A printable plain text version is also available.
Date: Fri, 31 Jan 2003 16:52:12 -0500 (EST)
From: ImageStream Support
Subject: Enterprise Linux 4.1.0 for routers available

Version 4.1.0 of ImageStream's Enterprise Linux is now available as a
general availability (GA) release for all ImageStream router customers.

This software release is provided at no charge to all ImageStream customers.
Version 4.1.0 is recommended for all customers, and is highly recommended
for all customers who wish to upgrade to the latest available software release.
Version 4.1.0 provides significant stability and performance increases over
previous releases.

VERSION 4.1 RELEASES DEPRECATE THE IP-TAKEOVER PACKAGE.  CUSTOMERS USING
IP-TAKEOVER MUST USE THE STANDARDS-BASED VRRP IMPLEMENTATION INCLUDED IN 4.1.0.
IP-TAKEOVER IS NO LONGER AVAILABLE IN VERSION 4.1 RELEASES.

This release note documents commands and features added between Version
4.0.2 and Version 4.1.0.


----------------------------


New Features in Version 4.1.0


Kernel Version, Modules Updated

Version 4.1.0 adds ImageStream's Enterprise Linux based on Linux kernel version
2.4.19.  All kernel modules included with the kernel-modules package have been
updated.


NET-SNMP 5.0.3 Included

Version 4.1.0 adds Version 5.0.3 of the NET-SNMP package.  The latest versions
of NET-SNMP support SNMP version 3, as well as a new module API for easy
addition of new MIBs.


Zebra Version 0.93a Included

Version 0.93a of Zebra is included in Version 4.1.0.  This version of Zebra
fixes an OSPF crush problem for ospfd and ospf6d and adds new configuration for
BGP.  ImageStream does not provide technical support for Zebra, but provides the
package as a convenience to users who are familiar with Zebra or prefer to use
it instead of ImageStream's version of GateD.


Quality of Service Package Updated

The quality of service utility, "tc", has been updated in Version 4.1.0. The new
version supports additional options and updates support for common queuing
schemes, including HTB.


Advanced IP Routing Utility Updated

iproute2, the advanced IP routing utility including with ImageStream routers has
been updated in Version 4.1.0.  The new version supports additional options and
updates support for advanced rule-based routing schemes.


Firewalling Utility Updated

iptables, the advanced IP firewalling/packet filtering utility including with
ImageStream routers has been updated in Version 4.1.0.  The new version updates
queuing schemes and adds support for the following advanced routing features:

-Packet IPv4 option stripping
-NAT table targeting and mapping for easier 1:1 NAT across entire subnets
-Advanced connection track matching options (state, protocol, original
source/destination, reply source/destination, status, expiration)
-Multi-port matching
-Nth packet matching
-Packet class/type matching (eg. broadcast, multicast, etc.)
-Matching based on time (start time, stop time, day of the week)
-Patch to allow TFTP through NAT


Performance Of Intel Chipset Ethernet Cards Dramatically Improved

Version 4.1.0 adds a new polling mode driver for Ethernet cards equipped with
the Intel EtherExpress Pro chipset.  Most on-board Ethernet NICs and single-port
Ethernet expansion cards for ImageStream routers use the Intel chipset. This
driver replaces the previous interrupt mode.  Due to advanced buffer and
signaling capabilities of the polling mode drivers, Version 4.1.0 increases
Ethernet performance on ImageStream routers and decreases the CPU footprint,
especially under heavy traffic loads.


Failsafe Mode With Rebel Router Boots With Serial Console

Previous versions of Enterprise Linux did not support booting the 1U Rebel
Router into failsafe mode via the serial console.  Version 4.1.0 no longer
requires the installation of a video card to boot the Rebel Router into failsafe
mode.


IPSec VPN Support Updated

The version of the IPSec VPN software, FreeS/Wan, and base kernel included with
Version 4.1.0 adds support for X.509 digital certificates, ALG 0.8.0, notify and
delete SA functions, and NAT traversal, among other minor patches for faster
tunnel negotiation.


Support For 4096 Bridge Groups Added

Version 4.1.0 supports configurations of up to 4096 bridge groups. Previous
versions did not support more than 256 bridges.  Large bridging configuration
(500+ bridges) load times have also been decreased by 75%.


Support for "Ethernet" and "Token Ring" Device Names At Command Line Added

Version 4.1.0 supports the use of "Ethernet" along with "eth" device
nomenclatures.  At the command line and when using command line utilities such
as iptables, ifconfig or tc, users may now specify either Ethernet or eth when
referring to Ethernet interfaces on the router. "TokenRing" may also be
substituted for "tr" when referring to Token Ring devices.


SAND Version 3.5.20 Included, ISDN BRI Support Added, Statistics Utility Updated

ImageStream's SAND Version 3.5.20 release is included in the Version 4.1.0
release.  See the release notes for Version 3.5.20 for more information about
the SAND Version 3.5.20 software release.  SAND Version 3.5.20 adds significant
new functionality to the "stats" real-time statistics utility, full support for
ISDN BRI interfaces, updated ATM and DS3 support and VLAN and VRRP commands.


Virtual Router Redundancy Protocol (VRRP) Support Added, IP-Takeover Deprecated

Version 4.1.0 adds support for the IETF-standard VRRP protocol for Ethernet
failover.  Enterprise Linux uses ImageStream's open source VRRPd package.  VRRP
is interoperable with all other implementations of VRRP.  VRRP replaces the
IP-Takeover package.  Customers using IP-Takeover must switch to VRRP prior to
upgrading to the GA release of 4.1.0.  IP-Takeover will no longer be available
as of Version 4.1.0.


IPSec VPN Configuration Utility Added

A VPN configuration utility for ImageStream routers has been added to Version
4.1.0.  Customers can use this script to configure IPSec VPNs using a single
point-to-point tunnel.  The VPN configuration utility, available from IPSec VPN
service menu, can automatically configure remote ImageStream routers for a
point-to-point VPN tunnel.  See the Router Installation Manual for additional
details on using this script.


Hardware Health Monitoring For Set-Top R1 Routers Added

Previous Version 4.0 releases did not support hardware health monitoring on
set-top R1 routers.  Version 4.1.0 adds support for the VIA chipsets used for
hardware monitoring on the R1.  Version 4.1.0 hardware health monitoring also
provides more human-readable script output.


Hardware Health Monitoring For New Gateway Routers Added

Version 4.1 beta releases did not support hardware health monitoring on set-top
R1 routers.  Version 4.1.0 adds support for the Winbond chipsets used for
hardware monitoring on Gateway Routers built after December 2002.



Bugs fixed in Version 4.1.0


The following bugs have been fixed in Version 4.1.0:


Statistics Rollover With 10/100/1000 and Gigabit Ethernet Cards Fixed

Version 4.1.0 fixes a bug in the real-time statistics display for 10/100/1000
and Gigabit Ethernet cards.  When accumulated traffic reaches 4 billion bytes or
packets, the counter will roll over to 0 instead of remaining at 4 billion.
This change enables the usage percentages to be calculated correctly, instead of
displaying 0% after the packet or byte count reaches 4 billion.


Bridging Over VLANs Fixed

Under Version 4.1.0, VLANs did not operate correctly as members of bridge
groups.  Adding VLANs to a bridge group caused all traffic sent on the VLAN to
be dropped.  Version 4.1.0 fixes this behavior, allowing VLANs to operate
properly as members of bridge groups.


Firewall Service No Longer Initializes NAT Tables

To avoid problems with connection tracking tables, the default rc.firewall
script in Version 4.1.0 no longer initializes the NAT table within iptables.
This avoids loading the connection tracking modules unless NAT rules are
actually defined on the router.  Version 4.0 releases initialized the NAT table
and enabled connection tracking unnecessarily.


Duplicate IP Address Warnings In GateD With Frame Relay/ATM Master Interfaces
Removed

The GateD package for dynamic routing has been fixed in Version 4.1.0 to remove
unnecessary warnings about duplicate IP addresses.  Previous versions reported
warnings on routers with frame relay and ATM master interfaces configured.


GateD Correctly Parses Configurations With Frame Relay And ATM Sub-Interfaces

The GateD package for dynamic routing correctly parses configurations using
sub-interfaces in Version 4.1.0.  Previous versions would incorrectly truncate
the sub-interface name and use only the master interface name when configuring
dynamic routing.  Version 4.1.0 allows multiple sub-interfaces to be used in
dynamic routing configurations with GateD.


ATM Variable Bit Rate And Available Bit Rate QOS Types Fixed

SAND Version 3.5.20, included with Version 4.1.0, fixes cell delay variation
tolerances with vbr and abr QoS types for ATM.  Previous versions allowed cells
to be transmitted in bursts.  Version 4.1.0 fixes this behavior.


Various Aesthetic Changes To Menu Options

Version 4.1.0 fixes small typographical errors in all of the router menus, and
adds clearer descriptions of several menu items.