advertisement
Release Note for Cisco Wide Area Application
Services Software Version 6.2.3x
September 15, 2017
Note
The most current Cisco documentation for released products is available on Cisco.com.
Contents
This Release Note applies to the following software versions for the Cisco Wide Area Application
Services (WAAS) software:
•
6.2.3d
•
•
•
•
6.2.3c
6.2.3b
6.2.3a
6.2.3
For information on Cisco WAAS features and commands, see the Cisco WAAS documentation located at http://www.cisco.com/en/US/products/ps6870/tsd_products_support_series_home.html
.
This Release Note contains the following sections:
•
•
•
•
•
•
•
•
Upgrading from a Release Version to Version 6.2.3x
Downgrading from Version 6.2.3x to a Previous Version
Cisco WAE and WAVE Appliance Boot Process
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
Cisco Systems, Inc.
www.cisco.com
New and Changed Features
•
Obtaining Documentation and Submitting a Service Request
New and Changed Features
The following sections describe the new and changed features in Software Version 6.2.3x:
•
•
Cisco Software Version 6.2.3x New and Changed Features
Cisco Software Version 6.2.3x Filenames
•
•
Cisco WAAS Appliance System Firmware Update
Configuring ICA over Socket Secure (SOCKS) Server
Cisco Software Version 6.2.3x New and Changed Features
Cisco WAAS Software Version 6.2.3d includes the following new features and changes:
•
Alarm Email Notification- With release 6.2.3d, the WAAS software supports an email notification mechanism, that is triggered whenever the WAAS Central Manager receives an alarm notification for a raised or cleared alarm. To configure the alarm email notification feature:
–
From the WAAS Central Manager menu go to Devices > Configure > Monitoring > Email
Notification to configure the email server settings.
–
From the WAAS Central Manager go to Home > Admin > Alarm Email Notification >
Configure to configure the email notification settings.
•
You can enable the email notification for Raised and Cleared alarms, depending on the severity level. After you have configured this, you are notified of all alarms for the devices that are registered with the WAAS Central Manager.
Easy detection and resolution of configuration conflicts between WAAS Central Manager and
WAAS Devices.
To identify the configuration conflict pages, from the WAAS Central Manager navigate to Home >
Admin > Force Device Group > View Pages to see the impacted Device Name, Device Group
Name and Page Name. You can click on the page link to navigate to the corresponding page to correct the configuration conflict.
Cisco Software Version 6.2.3b New and Changed Features
•
•
Configuring ICA over Socket Secure (SOCKS) Server—For WAAS Version 6.2.3b and later, WAAS software supports optimizing ICA traffic redirected over SOCKS proxy servers. For details on how to configure ICA over SOCKS for WAAS, see
Configuring ICA over Socket Secure (SOCKS)
.
SMART-SSL, an encryption service that enables L7 application network services (such as FTP,
HTTP, DNS) to optimize traffic on SSL/TLS encrypted applications. SMART-SSL enables content caching for SSL/TLS applications (HTTP object cache for HTTPS traffic) in single-sided deployment.
For how to configure and use this feature, see “Configuring SMART-SSL” in the “Configuring
Application Acceleration” chapter of the
Cisco Wide Area Application Services Configuration
Guide
.
2
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
New and Changed Features
•
•
Cisco WAAS Version 6.2.3 with Akamai Connect Version 1.4.2
vWAAS new and changed features:
–
vWAAS in KVM on CentOS
For a list of CLI commands added to or changed for WAAS Version 6.2.3x, see
Version 6.2.3 Command Changes .
Cisco Software Version 6.2.3x Filenames
This section describes the Cisco WAAS Software Version 6.2.3x software image files for use on
Cisco WAAS appliances and modules and contains the following topics:
•
•
•
No Payload Encryption Image Files
For a list of vWAAS image files, see the
Cisco Virtual Wide Area Application Services Installation and Configuration Guide
.
Standard Image Files
Cisco WAAS Software Version 6.2.3x includes the following standard primary software image files for use on Cisco WAAS appliances and modules:
•
waas-universal-6.2.3.x-k9.bin—Universal software image that includes Central Manager and
Application Accelerator functionality. You can use this type of software file to upgrade a device operating in any device mode.
•
waas-accelerator-6.2.3.x-k9.bin—Application Accelerator software image that includes Application
Accelerator functionality only. You can use this type of software file to upgrade only an Application
Accelerator device. This software image file is significantly smaller than the Universal image.
Kdump analysis functionality is not included in the Accelerator-only image.
The following additional files are also included:
•
•
waas-rescue-cdrom-6.2.3.x-k9.iso—Cisco WAAS software recovery CD image.
waas-sre-installer-6.2.3.x-k9.zip—Image for SRE installer.
Note
From software version 6.2.3d, separate software images for the SRE installer are not supported.
If you want to upgrade your existing SRE deployments, you need to use the standard software image file WAAS-6.2.3.x-k9.bin.
For EOS announcement of select Cisco Services-Ready Engine Modules, please refer to the EOS document on cisco,com.
•
•
•
waas-x86_64-6.2.3.x-k9.sysimg—Flash memory recovery image for 64-bit platforms
(WAVE-294/594/694/7541/7571/8541).
waas-6.2.3.x-k9.sysimg—Flash memory recovery image for 32-bit platforms (all other devices).
waas-kdump-6.2.3.x-k9.bin—Kdump analysis component that you can install and use with the
Application Accelerator software image. The Kdump analysis component is intended for troubleshooting specific issues and should be installed following the instructions provided by Cisco
TAC.
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
3
New and Changed Features
•
waas-alarm-error-books-6.2.3.x.zip—Contains the alarm and error message documentation.
No Payload Encryption Image Files
Cisco WAAS Software Version 6.2.3x includes No Payload Encryption (NPE) primary software image files that have the disk encryption feature disabled. These images are suitable for use in countries where disk encryption is not permitted. NPE primary software image files include the following:
•
•
waas-universal-6.2.3.x-npe-k9.bin—Universal NPE software image that includes Central Manager and Application Accelerator functionality. You can use this type of software file to upgrade a device operating in any device mode.
waas-accelerator-6.2.3.x-npe-k9.bin—Application Accelerator NPE software image that includes
Application Accelerator functionality only. You can use this type of software file to upgrade only an
Application Accelerator device. This software image file is significantly smaller than the Universal image. Kdump analysis functionality is not included in the Accelerator-only image.
•
waas-sre-installer-6.2.3.x-npe-k9.zip—SM-SRE install .zip file that includes all the NPE files necessary to install Cisco WAAS on the SM-SRE module.
The following additional files are also included:
•
•
waas-rescue-cdrom-6.2.3.x-npe-k9.iso—Cisco WAAS NPE software recovery CD image.
waas-x86_64-6.2.3.x-npe-k9.sysimg—Flash memory NPE recovery image for 64-bit platforms
(WAVE-294/594/694/7541/7571/8541).
•
•
waas-6.2.3.x-npe-k9.sysimg—Flash memory NPE recovery image for 32-bit platforms (all other devices).
waas-alarm-error-books-6.2.3.x-npe.zip—Contains the NPE alarm and error message documentation.
Cisco WAAS Appliance System Firmware Update
On Cisco Wide Area Application Engine (WAE) and Cisco Wide Area Application Virtualization Engine
(WAVE) appliances, we recommend that you update the following three types of system firmware to the latest version to best support new Cisco WAAS features.
This section has the following topics:
•
BIOS on the WAVE-294/594/694/7541/7571/8541 models. The latest BIOS is required for AppNav operation.
•
•
BMC firmware on the WAVE-294/594/694/7541/7571/8541 models. The latest BMC (Baseboard
Management Controller) firmware is required for Intelligent Platform Management Interface (IPMI) over LAN feature.
RAID Controller Firmware Update
RAID controller firmware on the WAVE-7541/7571/8541. The latest RAID (Redundant Array of
Independent Disks) controller firmware is recommended to avoid some rarely-encountered RAID controller issues.
4
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
New and Changed Features
BIOS Update
The latest BIOS is required for AppNav operation with a Cisco AppNav Controller Interface Module in
WAVE-594/694/7541/7571/8541 models. WAVE-294 models may also need a BIOS update.
Note
AppNav IOM is not supported in WAAS Software version 6.1.x and later.
WAVE-594/694/7541/7571/8541 appliances shipped from the factory with Cisco WAAS Version 5.0.1 or later have the correct BIOS installed. WAVE-294 appliances shipped from the factory with
Cisco WAAS Version 5.1.1 or later have the correct BIOS installed.
If you install a Cisco AppNav Controller Interface Module in a device that requires a BIOS update, the bios_support_seiom major alarm is raised, “I/O module may not get the best I/O performance with the installed version of the system BIOS firmware.”
To determine if a device has the correct BIOS version, use the show hardware command. The last three characters of the Version value, for example, “20a,” show the BIOS version installed on the device.
For the specific BIOS version required for WAVE-594/694 models, WAVE-7541/7571/8541 models, and
WAVE-294 models or if a BIOS firmware update is needed, you can download it from cisco.com at the
Cisco Wide Area Application Service (WAAS) Firmware download page ( registered customers only).
The firmware binary image for WAVE-294/594/694/7541/7571/8541 appliances is named waas6-bios-installer-20a-19a-13a-k9.bin.
You can use the following command to update the BIOS from the image file that is available through
FTP on your network:
copy ftp install ip-address remotefiledir waas6-bmc-installer-49a-49a-27a-k9.bin
Use the appropriate BIOS installer file for your appliance model.
The complete update process can take several minutes and the device may appear unresponsive but do not interrupt the process or power cycle the device. After the update is complete, you must reload the device.
After the device reboots, you can verify the firmware version by using the show hardware command.
BMC Firmware Update
IPMI over LAN requires that you install a specific BMC firmware version on the device. The minimum supported BMC firmware versions are as follows:
•
WAVE-294/594/694—49a
•
WAVE-7541/7571/8541—27a
Cisco WAAS appliances shipped from the factory with Cisco WAAS Version 4.4.5 or later have the correct firmware installed. If you are updating a device that was shipped with an earlier version of
Cisco WAAS software, you must update the BMC firmware, unless it was updated previously.
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
5
New and Changed Features
To determine if you are running the correct firmware version, use the show bmc info command. The following example displays the latest BMC firmware version installed on the device (49a here): wave# show bmc info
Device ID : 32
Device Revision : 1
Firmware Revision : 0.49
49
IPMI Version : 2.0
Manufacturer ID : 5771
Manufacturer Name : Unknown (0x168B)
Product ID : 160 (0x00a0)
Product Name : Unknown (0xA0)
Device Available : yes
Provides Device SDRs : no
Additional Device Support :
.
.
Sensor Device
SDR Repository Device
SEL Device
FRU Inventory Device
Aux Firmware Rev Info :
0x0b
0x0c
0x08
0x0a
<<<<<
.
If a BMC firmware update is needed, you can download it from cisco.com at the Cisco Wide Area
Application Service (WAAS) Firmware download page ( registered customers only). For example, if the firmware binary image is named waas-bmc-installer-49a-49a-27a-k9.bin, you can use the following command to update the firmware from the image file that is available through FTP on your network:
copy ftp install ip-address remotefiledir waas6-bmc-installer-49a-49a-27a-k9.bin
The update process automatically checks the health status of the BMC firmware. If the system detects that the BMC firmware is corrupted, BMC is recovered during the BMC firmware update procedure. The complete update process can take several minutes. If the device appears unresponsive, do not interrupt the process or power cycle the device. After the update is complete, you must reload the device.
After the device reboots, you can verify the firmware version by using the show bmc info command.
BMC recovery and BMC firmware update restores the factory defaults on the BMC and all the current
IPMI over LAN configurations are erased.
If the BMC firmware gets corrupted, a critical alarm is raised.
RAID Controller Firmware Update
We recommend that you upgrade to the latest RAID-5 controller firmware for your hardware platform, which can be found on cisco.com at the Cisco Wide Area Application Service (WAAS) Firmware download page ( registered customers only). The firmware differs depending on your hardware platform:
•
WAVE-7541/7571/8541—Update to the 12.12.0 (0060) RAID Controller Firmware (or later version).
The firmware binary image is named waas6-raid-fw-installer-12.12.0-0060-k9.bin. Instructions on how to apply the firmware update are posted on cisco.com together with the firmware in the file named M2_0060_FIRMWARE.pdf, which you can see when you hover the mouse over the firmware file.
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
6
New and Changed Features
Configuring ICA over Socket Secure (SOCKS) Server
This section has the following topics:
•
About ICA over SOCKS Optimization
•
•
Limitations of ICA over SOCKS Optimization
Configuration Procedure for Optimizing ICA over SOCKS
About ICA over SOCKS Optimization
In a typical deployment where NetScaler is deployed as a SOCKS proxy, the connections from the client go to the SOCKS server instead of the XenApp server.
Since the ICA optimizer accepts and intercepts only ICA and CGP packets, the packets with SOCKS headers are not recognized and the connection is handed off. The ICA traffic does not get optimized in such scenarios.
For WAAS Version 6.2.3b and later, the WAAS software supports optimizing ICA traffic redirected over
SOCKS proxy servers.
Limitations of ICA over SOCKS Optimization
ICA over SOCKS optimization has the following limitations:
•
The NetScaler gateway does not support non-default ports configured with Multi-Port Policy on
XenApp for Multi-Stream ICA (MSI).
•
The NetScaler gateway does not support SOCKS with ICA over SSL.
Additionally, the NetScaler gateway does not support SOCKS v4. so the current functionality supports only SOCKS v5.
Configuration Procedure for Optimizing ICA over SOCKS
To support optimizing ICA over SOCKS, perform the following steps:
Step 1
Step 2
Step 3
Step 4
Make the necessary changes in the NetScaler Gateway to enable the SOCKS proxy (Cache redirection server) and also make the equivalent/required changes on the StoreFront server along with updates to the default.ica file. Refer to Citrix NetScaler documentation for more information.
From the WAAS Central Manager menu, choose Devices > device-name (or Device Groups > device-group-name). Next choose Configure > Acceleration > Optimization Class-Map.
Edit the class-map named Citrix and add the required port number using the Add Match Condition option.
The port number added in the class-map should be the same as the one configured for the SOCKS proxy, on the NetScaler gateway. Note that in case the SOCKS proxy port is running on ICA or CGP ports i.e.
1494 or 2498, then the existing configuration need not be modified.
Select the branch device and make the necessary changes for the port number.
Alternately use the class-map type match-any citrix global configuration command to make these changes.
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
7
Interoperability and Support
Interoperability and Support
This section contains the following topics:
•
Hardware, Client, and Web Browser Support
•
•
Cisco WAAS Version Interoperability
Cisco WAAS and vWAAS Interoperability
•
•
•
•
Cisco WAAS, ISR-WAAS and IOS-XE Interoperability
Cisco AppNav and AppNav-XE Interoperability
Cisco WAAS, ASR/CSR, and IOS-XE Interoperability
Cisco WAAS Express Interoperability
•
•
•
•
Hardware, Client, and Web Browser Support
Table 1 lists the hardware, client, and web browser support for Cisco WAAS Software Version 6.2.3x
8
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Table 1 WAAS 6.2.3x Hardware, Client and Web Browser Support
Interoperability and Support
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
9
Interoperability and Support
Hardware support The Cisco WAAS software operates on these hardware platforms:
•
•
WAVE-294, 594, 694, 7541, 7571, 8541
SM-SRE-700/710, 900/910
•
•
•
•
ISR-WAAS-200, 750, 1300, 2500 vWAAS-150, 200, 750, 1300, 2500, 6000, 12000, 50000 on ESXi. For information on minimum ESXi version supported for each vWAAS model, see the
Cisco Virtual Wide Area Application Services Installation and Configuration Guide
.
vWAAS-150, vWAAS-200, 750, 1300, 2500, 6000, 12000, 50000 on
Microsoft Hyper-V. For information on the version of Windows supported for each vWAAS model on Microsoft Hyper-V, see the
Cisco
Virtual Wide Area Application Services Installation and Configuration
Guide
.
For WAAS Version 6.2.1 and later, vWAAS is supported on RHEL
KVM. For WAAS Version 6.2.3x and later, vWAAS is supported on
KVM on CentOS and Microsoft Azure.
For more information on vWAAS for RHEL KVM, KVM on CentOS, and vWAAS on Microsoft Azure, see the
Cisco Virtual Wide Area
Application Services Installation and Configuration Guide
.
Additionally, Cisco 880 Series, 890 Series, and ISR G2 routers running
Cisco WAAS Express are supported on the branch side (Cisco WAAS
Version 5.0.x or later is required on the data center side).
You must deploy the Cisco WAAS Central Manager on a dedicated device.
Web browser support The Cisco WAAS Central Manager GUI requires Internet Explorer Version
11, Windows Version 7 or later, Firefox Version 4 or later, Chrome Version
10 or later, or Safari version 5.x (only on Apple OS X) and the Adobe Flash
Player browser plug-in.
Note
For best results for Windows-based systems with WAAS, we recommend using FireFox as your browser.
•
•
For WAAS version 5.4.1 and later, you are no longer prompted to install the Google Frame plug-in when you access the Central Manager GUI using Internet Explorer. However, if Google Frame plug-in has already been installed earlier, IE will continue using it.
When using Internet Explorer, ensure that the Tools > Internet Options
> Advanced tab > Do not save encrypted pages to disk check box
(under Security) is checked. If this box is unchecked, some charts will not display.
Note
A known issue in Chrome Version 44.0 may prevent some WAAS
CM pages—including Device Listing, Reports, Software Update pages—from loading properly. In Chrome Version 43.0 all WAAS
CM pages work as expected.
10
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Interoperability and Support
Cisco WAAS Version Interoperability
Consider the following guidelines when operating a Cisco WAAS network that mixes Software Version
6.2.3x devices with devices running earlier software versions:
•
Cisco WAAS CM interoperability:
•
In a mixed version Cisco WAAS network, the Central Manager must be running the highest version of the Cisco WAAS software, and associated Cisco WAAS devices must be running Version 5.1.x or later.
Cisco WAAS system interoperability:
Cisco WAAS Version 6.2.3x is not supported running in a mixed version Cisco WAAS network in which any Cisco WAAS device is running a software version earlier than Version 5.1.x. Directly upgrading a device from a version earlier than Version 5.5.3 to 6.2.3x is not supported.
Cisco WAAS and vWAAS Interoperability
shows the default number of CPUs, memory capacity, disk storage and supported ISR platforms for ISR models.
shows the default number of CPUS, memory capacity and disk storage for vWAAS models.
Table 2
ISR Model
ISR-WAAS-200
ISR Models: CPUs, Memory, Disk Storage and Supported ISR Platforms
CPUs
1
Memory
3 GB
Disk Storage
151 GB
Supported ISR
Platform
ISR-4321
(for WAAS 5.x and 6.2.1)
ISR-WAAS-200
(for WAAS 6.2.3x and 6.3.1)
ISR-WAAS-750
1
2
4 GB
4 GB
151 GB
151 GB
ISR-4321
ISR-WAAS-1300
ISR-WAAS-2500
4
6
6 GB
8 GB
151 GB
338 GB
ISR-4351, ISR-4331,
ISR-4431, ISR-4451
ISR-4431, ISR-4451
ISR-4451
Note
For vWAAS with WAAS Version 6.2.3x or WAAS Version 6.3.1, ISR-4321 with profile ISR-WAAS-200,
ISR-WAAS RAM is increased from 3 GB to 4 GB. For this increase in ISR-WAAS RAM to be implemented, you must complete a new OVA deployment of WAAS version 6.2.3x or 6.3.1; the increase in ISR-WAAS RAM is not automatically implemented with an upgrade to WAAS 6.2.3x or 6.3.1.
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
11
Interoperability and Support
Table 3
vWAAS Model
vWAAS-150
(for WAAS Version 6.x) vWAAS-200
(for WAAS Version 5.x through 6.2.1) vWAAS-200
(for WAAS Version 6.2.3x and 6.3.1) vWAAS-750 vWAAS-1300 vWAAS-2500 vWAAS-6000 vWAAS-12000 vWAAS-50000
vWAAS Models: CPUs, Memory and Disk Storage
CPUs
1
1
1
2
2
4
4
4
8
Memory
3 GB
3 GB
4 GB
4 GB
6 GB
8 GB
11 GB
12 GB
48 GB
Disk Storage
160 GB
260 GB
260 GB
500 GB
600 GB
750 GB
900 GB
750 GB
1500 GB
Consider the following guidelines when using Cisco vWAAS with WAAS:
•
vWAAS and DRE partitions:
When you deploy vWAAS using OVAs older than the 6.2.3d version, DRE's ackq and plz partitions are not created as expected for vWAAS-6000, 12000, and 50000 models (they are created of lesser size and no alarms will be displayed to indicate the mismatch in partition sizes). Because of this, the connection flow for vWAAS will not be optimized by DRE after a certain period. To ensure DRE optimization for vWAAS, after deployment you must use the disk delete-data-partitions command to re-create these partitions for vWAAS.
If the vWAAS device is upgraded from pre-6.2.3d version to 6.2.3d or later versions, the WAAS alarm filesystem_size_mismatch is displayed; it indicates that the partition was not created as expected. To clear the alarm, use the disk delete-data-partitions command to re-create the DRE partitions.
If you deploy vWAAS with WAAS version 6.2.3d or later, an issue will not be seen. Here, partitions will be created as expected.
Note
The disk delete-data-partitions command will re-create the partition and leads to cache loss.
For more information on the disk delete-data-partitions command, see the
Cisco Wide Area
Application Services Command Reference
. For more information on DRE compression, see the
Cisco Wide Area Application Services Configuration Guide
.
Note
For vWAAS with WAAS Version 6.2.3x or WAAS Version 6.3.1, ISR-4321 with profile ISR-WAAS-200,
ISR-WAAS RAM is increased from 3 GB to 4 GB. For this increase in ISR-WAAS RAM to be implemented, you must complete a new OVA deployment of WAAS version 6.2.3x or 6.3.1; the increase in ISR-WAAS RAM is not automatically implemented with an upgrade to WAAS 6.2.3x or 6.3.1.
12
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Interoperability and Support
Note
When selecting the format in the vSphere Client for the virtual machine’s disks for vWAAS with
VMware vSphere ESXi, you must choose the Thick Provision Eager Zeroed disk format for vWAAS deployment; this is the format recommended with vWAAS deployment for a clean installation.
•
For vWAAS in Azure, the supported traffic interception method is PBR (Police-Based Routing); vWAAS in Azure does not support WCCP or AppNav interception methods.
Caution
Multiple deployments of vWAAS on the same Hyper-V host in parallel may cause unexpected results, due to availability of free space when creating VHDs. We recommend that you do not deploy multiple vWAAS on Hyper-V in parallel, unless you have verified that you have enough free disk space required for the respective vWAAS models.
•
•
For vWAAS with WAAS Version 6.1.x and later, the vWAAS and vCM devices require both virtual
(network) interfaces to be present, but both need not be active. If only one virtual interface is active, the vWAAS and vCM devices will not be operational after power up. For more information, see the
Cisco Virtual Wide Area Application Services Installation and Configuration Guide
.
To ensure reliable throughput with the following configuration—vWAAS on Windows Server 2012
R2 Hyper-V in Cisco UCS-E Series 160S-M3—we recommend that you do the following:
–
Upgrade to the latest UCS-E firmware (Version 3.1.2), available on the Cisco Download
Software Page for UCS E-Series Software, UCS E160S M3 Software .
–
Verify that you have installed the critical Windows Server updates, available on the Microsoft
Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 Update Rollup page. You can also obtain the standalone update package through the Microsoft Download Center by searching for
KB2887595.
Note
When upgrading vWAAS, do not upgrade more than five vWAAS nodes at the same time on a single
UCS box. Upgrading more than five vWAAS nodes at the same time may cause the vWAAS devices to go offline and diskless mode.
•
If the virtual host was created using an OVA file of vWAAS for WAAS Version 5.0 or earlier, and you have upgraded vWAAS within WAAS, you must verify that the SCSI Controller Type is set to
VMware Paravirtual. Otherwise, vWAAS will boot with no disk available and will fail to load the specified configuration.
If needed, change the SCSI controller type to VMware Paravirtual by following these steps:
a.
Power down the vWAAS.
b.
From the VMware vCenter, navigate to vSphere Client > Edit Settings > Hardware.
c.
Choose SCSI controller 0.
d.
From the Change Type drop-down list, verify that the SCSI Controller Type is set to VMware
Paravirtual. If this is not the case, choose VMware Paravirtual.
e.
Click OK.
f.
Power up the vWAAS, with WAAS Version 6.1.x or later.
For more information on setting the SCSI Controller Type and on the vWAAS VM installation procedure, see the
Cisco Virtual Wide Area Application Services Installation and Configuration
Guide
.
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
13
Interoperability and Support
Note
For a vCM-100 model used with the RHEL KVM or KVM on CentOS hypervisor, with the default memory size of 2 GB:
When you upgrade to WAAS Version 6.2.3x from an earlier version, or downgrade from WAAS Version
6.2.3x to an earlier version, and use either the restore factory-default command or the restore
factory-default preserve basic-config command, the vCM-100 may not come up due to GUID Partition
Table (GPT) boot order errors.
CAUTION: The restore factory-default command erases user-specified configuration information
stored in the flash image, including the starting configuration of the device, and also removes data from the disk, user-defined partitions, and the entire Central Manager database.
To resolve this situation, follow these steps:
1.
Power down the vWAAS using the virsh destroy vmname command or the virt manager.
2.
Power up the vWAAS using the virsh start vmname command or the virt manager.
This upgrade/downgrade scenario does not occur for vCM-100 models whose memory size is upgraded to 4 GB.
Cisco WAAS, ISR-WAAS and IOS-XE Interoperability
Table 4 shows Cisco WAAS, ISR-WAAS and IOS-XE Interoperability.
Table 4
ISR-Platform
ISR-4451
Cisco WAAS, ISR-WAAS and IOS-XE Interoperability
ISR-4431, 4351, 4331, 43216
Minimum ISR-WAAS
Version
5.2.1
5.4.1
Minimum IOS-XE
Version
3.10
3.13
Operating Guidelines for Cisco WAAS, ISR-WAAS and IOS-XE Interoperability
•
•
•
•
ISR4321-B/K9 is not supported for ISR-WAAS installation.
Activating ISR-WAAS after formatting the Cisco 4000 Series ISR-router bootflash:
After you format the Cisco 4000 Series ISR-router bootflash, you must reload the router to ensure a successful activation of ISR-WAAS. If you do not reload the ISR router after formatting the bootflash, you will be unable to activate ISR-WAAS. For more information on formatting the Cisco
4000 Series ISR router bootflash, see the
Configuration Guide for Integrated AppNav/AppNav-XE and ISR-WAAS on Cisco 4000 Series ISRs
.
For ISR-4321 with IOS-XE, used with WAAS Version 6.2.3c or 6.3.1:
You must complete a new OVA deployment of WAAS version 6.2.3c or 6.3.1 for this configuration to work successfully. This configuration will not automatically work after an upgrade to WAAS
Version 6.2.3c or 6.3.1 from WAAS Version 5.x or 6.x.
Using the intrusion detection and prevention system Snort with ISR-WAAS and ISR-4000 Series with a hard disk that is less than or equal to 200 GB:
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
14
Interoperability and Support
To ensure a successful WAAS installation of ISR-WAAS and Snort on an ISR router, you must install ISR-WAAS before you install Snort. If you do not follow this installation order, ISR-WAAS will not install and a disk error will be displayed.
Cisco AppNav and AppNav-XE Interoperability
Consider the following guidelines when deploying the Cisco AppNav solution, for AppNav and
AppNav-XE.
•
All Cisco WAAS nodes in an AppNav deployment must be running Cisco WAAS version 5.0 or later.
•
Cisco WAAS Express devices cannot operate as Cisco WAAS nodes in an AppNav deployment.
Note
WAAS Version 6.1.x and later does not support AppNav IOM.
•
•
All AppNav devices in a single cluster must be of the same exact type. This includes IOS-XE devices, down to memory and ESP configuration.
–
All Cisco ASRs (Aggregation Services Routers) in an AppNav Controller Group need to be the same model, with the same ESP (Embedded Services Processor) rate (in Gbps). For example, in an AppNav Controller Group, you cannot have one ASR-1006 40-Gbps ESP and one
ASR-1006 100-Gbps ESP.
–
The same principle is true for using the ISR (Integrated Services Router) 4000 series. You cannot have an ISR-4451 and an ISR-4321 in the same AppNav-XE cluster.
If you are connecting an AppNav Controller (ANC) to a Catalyst 6500 series switch and you have configured the ANC to use the Web Cache Communication Protocol (WCCP) with the L2 redirect method, do not deploy the ANC on the same subnet as the client computers. This configuration can cause packet loss due to a limitation of the Catalyst 6500 series switch.
Note
Although an IOS router can have a dot (“.”) in the hostname, this special character is not allowed in a WAAS device hostname. If you try to import an AppNav-XE device that has a dot in the hostname, the import will fail and the following error message is displayed:
Registration failed for the device devicename ConstraintException; Invalid AppNav-XE name: X.X since name includes invalid character ‘.’.
Cisco WAAS, ASR/CSR, and IOS-XE Interoperability
shows Cisco WAAS, ASR/CSR and IOS-XE Interoperability.
Table 5 Cisco WAAS, ASR/CSR, and IOS-XE Interoperability
WAAS Version
5.2.1
5.3.1, 5.3.3, 5.3.5a
5.3.5f
5.4.x
5.5.1
ASR/CSR Series
ASR-1000x/CSR-1000V
ASR-1000x/CSR-1000V
ASR-1000x/CSR-1000V
ASR-1000x/CSR-1000V
ASR-1000x/CSR-1000V
IOS-XE Version Supported
3.9
3.9-3.12
3.15.2, 3.16.01a, 3.16.2, 3.17
3.13
3.13-3.15
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
15
Interoperability and Support
WAAS Version
5.5.3
5.5.5,x
6.1.1a, 6.2.1x
6.2.3x
ASR/CSR Series
ASR-1000x/CSR-1000V
ASR-1000x/CSR-1000V
ASR-1000x/CSR-1000V
ASR-1000x/CSR-1000V
IOS-XE Version Supported
3.13-3.16
3.13-3.17
3.15.2, 3.16.01a, 3.16.2, 3.17
3.15.2, 3.16.01a, 3.16.2,
3.16.3, 3.17
Cisco WAAS Express Interoperability
Consider the following guideline when using Cisco WAAS Express devices in your Cisco WAAS network:
Note
When Cisco WAAS Express is used on the Cisco Integrated Services Router Generation 2 (ISR G2) with the Cisco VPN Internal Service Module (VPN-ISM) or with Group Encrypted Transport (GETVPN) enabled, the WAAS Express does not optimize FTP data.
To ensure that FTP data is optimized when WAAS Express is used with the Cisco ISR G2, use the ISR
G2's IOS crypto map software.
•
•
For a Cisco WAAS device running WAAS Version 6.x and a Cisco WAAS Express peer device running Cisco IOS Release 15.6(3)M, 15.6(2)T1 or later, TLS1 is supported, but SSL3 is removed.
Before upgrading WAAS Express to one of these IOS releases, configure TLS1 in the WAAS
Express Device Group > Peering Service page, and then upgrade the WAAS Express device to the specified IOS release.
When using a Cisco WAAS device running version 5.x and a Cisco WAAS Express peer device running Cisco IOS Release 15.2(2)T or earlier, connections originating from the Cisco WAAS device and sent to the Cisco WAAS Express peer are passed through instead of being optimized. We recommend upgrading to Cisco WAAS Express in Cisco IOS Release 15.2(3)T or later to take advantage of the latest enhancements.
Note
If you are upgrading the WAAS Express devices to IOS 15.3(3)M image, as part of the AppX/K9
(Application Experience) license support in WAAS Express IOS 15.3(3)M images, you need to upgrade the WAAS Central Manager to WAAS v5.3.1 or later, or else the devices will go offline.
Note
As listed in “Software Version 5.1.1 Open Caveats,” CSCug16298, “WAAS-X to WAAS 5.1.1 connections will be reset when using HTTP acceleration.” We recommend that you do not use HTTP
Application Optimizer (AO) between Cisco WAAS and Cisco WAAS Express unless you are running
Cisco IOS Release 15.3(1)T or later.
Table 6 lists the Cisco WAAS, WAAS Express and IOS Interoperability
16
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Interoperability and Support
Table 6 Cisco WAAS, WAAS Express and IOS Interoperability
WAAS Version WAAS Express Platform
5.2.1
89x,19xx, 29xx, 39xx
5.3.1
5.3.5x
5.4.1
5.5.x
6.1.x
6.2.x
89x,19xx, 29xx, 39xx
IOS Version Supported
15.2(4)M, 15.3(1)T
15.2(4)M, 15.3(1)T, 15.3(3)M, 15.4(2)T, 15.5(1)T,
15.5(2)T,
15.5(3)M, 15.6(1)T, 15.6(2)T
Note
39xxE series routers do not support WAAS Express.
WCCP Interoperability
Central Managers running Version 6.2.3x can manage WAEs running software Versions 5.x and later.
However, we recommend that all WAEs in a given WCCP service group be running the same version.
Note
All WAEs in a WCCP service group must have the same mask.
To upgrade the WAEs in your WCCP service group, follow these steps:
Step 1
Step 2
Step 3
Step 4
Step 5
You must disable WCCP redirection on the Cisco IOS router first. To remove the global WCCP configuration, use the following no ip wccp global configuration commands:
Router(config)# no ip wccp 61
Router(config)# no ip wccp 62
Perform the Cisco WAAS software upgrade on all WAEs using the Cisco WAAS Central Manager GUI.
Verify that all WAEs have been upgraded in the Devices pane of the Central Manager GUI. Choose
Devices to view the software version of each WAE.
If mask assignment is used for WCCP, ensure that all WAEs in the service group are using the same
WCCP mask value.
Reenable WCCP redirection on the Cisco IOS routers. To enable WCCP redirection, use the ip wccp global configuration commands:
Router(config)# ip wccp 61
Router(config)# ip wccp 62
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
17
Interoperability and Support
NTLM Interoperability
Cisco WAAS Version 5.1 and later do not support Windows domain login authentication using the
NTLM protocol. Therefore, upgrading from a Cisco WAAS Version earlier than Version 5.1 with the device configured with Windows domain login authentication using the NTLM protocol is blocked. You must change the Windows domain authentication configuration to use the Kerberos protocol before proceeding with the upgrade.
Follow these steps to change from NTLM to Kerberos Windows domain login authentication:
Step 1
Step 2
Step 3
Step 4
Step 5
Unconfigure Windows domain login authentication. You can do this from the Central manager in the
Configure > Security > AAA > Authentication Methods window.
Change the Windows domain configuration setting to use the Kerberos protocol. You can do this from
Central manager in the Configure > Security > Windows Domain > Domain Settings window. For more information, see “Configuring Windows Domain Server Authentication Settings” in the
“Configuring Administrative Login Authentication, Authorization, and Accounting” chapter of the
Cisco Wide Area Application Services Configuration Guide
.
Perform the Windows domain join again from the Central manager in the Configure > Security >
Windows Domain > Domain Settings window.
Configure Windows domain login authentication from the Central manager in the Configure >
Security > AAA > Authentication Methods window.
Upgrade your device.
Note
If you are upgrading the Central Manager itself from the GUI and the Windows domain login authentication on the Central Manager is configured to use the NTLM protocol, the upgrade fails with the following error logged in the device log:
Error code107: The software update failed due to unknown reason. Please contact Cisco TAC.
To view the device log for the Central Manager, choose the Central Manager device and then choose Admin > Logs > Device Logs. If you see this error, follow the steps above to change the
Central Manager device Windows domain login authentication from NTLM to Kerberos.
If you upgrade the Central Manager itself from the CLI and the upgrade fails due to NTLM being configured, you will get an appropriate error message. Once the Central Manager is upgraded to
Version 5.1, it can detect and display the reason for any upgrade failures for other devices.
Note
Cisco WAAS Version 5.1 and later do not support the Kerberos protocol running with a nonstandard port
(other than port 88). Upgrading from a Cisco WAAS Version earlier than 5.1 with the device configured with the Kerberos protocol on a nonstandard port is blocked. You must change the Kerberos server on your network to listen on port 88 and change the Kerberos configuration on the device to use port 88.
You can do this from the Central manager in the Configure > Security > Windows Domain > Domain
Settings window.
18
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Interoperability and Support
If you are trying to upgrade your device from the CLI and the upgrade fails due to NTLM configuration, then the kerberos_validation.sh script is installed on your device. This script can be used to verify that your network supports the Kerberos protocol before changing from NTLM to Kerberos. This script is not available if you are using the Central Manager to upgrade the device.
To run the script, follow these steps:
Step 1
(Optional) Run the Kerberos validation script command with the -help option to display the usage:
CM# script execute kerberos validation.sh -help
Step 2
Help:
This script does basic validation of Kerberos operation, when device is using NTLM protocol for windows-domain login authentication.
It can be used as a pre-validation before migrating from NTLM to Kerberos authentication method.
It does following tests:
1. Active Directory reachability test
2. LDAP server and KDC server availability test
3. KDC service functionality test
For this test to succeed device must have to join the domain before this test, if not have joined already.
4. Test for time offset between AD and Device (should be < 300s)
Script Usage: kerberos_validation.sh [windows-domain name]
For example if Device has joined cisco.com then you need to enter: kerberos_validation.sh cisco.com
Run the Kerberos validation script to verify that your network supports the Kerberos protocol before migrating from NTLM to Kerberos:
CM# script execute kerberos validation.sh windows_domain_name
WARNING: For windows authentication operation in 5.1.1, Device will use service on following ports.
Please make sure they are not blocked for outbound traffic.
==========================================================================================
53 UDP/TCP, 88 UDP/TCP, 123 UDP, 135 TCP, 137 UDP, 139 TCP, 389 UDP/TCP, 445 TCP,
464 UDP/TCP, 3268 TCP
Performing following tests on this device.
Test 1: Active Directory reachability test
Test 2: LDAP server and KDC server availability test
Test 3: KDC service functionality test
For this test to succeed device must have to join the domain before this test, if not have joined already.
Test 4: Test for time offset between AD and Device (should be < 300s)
Tests are in progress. It may take some time, please wait...
Test 1: Active Directory reachability test : PASSED
Test 2: LDAP server and KDC server availability test : PASSED
Test 3: KDC service functionality test : PASSED
Test 4: Test for time offset between AD and Device (should be < 300s) : PASSED
Validation completed successfully!
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
19
Upgrading from a Release Version to Version 6.2.3x
Step 3
Change the device Windows domain login authentication from NTLM to Kerberos and upgrade your device, as described in the first procedure in this section.
Citrix ICA Interoperability
Citrix ICA versions 7.x (XenApp and XenDesktop) contain changes affecting the optimization efficiency of WAAS compared to that achieved with Citrix ICA versions 6.x. To maximize the effectiveness of WAAS, the Citrix administrator should configure the following:
Adaptive Display: Disabled
Legacy Graphic Mode: Enabled
Upgrading from a Release Version to Version 6.2.3x
Upgrading to WAAS Version 6.2.3x is supported from WAAS Version 4.2.1 and later. For information on upgrade paths, see
Upgrade Paths and Considerations for Version 6.2.3x
To take advantage of new features and bug fixes, we recommend that you upgrade your entire deployment to the latest version. For an overview of the upgrade process from a release version to
Version 6.2.3xx, see
Workflow: Upgrading from a Release Version to Version 6.2.3x
.
This section contains the following topics:
•
Upgrade Paths and Considerations for Version 6.2.3x
•
•
Workflow: Upgrading from a Release Version to Version 6.2.3x
–
Upgrade Part 1: Create a Backup of the Primary WAAS CM Database
–
–
Upgrade Part 2: Upgrade the Standby WAAS CM
Upgrade Part 3: Upgrade the Primary WAAS CM
–
–
–
–
–
Upgrade Part 4: Upgrade the Branch WAE Devices
Upgrade Part 5: Upgrade the Data Center WAAS Software
Upgrade Part 6: Upgrade Each Data Center WAE
Upgrade Part 7: WCCP and Migration Processes
Upgrade Part 8: Post-Upgrade Tasks
Migrating a WAAS CM from an Unsupported to a Supported Platform
•
•
Migrating a Physical Appliance Being Used as a WAAS CM to a vCM
Ensuring a Successful RAID Pair Rebuild
For additional upgrade information and detailed procedures, refer to the
Cisco Wide Area Application
Services Upgrade Guide
.
Upgrade Paths and Considerations for Version 6.2.3x
This section contains the following topics:
•
•
•
Upgrade Paths for WAAS Version 6.2.3x
Upgrading from Cisco WAAS Version 5.x and Later to Version 6.2.3x
Upgrading from Cisco WAAS Version 4.2.x to Version 6.2.3x
20
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Upgrading from a Release Version to Version 6.2.3x
Upgrade Paths for WAAS Version 6.2.3x
Upgrading to WAAS Version 6.2.3x is supported from WAAS Version 4.2.x and later.
upgrade path for each of these versions.
Table 7
4.2.x
Upgrade Paths to WAAS Version 6.2.3x
Current WAAS Version
5.5.3 and later
4.3.x through 5.5.1
WAAS CM Upgrade Path
•
1.
2.
1.
2.
3.
Upgrade directly to 6.2.3x
Upgrade to 5.5.3, 5.5.5x
(5.5.5, 5.5.5a), or 5.5.7
Upgrade to 6.2.3x
Upgrade to version 4.3.x through 5.4.x
Upgrade to 5.5.3 or 5.5.5x
(5.5.5, 5.5.5a), or 5.5.7
Upgrade to 6.2.3x
WAAS Upgrade Path
•
Upgrade directly to 6.2.3x
1.
Upgrade to 5.5.3 or 5.5.5x
2.
Upgrade to 6.2.3x
1.
2.
3.
Upgrade to version 4.3.x through 5.4.x
Upgrade to 5.5.3 or 5.5.5x
Upgrade to 6.2.3x
Note
When you upgrade from WAAS Software Version 5.5.x to 6.2.3b, the expired SSL certificates do not get removed automatically and show up in the alarms.
Upgrading from Cisco WAAS Version 5.x and Later to Version 6.2.3x
This section contains the following topics:
•
•
WAAS Version 5.1 and Later: NTLM
WAAS Version 5.2 and Later: Usernames
•
•
•
WAAS Version 5.3 and Later: Name and Description Fields
WAAS Version 6.2.3x: vCM-100 with RHEL KVM or KVM on CentOS
WAAS Version 5.1 and Later: NTLM
Cisco WAAS Version 5.1 and later do not support NTLM Windows domain authentication or use of a nonstandard port (other than port 88) for Kerberos authentication.
•
•
Upgrading from a Cisco WAAS Version earlier than 5.1 is blocked if either of these configurations are detected. You must change these configurations and ensure that your domain controller is configured for Kerberos authentication before proceeding with the upgrade.
A script is provided to verify that your network supports Kerberos protocol before migrating from
NTLM. For more information, see
. If no application is using the unsupported configurations on the device, then remove the unsupported configurations to upgrade.
WAAS Version 5.2 and Later: Usernames
Cisco WAAS Version 5.2 and later restrict the characters used in usernames to letters, numbers, period, hyphen, underscore, and @ sign, and a username must start with a letter or number.
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
21
Upgrading from a Release Version to Version 6.2.3x
Any username not meeting these guidelines is prevented from logging in. Prior to upgrading the Central
Manager to Version 5.2 or later, we recommend that you change any such usernames to valid usernames to allow login.
For local users—Change usernames in the Central Manager Admin > AAA > Users page.
For remotely authenticated users—Change usernames on the remote authentication server.
Note
Prior to upgrading the Central Manager to Version 5.2 or later, we strongly encourage you to change any usernames that use restricted characters; however if you must maintain existing usernames unchanged, please contact Cisco TAC.
WAAS Version 5.3 and Later: Name and Description Fields
Cisco WAAS Version 5.3 and later restricts the use of characters in the name and description field to alphanumeric characters, periods (.), hyphens (-), underscores (), and blank spaces when you create custom reports. When you upgrade from Cisco WAAS Version 4.x and you have custom reports that have special characters in the name or description field, Cisco WAAS automatically removes the special characters from the report name and description, and logs the modification in the Centralized
Management System (CMS) logs.
WAAS Version 6.2.3x: vWAAS
When upgrading vWAAS, do not upgrade more than five vWAAS nodes at the same time on a single
UCS box. Upgrading more than five vWAAS nodes at the same time may cause the vWAAS devices to go offline and diskless mode.
WAAS Version 6.2.3x: vCM-100 with RHEL KVM or KVM on CentOS
If you upgrade to WAAS Version 6.2.3x, or downgrade from WAAS Version 6.2.3x to an earlier version, and use a vCM-100 model with the following parameters, the vCM-100 may not come up due to GUID
Partition Table (GPT) boot order errors.
•
•
•
vCM-100 has default memory size of 2 GB vCM-100 uses the RHEL KVM or KVM on CentOS hypervisor
You use either the restore factory-default command or the restore factory-default preserve
basic-config command
Note
The restore factory-default command erases user-specified configuration information stored in the flash image, including the starting configuration of the device, and also removes data from the disk, user-defined partitions, and the entire Central Manager database.
To resolve this situation, follow these steps:
1.
2.
Power down the vWAAS using the virsh destroy vmname command or the virt manager.
Power up the vWAAS using the virsh start vmname command or the virt manager.
This upgrade/downgrade scenario does not occur for vCM-100 models whose memory size is upgraded to 4 GB.
22
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Upgrading from a Release Version to Version 6.2.3x
Upgrading from Cisco WAAS Version 4.2.x to Version 6.2.3x
When you upgrade from Cisco WAAS Version 4.x, you must reconfigure the custom EPM policy for a device or device group. You must first restore the default policy setting by selecting the Restore default
Optimization Policies link for the device group in the Modifying Device Group window and then
Workflow: Upgrading from a Release Version to Version 6.2.3x
To upgrade from a Release Version to Version 6.2.3x, complete the tasks listed in
.
Table 8 Workflow: Upgrading from a Release Version to Version 6.2.3x
Workflow Task
•
Upgrade Part 1: Create a Backup of the Primary WAAS CM Database
Description
•
Before you start the upgrade process from a release version to Version 6.2.3x, create a backup of the primary WAAS CM database and save it to a remote location.
•
•
•
•
If your WAAS system has a standby WAAS CM, upgrade the standby WAAS CM before you upgrade the primary WAAS CM.
Upgrade the primary WAAS CM, including verifying that the new WAAS image is loaded correctly, verifying connectivity between WAAS CM and all
WAE devices, and verifying that all WAE devices are online.
•
•
•
3.
4.
Upgrade Part 4: Upgrade the Branch
Upgrade Part 5: Upgrade the Data
Upgrade Part 6: Upgrade Each Data
•
•
•
•
Upgrade the branch WAE devices, including verifying that new WAAS image is loaded correctly, verifying that correct licenses are installed, and saving the new configuration.
Upgrade the data center WAAS software, including upgrading each data center WAE device.
Upgrade each data center WAE device, including disabling and re-enabling WCCP
For information on the sets of tasks to enable and reconfigure WCCP, and information on configuring accelerators, switches and routers for migration, see the
Cisco Wide Area Application Services Upgrade
Guide
.
Upgrade Part 8: Post-Upgrade Tasks
•
After you complete the WAAS system upgrade to
Version 6.2.3x, perform tasks including clearing your browser cache, verifying licenses, and verifying proper configuration of applications accelerators, policies, and class maps.
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
23
Upgrading from a Release Version to Version 6.2.3x
Upgrade Part 1: Create a Backup of the Primary WAAS CM Database
This section has the following topics:
•
Prerequisite for Primary WAAS CM Database Backup
•
Creating a Primary WAAS CM Database Backup
Prerequisite for Primary WAAS CM Database Backup
Note the following different CMS database backup scenarios, depending on the size of /sw and /swstore:
•
If you are upgrading your vCM, vWAAS, ISR-WAAS, or SRE device from an earlier WAAS version to WAAS Version 6.2.3x, and the /sw and /swstore partition size is less than 2GB, you must back up the CMS database before creating a backup of the primary WAAS CM database, following the instructions described in the
note.
•
•
For devices using WAAS Version 5.x, the /sw and /swstore partition size is 1GB, so you must back up the CMS database, you must back up the CMS database before creating a backup of the primary
WAAS CM database, following the instructions described in the Caution note.
For devices using WAAS Version 6.x, the /sw and /swstore partition size is 2GB, so you do not need to create a backup of the CMS database before creating a backup of the primary WAAS CM database.
Caution
If you are upgrading your WAAS device from an earlier WAAS version to WAAS Version 6.2.3x, and
the /sw and /swstore partition size is less than 2 GB, it is crucial that you create a backup of the WAAS
CM database and save it to an external file (FTP/SFTP) before you upgrade to WAAS Version 6.2.3x.
The upgrade process on this type of configuration will automatically clear system and data partition, which will erase the WAAS CM database.
After upgrade is complete, restore the saved WAAS CM database to your system.
Creating a Primary WAAS CM Database Backup
Before upgrading to WAAS Version 6.2.3x, follow these steps to create a backup of the WAAS CM database:
Step 1
Step 2
Step 3
Step 4
Step 5
Use Telnet or SSH to access the primary WAAS CM IP address.
Create the database backup, using the cms database backup command: waas-cm# cms database backup
The cms database backup command displays the following information: creating backup file with label ‘backup’ backup file local1/filename filedate.dump is ready. use ‘copy’ command to move the backup file to a remote host.
Copy the backup database file to a remote location, using the copy disk command: waas-cm# copy disk ftp hostname ip-address remotefiledir remotefilename localfilename
Verify that the backup file was copied correctly by verifying file size and time stamp.
24
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Upgrading from a Release Version to Version 6.2.3x
Upgrade Part 2: Upgrade the Standby WAAS CM
Follow these steps to upgrade the standby WAAS CM, if present in your WAAS system.
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Use Telnet or SSH to access the standby WAAS CM IP address:
Copy the new software image to the standby WAAS CM with the WAAS CLI copy ftp command.
The following example shows the file in the root directory. Provide the correct path on your WAAS system, if different from the root directoy path.
wae# copy ftp install ftpserver / waas-image.bin
Reload the standby WAAS CM, using the reload command
Verify that the new image is loaded correctly, using the show version command.
To confirm connectivity, ping the primary WAAS CM and branch WAE devices.
Wait at least five minutes.
To ensure that the database has been synchronized, confirm the database last synchronization time, using the show cms info command.
From the primary WAAS CM, confirm that the status indicator for the standby WAAS CM is online and green.
Upgrade Part 3: Upgrade the Primary WAAS CM
Perform the following tasks before you upgrade the primary WAAS CM:
•
Before upgrading the primary WAAS CM, create a backup copy of the primary WAAS CM database.
For more information, see
Upgrade Part 1: Create a Backup of the Primary WAAS CM Database .
•
If your WAAS system has a standby WAAS CM, you must upgrade the standby WAAS CM before you upgrade the primary WAAS CM. For more information, see
Follow these steps to upgrade the primary WAAS CM.
Step 1
Step 2
Step 3
Use Telnet or SSH to access the primary WAAS CM IP address:
Copy the new software image to the primary WAAS CM, either from the WAAS CM or the CLI.
From the WAAS CM:
a.
b.
In the Standby WAAS CM, navigate to Admin > Versioning > Software Update.
From the Software Files listing, select the new software version.
c.
Click Submit.
From the CLI:
a.
Use the copy ftp command.
The following example shows the file in the root directory. Provide the correct path on your WAAS system, if different from the root directoy path.
wae# copy ftp install ftpserver / waas-image.bin
Copy the new Version 6.2.3x software image to the primary WAAS CM, using the copy ftp command:
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
25
Upgrading from a Release Version to Version 6.2.3x
wae# copy ftp install ftpserver / waas-image.bin
Note
This example shows the file in the root directory. Provide the correct path on your WAAS system, if different from the root directory path.
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Reload the primary WAAS CM, using the reload command
Verify that the new Version 6.2.3x image is loaded correctly, using the show version command.
To confirm connectivity, ping the standby WAAS CM (if present in your WAAS system) and branch
WAE devices.
Confirm that the CMS services are running, using the show cms info command.
Choose Devices > All Devices and verify that all WAE devices are online.
Choose Device Groups > AllWAASGroups > Assign Devices and verify that each WAE device is listed with a green check mark.
Upgrade Part 4: Upgrade the Branch WAE Devices
Before you upgrade the branch WAE devices, verify that you have completed the following tasks:
•
Created a backup copy of the primary WAAS CM database. For more information, see
1: Create a Backup of the Primary WAAS CM Database
.
•
•
Upgraded the standby WAAS CM, if one is present on your WAAS system. For more information, see
Upgrade Part 2: Upgrade the Standby WAAS CM .
Upgraded the primary WAAS CM. For more information, see
Upgrade Part 3: Upgrade the Primary
Follow these steps to upgrade the branch WAE devices.
Step 1
Step 2
Step 3
Step 4
Step 5
Access the primary WAAS CM GUI: https://cm-ip-address:8443
Verify that all WAE devices are online (displaying green).
Resolve any alarm conditions that may exist.
Copy the new software image to the branch WAE, either from the WAAS CM or the CLI.
From the WAAS CM:
a.
In the branch WAE, navigate to Admin > Versioning > Software Update.
b.
c.
From the Software Files listing, select the new software version.
Click Submit.
From the CLI:
a.
Use the copy ftp command. You can use either Universal or Accelerator-only images.
The following example shows the file in the root directory. Provide the correct path on your WAAS system, if different from the root directoy path.
wae# copy ftp install ftpserver / waas-image.bin
Reload the WAE using the reload command.
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
26
Upgrading from a Release Version to Version 6.2.3x
Step 6
Step 7
Step 8
Step 9
Step 10
Step 11
Step 12
Verify that the new Version 6.2.3x software image has installed correctly, using the show version command.
Verify that the correct licenses are installed, using the show license command.
If you have purchased an Enterprise license and have enabled it, proceed to Step 10 .
If you have purchased an Enterprise license and have not yet enabled it, perform the following tasks:
a.
Clear the Enterprise license, using the clear license transport command.
b.
Add the Enterprise license, using the license add enterprise command.
Save the changed configuration, using the copy running-config startup-config command.
From the primary WAAS CM, choose Devices > branchWAE, to verify that the WAE device is online and has a green status.
Verify the following WAE device functionalities:
a.
b.
If you are using WCCP for traffic interception, verify that WCCP is working properly, using the
show running -config wccp command.
(Optional) Confirm that flows are being optimized, using the show statistics connection command.
c.
1.
Confirm that the Enterprise license is enabled, using the show license command.
If you have purchased the Enterprise license and it is enabled, proceed to
If you have purchased an Enterprise license and have not yet enabled it, perform the following tasks:
Clear the Transport license, using the clear license transport command.
2.
3.
Add the Enterprise license, using the license add enterprise command.
Save the changed configuration, using the copy running-config startup-config command.
The branch WAE devices within the active WAAS network are now upgraded to the current WAAS
Version 6.2.3x.
Upgrade Part 5: Upgrade the Data Center WAAS Software
Follow these steps to upgrade the data center WAAS software.
Step 1
Step 2
Step 3
Step 4
Access the primary WAAS CM GUI: https://cm-ip-address:8443
Verify that all WAE devices are online (displaying green).
Resolve any alarm conditions that may exist.
Upgrade each data center WAE (
Upgrade Part 6: Upgrade Each Data Center WAE ).
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
27
Upgrading from a Release Version to Version 6.2.3x
Note
For deployments using WCCP as the traffic interception method, each data center WAE is automatically removed from the interception path. If your deployment does not use WCCP, use one of the following methods to remove each data center WAE from the interception path during the upgrade process:
For an inline deployment, use the interface InlineGroup slot/grpnumber shutdown global configuration command to bypass traffic on the active inline groups.
For a deployment using serial inline cluster, shut down the interfaces on the intermediate WAE in the cluster, then shut down the interfaces on the optimizing WAE in the cluster.
Upgrade Part 6: Upgrade Each Data Center WAE
Follow these steps to upgrade each data center WAE.
Step 1
Step 2
Use the following sequence of commands to disable WCCP on the WAE and allow a graceful termination of existing TCP flows that are optimized by WAAS:
a.
Disable WCCP with the no wccp tcp-promiscuous service-pair serviceID serviceID global configuration command.
b.
c.
Wait until the countdown expires, or use CTL-C to skip the countdown.
Verify that WCCP is disabled, using the show wccp status command.
d.
Save the changed configuration, using the copy running-config startup-config command.
(Optional) Disable WCCP on the intercepting router or switch, using the no ip wccp global configuration command.
Note
We recommend this step only if the Cisco IOS release on the router or switch has not been scrubbed for WCCP issues for your specific platform.
Step 3
Step 4
Step 5
(Optional) Verify that WCCP is disabled, using the show ip wccp command, if you have used
Upgrade the data center WAE software:
Copy the new software image to the data center WAE, either from the WAAS CM or the CLI.
From the WAAS CM:
a.
In the data center WAE, navigate to Admin > Versioning > Software Update.
b.
c.
From the Software Files listing, select the new software version.
Click Submit.
From the CLI:
a.
Use the copy ftp command. You can use either Universal or Accelerator-only images.
The following example shows the file in the root directory. Provide the correct path on your WAAS system, if different from the root directoy path.
wae# copy ftp install ftpserver / waas-image.bin
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
28
Upgrading from a Release Version to Version 6.2.3x
Step 6
Step 7
Step 8
Step 9
Step 10
Step 11
Step 12
Step 13
Reload the WAE using the reload command.
Verify that the new Version 6.2.3x software image has installed correctly, using the show version command.
Verify that WCCP is disabled, using the show wccp status command.
Save the changed configuration, using the copy running-config startup-config command.
From the primary WAAS CM, choose Devices > branchWAE, to verify that the WAE device is online and has a green status.
(Optional) Enable WCCP on all intercepting routers or switches in the list, if you have used
.
a.
Telnet to each core router or switch.
b.
Enable WCCP, using the ip wccp 61 redirect-list acl-name command and the ip wccp 62
redirect-list acl-name command.
•
WCCP Service ID 61—Source IP address. The WCCP Service ID (service group) is applied closest to the LAN interface.
•
•
WCCP Service ID 62—Destination IP address. The WCCP Service ID (service group) is applied closest to the WAN interface.
You can change the WCCP redirect list as needed by changing the redirect in/out statement.
Verify the following WAE device functionalities:
a.
Enable WCCP, using the wccp tcp-promiscuous service-pair serviceID serviceID global configuration command. If you are using WCCP single-service, use the wccp tcp-promiscuous
serviceID global configuration command.
b.
c.
d.
e.
Verify that redirecting router IDs are seen, using the show wccp routers command.
Verify that all WAEs in the cluster are seen, using the show wccp clients command.
Verify that the packet count to the WAE is increasing and no loops are detected, using the show wccp
statistics command.
Verify that the buckets assigned for Service Group 61 match those of Service Group 62, and are assigned to the WAE, using the show wccp flows tcp-promiscuous detail command.
f.
g.
Verify that flows are being optmized, using the show statistics connection command.
If you are using WCCP for traffic interception, verify that WCCP is working properly, using the
show running -config wccp command.
Each data center WAE within the active WAAS network is now upgraded to the current WAAS Version
6.2.3x.
Upgrade Part 7: WCCP and Migration Processes
For information on the sets of tasks to enable and reconfigure WCCP, and information on configuring accelerators, switches and routers for migration, see the
Cisco Wide Area Application Services Upgrade
Guide
.
Upgrade Part 8: Post-Upgrade Tasks
Perform the following tasks after you have completed the upgrade to WAAS Version 6.2.3x:
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
29
Upgrading from a Release Version to Version 6.2.3x
•
•
•
•
•
•
After upgrading a Central Manager, you must clear your browser cache, close the browser, and restart the browser before reconnecting to the Central Manager.
After upgrading application accelerator WAEs, verify that the proper licenses are installed by using the show license EXEC command. The Transport license is enabled by default. If any of the application accelerators were enabled on the device before the upgrade, you should enable the
Enterprise license. Configure any additional licenses as needed by using the license add EXEC command. For more information on licenses, see the “Managing Software Licenses” section in the
Cisco Wide Area Application Services Configuration Guide
. a;lkdsjhf;laksjf
After upgrading application accelerator WAEs, verify that the proper application accelerators, policies, and class maps are configured. For more information on configuring accelerators, policies, and class maps, see the “Configuring Application Acceleration” chapter in the
Cisco Wide Area
Application Services Configuration Guide
.
If you use the setup utility for basic configuration after upgrading to 6.2.3x, WCCP router list 7 is used. Because the setup utility is designed for use on new installations, any existing configuration for WCCP router list 7 is replaced with the new configuration.
If you have two Central Managers that have secure store enabled and you have switched primary and standby roles between the two Central Managers, before upgrading the Central Managers to Version
6.2.3x, you must reenter all passwords in the primary Central Manager GUI. The passwords that need to be reentered include user passwords. If you do not reenter the passwords, after upgrading to
Version 6.2.3x, the Central Manager fails to send configuration updates to WAEs and the standby
Central Manager until after the passwords are reentered.
If you use the setup utility for basic configuration after upgrading to 6.2.3x, WCCP router list 7 is used. Because the setup utility is designed for use on new installations, any existing configuration for WCCP router list 7 is replaced with the new configuration.
Migrating a WAAS CM from an Unsupported to a Supported Platform
If you have a Cisco WAAS Central Manager that is running on a hardware platform that is unsupported in Version 6.1 and later (such as a WAE-274/474/574/674/7341/7371), you are not allowed to upgrade the device to Version 6.1 or later. You must migrate the WAAS CM to a supported platform by following the procedure in this section, which preserves all of the WAAS CM configuration and database information.
Caution
Database backup is intended for recovery of the current WAAS CM only. Restoring to a different device will retain the device identity and will not allow you to re-use the current hardware in a different role. If you want to migrate the service to a new device, register the device as a standby WAAS CM first, and then change its role after database synchronization.
Follow these steps to migrate a primary WAAS CM from an unsupported platform to a platform that is supported for WAAS Version 6.2.3x:
Step 1
From the primary Central Manager CLI, create a database backup by using the cms database backup
EXEC command. Move the backup file to a separate device by using the copy disk ftp command.
CM# cms database backup
Creating database backup file backup/cms-db-03-18-2016-15-08_5.0.1.0.15.dump
Backup file backup/cms-db-03-18-2016-15-08_5.0.1.0.15 is ready.
Please use `copy' commands to move the backup file to a remote host.
CM# cd /local1/backup
CM# copy disk ftp 10.11.5.5 / cm-backup.dump cms-db-03-18-2016-15-08_5.0.1.0.15.dump
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
30
Upgrading from a Release Version to Version 6.2.3x
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Display and write down the IP address and netmask of the Central Manager.
CM# show running-config interface primary-interface GigabitEthernet 1/0
!
interface GigabitEthernet 1/0
ip address 10.10.10.25 255.255.255.0
exit interface GigabitEthernet 2/0
shutdown
exit
!
Shut down all the interfaces on the primary Central Manager.
CM# configure
CM(config)# interface GigabitEthernet 1/0 shutdown
Replace the existing Central Manager device with a new hardware platform that can support
Cisco WAAS Version 6.1. Ensure that the new Central Manager device is running the same software version as the old Central Manager.
Configure the new Central Manager with the same IP address and netmask as the old Central Manager.
You can do this in the setup utility or by using the interface global configuration command.
newCM# configure newCM(config)# interface GigabitEthernet 1/0 ip address 10.10.10.25 255.255.255.0
Copy the backup file created in Step 1 from the FTP server to the new Central Manager.
newCM# copy ftp disk 10.11.5.5 / cm-backup.dump cms-db-03-18-2016-15-08_5.0.1.0.15.dump
Restore the database backup on the new Central Manager by using the cms database restore command.
Use option 1 to restore all CLI configurations.
newCM# cms database restore backup/cms-db-03-18-2016-15-08_5.0.1.0.15.dump
Backup database version is from an earlier version than the current software version.
Restored data will be automatically upgraded when cms services are enabled.
Restoring the backed up data. Secure-Store will be re-initialized.
Successfully migrated key store
***** WARNING : If Central Manager device is reloaded, you must reopen Secure Store with the correct passphrase. Otherwise Disk encryption, SSL, AAA and other secure store dependent features may not operate properly on WAE(s).*****
Successfully restored secure-store. Secure-store is initialized and opened.
Overwrite current key manager configuration/state with one in backup (yes|no) [no]?yes
Restoring CLI running configuration to the state when the backup was made. Choose type of restoration.
1. Fully restore all CLI configurations.
2. Partially restore CLI configurations, omitting network configuration settings.
3. Do not restore any CLI configurations from the backup.
Please enter your choice : [2] 1
Please enable the cms process using the command 'cms enable' to complete the cms database restore procedure.
Database files and node identity information successfully restored from file
`cms-db-03-18-2016-15-08_5.0.1.0.15.dump'
Step 8
Step 9
Enable the CMS service.
newCM# configure newCM(config)# cms enable
Verify that the Central Manager GUI is accessible and all Cisco WAAS devices are shown in an online state in the Devices window.
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
31
Upgrading from a Release Version to Version 6.2.3x
Step 10
(Optional) If you have a standby Central Manager that is running on unsupported hardware and is registered to the primary Central Manager, deregister the standby Central Manager.
standbyCM# cms deregister
Step 11
Step 12
Step 13
Upgrade the primary Central Manager to Cisco WAAS Version 6.2.3x. You can use the Central Manager
Software Update window or the copy ftp install command.
Verify that the Central Manager GUI is accessible and all Cisco WAAS devices are shown in an online state in the Devices window.
(Optional) Register a new standby Central Manager that is running Cisco WAAS Version 5.1.x or later.
.
.
.
newstandbyCM# configure newstandbyCM(config)# device mode central-manager newstandbyCM(config)# exit newstandbyCM# reload
Wait for the device to reload, change the Central Manager role to standby, and register the standby
Central Manager to the primary Central Manager.
newstandbyCM# configure newstandbyCM(config)# central-manager role standby newstandbyCM(config)# central-manager address 10.10.10.25 newstandbyCM(config)# cms enable
Migrating a Physical Appliance Being Used as a WAAS CM to a vCM
Follow these steps to migrate a physical appliance being used as a primary WAAS CM to a vCM:
Step 1
Step 2
Step 3
Step 4
Introduce vCM as the Standby Central Manager by registering it to the Primary Central Manager.
Configure both device and device-group settings through Primary CM and ensure that devices are getting updates. Wait for two to three data feed poll rate so that the Standby CM gets configuration sync from the Primary CM.
Ensure that the Primary CM and Standby CM updates are working.
Switch over CM roles so that vCM works as Primary CM. For more information, see the “Converting a
Standby Central Manager to a Primary Central Manager” section of the
Cisco Wide Area Application
Services Configuration Guide .
32
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Downgrading from Version 6.2.3x to a Previous Version
Ensuring a Successful RAID Pair Rebuild
RAID pairs rebuild on the next reboot after you use the restore factory-default command, replace or add a hard disk drive, delete disk partitions, or reinstall Cisco WAAS from the booted recovery
CD-ROM.
Caution
You must ensure that all RAID pairs are done rebuilding before you reboot your WAE device. If you reboot while the device is rebuilding, you risk corrupting the file system.
To view the status of the drives and check if the RAID pairs are in “NORMAL OPERATION” or in
“REBUILDING” status, use the show disk details command in EXEC mode. When you see that RAID is rebuilding, you must let it complete that rebuild process. This rebuild process may take several hours.
If you do not wait for the RAID pairs to complete the rebuild process before you reboot the device, you may see the following symptoms that could indicate a problem:
•
The device is offline in the Central Manager GUI.
•
•
CMS cannot be loaded.
Error messages say that the file system is read-only.
•
The syslog contains errors such as “Aborting journal on device md2,” “Journal commit I/O error,”
“Journal has aborted,” or “ext3_readdir: bad entry in directory.”
Other unusual behaviors occur that are related to disk operations or the inability to perform them.
•
If you encounter any of these symptoms, reboot the WAE device and wait until the RAID rebuild finishes normally.
Downgrading from Version 6.2.3x to a Previous Version
This section contains the following topics:
•
Downgrading the WAAS System from Version 6.2.3x to a Previous Version
•
Downgrading the WAAS CM from Version 6.2.3x to a Previous Version
Downgrading the WAAS System from Version 6.2.3x to a Previous Version
This section contains the following topics:
•
•
Downgrade Component and Data Considerations
Downgrade Path Considerations
•
•
Downgrading from 6.2.3x is supported to 6.2.1x, 6.1.1a, 6.1.1, 5.5.7, 5.5.5a, 5.5.5 and 5.5.3.
Downgrading directly from 6.x to a version earlier than 5.5.3 is not supported.
On the Cisco 4451-X Integrated Services Router running ISR-WAAS, downgrading to a version earlier than 5.2.1 is not supported.
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
33
Downgrading from Version 6.2.3x to a Previous Version
•
•
•
•
On the UCS E-Series Server Module installed in a Cisco ISR G2 Router and running vWAAS, downgrading to a version earlier than 5.1.1 is not supported. On the UCS E-Series Server Module installed in the Cisco 4451-X Integrated Services Router and running vWAAS, downgrading to a version earlier than 5.2.1 is not supported. On other vWAAS devices you cannot downgrade to a version earlier than 4.3.1.
On WAVE-294/594//8541 models with solid state drives (SSDs) you cannot downgrade to a version earlier than 5.2.1.
On WAVE-694 model with solid state drives (SSDs), you cannot downgrade to a version earlier than
5.5.1.
On vCM-500/vCM-1000, you cannot downgrade to a version earlier than 5.5.1.
Downgrade Component and Data Considerations
•
•
•
•
•
Locked-out user accounts are reset upon a downgrade.
Any reports and charts that are not supported in the downgrade version are removed from managed and scheduled reports when you downgrade to an earlier version. Any pending reports that were carried forward from an upgrade from a version earlier than 5.0 are maintained.
When downgrading to a version earlier than 4.4.1, the DRE cache is cleared and the DRE caching mode for all application policies is changed to bidirectional (the only available mode prior to 4.4.1).
Before downgrading a WAE, we recommend that you use the Central Manager GUI to change all policies that are using the new Unidirectional or Adaptive caching modes to the Bidirectional caching mode.
Current BMC (Baseboard Management Controller) settings are erased and restored to factory default settings when you downgrade Cisco WAAS to a version earlier than 4.4.5.
If you have configured disk cache for ISR-WAAS device, downgraded from 6.2.3x to 5.5.3, and then restore rollback to 6.1.1x, you must reload the disk cache configuration for the new configuration to take effect. If you do not perform a reload after the rollback to 6.2.3x, the new configuration will not take effect, and output from the show disks cache-details command will display the error message "Disk cache has been configured. Please reload for the new configuration to take effect."
Downgrading the WAAS CM from Version 6.2.3x to a Previous Version
This section has the following topics:
•
•
•
WAAS CM Downgrade Path Considerations
WAAS CM Downgrade Procedure Considerations
Procedure for Downgrading the WAAS CM to a Previous Version
WAAS CM Downgrade Path Considerations
•
•
•
Downgrading from 6.2.3x WAAS CM directly to a version earlier than Version 5.5.3 is blocked.
If the 6.2.3x WAAS CM is downgraded to a version earlier than 5.2.1, it can no longer manage
AppNav-XE clusters and devices and all related configuration records are removed.
When downgrading a 6.2.3x WAAS CM to a version earlier than 4.4.1, and secure store is in auto-passphrase mode, the downgrade is blocked. You must switch to user-passphrase mode before you can downgrade to a software version that does not support auto-passphrase mode.
34
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Downgrading from Version 6.2.3x to a Previous Version
WAAS CM Downgrade Procedure Considerations
•
As it applies to your WAAS CM and the current version of your WAAS system, perform the following tasks before a WAAS CM downgrade:
–
–
If you have a standby Central Manager, it must be registered to the primary Central Manager
before the downgrade.
Prior to downgrading the WAAS CM to a version up to 5.2.1, you must remove Backup WNG from the AppNav-XE cluster and verify that the WAAS CM and AppNav-XE device are in sync.
–
Before downgrading to a version earlier than 4.4.1, we recommend that you change the following WCCP parameters, if they have been changed from their default values:
——Change service IDs back to their default values of 61 and 62.
——Change the failure detection timeout back to the default value of 30 seconds.
Note
Only these WCCP default values are supported in versions prior to 4.4.1; any other values are lost after the downgrade. If a WAE is registered to a Central Manager, it is configured with the default service IDs of 61 and 62 after it is downgraded and comes back online.
•
•
Each of the following WAAS CM downgrade procedures requires a particular task sequence:
–
–
If the WAAS CM is downgraded to a version up to 5.2.1 and if the AppNav-XE cluster has more than 32 WAAS nodes: prior to downgrade, we recommend that you reduce the number of WAAS nodes to a maximum of 32 WAAS nodes.
When downgrading Cisco WAAS devices, first downgrade application accelerator WAEs, then the standby Central Manager (if you have one), and lastly the primary Central Manager.
When downgrading an AppNav Controller device to a version earlier than 5.0.1, you must perform the following tasks:
1.
Deregister the device from the WAAS CM.
2.
3.
4.
Change the device mode to application-accelerator.
Downgrade the device.
Re-register the device (or, alternatively, you can reregister the device before downgrading).
If you do not deregister the device before downgrading, the device goes offline and the device mode is not set correctly. In that case, use the cms deregister force EXEC command to deregister the device and then reregister it by using the cms enable global configuration command.
Note
All Cisco WAAS nodes in an AppNav deployment must be running Cisco WAAS version 5.0 or later.
Procedure for Downgrading the WAAS CM to a Previous Version
To downgrade the Cisco WAAS Central Manager (not required for WAE devices), follow these steps:
Step 1
(Optional) From the Central Manager CLI, create a database backup by using the cms database backup
EXEC command. Move the backup file to a separate device by using the copy disk ftp command.
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
35
Cisco WAE and WAVE Appliance Boot Process
Step 2
CM# cms database backup
Creating database backup file backup/cms-db-03-18-2016-15-08_5.0.1.0.15.dump
Backup file backup/cms-db-02-18-2016-15-08_5.0.1.0.15 is ready.
Please use `copy' commands to move the backup file to a remote host.
CM# cd /local1/backup
CM# copy disk ftp 10.11.5.5 / 06-28-backup.dump cms-db-03-18-2016-15-08_5.0.1.0.15.dump
Install the downgrade Cisco WAAS software image by using the copy ftp install EXEC command.
CM# copy ftp install 10.11.5.5 waas/4.4 waas-universal-4.4.5c.4-k9.bin
Note
After downgrading a WAAS CM, you must clear your browser cache, close the browser, and restart the browser before reconnecting to the Central Manager.
Step 3
Reload the device.
Note
Downgrading the database may trigger full updates for registered devices. In the WAAS CM GUI, ensure that all previously operational devices come online.
Cisco WAE and WAVE Appliance Boot Process
To monitor the boot process on Cisco WAE and WAVE appliances, connect to the serial console port on the appliance as directed in the Hardware Installation Guide for the respective Cisco WAE and WAVE appliance.
Cisco WAE and WAVE appliances may have video connectors that should not be used in a normal operation. The video output is for troubleshooting purposes only during BIOS boot and stops displaying output as soon as the serial port becomes active.
Operating Considerations
This section includes operating considerations that apply to Cisco WAAS Software Version 6.2.3x:
•
•
Central Manager Report Scheduling
In the Cisco WAAS Central Manager, we recommend running system wide reports in device groups of 250 devices or less, or scheduling these reports at different time intervals, so multiple system wide reports are not running simultaneously and do not reach the limit of the HTTP object cache.
Cisco WAAS Express Policy Changes
Making policy changes to large numbers of Cisco WAAS Express devices from the Central Manager may take longer than making policy changes to Cisco WAAS devices.
•
HTTP Object Cache and Akamai Connect
HTTP application optimization with Akamai Connect (HTTP object cache) may deliver unexpected
HTTP objects to a client, which may create a risk of delivering malicious content. This scenario can occur after a different—erroneously configured, or otherwise failing—client device has retrieved the object with a matching URL from an invalid HTTP server. A check for this scenario will be implemented in a future WAAS release.
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
36
Operating Considerations
Device Group Default Settings
When you create a device group in WAAS Version 6.2.3x, the Configure > Acceleration > DSCP
Marking page is automatically configured for the group, with the default DSCP marking value of copy.
•
Using Autoregistration with Port-Channel and Standby Interfaces
Autoregistration is designed to operate on the first network interface and will not work if this interface is part of a port-channel or standby. Do not enable the auto-register global configuration command when the interface is configured as part of a port-channel or standby group.
CIFS Support of FAT32 File Servers
The CIFS accelerator does not support file servers that use the FAT32 file system. You can use the policy rules to exclude from acceleration any file servers that use the FAT32 file system.
Using the HTTP Accelerator with the Cisco ASR 1000 Series Router and
WCCP
When using the Cisco ASR 1000 Series router and WCCP to redirect traffic to a WAE that is using
WCCP GRE return as the egress method and the HTTP accelerator is enabled, there may be an issue with
HTTP slowness due to the way the ASR router handles proxied HTTP connections (see CSCtj41045 ).
To work around this issue, on the ASR router, create a web cache service in the same VRF as that of the
61/62 service by using the following command: ip wccp [vrf vrf-name] web-cache
•
•
Disabling WCCP from the Central Manager
If you use the Central Manager to disable WCCP on a Cisco WAAS device, the Central Manager immediately shuts down WCCP and closes any existing connections, ignoring the setting configured by the wccp shutdown max-wait global configuration command (however, it warns you). If you want to gracefully shut down WCCP connections, use the no enable WCCP configuration command on the Cisco WAAS device.
Changing Device Mode To or From Central Manager Mode
If you change the device mode to or from Central Manager mode, the DRE cache is erased.
•
•
•
TACACS+ Authentication and Default User Roles
If you are using TACACS+ authentication, we recommend that you do not assign any roles to the default user ID, which has no roles assigned by default. If you assign any roles to the default user, external users that are authenticated by TACACS+ and who do not have the waas_rbac_groups attribute defined in TACACS+ (meaning they are not assigned to any group) can gain access to all the roles that are assigned to the default user.
Internet Explorer Certificate Request
If you use Internet Explorer to access the Central Manager GUI Version 4.3.1 or later and Internet
Explorer has personal certificates installed, the browser prompts you to choose a certificate from the list of those installed in the personal certificate store. The certificate request occurs to support Cisco
WAAS Express registration and is ignored by Internet Explorer if no personal certificates are installed. Click OK or Cancel in the certificate dialog to continue to the Central Manager login page. To avoid this prompt, remove the installed personal certificates or use a different browser.
Default Settings with Mixed Versions
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
37
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
If a Central Manager is managing Cisco WAAS devices that have different versions, it is possible that a feature could have different default settings in those different versions. If you use the Central
Manager to apply the default setting for a feature to mixed devices in a device group, the default for the Central Manager version is applied to all devices in the group.
Software Version 6.2.3x Resolved and Open Caveats, and
Command Changes
This section contains the resolved caveats, open caveats, and command changes in Software Version
6.2.3x, fixed and known and contains the following topics:
•
Cisco WAAS Software Version 6.2.3d Resolved Caveats
•
•
•
•
Cisco WAAS Software Version 6.2.3d Open Caveats
Cisco WAAS Software Version 6.2.3c Resolved Caveats
Cisco WAAS Software Version 6.2.3c Open Caveats
Cisco WAAS Software Version 6.2.3b Resolved Caveats
•
•
•
•
•
•
•
Cisco WAAS Software Version 6.2.3b Open Caveats
Cisco WAAS Software Version 6.2.3a Resolved Caveats
Cisco WAAS Software Version 6.2.3a Open Caveats
Cisco WAAS Software Version 6.2.3 Resolved Caveats
Cisco WAAS Software Version 6.2.3 Open Caveats
Cisco WAAS Software Version 6.2.3 Command Changes
Cisco WAAS Software Version 6.2.3d Resolved Caveats
The following caveats, impacting earlier software versions of WAAS, were resolved in Software Version
6.2.3d.
Caveat ID
Number Description
CSCvd81077 httpcache service died multiple times
CSCvf21935 httpcache service has been disabled with akamai enabled
CSCve79892 Observed HTTP traffic-interruption in Branch due to malformed http request
CSCvf53563 Traffic_server process restarted while accessing corrupted gzip file
CSCvf42490 Flow segment is not released by HTTP AO while running single-sided Https traffic via
Proxy
CSCve59122 HTTP AO restarted while running sharepoint traffic
CSCvf35961 HTTP AO service died due to http traffic run
CSCve20802 Stuck connections observed due to sendsocket event
CSCve71887 SCCM/PXE traffic interrupted while WAAS is in the path
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
38
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
Caveat ID
Number Description
CSCve74457 Core dump seen in ICA AO and restarted
CSCve72253 Rarely Core dump generated for MAPI AO with RPCHTTP(s) traffic
CSCva52094 SR-Server CORE observed reactivating ISR WAAS with Hostname change
CSCvd08821 Stuck Connection with TM, under load conditions for MAPI-RPCHTTP Traffic
CSCve05349 Akamai status going to ERROR state while clicking on ovverride group settings button from CM GUI
CSCvd68640 Akamai Status to added in GUI as "Pending with reload" when reload is required manually
CSCvd87574 Cisco Wide Area Application Services Central Manager Information Disclosure
Vulnerability
CSCvd78045 CM GUI shouldn't allow to create trigger with invalid mib name in interop
CSCve15397 CM-AppNav polling sessions get stuck and result in AppNav remaining offline forever
CSCvd77681 DG configurations are not pushed to WAE when SSL AO is disabled in WAE
CSCvd81462 DG dropdown "select a device group" option is not working in SSL global settings page
CSCve64337 DG- Remove Settings is throwing error messages
CSCvd48873 Force device group appears due to config not sync for Securestore page while register fresh device
CSCvd61131 ForceDeviceGroup appears when device automatically assign to DeviceGroup if
DiskEncryption enabled
CSCva54052 NTP server CM GUI configuration push is failed for vWAAS deployed in KVM
CSCvc12651 Remote Authentication user without privileges to be deleted during Upgrade
CSCvd82891 SNMP host community/ user special char restriction should be parity with CLI
CSCvb78641 TACACS authentication failing after upgrade
CSCve53942 WCM AppNavXE statistics collection thread may freeze for a while
CSCve91472 In some cases Object Cache Server (ocserver) process stopped and restarted
CSCve78125 OC process stopped and restarted when garbage collector failed to update db
CSCvd89141 SMB AO restarted due to "oc_client_ipc_send_error_response_msg" function
CSCuz29040 SMBAO load test resulting in OC_Open Pending counter remaining constant
CSCve29588 SMBAO Object cache Rename file descriptor leak observed during load condition
CSCvc23114 Looped Packets from 2 RTRS with lesser mtu goes with invalid checksum
CSCvf47948 Client sending kerberos security blob in two session setup requests cause reset
CSCve16092 encryption-service process reloaded unexpectedly while optimizing SMBv3 signed connections
CSCve49142 Failure processing split server response with non success status
CSCve11987 Object cache File descriptor leaks due to "current open file handles" are closed by smbao
CSCvc06665 Observed connection resets observed in DBO cache eviction scenario
CSCve74033 Process restarted due to DirBrowsingResource while running the long load test
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
39
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
Caveat ID
Number Description
CSCvf56703 SMB AO FD leak while running heavy directory browsing traffic
CSCvf77875 SMB AO service restarts when accessing security layer in unsigned sesstion setup packet.
CSCve47337 SMB Core Files due to windows-domain encryption-service, on Upgrading WAAS
CSCvf47958 SMBAO client denial list is not getting updated for SMB AO generated reset
CSCvf58709 SMBAO process restarted unexpectedly with dbo 2.1 traffic pattern.
CSCvf41079 SMBAO restarted with OC memory corruption
CSCve19211 SMBAO Unexpected restart while handling Lib Crypto
CSCvd91293 ASVC_Transport core seen on 623c while running Mixed AO traffic
CSCva95837 NGSSL: ASVC with server-name does not get configured in ASVCStore
CSCvd73314 Stuck Connections observed in Single sided NGSSL traffic via proxy
CSCve75509 DRE partition is full and getting lot of 'No space left on device' logs
CSCva45688 Shutdown CLI need to shutdown the vWAAS instance
CSCve58163 vWAAS Never Powers Down VM
CSCvd32072 Failed to generate sysreport in SN while running more than 30k connection
CSCvd62595 Top command showing Garbage value with AppNav Interception
CSCve86619 Cannot SSH to WAAS By Using InlineGroup Interface
CSCve70447 ISR-WAAS becomes unreachable after upgrade to 623c on 4321
CSCvc67937 lowmem_reserve and memory allocation failure
CSCve00712 Multiple AO service got disabled on multiple SN's while mixed AO traffic is running
CSCvc10545 Need to show interface details when receiving SNMP Link up/ down traps
CSCvd50984 SNMP restarts unexpectedly leaving a core file
CSCuz56155 WAAS SR server failed in Key retrieval
CSCvd90139 PMD memory leak occurs while configuring bulk class map policy
CSCvf04748 PMD service restarted after WAASNET Restart
CSCvd88250 Processing time is more after configuring class-map having 800+ entries
CSCva00161 TFO:capped on speed: low latency between WAAS and server in Cloud
CSCve82523 HTTPS stuck connections on Core and Edge both
CSCve29255 Observed THSDL stuck connections while accessing http/https websites via squid proxy
CSCvd02911 Waasnet core in fg_endp_close_ext function in ICA traffic during load test
CSCvf05107 Waasnet error logging when timestamp option not found
CSCve53939 waasnet service restarted when enabling InlineGroup
CSCvd38216 WNDFT core file seen in WAAS when serving mixed AO traffic.
40
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
Cisco WAAS Software Version 6.2.3d Open Caveats
The following caveats are open in Software Version 6.2.3d. Note that there might be additional open caveats from previous releases that are applicable to this release, unless they are specifically listed as resolved.
Caveat ID
Number
CSCvf58933
CSCvf50909
CSCvf51154
CSCvf71387
CSCvf55798
CSCvf26917
CSCvf29847
CSCvf83883
CSCva58191
CSCvd96948
CSCvf51931
CSCvf58709
CSCvf55876
CSCve21589
CSCvf83563
CSCve68201
CSCvf02875
CSCve43393
CSCvd93324
CSCvf58729
CSCvf01245
CSCvf58746
CSCvd78539
CSCvf32228
CSCvf55664
CSCve71066
Description
THDL stuck connection observed while running http/ssl traffic
HTTP Stuck connections and sysreport could not be generated
THs stuck connection observed intermittently when sending HTTPs traffic via proxy
AlarmEMailNotification page,mail is not triggered for the combination of valid and dummy addresses
Email notification is not triggered for CM based alarms like CMS-Secure-store , clock mismatch
ForceDeviceGroup seen in port channel page for round-robin option
Raised alarm counter not updated in Email when alarms raised and cleared within the polling interval
SSH enable failed only 1st time from GUI if device upgraded without SSH and without Key
SMB AO restarted druign eviction of object cache at load condition.
SMB AO restarted during object cache file invalidation
SIA Invalid Pkt Alarms seen on 7571
SMBAO process restarted unexpectedly with dbo 2.1 traffic pattern.
SMBAO: Consuming too much resources causing network down
WAAS SR_DRS_CRACK_NAME alarm occurring frequently.
ISR-WAAS goes to ActivateFailed state on multiple events
Permanent connectivity issue on virtual ethernet
Reducing the memory utilized by ISR-WAAS-200
Non encoded messages are sent to DRE decoder after disabled by AO
SO_DRE service restarted due to segmentation fault seen on 623c while running
Mixed Traffic
Stuck connection observed while running load test
Cluster went to down Due to "TFO accelerator load level has been set to 0" in SN
Device going unresponsive due to delay in processing IO waits
Device hung and unavailable on network due to TX Hung
Device was unreachable for a brief period fda service triggers reload while waasnet restarts
FTP connection failure with WAAS after FTP client "MLSD" request.
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
41
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
Caveat ID
Number
CSCve53302
CSCve81510
CSCvf51307
CSCvc80702
CSCvf82199
CSCvf81284
CSCvd94539
CSCva11610
Description
Name Service Cache Daemon restarted in WAAS
Rarely seeing waasnet service restart with interface flap in Inline interception
WAAS Packet Capture command failed to work
Losing connectivity to WAAS after changing the NTP Server IP with traffic
Ocassionally wn_dft0 core file generated while restoring policies after reload
Optimization stops silently upon flow table overflow
Timestamps missing after negotiated in single sided scenario
Waasnet terminated during negative test conditions
Cisco WAAS Software Version 6.2.3c Resolved Caveats
The following caveats, impacting earlier software versions of WAAS, were resolved in Software Version
6.2.3c.
42
Caveat_ID_Number Headline
CSCvd94539 Timestamps missing after negotiated in single sided scenario
CSCvd76202
CSCvd06515
CSCvd44988
CSCvb81972
Connection stuck seen with HTTP traffic- dual sided
WAAS box raising TFO limit alarm due to stuck connections in TH state
'TFO: Statistics server not running' message is displayed with show stat tfo cli
Improve memory resource in CE
CSCvd46295
CSCva65775
Memory leaks in policy engine module during class-policy config push
SMB accelerator and OC server process reloaded unexpectedly after 4 days of soak test
CSCvc13956
CSCvd75610
CSCve06332
CSCva33283
CSCvc76036
CSCvc84457
CSCvc49776
CSCvc59105
CSCvc17688
CSCuy81194
CSCvc97114
CSCva55682
SMB AO restarted while clearing object cache
SMB AO restarted due to "smb2ReadLaunchOCRead ()" in Mega profile soak
SMBAO : Directories Disappearing on Remote Files Shares connection reset for SMB2 connections while doing file upload
Connections stuck for SMB due to failuer between WAASNET and SMBAO smb connection consuming time in sessionsetup due to key-retrieval wait
Slow SMBAO Performance with oc_mgr: IO_BUSY: and write queue messages in logs
SMB AO coredump or deadlocked when evicting the front LRU node
Core file alarm may raise for Object Cache Server or SMB Accelerator.
Core generated by smbao
Key failure resets while running unsigned smbv3 soak profile
SMB accelerator's Object Cache not disabled when config is pushed from
CM's device group
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
Caveat_ID_Number Headline
CSCvd10188
CSCvd53303
CSCvc12602
CSCvd00762
Object-cache initialization stuck with 70% inodes and 90% cache size fill
Akamai process restarted in accessing cached headers in stale/POST txn
Core file dumped when Akamai connect is enabled
SMB accelerator reloads unexpectedly in soak run due to a conditional assert failure
CSCvd54413
CSCvd25445
CSCvd70864
CSCvc29189
Traffic Server core
Http object-cache traffic_server stops event_base_loop core dump observed during Mega profile soak test vwaas partitions missing after upgrade in one scenario
CSCvd28998
CSCvc14370
CSCvd34739
CSCvd39567
CSCvc64841
CSCvc95550
CSCvd53336
CSCvd45642
CSCvc94792
WAAS devices unable to retrieve key and mark identity as blacklist.
SNMP Trigger not removed after downgrade from 623a to 557 in CM
SNMP Configuration not in sync with WCM and FDG appears in SNMP-DG snmp sub-agent ccore file detected
Level 3 messages related to classifier name not found while querying snmp
WAN opt mib
Failures seen with polling snmp mibs iFTable, iFXTable on inline device
Inline interface delays link propagation
Restrict number of ssl_request_log.date and access_log.date logs files to 5
CSCvd81787
CSCvb60453
CSCvc67819
CSCvb88945
CSCvc15749
CSCvc66013
CSCvc74609
CSCvc44940
CSCvc83156
CSCvc99271
CSCvb48643
Logs in service_logs folder are not getting rolled over and compressed causing disk full
System message in Video Acceleration Transaction Log CM GUI and exceptions are seen in WCM cms_logs monitoring log file not logging any details in sysreport
Unexpected reload of smb accelerator process during long soak test.
External SN blocks traffic when jumbo MTU is enabled
Empty server reply in a specific scenario with appnav interception
Unable to change/ edit nested policy in Appnav cluster policies sn_unreachable between AppNav and Service Node causing network outage
Unknown frame type from peer -- WAAS-RE-3-690412
Missing ability to determine reasons for AO keepalive failure
Policy configuration fails programming into engine
Evaluation of waas for Openssl September 2016
CSCvc23536
CVE-2016-6304 CVE-2016-6305 CVE-2016-2183 CVE-2016-6303
CVE-2016-6302 CVE-2016-2182 CVE-2016-2180 CVE-2016-2177
CVE-2016-2178 CVE-2016-2179 CVE-2016-2181 CVE-2016-6306
CVE-2016-6307 CVE-2016-6308 CVE-2016-6309 CVE-2016-7052
Evaluation of waas for NTP November 2016
CVE-2016-9311 CVE-2016-9310 CVE-2016-7427 CVE-2016-7428
CVE-2016-9312 CVE-2016-7431 CVE-2016-7434 CVE-2016-7429
CVE-2016-7426 CVE-2016-7433
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
43
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
Caveat_ID_Number Headline
CSCva62833
CSCvc55023
CSCvd36676
CSCvd45107
Disk encryption does not enable with AAA accounting enabled
Scheduled reports do not get generated on the required date
After fresh device Registration, Enabled features page is getting overriden cms_cdm service will be restarted in WCM when primary int of WAE is removed in a scenario
CSCvc58689
CSCvc57012
CSCvc51740
CSCvc53678
Central manager fails to generate config for waas express routers
WAAS CM API showing 0 for passthroughpeerin and passthroughpeerout packet-capture command does not work
Waasnet service restart while running single sided HTTP/HTTPs traffic
CSCvc69416
CSCvc76621
CSCvc07847
CSCvc95534
CSCvc97255
CSCvd03489
CSCvd26805
CSCvd39655 http accelerator dumps core file rarely core.httpmuxd while sharepoint prefetch
Sharepoint prefetch is not working for word document with xml extension
DRE cored during WAE shutdown
Enable/Disable of AO based on dependency to be notified during upgrade rserverd64 Core file when clearing blacklist for domain not part of blacklist.
Not able to enable SSH service from Device group sysmon process terminated unexpectedly
Cisco WAAS Software Version 6.2.3c Open Caveats
The following caveats are open in Software Version 6.2.3c. Note that there might be additional open caveats from previous releases that are applicable to this release, unless they are specifically listed as resolved.
Caveat_ID_Numb er
CSCuw60169
CSCve29255
CSCve29588
CSCve11987
CSCve15397
CSCvd65317
CSCuz29040
CSCve28074
CSCvd89141
Headline
http object-cache does not validate server IP address BB509
Observed THSDL stuck connections while accessing http/https websites via squid proxy
SMBAO Object cache Rename file descriptor leak observed during soak profile execution
Object cache File descriptor leaks due to "current open file handles" are closed by smbao
CM-AppNav polling sessions get stuck and result in AppNav remaining offline forever
File destriptors not getting released while executing "show stats conn" command
SMBAO SOAK run resulting in OC_Open Pending counter remaining constant
SMB AO restarted with function "oc_server_ipc_read".
SMB AO restarted due to "oc_client_ipc_send_error_response_msg" function
44
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
Caveat_ID_Numb er
CSCve20802
CSCvd73314
CSCva80599
CSCvd48873
CSCvd61131
CSCvd97120
CSCva52094
CSCvd46635
CSCvd81077
CSCvd69827
CSCvd88250
CSCvd90139
CSCvd39397
CSCvc83974
CSCvd35983
Headline
Stuck connections observed due to sendsocket event
Stuck Connections observed in Single sided NGSSL traffic via proxy
NGSSL : Stucks are in HTTP when restarted HTTP AO on the flow-THs (-ve)
Force device group appears due to config not sync for Securestore page while register fresh device
ForceDeviceGroup appears when device automatically assign to DeviceGroup if
DiskEncryption enabled
Rescue doesn't work with 623c image.
SR-Server CORE observed reactivating ISR WAAS with Hostname change
Solution TB : Stuck connections on THs and Ts - 623c
Solution TB-httpcache service died multiple times
Device got Hung while running ICA Traffic
Processing time is more after configuring class-map having 800+ entries
PMD memory leak occurs while configuring bulk class map policy
Major delays in DNS Query initiated by WAAS
Akamai process restarts unexpectedly, leaves a dump file wget for preposition should handle the space in URL
Cisco WAAS Software Version 6.2.3b Resolved Caveats
The following caveats, impacting earlier software versions of WAAS, were resolved in Software Version
6.2.3b.
Caveat_ID_Numbe r
CSCvc27623
CSCvc33933
CSCvc21161
CSCvc26500
CSCvb81704
CSCuz15911
CSCvc56666
CSCvc39906
CSCvc41636
CSCvc43363
CSCvb69383
Headline
Waasnet service restart while running continuous soak test
SMB preposition not starting with host logging enabled
Waasnet core while running singled sided HTTPs/HTTP traffic
“Identity not configured” alarm clears and raises several time.
Observed Waasnet core”Wn_dft” file after upgrading from 5.x to 6.3.x
SMB AO office files are failing to open after save via SMBv2
SMB File operation is getting failed due to OC “write queue” is getting stuck
HTTPS connections are stuck on data center resulting in tfo overload
SMB AO coredump due to inconsistency of read bytes state
Coredump created by SMB AO when trying to access data from packet content not present snmpv3 not working on 6.2.1 Waas in a specific scenario
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
45
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
Caveat_ID_Numbe r
CSCvc50650
CSCvc19814
Headline
Appnav Intercept:pkts received for the flows that are in
FTM_WAAS_FLOW_STATE_HISTORICAL are dropped
Wrong Counter getting updated in auto-discovery stats.
Cisco WAAS Software Version 6.2.3b Open Caveats
The following caveats are open in Software Version 6.2.3b. Note that there might be additional open caveats from previous releases that are applicable to this release, unless they are specifically listed as resolved.
Caveat_ID_Numb er
CSCvc24763
CSCvc57012
CSCvc55023
CSCvc58689
CSCva33283
CSCva62833
CSCvb56318
CSCvb69139
CSCvb78641
CSCvc53678
CSCvc67819
CSCvc21298
CSCvc59481
CSCuy17271
Headline
WAAS version 5.5.7 noticed Core dump for smb.
WAAS CM API showing 0 for passthroughpeerin and passthroughpeerout
Scheduled reports do not get generated on the required date
Central manager fails to generate config for waas express routers connection reset for SMB2 connections while doing file upload
Disk encryption does not enable with AAA accounting enabled
WAAS Corrupted chard after modifying available report.
regular database maintenance not performed in all device-modes
TACACS authentication failing after upgrade
Waasnet service restart while running single sided HTTP/HTTPs traffic
Unexpected reload of smb accelerator process during long soak test.
Memory leak seen during the DBO SOAK profile execution
OC server core while running smbv3sign & smbv3 encryption large file cases oc core malloc_printerr while running SMB Regression
Cisco WAAS Software Version 6.2.3a Resolved Caveats
The following caveats, impacting earlier software versions of WAAS, were resolved in Software Version
6.2.3a.
Caveat_ID_Numbe r
CSCvb30731
CSCva59805
CSCva96691
Headline
Waasnet service terminates and generates a core file
Device going to offline in a senario
SMBAO Core when Authentication fails and Server downgrade the
Authentication from Kerberos to NTLM
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
46
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
CSCvb52967
CSCvb55927
CSCvb45413
CSCvb10628
CSCvb25141
CSCva26420
CSCuh86284
CSCvb17887
CSCvb25734
CSCvb41805
CSCvb40281
CSCva95254
CSCva84398
CSCvb59314
Caveat_ID_Numbe r
CSCvb42434
CSCvb49052
CSCvb44718
CSCvb40213
CSCvb55730
CSCvb57872
CSCvb38240
CSCvb70443
CSCvb57207
CSCvb63549
CSCvb81006
CSCvb76604
CSCvb53474
CSCvb58833
CSCva92135
CSCvb81995
CSCvb58618
CSCva77075
CSCva92728
Headline
SMB AO coredump created in a specific situation
DRE disk_full "Cache disk is full" alarm on WAVE-694 after upgrade to WAAS
6.2.3
WAAS - AppNav communication issue with ServiceNodes
SMB timeout alarm is raised and the accelerator remains in timeout state forever
HTTPS (443) connections stuck on core long after closed on edge
ISR-WAAS can ignore updates of name- or ntp-server from IOS
Local Device config is getting pushed every PCM config from CM
WAAS Edge is dropping packets when it gets multi-packet 407 response
Issue with daily consolidation hour system property
WAAS CM will show changes in data on the HTTP bandwidth savings chart
Mon API TrafficStats.retrieveCPUUtilization fails to retrieve stats
SMBAO process cores due to internal mismatch in URL names
Outlook pst files are not bypassed by WAAS
WAAS CM removing crypto certificates on WAAS Express routers
Alarm raised about user space core file created of process pidof
Connections to particular websites may fail through WAAS in a specific situation
Unable to use underscore in trap host community via GUI
Sorting of device groups is not possible
Connections fail hitting the expected class-map and policy
WAAS device goes Offline in CM GUI
SNMP configuration from DG is not reflecting in device
Core WAAS with ASVC causes extra rDNS queries for proxy CONNECT SSL requests
Unable to install Akamai License smbao core with smb2LeaseAckCleanup Function
SMBAO terminates in bufferCreateView
Optimized traffic on port 23 fills disk with debug output
SNMP: No space left on device while querying iso mib during stress sn_sia_invld_pkt alarm seen on ANC with traffic waasnet process restarted with single sided TLS 1.2 connections running
ECDHE cipher
HTTP: Traffic server stopped working during tar/zip/Microsoft update
HTTP: Traffic server stopped working while downloading Windows update
HTTP: Traffic server stopped working while handling TSContMutexGet
Unexpected reload while running SSL traffic on Nextgen SSL
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
47
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
Caveat_ID_Numbe r
CSCvb97356
CSCvb92954
CSCuz55920
CSCvb43838
CSCvb86397
CSCvb86429
CSCvc04836
CSCvb58171
Headline
Directory browsing optimization causes deadlock when we hit the max nodes
SMB AO can cache
SMB preposition config does not get pushed out to ISR-WAAS
Empty server response found in Web-Pages in a specific scenario snmp-server mib persist event cli is failing while configuring
Modification of SNMP host is not happening from CLI
Modification of SNMP Trigger is not happening from CLI.
Looped Packets from SN to SC going out with Invalid IP Checksum
SMB AO restarts with coredump in particular scenario
Cisco WAAS Software Version 6.2.3a Open Caveats
The following caveats are open in Software Version 6.2.3a. Note that there might be additional open caveats from previous releases that are applicable to this release, unless they are specifically listed as resolved.
Caveat_ID_Numbe r
CSCva52094
CSCva00161
CSCvb95306
CSCvb88945
CSCva54052
CSCva80599
CSCvc29774
Headline
SR-Server CORE observed reactivating ISR WAAS with Hostname change
TFO:capped on speed: low latency between WAAS and server in Cloud
After upgrade from 5.5.3 to 6.3.0 able to see FDG in SNMP general settings page
External SN blocks traffic when jumbo MTU is enabled
NTP server configuration push is failed for KVM-vWAAS from CM GUI
NGSSL: Stucks are in HTTP when restarted HTTP AO on the flow-THs (-ve)
Few stuck connections seen rarely on BR WAE after long duration of browsing internet
CSCvc21161
CSCvc27623
CSCvc27941
CSCvc26500
CSCvc26475
CSCvb81704
CSCvb83252
CSCvc12079
Waasnet core while running single sided HTTPs/HTTP traffic
Waasnet service restart while running continuous soak test
"SSL accelerator overloaded " alarm raised on vWAAS-50k during SOAK test
"Identity not configured" alarm clears and raises several time.
Crash at SO_DRE while running SSL traffic in NGSSL dual-sided topo - TsDL
Observed waasnet core"Wn_dft" file after upgrading from 5.x to 6.3.x
SSL AO's operational status doesn't come up after "Restore factory-default preserve basic-config "
Unable to create snmp trigger in 5.x from device level when cm is in 6.3.x
48
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
Cisco WAAS Software Version 6.2.3 Resolved Caveats
The following caveats, impacting earlier software versions of WAAS, were resolved in Software Version
6.2.3.
CSCuy73435
CSCuz11211
CSCuz12323
CSCuz18876
CSCuz18923
CSCuz39661
CSCuz42604
CSCuz55707
CSCuz59552
CSCva02503
CSCva14731
CSCva39357
CSCuc52663
CSCuu71549
CSCux74907
CSCuz47444
Caveat_ID_Numbe r
CSCva30228
CSCuy06186
CSCuy06942
CSCuz10327
CSCuz22537
CSCva18411
CSCuz34038
CSCuz41637
CSCuz47571
CSCuz49231
CSCut83135
CSCux30779
CSCux76467
CSCuy46644
CSCuy55846
CSCuy59549
Headline
WAAS cons are retransmitting packets very quickly and are getting reset.
Lan devices are not accessible after shutting port-channel mem interface
ISR-WAAS: SMB accelerator gets disabled upon ISR router upgrade/reload
File transfer failed in a specific scenario in Azure vWAAS
SMB Preposition tasks with multiple domains fail when run in parallel cms server logfiles not cleaned up
ISR-WAAS goes offline after long duration traffic
Rarely policy engine doesn't push connection to HTTP AO during upgrade
Akamai:Object-Cache top-hosts counters are not getting incremented ssh login to Azure vWAAS not working
core.dispatcher.x.x.x created while configuring machine account identity
SMB Preposition task status shows completed if connection not optimized
Outlook not connect to exchange with Wan secure interoperable mode
Interception access-list not working
WAAS 6.1.1a SMB AO restart generating core file
WAAS 6.1.1a SMB AO core file on DC device
SMB preposition task may get fail when running more than 15 in parallel
AO Timeouts seen during longevity test
Force device group not pushing enable feature config in specific scenario snmp core file observed in SM-SRE devices while query Host Resources MIB preinstall script does not check current version for supported upgrade service-insertion swap src-ip feature doesnt required config match SC&SN
Akamai: Could not write statistics value to ts_thrift_stats_uds-error
All devices cannot use CM as proxy for http object cache
Akamai: Preposition logging missing, PP-IMS sometimes doesn't happen.
serial-to-IP converter packets dropped by WAAS 6.1 with inline
Unable to login with Radius user configured in Cisco ACS 5.x
CM-WAE connectivity impacted in inline interception
System property edit page shown after submit
Central manager not responsive due to no space on /state
Network unreachable warning message in cms_httpd server log
WAAS 6.1.1a show statistic tfo detail output is showing incorrect value
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
49
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
Caveat_ID_Numbe r
CSCup30376
CSCus80217
CSCux25652
CSCuy46947
CSCva00437
Headline
Error messages are seen for /dev/ceflash during SRE image upgrade
Apache HTTP Server upgrade in WAAS
Need dedicated thread in PMD to handle Keep alive request from AO
Move to stronger crypto certificates
Move to stronger crypto certificates
Cisco WAAS Software Version 6.2.3 Open Caveats
The following caveats are open in Software Version 6.2.3.
Caveat_ID_Numbe r
CSCuw17054
CSCuy82470
CSCuz34303
CSCuz94568
CSCva26420
CSCva40790
CSCuy30007
CSCuz15000
CSCuz61982
CSCva56509
CSCva59451
CSCvb30731
Headline
MAPI AO gets disabled and MAPI Core observed for RPC-HTTPS with
Kerberos
New connection established while sending mail with attachments
Processor P0 CATERR error in BMC event log
WAAS appliance not responding to SNMP
WAAS Edge is dropping packets when it gets multi-packet 407 response
Central manager reporting insufficient data from WAAS Express routers
SMB Preposition does not support Extended Unicode Characters vWAAS-Azure pending Development from Microsoft
SMBAO preposition is not working with NetApp filer with SMBv2 Signing
High CPU on WAAS for process httpcache-akamai traffic_server
WCM reporting inconsistencies when different timezone configured
WAASnet service terminates and generates a core file
Cisco WAAS Software Version 6.2.3 Command Changes
This section lists the new and modified commands in Cisco WAAS Software Version 6.2.3.
Table 9 lists the commands and options that have been added or changed in Cisco WAAS Software
Version 6.2.3.
Table 9
Mode
Global configuration
CLI Commands Added or Modified in Version 6.2.3
Command
crypto encryption-service enable
Description
Enables and configures encryption services on a WAAS device.
50
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
Table 9
Mode
EXEC
CLI Commands Added or Modified in Version 6.2.3 (continued)
Command
show accelerator show statistics encryption-services
Description
New interposer-ssl parameter added, which displays the status for the
SSL Interposer accelerator.
Displays encryption-services general statistics for a WAE, including
SSL Interposer statistics and Security Assistant Key Escrow (SAKE) server statistics.
Using Previous Client Code
If you have upgraded to Cisco WAAS Version 6.2.3x and are using the WSDL2Java tool to generate client stubs that enforce strict binding, earlier version client code (prior to 4.3.1) may return unexpected exceptions due to new elements added in the response structures in 4.3.1 and later releases. The observed symptom is an exception related to an unexpected subelement because of the new element (for example, a deviceName element) in the XML response.
To work around this problem, we recommend that you patch the WSDL2Java tool library to silently consume exceptions if new elements are found in XML responses and then regenerate the client stubs.
This approach avoids future problems if the API is enhanced with new elements over time.
You must modify the ADBBeanTemplate.xsl file in the axis2-adb-codegen-version.jar file.
To apply the patch, follow these steps:
Step 1
List the files in the axis2-adb-codegen-version.jar file:
# jar tf axis2-adb-codegen-1.3.jar
META-INF/
META-INF/MANIFEST.MF
org/ org/apache/ org/apache/axis2/ org/apache/axis2/schema/ org/apache/axis2/schema/i18n/ org/apache/axis2/schema/template/ org/apache/axis2/schema/typemap/ org/apache/axis2/schema/util/ org/apache/axis2/schema/writer/ org/apache/axis2/schema/i18n/resource.properties
org/apache/axis2/schema/i18n/SchemaCompilerMessages.class
org/apache/axis2/schema/template/ADBDatabindingTemplate.xsl
org/apache/axis2/schema/template/CADBBeanTemplateHeader.xsl
org/apache/axis2/schema/template/CADBBeanTemplateSource.xsl
org/apache/axis2/schema/template/PlainBeanTemplate.xsl
org/apache/axis2/schema/template/ADBBeanTemplate.xsl
org/apache/axis2/schema/c-schema-compile.properties
org/apache/axis2/schema/schema-compile.properties
org/apache/axis2/schema/typemap/JavaTypeMap.class
org/apache/axis2/schema/typemap/TypeMap.class
org/apache/axis2/schema/typemap/CTypeMap.class
org/apache/axis2/schema/util/PrimitiveTypeWrapper.class
org/apache/axis2/schema/util/PrimitiveTypeFinder.class
org/apache/axis2/schema/util/SchemaPropertyLoader.class
org/apache/axis2/schema/SchemaConstants$SchemaPropertyNames.class
org/apache/axis2/schema/SchemaConstants$SchemaCompilerArguments.class
org/apache/axis2/schema/SchemaConstants$SchemaCompilerInfoHolder.class
org/apache/axis2/schema/SchemaConstants.class
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
51
Software Version 6.2.3x Resolved and Open Caveats, and Command Changes
Step 2
Step 3
Step 4
org/apache/axis2/schema/ExtensionUtility.class
org/apache/axis2/schema/CompilerOptions.class
org/apache/axis2/schema/writer/BeanWriter.class
org/apache/axis2/schema/writer/JavaBeanWriter.class
org/apache/axis2/schema/writer/CStructWriter.class
org/apache/axis2/schema/SchemaCompilationException.class
org/apache/axis2/schema/BeanWriterMetaInfoHolder.class
org/apache/axis2/schema/SchemaCompiler.class
org/apache/axis2/schema/XSD2Java.class
META-INF/maven/
META-INF/maven/org.apache.axis2/
META-INF/maven/org.apache.axis2/axis2-adb-codegen/
META-INF/maven/org.apache.axis2/axis2-adb-codegen/pom.xml
META-INF/maven/org.apache.axis2/axis2-adb-codegen/pom.properties
Change the ADBBeanTemplate.xsl file by commenting out the following exceptions so that the generated code consumes the exceptions:
<xsl:if test="$ordered and $min!=0"> else{
// A start element we are not expecting indicates an invalid parameter was passed
// throw new org.apache.axis2.databinding.ADBException("Unexpected subelement " + reader.getLocalName());
}
</xsl:if>
.
.
.
while (!reader.isStartElement() && !reader.isEndElement()) reader.next();
//if (reader.isStartElement())
// A start element we are not expecting indicates a trailing invalid property
// throw new org.apache.axis2.databinding.ADBException("Unexpected subelement " + reader.getLocalName());
</xsl:if>
.
.
.
<xsl:if test="not(property/enumFacet)"> else{
// A start element we are not expecting indicates an invalid parameter was passed
// throw new org.apache.axis2.databinding.ADBException("Unexpected subelement " + reader.getLocalName());
}
Re-create the jar file and place it in the CLASSPATH. Delete the old jar file from the CLASSPATH.
Use the WDL2Java tool to execute the client code using the modified jar.
Note
IOS-XE 3.14 should not be used for ISR-WAAS.
52
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
Cisco WAAS Documentation Set
Cisco WAAS Documentation Set
In addition to this document, the WAAS documentation set includes the following publications:
•
Cisco Wide Area Application Services Upgrade Guide
•
•
Cisco Wide Area Application Services Quick Configuration Guide
Cisco Wide Area Application Services Configuration Guide
•
•
•
•
Cisco Wide Area Application Services Command Reference
Cisco Wide Area Application Services API Reference
Cisco Wide Area Application Services Monitoring Guide
Cisco Wide Area Application Services vWAAS Installation and Configuration Guide
•
•
•
•
•
•
•
•
•
•
Configuring WAAS Express
Cisco WAAS Troubleshooting Guide for Release 4.1.3 and Later
Cisco WAAS on Service Modules for Cisco Access Routers
Cisco SRE Service Module Configuration and Installation Guide
Regulatory Compliance and Safety Information for the Cisco Wide Area Virtualization Engines
Cisco Wide Area Virtualization Engine 294 Hardware Installation Guide
Cisco Wide Area Virtualization Engine 594 and 694 Hardware Installation Guide
Cisco Wide Area Virtualization Engine 7541, 7571, and 8541 Hardware Installation Guide
Regulatory Compliance and Safety Information for the Cisco Content Networking Product Series
Installing the Cisco WAE Inline Network Adapter
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
53
Obtaining Documentation and Submitting a Service Request
section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of
Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2017 Cisco Systems, Inc. All rights reserved.
54
Release Note for Cisco Wide Area Application Services Software Version 6.2.3x
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project