A printable plain text version is also available.
Date: Wed, 6 Apr 2005 01:55:24 -0500 (EST)
To: isis-support@imagestream.com
Subject: Enterprise Linux Version 4.2.5 for routers available

Version 4.2.5 of ImageStream's Enterprise Linux is now available as a general
availability (GA) release for all ImageStream router customers.

This software release is provided at no charge to all ImageStream customers.
Version 4.2.5 is a maintenance release and recommended for all customers who
wish to run the latest GA release.  The most recent Open Beta release, Version
4.2.4, will not be released as a GA release.

This release note documents commands and features added between Version 4.2.3
and Version 4.2.5, including features added in all Version 4.2.4 beta releases.


New Features in Version 4.2.5

Route Cache Adjustments Improve Resilience Against Denial Of Service Attacks

The Enterprise Linux kernel included in Version 4.2.5 includes enhanced route
cache parameters that increase routing performance under heavy loads by
optimizing the method used by the kernel to expire entries from its source and
destination route cache.  The kernel adjustments eliminate common Denial of     
Service conditions causing high CPU usage as reported by ImageStream router   
customers using pervious releases.

GRE and IPIP Tunnel Support Added

The version of SAND included in Enterprise Linux Version 4.2.5 supports
tunnel modes of GRE and IPIP in the network interface configuration file
(wan.conf).  Previous versions required users to enter iproute2 commands 
directly.  This option provides users with the ability to automatically
manage unencrypted GRE and IPIP tunnels using the same advanced interface as
OpenVPN/SSL and CIPE tunnels.

bwinit/bwadd Quality of Service Utility Updated

ImageStream's bwinit/bwadd Quality of Service utility now automatically corrects                   
capitalization errors in the rate and ceiling bandwidth calculations.  The
bwinit/bwadd utilities also support a new "--root-class" or "--root" option.     
This new option allows advanced users to specify an alternate root class for a
device for ease of configuration across multiple devices when using CLASSIFY    
firewall rules.

Performance Enhancements Added To Enterprise Linux Kernel, SAND

The version of the Enterprise Linux kernel included in Version 4.2.5 adds new
functionality that allows each network device to queue additional packets
successfully.  Adjustments made to SAND's ATM rate limiting substructure in     
Version 4.2.3 have been removed to restore added performance.

Performance Enhancements Added For On-board Ethernet Ports On Gateway, Enterprise

Version 4.2.5 includes significant performance enhancements for the on-board
Ethernet ports on Gateway and Enterprise Router models that include the Intel
10/100/1000 chipset.  Coupled with other performance enhancements, performance
for on-board Ethernet ports is increased by 40-50% in many applications.

The following bugs have been fixed in Version 4.2.5:

530 Series DS3/E3 Cards Can Panic Under Heavy Loads When Link Is Unstable   

Version 4.2.5 fixes a driver problem with the 530 series DS3/E3 cards.  In
previous 4.2 releases, the 530 series DS3/E3 cards could periodically encounter
a panic condition with heavily loaded, highly unstable DS3 or E3 links.  Version
4.2.5 corrects the queue problem that causes this error.

ATM PVCs Stop Transmitting Under Specific Conditions When Initial Transmit Fails

Version 4.2.5 fixes a driver problem with the 1000 series ATM cards.  Previous
versions of SAND included in earlier Enterprise Linux versions could stop
transmitting on ATM interfaces when traffic bursts or sustained traffic levels
caused multiple failures to transmit on some, but not all, PVCs on a particular
circuit. Version 4.2.5 corrects the internal SAND re-queueing problem that  
causes this error.

IPSec Starts Before SAND On Boot

Earlier versions of Enterprise Linux failed to set a proper runlevel value on 
the IPSec service.  As a result, routers would start the IPSec service before
SAND, causing problems with certain routing configurations.  Version 4.2.5
assigns a runlevel value of 80, ensuring that IPSec starts after all other
services except for the firewall and QOS services.