Date: Wed, 14 Nov 2001 14:51:59 -0500 (EST)
From: ImageStream Support
Subject: (ANNC) Enterprise Linux 3.0-beta2 for ImageStream routers available
Version 3.0-beta2 of ImageStream's Enterprise Linux is now available as an
open beta for all ImageStream router customers.
This software release is provided at no charge to all ImageStream
customers. Version 3.0-beta2 is highly recommended for all customers,
especially those who wish to test the new functionality before the general
availability release of Version 3.0.
This release note documents commands and features added between Version
2.3.3 and the Version 3.0 beta releases.
New Features in Version 3.0
Filesystem Layout Change
Version 3.0 simplifies the filesystem layout. All binaries are now
located in /bin. The /sbin, /usr/bin, /usr/sbin, /usr/local/bin, and
/usr/local/sbin directories are symbolic links to /bin. Similarly, all
libraries are now in /lib. The /usr/lib and /usr/local/lib directories are
symlinks to /lib.
Menu Navigation Improved
Version 3.0 includes a new version of menuEngine. In addition to
navigation by number in the menu, menu options are highlighted and may
also be navigated by use of the arrow keys. The new version is also more
SAND Version 3.30 Included
ImageStream's SAND Version 3.30 release is included in the Version
3.0-beta2 release. See the release notes for Version 3.30 for more
information about the SAND Version 3.30 software release. This SAND
release includes an updated version of stats, the real-time utility used
to monitor and report status and usage on LAN and WAN devices. The stats
program is configurable. A configuration file is located in
/etc/stats.conf. Configuration file options are:
name string to match against device name;
i.e. : Serial0 matches only Serial0
%s matches all interfaces.
eth%d matches all ethernet master devices
rename Renames the specified device(s) to
description Sets the default description on the device(s) to
bandwidth Sets the bandwidth on the specified device(s) in bytes/sec
encapsulation Sets the encapsulation field on the specified device(s)
[no] show Instructs stats to display (or to hide, in the negative case)
the specified device(s)
OpenSSH Upgraded To Support SSH Version 2
The encrypted shell program, OpenSSH, included with Enterprise Linux, now
supports SSH Version 2. Version 2 is the default protocol version used in
the Version 3.0 release. SSH Version 1 contains a protocol deficiency
that makes an insertion attack difficult but theoretically possible. In
addition, the OpenSSH configuration files have been documented more
clearly, and the serverkeybits value is now set to 1024 instead of 768.
The version included in 3.0-beta2 does NOT address the security advisory
released on September 26, 2001 regarding a weakness in OpenSSH's source IP
based access control for SSH protocol v2 public key authentication. This
bug affects only those users using the 'from=' key file option combination
with both RSA and DSA keys. The general availability release of Version
3.0 WILL include OpenSSH Version 2.9.9, which patches the bug.
SNMP Now Uses Net-SNMP (UCD-SNMP)
The SNMP server included in Version 3.0 is net-snmp (ucd-snmp). The
configuration file used in net-snmp (ucd-snmp) is significantly different
than the previous CMU-SNMP implementation. THEREFORE, ANY CONFIGURATION
CHANGES MADE TO THE SNMP IMPLEMENTATION WILL NEED TO BE RECONFIGURED.
router-utils Package Includes Time Configuration Utility
Version 3.0 includes a "set_time" utility available from the command line
to configure localtime for the routers. This utility is also available
from the Configuration and Update Menu under the Global Configuration
IPSec/FreeSWan Package Added
Linux FreeSWan, the IPSec VPN package, is included in Version 3.0. The
current version of FreeSWan also support opportunistic encryption.
IP-Takeover Package Added
ImageStream routers can now be configured in a fault-tolerant, high
availability setup from the command line using IP-Takeover. IP-Takeover
provides less than 50 ms switchovers in the case of a primary router
failure. The failover software is similar to other software failover
implementations, such as Cisco Systems (R) Hot Swap Router Protocol
(HSRP), in that it does not provide for switching of physical cabling.
Separate, relay-based devices are required for a full failover setup.
Quality of Service Package Updated
The bandwidth limiting front-end for quality of service has been updated
in Version 3.0. The new bandwidth limiting script supports additional
options and interfaces directly with the command-line "tc" utility.
Bandwidth limiting commands are translated into tc commands and stored in
/tmp on the router.
GateD Dynamic Routing Package Updated
The GateD dynamic routing program has been updated for Version 3.0. The
interactive interface to gated, gii, now is only available on through a
direct connection on the router (localhost) and ipchains/iptables rules
are not required to block outside access. The "show bgp summary" and
"show bgp peeras " commands now also reflect the number of
route announcements sent to and received from each peer.
Bugs fixed in Version 3.0-beta2
The following bugs have been fixed in Version 3.0-beta2:
ipchains REJECT Rules Functionality
Due to a kernel configuration error, Version 3.0-beta1 did not support
ipchains REJECT rules. ipchains DENY rules work in both beta versions.
All valid ipchains commands, including ipchains REJECT rules, are
functional in beta2.
Kernel Logging Program Not Started By Default
Previous Enterprise Linux versions started the system message logger
(syslogd), but not the kernel message logger (klogd) by default.
Beginning with Version 3.0-beta2, klogd is also started by default.
Quality Of Service Backwards Compatibility Issue
Version 3.0-beta1 inadvertently excluded the original "bwlimit" script
included in previous versions. Version 3.0-beta2 includes this utility
for backwards compatibility.
Workaround For Cisco IOS Bug in BGP Added to GateD
Certain versions of the Cisco IOS accept and propagate invalid routing
information. This behavior is in violation of the BGP RFC, and causes
RFC-compliant devices, including ImageStream routers, to properly drop
peering sessions. When affected Cisco routers are upstream of an
RFC-compliant device, this can cause a loss of connectivity for the
downstream router. ImageStream has patched GateD to log an error and
ignore invalid route announcements in these situations. Peering sessions
will no longer be automatically terminated.
Gated Display Of "checkconf" Output At Boottime Requiring User Intervention
Gated no longer displays the output of the "checkconf" command at
boottime. Previously, incorrect configurations could cause the router to
require user input at the console to continue the boot process. Beginning
with Version 3.0-beta2, the checkconf output is no longer displayed at
*** NOTE! If the upgrade fails, do NOT reboot! Contact ImageStream's
Technical Support without rebooting. ***
Upgrading to Version 3.0 or later requires the following:
1. 64 MB of RAM or higher.
2. 32 MB of flash.
3. 300 MHz processor or better.
3. Enterprise Linux Version 2.3.2 or higher.
The upgrade utility will not install Version 3.0 if memory and flash
requirements are not met. Users can contact ImageStream to purchase a
RAM, processor or flash upgrade.
Users running an Enterprise Linux version less than 2.3.2 must upgrade
before Version 3.0 will be available from the Update menu. Upgrading any
version prior to 2.3.2 will automatically be upgraded to 2.3.2. A second
upgrade will be required to install Version 3.0.
The upgrade does not otherwise affect the stored configuration in the
ImageStream router. To back up the router's configuration prior to
upgrading, choose option 4 (Backup/Restore) from the router's main menu.
Choose the Backup methods option (Option 1) and select a method from the
choices listed. From the router's command line, use the "backup
" command. The backup utility takes four arguments: flash
(to back up configurations to the router's nonvolatile flash memory),
floppy (to back up to a floppy disk), scp (to back up via secure copy), or
file (to back up to a separate file on the router's nonvolatile flash
Copyright and Trademarks
Copyright 2001 ImageStream Internet Solutions. All rights reserved.
ImageStream is a trademarks of ImageStream Internet Solutions, Inc. All
other marks are the property of their respective owners.
ImageStream makes no representations or warranties with respect to the
contents or use of this document, and specifically disclaims any express
or implied warranties of merchantability or fitness for any particular
purpose. Further, ImageStream reserves the right to revise this
publication and to make changes to its content, any time, without
obligation to notify any person or entity of such revisions or changes.
Contacting ImageStream Technical Support
Every ImageStream product comes with a one year hardware and software
warranty. ImageStream provides technical support via voice, FAX,
electronic mail, and the web. Technical support is available 24 hours a
day, 7 days a week.
To contact ImageStream technical support by voice, dial +1 (574) 935-8484
worldwide. By FAX, dial +1 (574) 935-8488. By electronic mail, send mail
to firstname.lastname@example.org. Using the World Wide Web, see