSCdp37156

: Proxy connections (SSL sticky or robust FTP) are not reassigned.

CSCdp35235

: Failovers after a configure net with configuration files with lines that are larger than 5k do not always synchronize properly.

Resolved Caveats---Version 3.1.4

The following caveats were resolved for Cisco LocalDirector version 3.1.4.

CSCdm23831

: RNS 4-port Ethernet cards with Intel chips can have 2% alignment errors.

CSCdm66919

: Write mem failures do not generate syslog entries.

CSCdm66903

: False OKs are returned through telnet connections.

CSCdm68225

: If you are replicating FTP connections for a failover scenario, you also have to configure a 'default' virtual port for the virtual IP address in order to receive the data connections which are being replicated to the standby unit.

CSCdm69080

: Backup machines are not properly cleared before replicating the failure configuration.

CSCdm66540

: No error message is printed when a real that was specified by the weight command does not exist.

CSCdm70556

: The weight value for all predictors must be greater than zero. If the weight value for a predictor is less than zero, the real machine will not be used. This behavior is similiar to the real machine behavior in oos maintenance mode.

CSCdm70558

: The real machine does not default to a static weight when a dynamic weight change via DFP times out.

CSCdm71139

: The data-in counter for the show real command does not get decremented correctly if the feature is not turned on for the real machine.

CSCdm72446

: The LocalDirector mishandles ICMP error type 3 code 4 for dispatched mode.

CSCdm66643

: If configuration file fails to download to the flash memory card, a cryptic error message is generated.

CSCdm81195

: The second packet of LDAP traffic is delayed when bridged through the LocalDirector.

CSCdm78239

: If the machines primary is removed a first, a backup machine can not be removed.

CSCdm77636

: The default mode for redirect mode is assisted redirect mode. The default redirect mode should be local redirect mode.

CSCdm45514

: The delay command parameters are hardcoded to 5 minutes.

CSCdm84715

: The weight command is not saved if the weight parameter is the default parameter while the weight timeout parameter is not the default weight timeout parameter.

CSCdm66800

: The LocalDirector weighted / loaded behavior can be unpredictable.

CSCdp02402

: Buddy associations in the standby unit are not cleared during bootup or write standby.

CSCdp06329

: The console does not distinguish between the non-existant sh e 4 command and the existant shu e 4 command. The console should return an error message.

CSCdp03095

: Reals bound to sticky virtuals with SSL enabled will not fail.

CSCdp09265

: The LocalDirector connection counter does not decrement properly.

CSCdp11596

: If names are on, the delay command writes the name instead of the IP address into the configuration terminal. The end result is the loss of the command on reboot.

CSCdk87047

: If the LocalDirector has a 4-port RNS card with the DEC chip set, internal looping occurs when you manually change the line speeds from 10baset to 100basetx and then back to 10baset.

CSCdm45606

: If the no data command is invoked without keywords, no error message is displayed and nothing is changed. Additionally, the no data real_ip_address command does not return the value to 0; the data real_ip_address 0 command must be used to return the value to 0.

CSCdm52240

: Clearing the default gateway with the clear configuration secondary command causes problems when the user invokes this command from a telnet session within a firewall.

CSCdp27237

: Concurrent boot image commands from either a console or a telnet session will cause the LocalDirector to reload.

CSCdp27474

: Concurrent conf net and write net commands from either a console or a telnet session will cause the LocalDirector to pause indefinitely.

CSCdp24266

: The LocalDirector does not fail an FTP virtual when robust FTP for the virtual is enabled.

CSCdp34831

: New connections are not reassigned to new reals when an RST is sent from the real.

CSCdp27345

: The Ethernet driver can be corrupted by proxy or local telnet if either service retransmits packets.

CSCdp27416

: Repeated use of the show error command causes the LocalDirector to reboot.

CSCdp29124

: Reassign commands fail due to invalid TCP checksums in SYN.

CSCdp30505

: The write standby command does not work.

CSCdp30689

: LocalDirector is displayed in telnet password prompts.

CSCdp32523

: Packets that arrive at a virtual server for a non-existent connection generate an RST to the client with a source IP address of 0.0.0.0.

CSCdp34843

: Client connections are not RST'd when a real server is not available for a virtual server.

CSCdp36876

: Real servers and virtual servers must have the same port to enable bind in dispatched mode.

Resolved Caveats---Version 3.1.3

The following caveat was resolved for Cisco LocalDirector version 3.1.3.

CSCdm58481

: A telnet session to the LocalDirector caused a reboot after exiting the session.

Resolved Caveats---Version 3.1.2

The following caveat was resolved for Cisco LocalDirector version 3.1.2

CSCdm54556

: The proxy code, which is used in the SSL sticky feature, dropped the first packet that completed the SSL handshake and contained data. The client had to resend the data, based on TCP timers, for the SSL session to continue. Although the SSL connections worked, the connections were slow because of the DATA resend that was required for the data dropped in the packet. This problem was compounded when the web page was composed of several sessions.

Resolved Caveats---Version 3.1.1

The following caveats were resolved for Cisco LocalDirector version 3.1.1:

CSCdj69947

: Packets destined for servers on a different subnet than the LocalDirector traversed the outside Ethernet three times before being forwarded to the appropriate server if directly-connected multiple logical subnets were running on the inside interface.

CSCdj81299

: Using the sticky command created a load inbalance when clients were coming from a site that used a proxy server to access the Internet. Since sticky in Version 2.x used the client's IP address for storing the association to a real server, all clients coming from a proxy server were sent to the same real server.

CSCdj82485

: LocalDirector had to disable the Cisco Syslog MIB, so traps were not sent for every SYSLOG message when an SNMP host was configured.

CSCdk05464

: The show interface command would display only interface 0 statistics when the show interface ethernet n command was issued, regardless of what interface number n represented.

CSCdk06921

: Connection replication only occured at the beginning of a connection. If failover occured, a connection remained intact on the newly active box. However, if the previously active box was rebooted and failover switched back , the connection was lost. All replication was lost on connections that were established before replication was enabled (even though the connection still existed) or if the standby box was rebooted.

CSCdk20283

: If the standby unit was not present when the active LocalDirector was receiving connections in a failover configuration, the established connections were not replicated to the standby unit when they became available.

CSCdk22258

: Support for the UDP protocol was needed for virtual servers and real servers.

CSCdk24894

: The show memory command output was static. LocalDirector pre-allocated its memory on bootup in accordance to the configuration.
: This was misleading to users who looked at the command as a way of determining how loaded their system was. Typically, this output did not change, regardless of the load on the system.

CSCdk25530

: The command telnet 0.0.0.0 255.255.255.0 was accepted, but failed to perform any action. However, the command telnet 0.0.0.0 0.0.0.0 worked.

CSCdk33149

: You could only retrieve the value for the first MIB instance in the cldVirtualTable.

CSCdk38075

: If you attempted to create a real server that already existed on LocalDirector, an error message without a carriage return would display, making the output look garbled.

CSCdk50678

: There was no value for the SNMP object sysobjectOID.

CSCdk55614

: The oos command was not understood when downloading a configuration from a TFTP server with the config net file ip command.

CSCdk58223

: When trying to bind a server on a port higher than 32768, LocalDirector responded with the following error message:

machine does not exist; can't bind

CSCdk61788

: If the snmpwalk or snmpget was used against LocalDirector, the incorrect value of 0 for ifAdminStatus was received.

CSCdk61794

: Snmpwalk returned no information and produced the "End of MIB" message for walks on anything short of or equal to .1.3.6.1.2.

CSCkd66733

: When binding an existing virtual server to a non-existent real server by IP address, LocalDirector responded with a correct error message. However, if an invalid name was used, the incorrect error message "arg2: invalid IP address" was returned.

CSCdk66749

: Using the conf f command without a floppy disk in the drive failed to generate an error message.

CSCdk90027

: An snmpget of cldRealTotalConnections using an index of (cldRealIPAddress,cldRealPort) with port value 0 resulted in LocalDirector returning the incorrect object, cldRealIPAddress, instead of the requested object.

CSCdm02673

: LocalDirector performed a gratuitous ARP for each enabled interface. These gratuitous ARPs were propagated to each interface. This caused additional log entries in the networks when log events such as MAC address changed for IP addresses.

CSCdm22062

: When LocalDirector would fail, it would shut down its interfaces. This was done as a precautionary measure to prevent a failed unit from harming the rest of the network (by constantly transmitting trash, and so forth). If you used the write mem command on LocalDirector while it was failed, it saved the information when the interfaces were down.

CSCdm22544

: The arp command returned incorrect information if a colon was incorrectly used in the IP address.

CSCdm24145

: SNMP traps that referenced real servers and virtual servers were not correct. For example, the trap (output from CWW):

4/8/99   21:31:44 LD              Trap: P3  1, 
ent=ciscoLocalDirectorMIBNotificationPrefix, comm=public, cldVirtualTable.4.5.4.3.2.1.0.0=2     LD

: referenced cldVirtualTable.4, but there is no variable "4" in cldVirtualTable. Instead of:

cldVirtualTable.4.5.ip_address.port.bind_id=value

: Below is the correct output:

cldVirtualTable.cldVirtualTableEntry(1).cldVirtualState(4).ip_address.port.bind_id=value

CSCdm26732

: If a failover cable was not connected and the write standby command was issued, the configuration was not replicated and the error message was not returned.

CSCdm47752

: In a failover setup, the active unit replicates the configuration to the standby unit when the standby unit is available. Before the configuration is replicated, the current configuration on the standby unit is erased. However, in version 2.2.2, the static commands were not erased before replication, which led to a reboot on the show static command.

Cisco Connection Online

Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.

Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.

CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.

You can access CCO in the following ways:

WWW: http://www.cisco.com
WWW: http://www-europe.cisco.com
WWW: http://www-china.cisco.com
Telnet: cco.cisco.com
Modem: From North America, 408 526-8070; from Europe, 33 1 64 46 40 82. Use the following terminal settings: VT100 emulation; databits: 8; parity: none; stop bits: 1; and connection rates up to 28.8 kbps.

For a copy of CCO's Frequently Asked Questions (FAQ), contact ccohelp@cisco.com. For additional information, contact ccoteam@cisco.com.

If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or csrep@cisco.com.

CD-ROM Documentation

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more up to date than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.

If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.

Table of Contents

Cisco LocalDirector Version 3.1.4 Release Notes

Cisco LocalDirector Version 3.1.4 Release Notes

New Features in Cisco LocalDirector 3.1.3

Cisco LocalDirector Version 3.1.4
Release Notes

Cisco LocalDirector Version 3.1.4
Release Notes