include ("/web/docs/lwn/include/advertising.php3") ?>
Version 3.0-beta2 of ImageStream's Enterprise Linux is now available as an open beta for all ImageStream router customers. This software release is provided at no charge to all ImageStream customers. Version 3.0-beta2 is highly recommended for all customers, especially those who wish to test the new functionality before the general availability release of Version 3.0. This release note documents commands and features added between Version 2.3.3 and the Version 3.0 beta releases. ---------------------------- New Features in Version 3.0 Filesystem Layout Change Version 3.0 simplifies the filesystem layout. All binaries are now located in /bin. The /sbin, /usr/bin, /usr/sbin, /usr/local/bin, and /usr/local/sbin directories are symbolic links to /bin. Similarly, all libraries are now in /lib. The /usr/lib and /usr/local/lib directories are symlinks to /lib. Menu Navigation Improved Version 3.0 includes a new version of menuEngine. In addition to navigation by number in the menu, menu options are highlighted and may also be navigated by use of the arrow keys. The new version is also more efficient. SAND Version 3.30 Included ImageStream's SAND Version 3.30 release is included in the Version 3.0-beta2 release. See the release notes for Version 3.30 for more information about the SAND Version 3.30 software release. This SAND release includes an updated version of stats, the real-time utility used to monitor and report status and usage on LAN and WAN devices. The stats program is configurable. A configuration file is located in /etc/stats.conf. Configuration file options are: name <string> string to match against device name; i.e. : Serial0 matches only Serial0 %s matches all interfaces. eth%d matches all ethernet master devices rename <string> Renames the specified device(s) to <string> description <string> Sets the default description on the device(s) to <string> bandwidth <integer> Sets the bandwidth on the specified device(s) in bytes/sec encapsulation <string> sets the encapsulation field on the specified device(s) [no] show Instructs stats to display (or to hide, in the negative case) the specified device(s) OpenSSH Upgraded To Support SSH Version 2 The encrypted shell program, OpenSSH, included with Enterprise Linux, now supports SSH Version 2. Version 2 is the default protocol version used in the Version 3.0 release. SSH Version 1 contains a protocol deficiency that makes an insertion attack difficult but theoretically possible. In addition, the OpenSSH configuration files have been documented more clearly, and the serverkeybits value is now set to 1024 instead of 768. The version included in 3.0-beta2 does NOT address the security advisory released on September 26, 2001 regarding a weakness in OpenSSH's source IP based access control for SSH protocol v2 public key authentication. This bug affects only those users using the 'from=' key file option combination with both RSA and DSA keys. The general availability release of Version 3.0 WILL include OpenSSH Version 2.9.9, which patches the bug. SNMP Now Uses Net-SNMP (UCD-SNMP) The SNMP server included in Version 3.0 is net-snmp (ucd-snmp). The configuration file used in net-snmp (ucd-snmp) is significantly different than the previous CMU-SNMP implementation. THEREFORE, ANY CONFIGURATION CHANGES MADE TO THE SNMP IMPLEMENTATION WILL NEED TO BE RECONFIGURED. router-utils Package Includes Time Configuration Utility Version 3.0 includes a "set_time" utility available from the command line to configure localtime for the routers. This utility is also available from the Configuration and Update Menu under the Global Configuration submenu. IPSec/FreeSWan Package Added Linux FreeSWan, the IPSec VPN package, is included in Version 3.0. The current version of FreeSWan also support opportunistic encryption. IP-Takeover Package Added ImageStream routers can now be configured in a fault-tolerant, high availability setup from the command line using IP-Takeover. IP-Takeover provides less than 50 ms switchovers in the case of a primary router failure. The failover software is similar to other software failover implementations, such as Cisco Systems (R) Hot Swap Router Protocol (HSRP), in that it does not provide for switching of physical cabling. Separate, relay-based devices are required for a full failover setup. Quality of Service Package Updated The bandwidth limiting front-end for quality of service has been updated in Version 3.0. The new bandwidth limiting script supports additional options and interfaces directly with the command-line "tc" utility. Bandwidth limiting commands are translated into tc commands and stored in /tmp on the router. GateD Dynamic Routing Package Updated The GateD dynamic routing program has been updated for Version 3.0. The interactive interface to gated, gii, now is only available on through a direct connection on the router (localhost) and ipchains/iptables rules are not required to block outside access. The "show bgp summary" and "show bgp peeras <AS number>" commands now also reflect the number of route announcements sent to and received from each peer. ---------------------------- Bugs fixed in Version 3.0-beta2 The following bugs have been fixed in Version 3.0-beta2: ipchains REJECT Rules Functionality Due to a kernel configuration error, Version 3.0-beta1 did not support ipchains REJECT rules. ipchains DENY rules work in both beta versions. All valid ipchains commands, including ipchains REJECT rules, are functional in beta2. Kernel Logging Program Not Started By Default Previous Enterprise Linux versions started the system message logger (syslogd), but not the kernel message logger (klogd) by default. Beginning with Version 3.0-beta2, klogd is also started by default. Quality Of Service Backwards Compatibility Issue Version 3.0-beta1 inadvertently excluded the original "bwlimit" script included in previous versions. Version 3.0-beta2 includes this utility for backwards compatibility. Workaround For Cisco IOS Bug in BGP Added to GateD Certain versions of the Cisco IOS accept and propagate invalid routing information. This behavior is in violation of the BGP RFC, and causes RFC-compliant devices, including ImageStream routers, to properly drop peering sessions. When affected Cisco routers are upstream of an RFC-compliant device, this can cause a loss of connectivity for the downstream router. ImageStream has patched GateD to log an error and ignore invalid route announcements in these situations. Peering sessions will no longer be automatically terminated. Gated Display Of "checkconf" Output At Boottime Requiring User Intervention Gated no longer displays the output of the "checkconf" command at boottime. Previously, incorrect configurations could cause the router to require user input at the console to continue the boot process. Beginning with Version 3.0-beta2, the checkconf output is no longer displayed at boottime. ---------------------------- Upgrade Instructions *** NOTE! If the upgrade fails, do NOT reboot! Contact ImageStream's Technical Support without rebooting. *** Upgrading to Version 3.0 or later requires the following: 1. 64 MB of RAM or higher. 2. 32 MB of flash. 3. 300 MHz processor or better. 3. Enterprise Linux Version 2.3.2 or higher. The upgrade utility will not install Version 3.0 if memory and flash requirements are not met. Users can contact ImageStream to purchase a RAM, processor or flash upgrade. Users running an Enterprise Linux version less than 2.3.2 must upgrade before Version 3.0 will be available from the Update menu. Upgrading any version prior to 2.3.2 will automatically be upgraded to 2.3.2. A second upgrade will be required to install Version 3.0. The upgrade does not otherwise affect the stored configuration in the ImageStream router. To back up the router's configuration prior to upgrading, choose option 4 (Backup/Restore) from the router's main menu. Choose the Backup methods option (Option 1) and select a method from the choices listed. From the router's command line, use the "backup <typeofbackup>" command. The backup utility takes four arguments: flash (to back up configurations to the router's nonvolatile flash memory), floppy (to back up to a floppy disk), scp (to back up via secure copy), or file (to back up to a separate file on the router's nonvolatile flash memory). ---------------------------- Copyright and Trademarks Copyright 2001 ImageStream Internet Solutions. All rights reserved. ImageStream is a trademarks of ImageStream Internet Solutions, Inc. All other marks are the property of their respective owners. Notices ImageStream makes no representations or warranties with respect to the contents or use of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, ImageStream reserves the right to revise this publication and to make changes to its content, any time, without obligation to notify any person or entity of such revisions or changes. Contacting ImageStream Technical Support Every ImageStream product comes with a one year hardware and software warranty. ImageStream provides technical support via voice, FAX, electronic mail, and the web. Technical support is available 24 hours a day, 7 days a week. To contact ImageStream technical support by voice, dial +1 (219) 935-8484 worldwide. By FAX, dial +1 (219) 935-8488. By electronic mail, send mail to support@imagestream.com. Using the World Wide Web, see http://www.imagestream.com/ -- For more information regarding ImageStream products: http://www.imagestream.com/ To subscribe/unsubscribe: owner-isis-announce@imagestream.com