RIVERBED PRODUCT RELEASE NOTES

PRODUCT: STEELHEAD APPLIANCE

RELEASE DATE: DECEMBER 14, 2012

RIOS VERSION: 8.0.1

CONTENTS

1) Supported Steelhead Models

2) New Features in Version 8.0.1

3) Fixed Problems

4) Known Issues

5) Upgrading RiOS Software

6) Managing RiOS 8.0.1 with a Riverbed CMC

7) Hardware and Software Requirements

8) Contacting Riverbed Support

1) SUPPORTED STEELHEAD MODELS

Added support for Steelhead models CX5055 and CX7055

Important: RiOS 8.0 does not support any of the Steelhead xx20 models. It can only be installed on xx50 and Steelhead CX xx55 models.

2) NEW FEATURES IN VERSION 8.0.1

Account Control

This feature provides a password policy that you can set and manage for more security.

New Report Format

Time-series reports have a new design that is clear, interactive, and easy to navigate. The statistics presented in this improved report format are readily accessible and all updates to the report window appear in real time.

2

Citrix Multi-Port ICA

For thin-client applications, Citrix has a protocol that segregates the network traffic between a client and a server. Enabling multi-port ICA in RiOS v8.0 lets you group the traffic into multiple CGP ports using 3 different priorities based on data type (mouse clicks, window updates, print traffic, and so on). Multi-port ICA is available on Citrix XenApp v6.5 and later and XenDesktop v5.5 and later.

CIFS for Mac OS X Lion

RiOS v8.0 supports SMB1 signing settings for Mac OS X Lion (10.7) and Mountain Lion (10.8). RiOS v8.0 does not support SMB2 signing settings for Mac OS X Lion (10.7) and Mountain Lion (10.8).

PC-over-IP (PCoIP) for QoS traffic classification

PCoIP is a proprietary remote workstation and desktop protocol designed and developed by Teradici. PCoIP compresses and encrypts display updates (pixels only) along with keyboard and mouse events over the wire, and enables remote access to workstations and servers from a remote location. Access to these machines is typically performed through either a thin client, a zero client, or a desktop application.

3) FIXED PROBLEMS 23560 Fixed an issue that results in the inability to optimize a connection and the

error message "Peer sport id is the same as mine!'. This error occurs when the same IPs and ports are used to initiate and accept connections in quick succession.

38156 Added Kerberos port (88) to the default secure port label

51990 Fixed a problem when the HTTP parse and prefetch feature is active where the logs to contain warnings such as "watcher: One or more threads not responding after at least [number]s; unhealthy threads follow".

55692 Fixed a rare bug in the SMB optimization feature that led to the crash of the optimization service on client-side Steelheads. The fix will result in termination of the offending SMB connection with the error SMB_SHUTDOWN_ERR_NULL_FILE.

56653 Added RTSPS port (322) and Operations Manager port (5723) to default secure port label

59016 When primary and backup Steelhead appliances are configured using fixed target rules, we did not connect to the backup when the primary is down causing all the connections to pass-through the box. This fix addresses the issue and the connection to the backup Steelhead is now successful.

3

59094 Fixed a race condition where the optimization service could crash when the Steelhead is receiving new connections at a very high rate.

62101 Fixed a timing issue that would cause the FX/LX driver to intermittently fail to probe the wan interface on some FX/LX cards.

63664 Added support to prevent CIFS connections to IBM AS400 servers and clients from getting latency optimizations. "IBMAS400" is now an option in the CLI command "[no] protocol cifs nosupport client|server"

63684 Fixed a sport process crash caused by a null pointer dereference in the FTP optimization module, resulting in restart of the optimization service.

67257 A Cloud Steelhead may not optimize traffic in a NAT environment when connected to two or more remote Steelhead appliances or Virtual Steelhead instances running different versions of RiOS and sharing the same public IP address.

69587 Fixed an issue that caused a disk from not showing up in the RSP/Slots/Disk web UI or CLI when the disk name has a period before the ".vmdk" extension. For example "SOME.DISK.vmdk"

71492 Fixed a QoS issue where the "show run" command displays QoS sites and rules in the wrong order

73937 RiOS now prevents user from setting in-path default gateway or next hop of any in-path route to the associated in-path interface IP address. A warning will be generated if default in-path gateway is not in the subnet of the associated in-path interface.

75430 Fixed an issue where the Steelhead was using an incorrect vlan id for outgoing packets of optimized connections. The issue occurred under the following conditions:

Steelhead was using simplified routing.

Steelhead had VLAN connection based tracking enabled (as can be done via the CLI with 'in-path vlan-conn-based').

Packet ricochet occurred such that the Steelhead sent packets to router, and the router sent the packets back through the Steelhead with a different VLAN tag from what the Steelhead had initially sent the packet with.

76764 Substantially improve packet processing performance by not timestamping all arriving packets.

76869 Fixed a problem where an improperly formatted chunk-encoded HTTP request could result in an unexpected shutdown of the optimization service on the server-side Steelhead appliance. The problem can be fixed by upgrading both the client-side and server-side Steelhead appliances.

79751 Fixed a problem where the optimization service fails when HTTP connections use chunked-encoded transfers. This would occur when the chunk trailer was split into its own packet in between Steelhead appliances on the wide-area network.

4

81751 Fixed support for a smaller size of datastore on ESX Cloud Steelhead, in addition to the size that was licensed, to accommodate smaller disk deployments.

87021 Enhanced the existing user account functionality to enable administrators to set a password policy. This includes the ability to define password complexity, password expiration (forcing users to update their password at login), password lock, and temporary account lock due to too many failed login attempts.

88327 Fixed an issue that increased memory consumption of the optimization service due to redundant caching of data structures used in encryption of optimized data over the WAN.

89133 When the steelhead with QoS enabled is configured to operate in an out-of-path deployment, an error message may be captured in the log file with the following string "[intercept.ERR] intercept ioctl 0x40047a14, uninitialized device 0". This message does not affect the appliance operation and has now been removed.

92015 Fixed a race condition that causes the AppFlow Engine classification to fail with "navl_conn_init failed: 17" error string in the syslog. The end result is that the affected connection will be misclassified. This race condition can occur when:

A Middle Steelhead receives a pure-SYN after the inner connection between the client-side Steelhead and server-side Steelhead fails.

The fw-RST feature is enabled for transparent inner connections.

Packets ricochet from one in-path interface to another.

92498 Fixed the issue where a TCP connection may not get optimized when a client reuses the ports quickly.

94306 Fixed a race condition that led to an optimization service crash after the Steelhead entered connection admission control.

94808 Added a UI option to enable Flash Stream Splitting and renamed the original option to clarify that it controls Silverlight Stream Splitting.

94932 Fixed an issue where the primary interface remains physically up after being shut down.

95127 Perform a check for sufficient disk space before allowing the installation of RSP images.

95137 Improved the error handling around MX-TCP QoS rules and the pass-through traffic type. MX-TCP rules can no longer be set to pass-through.

95497 This patch invalidates HTTP domain name/relative path changes that do not satisfy the requirements.

95657 Additional alarms information, including the alarm hierarchy, table, statistics and the config override cache, can now be found in file alarmd_info.txt in the System Dump (Reports > Diagnostics > System Dumps).

5

95871 This fixes a bug in 7.0.0 wherein the value of the Application field for an Advanced QoS rule could not be removed (by setting the field selection to "--").

95989 Fixed a QoS Classification problem. Classification of more than 10,000 simultaneous optimized connections with DPI would fail with errors like "[qosd.ERR]: qosd_sport_connect_handler(), qosd.c:1484, build (null): Too many open files: accept".

95995 Fixed an issue that could result in Outlook clients repeatedly showing a password prompt to the user if encrypted MAPI optimization was enabled on the Steelhead and the attempts to authenticate the connection resulted in an error from the domain controller (DC). The fix involves properly categorizing the error codes returned by the DC to ensure that the encrypted MAPI connection is blacklisted and passed-through to the Exchange server in this scenario.

96214 Fixed uncommon problem where the users are unable to login via the web interface after a system start or restart due to a race condition that caused the system swap to fail to initialize.

96541 Fixed a problem that could cause an optimization service failure while optimizing Outlook Anywhere traffic. If an error condition occurred when the Outlook Anywhere connection was closed the optimization service could crash.

96599 Fixed an issue that caused the following warning message to incorrectly appear in the log during Virtual Steelhead startup: MSPEC license has expired or been removed. Terminating sport.

96637 Fixed cross-site scripting vulnerabilities on the RSP Dataflow page, as well as a CRLF injection vulnerability with the _fragment parameter in many pages.

96675 Enhanced the "protocol domain-auth test dns" command to check to make sure that the necessary DNS SRV records are present in the Active Directory Domain to which the Steelhead will be joined.

96696 We now allow the user to disable the exporting of SSL server certificates via a button on the SSL Main Settings page. Once disabled, though, this change is irreversible for security reasons.

96743 Fixed an optimization service crash when the Extended Peer Table (EPT) feature was enabled and peer Steelheads or Steelhead Mobiles were disconnected from a Steelhead.

97091 When adding a global application without specifying "protocol" parameter, the CLI returns "Internal Error". To avoid this problem specify "protocol all" when adding a global application. Alternatively, use WebUI to add a global application.

97136 Fixed an issue where certain factory installed licenses were removed when executing the "reset factory" CLI command.

97198 Fixed an issue where the RAID alarm would trigger, but no email or SNMP trap would be generated.

6

97199 Fixed an issue that caused RSP errors when making a backup of a powered off HA cloned VM.

97209 When a disk partition is full and an alarm is raised, a user will not receive email or SNMP trap notification.

97314 The fix enhances a Microsoft-SQL blade log message to be more specific when latency optimization is disabled.

97388 Fixed an issue where Basic QoS settings like Remote Link Bandwidth may be reset to 0 after an upgrade.

97398 Added support for Steelhead CX5055 and CX7055

97512 Fixed a memory leak in the QoS configuration management code

97599 Fixed an issue where the SMB2 optimization feature was not properly processing SMB2 Notify responses. When Notify responses indicated that a watched directories' content had changed, the Steelhead would incorrectly identify whether the affected files were cached. The fix now correctly clears cache information for the changed items.

97676 Some ioctl requests may affect the content of a file's meta data. When steelhead s encounter such requests it is not safe to reply on cached metadata, so they invalidated it. The FSCTL_READ_FILE_USN_DATA does not have such a result, but was formerly not identified as "safe." This change now includes this request among operations that will not invalidate cached metadata.

97709 Restricted number of CIFS Prepop policies to 10 and rules in each policy to 6, as an unlimited number of policies and rules can make the policy feature unmanageable.

97714 The default scheduled sync operation for CIFS prepop is an incremental sync which only transfers new and modified files. The following new CLI command has been provided to transfer all files during the sync operation for a given prepop share: prepop share modify remote-path <SHARE_NAME> full-interval <TIME_IN_SECONDS>

97740 Fixed a problem where defining bandwidth policy in Basic QoS mode an error 1003 is displayed if dscp_out parameter is not specified.

97793 Fixed an issue that caused speed and duplex changes to fail on the 2 Port 100BASE-FX/1000BASE-LX Fiber Network Bypass Card 410-00107.

97839 Fixed an issue that could cause sport main thread to become unhealthy and result in stack dump and message like the following in the log: "sport[26148]: [eventthread/watch/mgmt_debug/8.WARN] - {- -} watcher: EventThread(main)[LWP 26148] 0x24fb800 is not healthy".

97869 Fixed an issue where FTP optimization can fail when parsing PASV responses without parentheses.

7

98061 Fixed an issue that causes an optimization service failure on the server-side Steelhead in an optimized SMB2 connection when multiple simultaneous closes for a handle are sent when there are in progress operations that need to complete before the close.

98116 If the port labels are used in any of the QoS classification rules, they may potentially expand the rule count beyond the limit allowed on the appliance. This patch ensures that the limit applies to the rules before port label expansion

98181 Fixed an issue where the "ip flow-export" in "show run" output could be out of order and resulting in error messages when pasted back into a Steelhead.

98253 Fixed a memory leak which occurred when attempting to install a license which was already installed on the appliance.

98257 Fixed an optimization service failure issue that could occur if a Steelhead was optimizing many MAPI connections and many of those connections were simultaneously closed. This most commonly occurs when the system is shutting down.

98574 There are certain IOCTL operations that may modify the contents of a file on a server. When a steelhead encounters such an operation it will now invalidate any cached data it may have stored for the affected files.

98884 Fixed an issue where Auto-Delegation updates in Active Directory are not performed if all the Domain Controllers specified during the domain join operation are configured via their IP address instead of their hostname.

98940 Fixed an issue where the Steelhead reports speed and duplex on a network interface (FX/LX NIC 410-00107) when the interface was down.

99037 Fixed a problem where servers are blacklisted from receiving optimization for encrypted Lotus Notes traffic when a user's internet certificates have been updated.

99150 Fixed an issue in the Citrix optimization blade where the optimization overhead was comparable a small packet's size and added optimizations that provide positive data reduction with minimal WAN overhead from our optimization.

99169 If a CMC disconnects from a Steelhead appliance in the middle of an operation, such a push, the operation fails to resume in RIOS versions 7.0.1 and above. Also the "show cmc" command was not displaying anything for the address/hostname of the managing CMC in those same versions. Both issues are fixed.

99261 Fixed a crash that could occur in the sport process after a software upgrade.

99345 Fixed an issue where the memory usage by mgmtd process would continually increase when viewing SRDF reports.

99461 Enhanced the behavior of the SMB2 optimization file data cache to ensure that cached read data is not used in scenarios when there are unknown IOCTL operations for a given file.

8

99536 Fixed an optimization service failure that could occur when an optimized SMB2 client is notified of a directory deletion when the SMB2 cache on the Steelhead contains a node for one of the directory's children with no handles.

99637 Fixed an issue where the client-side Steelhead could experience a crash of the optimization service due to an unhealthy thread while optimizing an SMB2 connection. The unhealthy thread warning is issued because the SMB2 garbage collection process could potentially enter an infinite loop if the garbage collection began at the second share in our list, the second share was no longer in use, and there were less than 1000 nodes in the cache that could all be freed.

99997 The log message "Received request to enable AsyncEvent" was incorrectly logged at the Error level. This message is now correctly logged at the INFO level.

100148 When a MAPI-PREPOP connection is closed on the client side Steelhead it will produce a "Inner channel down prematurely, peer probably down; requesting shutdown" message on the server side Steelhead, because it is not closing the connection correctly. This message usually indicates network problem on the WAN connection, which is not the case for MAPI-PREPOP connections. This fix will close the MAPI-PREPOP connection correctly and prevent output of the misleading message.

100160 Fixed the RSP service alarm so that it does not trigger than RSP service is enabled or disabled.

100166 Fixed an optimization service crash that occurs when the Extended Peer Table feature was enabled and invalid data was detected on the storage device.

100269 Fixed a problem where Lotus Notes attachments would fail to be sent to server. This is most likely to happen in server-to-server push replication where the attachment write size is very large and/or there is delay between the server-side Steelhead appliance and the server receiving the attachment.

100368 Fixed an issue where SMB-signing optimization fails when an OS X client connects using Kerberos authentication and the Steelhead Kerberos authentication support is enabled.

100557 Fixed an issue where the link status of the primary interface is yes after primary is shutdown from CLI.

100576 The password for the Lotus Notes server file is no longer logged, regardless of logging level.

100631 Removed the documentation requirement that you enable transparent prepopulation using RCU for network environments that require SMB signing. As of RiOS v7.0, CIFS prepopulation supports environments that require SMB-signing without the need for the "Transparent Prepopulation Using RCU" setting.

100636 Fixed an issue which prevented the user from specifying a max-sync-size value larger than 2GB for a CIFS prepop share.

9

100664 Fixed an issue where a Steelhead will not send disk pressure changes to Interceptors with Fair Peering v2 and pressure monitoring enabled.

100812 Fixed an issue that resulted in SMB2-Signed connections getting blocked if the domain controller was unavailable when the end-to-end Kerberos authentication feature was being used.

100985 Fixed a race condition where the optimization service was referencing a certificate that was being modified or deleted. The solution was to defer certificate updates during a brief critical region when incoming connections are accepted.

101244 Corrected asymRouteError's definition from OBJECTS { arcount } to OBJECTS { asymRouteCount }"

101311 Fixed an issue where interface receive buffer size was not configured properly for some interface types, which may cause packet drops in certain high traffic situations.

101471 Fixed an issue of high CPU utilization of winbindd by first removing Samba database files prior to the first launch of winbindd after an upgrade if the Steelhead appliance is joined to a domain.

101500 We have made system resources to be used more efficiently under high connection loads. Customers running near to connection admission control with certain workloads and who were experiencing TCP memory pressure alarms should now notice a reduction or elimination of the memory pressure alarms.

101569 Fixed an error during Citrix CGP(SR) session resume that cause certain versions of RiOS to process Citrix Reconnect payload incorrectly.

101741 Fixed a bug in the qos code that resulted in the steelhead marking a Syn/Ack++ and some reset packets with an incorrect dscp mark. The dscp mark that was put on the packet was for the opposite direction of the connection.

101816 Fixed a problem where Lotus Notes clients could not connect to the server when encrypted Notes optimization was enabled and the connection matched an in-path rule with Data Reduction Policy set to "None".

101825 Fixed a problem where a small amount of memory is leaked on the server-side Steelhead appliance for every optimized encrypted Lotus Notes connection.

102104 The log message has been changed to correctly reflect the interface state. Previously: hal: Set interface mode to bypass successfully for port [0_0] It now correctly states: hal: Set interface mode to normal successfully for port [0_0]

102230 Fixed a memory leak issue taking place when HTTP Parse-and-prefetch optimization is enabled.

102377 Fixed a problem where a Steelhead running RSP could crash upon receiving corrupted IP fragment representing data past the IP frame length.

10

Fixed a problem where a Steelhead running RSP could crash after receiving IP fragment with DF flag set.

102380 Fixed an issue where Kerberos authentication support in HTTP optimization fails when the HTTP server resets its domain account credential.

102613 If QoS rules specify that DSCP values should be reflected from the client to the server connection, the initial packets in the TCP connection would not have their DSCP value properly set. This defect was fixed by using the DSCP value received the server side Steelhead appliance when connecting to the server.

102625 Obsoleted the Virtual Steelhead "datastore zero" CLI command and associated alarm.

102634 Fixed a memory pressure issue taking place when HTTP optimization is enabled with OPT and Gratuitous 401 in conjunction with Codec flow control.

102644 Added help text for the "qos classification site add" CLI command to indicate that a special value of 254 indicates that the DSCP value will be inherited from the service class.

102708 Fixed problem where a specific QoS rule's details on the Advanced QoS page would show "All" in the DSCP field even though the actual value was set to something different. This would occur for certain DSCP settings.

102855 Fixed an issue that prevented the optimization of SMB2 connections to an EMC-Celera filer when SMB2-Signing Optimization was enabled but the server did not require Signing.

102960 Fixed an issue where the hardware LED color could be incorrect until another change of health. The health state on the UI and CLI would have still been correct. Now the LED correctly reflects health state.

103022 Fixed an issue which resulted in Windows servers reporting a DoS attack from the Steelhead for CIFS prepopulation traffic. A new command line option is available that will allow tuning the percentage of maximum number of outstanding requests that will be available to CIFS prepopulation operation.

%prepop settings max-mpx-pct <10-100%>

A value of 70% is set by default. Customers can tune this value to a percentage that will work on their environment, typically 40% to 60%.

%show prepop settings

Displays the max-mpx-pct value currently set.

103039 Fixed an issue that caused the client-side optimization service to crash if it received a malformed SMB Notify Change response while CIFS optimization was enabled. The fix causes latency optimization to be disabled upon receiving a malformed response and an SMB_SHUTDOWN_ERR_MALFORMED error message is logged.

11

103060 Fixed an issue where "show hardware all" shows system LED color to be orange instead of red when the system is in critical state on models CX1555, EX1160 and EX1260.

103088 Fixed the way the system LED information was queried on the EX1160, EX1260 and CX1555 series appliances.

103347 Fixed a problem where a Steelhead attempts to optimize both multicast and broadcast packets when packet-mode optimization is enabled.

104518 Fixed the issue where a Steelhead running RSP could corrupt or drop IP packets, or crash upon receiving fragmented IP packets for pass-through traffic

105024 Fixed an issue where the Steelhead may crash when Steelhead Cloud Accelerator tries to optimize a connection to a SaaS server that isn't responding/is rejecting connections. This is most commonly seen with O365 servers when Outlook Client tries to connect to autodiscover.outlook.com.

105196 Fixed a problem in which the system did not send a notification at startup indicating the interfaces were up and running. Without the notification, QoS attempted to apply traffic classification rules on the interfaces before they were ready, causing it to fail. Once the interfaces were up and running, since the apply failed, no traffic passing through the interfaces was classified successfully.

105504 Fixed an issue where TCP Westwood wasn't performing optimally in some cases.

105606 Fixed an optimization service crash due to reused keys in the FTP blade.

105679 Fixed an issue that resulted in a crash of the optimization service on the server-side Steelhead when the SMB2 optimization feature was enabled and a client issued a close request for a file located on an SMB2 share that had been asynchronously marked for disconnect.

106238 Resolved an issue that resulted in a crash of the optimization service when SMB2 optimization was enabled and a ReadRequest was canceled while waiting on decode.

106317 Fixed an issue that caused save-as operations on optimized SMB2 connections to fail. The code responsible for handling find requests was failing to adjust the search pattern if the client restarted a find operation for a single filename. This resulted in a find operation for a single filename receiving a complete directory listing starting from the beginning of the directory, regardless of whether a file with that name existed or not. The fix has been made to reopen the find operation with the client's search pattern if we need to forward the client's find.

106329 A tree disconnect response in a SMB connection deletes the requests from the pending request queue but would leave the corresponding requests in the wait queue of the files as is. Subsequent access to the invalid wait queue entries would hence result in a crash in case of tree disconnect. The fix clears the wait queue when a corresponding request in the pending queue is removed.

12

106980 Patched ASN.1 vulnerability in openssl library (CVE-2012-2110, CVE-2012-2131)

107058 Fixed a crash in the connection forwarding code observed during service shutdown

107095 Clients which use DSCP marking to shape traffic throughout the network may inadvertently cause an excessive number of connections to be created between two Steelhead peers. This is due to a defect in determining if a pre-existing connection between peers is a suitable match. These additional connections do not count towards connection limits on the Steelhead appliance, but do waste small amounts of memory for each open connection. Over time this can lead to memory pressure alarms on the appliance that are not cleared even when all traffic has been stopped.

108244 We now do not set the prihw device on a Steelhead appliance to promiscuous mode in order to avoid potential primary interface hangs.

108679 Outlook 2007 and later when downloading attachments can use an "extended ReadStream" operation. This new operation is now supported.

109523 The CLI command "show license-client" returns a blank output and generates the following error in the logs:[cli.ERR]: user admin: cli_license_show_client_status(), cli_license_cmds.c:1055, build (null): Error code 14002 (assertion failed) returned"

110950 Outlook client without the proper SSL proxy CA cert installed will be put into bypass for 24 (default) hours instead of being blocked.

111097 Fixed an issue where connections optimized with Steelhead Cloud Accelerator can be disrupted in the rare case that a client sends a TCP SYN packet with data in the TCP payload.

111189 When optimizing SMB2 and an application doesn't get the name of the files it works on from the server, this message may appear in the logs if the client opens a file using a different case for the file name than what the server stores. To fix this, the detection of short names is done by the length of the filename components rather than a string comparison.

111414 In some rare conditions, the Steelhead 7050 can unexpectedly reboot with "General Protection Fault" message.

111698 Fixed a rare condition that can cause a Steelhead appliance to become unresponsive by changing internal parameters to reduce the memory use of model 150, 250, and 550 Steelhead Appliances and virtual Steelhead appliances.

111968 Fixed issues that populate invalid IP addresses in the redirect assign message from the lead cache in a Steelhead cluster to the WCCP router. For certain routers, this may result in the router black holing traffic instead of redirecting to the Steelheads.

111987 Fixed an issue that kept initial CIFS pre-population syncs from finishing successfully due to locked files.

13

112678 Fixed a bug to ensure that we perform QoS classification on raw IP multicast packets. Prior to this fix, only UDP multicast packets were being classified. With this fix all raw IP multicast packets will receive qos classification. Note that this patch does not handle TCP multicast packets.

112784 Fixed an issue that would result in a crash of the optimization service if the optimization service was shut down while an optimized SMB2 connection had requests outstanding.

113295 Fixed an issue where a hardware model upgrade cannot be activated after a reboot if the MSPEC license and hardware upgrade license were installed prior to the reboot.

113679 Enhancement to increase the outgoing optimized traffic bandwidth limits on the following models: CX1555, EX1160VH, and EX1260VH.

114397 Fixed the log message "unknown structure in ext SpliceSetupInfo:..." so that it will not appear when malta/canary steelhead releases inter-operate with lanai release.

114761 Fixed an issue in a client-side Connection Forwarding setup where, occasionally, encrypted Outlook Anywhere (eMAPI-OA) connections appear as optimized but do not get any data reduction because they are not properly optimized by the SSL blade. They would appear as HTTP optimized only instead of eMAPI-OA.

115263 The outstanding request queue length is determined by the max_mpx_count specified by the server. In rare cases, when a multi-threaded client is used, it is possible to exceed the outstanding request limit. This can cause certain CIFS servers to report a Denial-of-Service attack and reset the CIFS connection.

115443 Updated the way cache control headers are evaluated to ensure items tagged as cacheable are retained for a minimum of the in-flight cache delay. The scope of this change is limited to data content associated with HTTP stream-splitting.

115506 Fixed an issue which caused sync failure for large files on 32 bit machine for the Proxy File Service (PFS) feature. Also fixed an issue which could cause a permissions failure for large files.

115710 Fixed an issue that resulted in a crash of the optimization service on the client-side Steelhead when the SMB2 optimization feature was enabled and a client issued a close request for a file located on an SMB2 share that had been asynchronously marked for disconnect.

115851 Fixed a problem that prevented disabling DHCP on the primary interface of Virtual or Cloud Steelheads without the aux interface.

116015 In full/port transparency configuration, the socket buffer settings were ignored to default settings. In some setups this could impact performance.

116019 A defect was fixed that prevented SCPS from being negotiated between Steelhead appliances when transparency was enabled.

14

116020 A defect was fixed that caused the configuration for the out-of-band keepalive values to be ignored when either full or port transparency was enabled. In these circumstances, the Steelhead appliance would not notice as quickly if its peer is unavailable.

116670 Fix now will allow user config rx-buffer size to persist on a reload. Changing mtu will also change rx-buffer size. Rx-size will now depended on last configured value (user defined or mtu defined)

117078 Fixed an issue that occasionally returned a 500 error when logging into a Steelhead's web interface. This error was seen only when the TACACS+ server configured was unreachable.

117232 Fixed the ESX Cloud Steelhead to deploy with agent-intercept disabled.

117354 Fixed an issue with Steelhead Cloud Accelerator where initiating a sysdump when there are many active SaaS optimized connections, might cause cpu-usage on the Steelhead to increase significantly and generate a lot of error logs.

117993 Fixed an issue which caused a CIFS prepopulation sync operation to start at a non-deterministic time interval. After the fix, a prepopulation job will start at specified time interval.

119512 Fixed an issue where RAID alarm was triggered incorrectly for a non-raided disk.

119528 Fixed an issue where DSCP markings were not reflected on the optimized channel until data was sent in that direction. This was visible when using unidirectional protocols or on initial ACK packets sent before data.

120084 Fixed an issue where the optimization service may crash if it encounters an unrecognizable Kerberos ticket during cifs, smb2 or encrypted mapi authentication. If such a Kerberos ticket is encountered the resulting connection will be put into pass-through.

120238 Changed Steelhead Cloud Accelerator to pass through Google Drive Sync App instead of blocking it.

122331 Added a hidden CLI command to change the size of store partition to expected size. Additionally added a fix so that new machines being shipped do not need this CLI command and are correctly size when shipped from factory.

124355 A kernel crash was fixed which would manifest under the following scenarios:

(a) Inter-operating with a SCPS device like XPEP which negotiate SNACK (Selective Negative Acknowledgements) with the Steelhead

(b) If the first packet sent by the SCPS device is not received by the Steelhead and

(c) If the subsequent packet that is received by the Steelhead is a FIN packet.

The symptoms of the kernel crash includes a log message "divide error: 0000 [1] SMP" when the Steelhead is rebooted.

15

4) KNOWN ISSUES 82852 ip addrmap in Cloud Steelhead is used to manually map public and private IPs

(whether to override the portal info, or to use manual configuration) The ip addrmap mapping is shown in the "show running-config" and "show configuration" output as internal system commands, not the CLI format. These commands cannot be cut-and-pasted. Saved configurations will work as expected.

90947 QOS MX-TCP not supported on model CSH-2050-LXT

97273 Lotus Notes encryption optimization unnecessarily puts some connections in pass through

109501 Currently, the RBM user roles are ignored for Cloud Accelerator features. RBM users with "DENY" permissions in all roles are allowed access to Cloud Accelerator UI pages and Cloud Accelerator commands.

116965 When DHCP is enabled on an interface and the user tries to set a static IP address through the CLI, the IP address is not set and no error is returned.

117846 A Steelhead in a WCCP setup with Cloud Accelerator enabled will block ping requests from a Client behind the Steelhead to a SaaS Server. The ICMP response coming back from the SaaS server will not be delivered to the Client.

119433 Power cycling a WW appliance when in the middle of a firmware upgrade of the expanders can cause hangs

122751 If the peering cert of the Steelhead using Steelhead Cloud Accelerator is expired, the portal will not alert the user. The expired certificate will prevent Steelhead Cloud Accelerator from optimizing SaaS data.

126002 Steelhead Cloud Accelerator disabled upon Cloud Steelhead license expiration. This issue occurs only on ESX Cloud Steelheads using the Steelhead Cloud Accelerator feature. Upon expiration of the Cloud Steelhead license, the Steelhead Cloud Accelerator feature is disabled.

5) UPGRADING RIOS SOFTWARE

What upgrades are allowed?

You can upgrade this version of RiOS to another version that is both higher in version number and chronologically newer. For detailed information about upgrading and downgrading, see the article RiOS Upgrade and Downgrade Rules.

16

Steps to upgrade RiOS Software

Download the software image from the Software tab of the support site to a location such as your desktop.

1. Log in to the Management Console using the Administrator account (admin). 2. Navigate to the Setup: Software Upgrade page and choose one of the following

options: 3. From URL. Type the URL that points to the software image in the text box 4. From Local File. Browse your file system and select the software image 5. Click Install Upgrade.

The software image is quite large; uploading the image will take a few minutes. Do not press Ctrl-C, unplug, or otherwise shut down the system during this first boot. There is no indication displayed during system boot that the recovery flash device is being configured. After the upload is complete, you are reminded to reboot the appliance in order to switch to the new version of the software. After reboot, the software version is displayed on the Home page of the Management Console.

6) MANAGING RIOS 8.0.1 WITH A RIVERBED CMC RiOS version 8.0.0 can be configured and managed by Riverbed Central Management Console (CMC) version 8.0.0 or version 7.0.0 (only for features found in RiOS 7.0.x)

7) HARDWARE AND SOFTWARE REQUIREMENTS

Steelhead Appliance

The appliance is designed to be installed in a 19 inch (483 mm) two-post or four-post rack. WARNING: The system must be properly grounded (earthed) to reduce the risk of electrical shock. On European systems, the Green/Yellow tab on the power cord must be grounded (earthed).

Steelhead Management Console

Any computer that supports a Web browser with a color image display.

The Management Console has been tested with Mozilla Firefox versions 1.0.x through 3.6.x and Microsoft Internet Explorer versions 6, 7 and 8.

: Javascript and cookies must be enabled in your Web browser.

17

Steelhead Command-Line Interface

An ASCII terminal or emulator that can connect to the serial console (9600 baud, 8 bits, no parity, 1 stop bit, and no flow control) or

A computer with a Secure Shell (ssh) client that is connected by an IP network to the Steelhead appliance Primary interface. Free ssh clients include PuTTY for Windows computers, OpenSSH for many Unix and Unix-like operating systems, or Cygwin.

8) CONTACTING RIVERBED SUPPORT Visit the Riverbed Support site to download software updates and documentation, browse our library of Knowledge Base articles and manage your account. To open a support case, choose one of the options below.

Phone

Riverbed provides phone support at 1-888-RVBD-TAC (1-888-782-3822). Outside the U.S. dial +1 415 247 7381.

Online

You can also submit a support case online

Email

Send email to support@riverbed.com. A member of the support team will reply as quickly as possible.

©2012 Riverbed Technology. All rights reserved. Riverbed and any Riverbed product or service name or logo

used herein are trademarks of Riverbed Technology. All other trademarks used herein belong to their

respective owners. The trademarks and logos displayed herein may not be used without the prior written

consent of Riverbed Technology or their respective owners.