PacketShaper Release Notes

PacketWise Version 8.6.4

December, 2010

P/N 20-0260-864 Revision A

Disclaimer THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY EXPRESS OR IMPLIED WARRANTY OF ANY KIND, INCLUDING WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT OF INTELLECTUAL PROPERTY, OR FITNESS FOR ANY PARTICULAR PURPOSE. IN NO EVENT SHALL BLUE COAT SYSTEMS OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT OF THE USE OF OR INABILITY TO USE THIS DOCUMENT, OR THE PRODUCTS DESCRIBED HEREIN, EVEN IF BLUE COAT SYSTEMS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME JURISDICTIONS PROHIBIT THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. Blue Coat Systems and its suppliers further do not warrant the accuracy or completeness of the information, text, graphics, links or other items contained within this document, or assume liability for any incidental, indirect, special or consequential damages in connection with the furnishing, performance, or use of this document. Blue Coat Systems may make changes to this document, or to the products described herein, at any time without notice. Blue Coat Systems makes no commitment to update this document. Copyright/Trademarks/Patents Copyright 1996-2008 Packeteer, Inc. All rights reserved. Copyright 2008-2010 Blue Coat Systems, Inc. All rights reserved. Blue Coat Systems, the Blue Coat Systems logo, PacketWise, PacketSeeker, PacketShaper, PacketShaper Xpress, PolicyCenter, ReportCenter, SkyX, iShared, Mobiliti, iShaper, IntelligenceCenter, and Falcon are trademarks or registered trademarks of Blue Coat Systems, Inc. in the United States and other countries. All trademarks and registered trademarks mentioned herein are the property of their respective owners. Other product and company names used in this document are used for identification purposes only, may be trademarks of other companies, and are the property of their respective owners. All rights reserved. No part of this document may be reproduced, photocopied, stored on a retrieval system, transmitted, or translated into another language without the express written consent of Blue Coat Systems, Inc. SNMP Research SNMP Agent Resident Module Version 14.2.1.7. Copyright 1989-1997 SNMP Research, Inc. This product includes software developed by the University of California, Berkeley and its contributors. Portions Copyright 1982, 1983, 1986, 1989, 1990, 1993 by The Regents of the University of California. All rights reserved. Portions Copyright 1996 by Internet Software Consortium. Portions Copyright 1993 by Digital Equipment Corporation. Portions Copyright 1990 by Regents of the University of Michigan. All rights reserved. This product includes software developed by the University of California, Berkeley and its contributors. Portions Copyright 2001 Mike Barcroft. Portions Copyright 1990, 1993 by The Regents of the University of California. All rights reserved. This product incorporates software for zipping and unzipping files. UnZip 5.42 of 14 January 2001, by Info-ZIP. Zip 2.3 (November 29th 1999). Copyright 1990-1999 Info-ZIP Portions copyright 1994, 1995, 1996, 1997, 1998, by Cold Spring Harbor Laboratory. Funded under Grant P41-RR02188 by the National Institutes of Health. Portions copyright 1996, 1997, 1998, by Boutell.Com, Inc. GIF decompression code copyright 1990, 1991, 1993, by David Koblas (koblas@netcom.com). Non-LZW-based GIF compression code copyright 1998, by Hutchison Avenue Software Corporation (http://www.hasc.com/, info@hasc.com). Portions Copyright 2006 Narciso Jaramillo. <nj_flex@rictus.com> TACACS+ software Copyright 2000,2001 by Roman Volkov. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * The names of its contributors may not be used to endorse or promote products derived from this software without specific prior written permission. Fisheye Component v0.1 Copyright 2006 by Ely Greenfield ActionScript Library 3.0 (as3corelib v0.9) BSD 2.0 Copyright 2008, Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the University of California, Berkeley nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

U.S. Government Restricted Rights Blue Coat software comprises commercial computer software and commercial computer software documentation as such terms are used in 48 C.F.R. 12.212 (SEPT 1995) and is provided to the United States Government (i) for acquisition by or on behalf of civilian agencies, consistent with the policy set forth in 48 C.F.R. 12.212; or (ii) for acquisition by or on behalf of units of the Department of Defense, consistent with the policies set forth in 48 C.F.R. 227-7202-1 (JUN 1995) and 227.7202-3 (JUN 1995). Blue

Coat software is provided with RESTRICTED RIGHTS. Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in FAR 52.227-14 and DFAR 252.227-7013 et seq. or their successors. Use of Blue Coat products or software by the U.S. Government constitutes acknowledgment of Blue Coats proprietary rights in them and to the maximum extent possible under federal law, the U.S. Government shall be bound by the terms and conditions set forth in Blue Coats end user agreement. Blue Coat Systems, Inc. 410 N. Mary Avenue Sunnyvale, CA 94085 http://www.bluecoat.com Revision History September, 2010 November, 2010 November, 2010 December, 2010

PacketWise 8.6.1 PacketWise 8.6.2 PacketWise 8.6.3 PacketWise 8.6.4

Introduction
ThesereleasenotesincludethechangestoPacketWise8.6.4only.Ifyouareupgradingfromanearlier versionofPacketWise,youcanlearnaboutothernewfeaturesandsoftwarechangesbyconsultingthe releasenotesfortheversionsbetweenyourcurrentsoftwareandv8.6.4. AcrobatPDFfilesofallversionsofreleasenotesareavailablefordownloadat http://support.bluecoat.com/documentation. Note: This document reflects current information at the time the release notes were finalized. The Blue Coat support website may contain additional late-breaking information: https://support.bluecoat.com Seethefollowingsectionsforspecificinformation: ResolvedIssuesinPacketWise8.6.4 ............................................................................................................. page2 BackingUpSoftwareConfigurations........................................................................................................... page3 UpgradingtoPacketWise8.6.4...................................................................................................................... page7 KnownIssuesinPacketWise8.6.4 ................................................................................................................ page11 KnownIssuesinXpress.................................................................................................................................. page15 AdditionalInformationforPacketWise8.6 ................................................................................................. page16 AdditionalInformationforXpress ............................................................................................................... page18

PacketWise 8.6.4 Release Notes

Resolved Issues in PacketWise 8.6.4

ThefollowingissuediscoveredinpreviousversionsofPacketWisehasbeenresolvedinv8.6.4.

SNMP
PacketWise8.6.4fixesaprobleminwhichrepeatedSNMPqueriescausedthePacketShapertoreboot.
[SR 2-338164972; B#150341]

PacketWise 8.6.4 Release Notes

Backing Up Software Configurations

Overview
Important:BeforeupgradingtoPacketWise8.6.4,itisimperativetobackupyourconfiguration.Youmay needtousethesebackupfilesincaseyourconfigurationdoesntloadproperlyafterinstallingthenew software.Forinstructions,seethefollowingsectionsHowDoISaveMySettings?andHowDoIBack UpConfigurations? Note: If you are using PolicyCenter, follow the backup instructions in PolicyCenter 8.6.4 Release Notes. In addition, make sure to upgrade to PolicyCenter 8.6.4 before installing PacketWise 8.6.4 on your PacketShapers.

How Do I Save My Settings?

Option 1 UsetheconfigsaveCLIcommandtosavethecurrentconfigurationssharablesettingsinan.ldifileandits nonsharablesettingsina.cmdfile.The.ldifilecontainsthetraffictreeconfiguration(includingallclasses, classIDs,partitions,policies,hostlists,andevents),aswellasallsharableconfigurationsettings,suchas packetshaping,trafficdiscovery,passwords,SNMP,email,SNTP,compression,andSyslog.The.cmdfile containstheunitsIPaddress,gateway,DNSservers,timezone,NICspeed,andothernonshareable settings.Ifyoueverneedtorestoretheconfiguration,youcanissuetheconfigloadcommandtoloadthese savedsettings. Tosaveyourconfiguration:
config save <filename>

where<filename>isthenameoftheconfigurationfile(suchasmyconfig).The.ldiand.cmdfiles(for example,myconfig.ldiandmyconfig.cmd)areautomaticallycreatedinthe9.256/volume(systemdisk). Note: Do not confuse the config save .cmd file with the one created using setup capture (Option 2 below). The setup capture command file is an executable file that contains all the PacketShaper settings; the config save command file contains only the non-shareable settings. Option 2 Inaddition,PacketWiseoffersawaytocaptureyourtrafficconfigurationandsettingsinanexecutable command(.cmd)file.First,usethesetupcapturecommandtocreatethecommandfile.Then,ifyouwant torestorethesettingsyoucaptured,usetheruncommandtorecreatetheconfiguration. Notethatrestoringaconfigurationbyrunningacommandfiletakesmuchlonger(possiblyhours)than loadingaconfiguration(lessthanaminute).However,BlueCoatrecommendsthatyoucreateandbackup thecommandfileasasafeguardincasetheconfigurationfailstoload. Tosaveyoursettingsinacommandfile,usethefollowingcommand:
setup capture complete <filename>

where<filename>isthenameofthecommandfile(suchasbackup.cmd).Thisfileisautomaticallycreated inthe9.256/cmddirectory. Thiscommandfileshouldbebackedupalongwithyourconfiguration.ldiand.cmdfiles.

How Do I Back Up Configurations?

Aftersavingandcapturingtheunitsconfigurationasdescribedabove,youshouldcopytheconfiguration files(suchasmyconfig.ldiandmyconfig.cmd)andthecommandfile(suchasbackup.cmd)toa workstationsharddrive. TotransferfilesfromthePacketShapertoaworkstation: 1. Atyourworkstationscommandline,createadirectorywherethebackupfileswillbestored.

PacketWise 8.6.4 Release Notes

2.

Gotothenewlycreateddirectoryandenter:
ftp <ipaddress>

where<ipaddress>isthePacketShapersaddress(forexample,ftp192.166.0.100). WhenyoupressEnter,thescreenmessagesindicatethattheconnectionhasbeenmadeandthatthe serverisready. 3. 4. 5. 6. Enterausername(suchastouch). Entertheunitstouchpassword. GotothePacketShaperdirectorywhereyousavedtheconfigurationfiles.Bydefault,theyaresavedon thesystemdisk(9.256/). Totransfertheconfigurationfiles(.ldiand.cmd)fromthePacketShapertoyourlocaldrive,enter:

ascii (to go into ASCII mode) get <filename>.ldi (where <filename> is the name of the file you saved with config save) get <filename>.cmd (this is the .cmd created with config save, not setup capture)

7.

Totransferthecommandfileyoucapturedwithsetupcapture:
get <filename>.cmd (where <filename> is the file that was created with setup capture) quit

How Do I Restore Configurations?

Intheeventthatyourcurrentsoftwareconfigurationbecomescorrupt,usethefollowingprocedureto restoretheunittotheconfigurationyousaved: 1. 2. 3. 4. 5. Atyourworkstationscommandline,gotothedirectorywherethebackupfileswerestored. FTPtothePacketShaper. Enterausername(suchastouch). Entertheunitstouchpassword. Totransfertheconfigurationfiles(.ldiand.cmd)fromyourworkstationsdrivetothePacketShapers systemdisk,enter:
ascii (to go into ASCII mode) put <filename>.ldi (where <filename> is the name of the file you saved with config save) put <filename>.cmd quit

6.

Toresetandloadthenewconfiguration,gotothePacketShaperscommandlineinterface,andtypethe followingcommands:
config reset config load <filename>

7.

Ifaconfigurationwontloadorthetraffictreestillisntinplace,youcanrestoretheconfigurationby runningthecommandfileyoubackedup.Forexample,ifyouusedthesetupcapturecommandand createdafilenamedbackup.cmd,youneedtoFTPthebackup.cmdfiletothePacketShaperandthen typerunbackup.cmdattheCLIprompt.

Reverting to a Backup Image

WhenyouupgradePacketWise,thenewlyinstalledversionbecomesthemainimage,andtheprevious mainimagebecomesthenewbackupimage. Therearetimeswhenyoumaywanttoreverttoyourbackupimage(thatis,replacethemainimagewith thebackupimage): AfterattemptingtoloadaversionofPacketWisethatdoesnotsupportyourPacketShapermodel.

PacketWise 8.6.4 Release Notes

 AfterevaluatinganewversionofPacketWise,butbeforedeployingthenewversion. WhenyouobserveproblemswithyourPacketShaperthatbeganafterloadingadifferentversionof PacketWise. PacketWiseofferstwomanualandoneautomaticmethodtoreverttothebackupimage: Usingtheimagerevertcommand.(SeeReverttotheBackupImageUsingtheCLIonpage 5.) PressingCtrl+Bduringthebootupprocess.(SeeReverttotheBackupImagebyPressingCtrl+B onpage 6.) Automaticreversionwhenaunitrepeatedlyfailstoboot.(SeeAutomaticReversiontotheBackup Imageonpage 6.) Considerations When Reverting HerearesomeconsiderationswhenrevertingfromPacketWise8.6toapreviousversionofPacketWise software: IfyouusefeaturesnewtoPacketWise8.6,andthenreverttoapreviousversion,thenewsettingsand anyrelateddatawillberemoved.Thisappliestoevents,measurementvariables,andservicesas well.Notethatyoumayseeconfigurationerrorsafteryoureverttoapreviousversion;thisistobe expectedsincethenewfeaturesarenotavailableinolderversions.Youshoulddeleteanytraffic classesthathaveconfigurationerrorssincetrafficmaynotclassifyproperlyintheseclasses. Furthermore,theseconfigurationerrorscouldcauseothertypesofproblemsaswell.Forexample,if youdowngradefromPacketWise8.xto7.x,compressionwillnotfunctionin7.xuntilyoudeletethe PRIVENCRYPTclasses(whichhaveconfigurationerrors). Ifyouhavecreatedanycategorybasedclassesinv8.6,youshoulddeletealloftheseclassesbefore downgradingtoapre8.6release. MakesureyouareawareoftheminimumrequiredversionforyourPacketShapermodel:

ThePacketShaper12000modelrequires8.6.3orhigherandcannotberevertedtoapre8.6.3image. ThePacketShaper10000model(RevisionsAF)requires7.0.0orhigherandthuscannotbe revertedtoapre7.0.0image. ThePacketShaper1700,3500,7500,and10000(RevisionGorhigher)modelsrequire7.4orhigher andthuscannotberevertedtoapre7.4image. ThePacketShaper1400modelrequiresPacketWise7.4.x7.5.x,or8.1.xandhigher,andthuscannot berevertedtoearlierversionsofPacketWise(suchas7.3or8.0). ThePacketShaper900modelrequiresPacketWise8.2.xandhigher,andthuscannotberevertedto earlierversions.

Ifyouhavecreatedanyuserdefinedservices,youshoulddeletealloftheseservices(andanyclasses basedontheseservices)beforerevertingtoapre8.4version. Ifyouhavecreatedanyclassesbasedonservicegroups,besuretodeletetheseclassesbefore revertingtoapre8.5version.Ifyoudontdeletetheseclasses,theywillbecomematchallclasses afterdowngrading. Ifyouloadany8.6.xspecificpluginsandthenreverttoapre8.6.xversion,youwillseethefollowing errormessage:Unknownlocaltype0in<pluginname>.Toeliminatethismessage,deletethe incompatiblepluginfileandresettheunit.

Revert to the Backup Image Using the CLI

IfyourPacketShaperhassuccessfullybooted,youcanreverttothebackupimageusingtheCLI: 1. 2. Atthecommandlineinterface,reverttothebackupimagebyentering:
image revert

ReconnecttoyourPacketShaper,andwaitatleastoneminute.

PacketWise 8.6.4 Release Notes

Iftheclasstreedisappearedduringtherevertingprocess,runtheCMDfileyouhadpreviouslycreated beforeupgrading.Forexample,ifyouusedthesetupcapturecommandandcreatedafilenamed backup.cmd,youneedtoFTPthebackup.cmdfiletothePacketShaperandthentyperunbackup.cmd.(To seeifallthecommandsexecutedsuccessfully,typecatbackup.out.)

Revert to the Backup Image by Pressing Ctrl+B

IfyouhaveattemptedtoloadaversionofPacketWisethatisnotsupportedbyyourhardwareplatform, suchasversion7.3or8.0onaPacketShaper1400,yourPacketShaperwillnotbootandwillbecome inaccessibleexceptbyconsoleconnection.OnmodelsthathaveLCDs,themessageLoading...willremain ontheLCDpanel. Torecovertheunit,youneedtoreverttothebackupimageofPacketWise,whichistheimagepreviously installedontheunitbeforeyouloadedtheunsupportedimage.Therecoveryproceduremustbeperformed fromaconsoleconnection: 1. 2. 3. Usingtheprovidednullmodemcable,attachaworkstationorPCtotheunitsportlabeledCONSOLE. Thiscableoffersboth9pinand25pinconnectorsoneachend. Startyourterminalemulationprogram(suchasHyperTerminal). Verifythatyouhaveconfiguredtheprogramwiththefollowingvaluestocommunicatewiththeunits consoleserialport: 9600bps,8databits,1stopbit,noparity,hardwareflowcontrol Ifyouareusingamodemconnectedtotheserialport,themodemmustbesetto:9600bps,8data bits,1stopbit,noparity,autoanswer(usuallyATH1inthestandardHayescommandset),andDTR alwayson(usuallyaDIPswitchsetting).Checkthemodemmanualfordetails. 4. 5. Powercycleunit. Astheunitisattemptingtoboot,(themessageLoading...appearsontheLCDpanel),pressCtrl+B.This forcesthePacketShapertorebootusingitsbackupimage.

Automatic Reversion to the Backup Image

IfaPacketShapercrasheseightconsecutivetimes,itautomaticallyrevertstothebackupimageandreboots. Thisprocesscantake2040minutes,dependingonthePacketShapermodel.

PacketWise 8.6.4 Release Notes

Upgrading to PacketWise 8.6.4

Supported Hardware Platforms
PacketWise8.6.4issupportedonthefollowingPacketShapermodels:900,1400,1700,3500,7500,10000, 12000. PacketWise8.6.4isnotsupportedonthefollowingendoflifemodels:1200,1550,2500,6500,9500,and iShaper400.

Adobe Flash Player

BecausetheBlueCoatSkyuserinterfaceisdisplayedusingAdobeFlashPlayer,youmusthaveAdobeFlash Player9(orlater)installedontheclientsystemfromwhichyouaccessSky.Ifyouhaventalreadyinstalled thelatestversion,makesuretodosobeforeusingBlueCoatSky.IfyouarentsurewhichversionofAdobe FlashPlayerisinstalledonyourclientsystem,goto:
http://www.adobe.com/software/flash/about/

Todownloadthelatestversion,goto:
http://www.adobe.com/products/flashplayer/

IfyoudonothaveFlashinstalledandyouattempttologintoBlueCoatSky,youwillberedirectedtothe Flashdownloadpage.

Supported Browsers
TheLegacyUIandBlueCoatSkyhavebeentestedwiththeEnglishversionofthefollowingwebbrowsers: MicrosoftInternetExplorerv7.0 MozillaFirefox3.0and3.5 Othersbrowsersandversionsmaybecompatible,buthavenotbeentested.

PacketShaper Bootloader Version

PacketWisev8.6andhigherrequirethePacketShapertousebootloaderversion7.0orhigher.Todetermine thebootloaderversionyourPacketShaperisusing,usetheimageshowCLIcommandordisplaythe Setup >imagescreen.

Ifyourbootloaderversionisnot7.0orhigher,youneedtoupdatethebootloaderusingthepluginthathas beendevelopedforthispurpose. Note: The Bootloader Update plug-in cannot be executed on the following PacketShaper models: 1200, 1550, 2500, 6500, 9500 and iShaper 400. BeforeupgradingthePacketShapertov8.6,followthestepsbelowtoinstalltheBootloaderUpdateplugin: 1. 2. 3. Downloadthepluginfile(bootupdt.plg)fromtheBlue Touch Online Downloadspage. Atthecommandline,changetothedirectorywhereyoudownloadedtheplugin. ToopenanFTPsessiontothePacketShaper,type:

PacketWise 8.6.4 Release Notes

ftp <ipaddress>

where<ipaddress>istheIPaddressofthePacketShaper(forexample,ftp 207.78.98.254).Youcanalso typethedomainname. WhenyoupressEnter,thescreenmessagesindicatethattheconnectionhasbeenmadeandthatthe serverisready. 4. 5. 6. 7. 8. Enterausername(suchastouch). EnterthePacketShaperstouchpassword. Enterbintogointobinarymode. ChangetothePLGdirectory:

cd plg

TotransferthefiletothePacketShaper,type:
put bootupdt.plg

AfteryoupressEnter,thefileistransferredtoyourPacketShaper. 9. 1. 2. ExittheFTPsession(quitorbye). OpenaTelnetwindowandconnecttoyourPacketShaper. ResetthePacketShaperbyenteringthefollowingCLIcommand:

reset

ToruntheBootloaderUpdateplugin,allyouneedtodoisresetthePacketShaper:

3. 4.

ClosetheTelnetwindow,andwaitforthebootupprocesstocomplete. Toconfirmthatthebootloaderwasupdated,accessthePacketWisesoftwarebyenteringthe PacketShapersIPaddressinyourwebbrowser.Afteryoulogin,theInfotabdisplaysamessageabout thebootloader.

Download the Software from the Blue Coat Download Website

Toupgradeyoursoftware,downloadthenewimageandloadthesoftwareontothePacketShaper. Note: If you are using PolicyCenter, make sure to upgrade to PolicyCenter 8.6.4 before installing PacketWise 8.6.4 on your PacketShapers. UpgradingthePacketWisesoftwareisathreepartprocess.First,downloadthesoftwareimagefilefrom theBlueCoatdownloadwebsitetoyourclientworkstation.Second,FTPthefilefromyourclient workstationtothePacketShaper.Third,loadthenewsoftwareimage. Download the Software Image 1. 2. 3. 4. 5. 6. 7. 8. Makesureyouhavebackedupyourconfigurationfiles.(SeeBackingUpSoftwareConfigurationson page3.) GototheBlueCoatdownloadsite:http://support.bluecoat.com/download. Intheproductlistontheleft,selectPacketShaper. Ifprompted,enteryourBlueCoatSupportusernameandpassword. SelectPacketShaper. InthePacketShaperreleaselist,selectthesoftwareversionyouwanttodownload.Youwillseeascreen thatexplainsthebootloader7.0requirement. Ifyouhaventalreadyverifiedandupgradedthebootloader,followtheonscreeninstructionstodoso, thendownloadthesoftware.SeePacketShaperBootloaderVersiononpage7. Verifythefilewasdownloadedsuccessfully.

PacketWise 8.6.4 Release Notes

Copy the Image to the PacketShaper 1. 2. Atthecommandline,changetothedirectorywhereyoudownloadedthesoftwareimage. ToopenanFTPsessiontothePacketShaper,type:

ftp <ipaddress>

where<ipaddress>istheIPaddressofthePacketShaper(forexample,ftp 207.78.98.254).Youcanalso typethedomainname. WhenyoupressEnter,thescreenmessagesindicatethattheconnectionhasbeenmadeandthatthe serverisready. 3. 4. 5. 6. 7. 8. Enterausername(suchastouch). EnterthePacketShaperstouchpassword. Enterbintogointobinarymode. ToselectthePacketShapersdatadiskastheFTPdestination,type:

cd 9.258/

Optional:Toturnhashprintingon,enterhash.(Withhashenabled,youwillseea#symbolforevery 2Ktransferred.) TotransferthefiletothePacketShaper,type:

put <filename>

where<filename>isthenameofthefileyouarecopyingtothePacketShaper(forexample, put 8_6_1.zoo).AfteryoupressEnter,thefileistransferredtoyourPacketShaper. 9. ExittheFTPsession(quitorbye).

Load the New Software Image 1. 2. OpenaTelnetwindowandconnecttoyourPacketShaper. ToselectthePacketShapersdatadiskasthesourcedirectory,type:

cd 9.258/

3.

Toloadthenewimage,type:
image load <filename>

where<filename>isthenameofthefileyoucopiedtothePacketShaper(forexample, image load 8_6_1.zoo).AfteryoupressEnter,youareaskedtoconfirmtheprocess.PressEnterto proceed. 4. 5. ClosetheTelnetwindow,andwaitfortheimageload/bootupprocesstocomplete. Toconfirmthatthenewversionwasinstalled,accessthePacketWisesoftwarebyenteringthe PacketShapersIPaddressinyourwebbrowser.Afteryoulogin,thesoftwareversionnumberappears inthewindow. Note: If the configuration didnt load properly (for example, the traffic tree disappeared), see Loading a Traffic Configuration on page 10. Reset Measurement Data DependingontheversionofPacketWiseyouareupgradingfrom,youmayneedtoresetmeasurementdata afterloading8.6.4.Notethatallstoredmeasurementdataislostafterresettingthemeasurementengine.To determinewhetheraresetofmeasurementdataisnecessary,usethemeasureshowcommand;iftheoutput saysAcompleteMeasurementResethasnotbeendone,youneedtousethemeasureresetcommandtoresetthe measurementdata.

PacketWise 8.6.4 Release Notes

Toresetmeasurementdata: 1. 2. OpenaTelnetwindowandconnecttoyourPacketShaper. Typemeasureshow.IfthemessageAcompleteMeasurementResethasnotbeendoneappearsinthe measureshowoutput,PacketWisehasdetectedthatyouupgradedtoanimagethathasnew measurementvariables. Typemeasurereset.

3.

Problems with Upgrading

IfyouattempttoloadthePacketWise8.6imageonaPacketShaperthatdoesnthavebootloaderv7or higher,thePacketShaperwillnotbeabletobootsuccessfully.(Thisiswhyitissoimportanttorunthe BootloaderUpdatepluginbeforeupgradingtoPacketWise8.6.)TheBootloaderUpdateplugincannotbe executedonthefollowingPacketShapermodels:1200,1550,2500,6500,9500andiShaper400.Also,the bootloaderversioncannotbemanuallyupgradedtoversion7.0orhigheronthefollowingPacketShaper models:1200,1550,2500,6500,9500andiShaper400. IfthePacketShaperisunabletobootsuccessfullyduetoanimproperbootloaderversion,youmustrevert tothebackupimageofPacketWise,whichistheimagepreviouslyinstalledontheunitbeforeyouloaded thev8.6image.Therecoveryproceduremustbeperformedfromaconsoleconnection: 1. 2. 3. Usinganullmodemcable,attachaworkstationorPCtotheunitsportlabeledCONSOLE.Thiscable offersboth9pinand25pinconnectorsoneachend. Startyourterminalemulationprogram(suchasHyperTerminal). Verifythatyouhaveconfiguredtheprogramwiththefollowingvaluestocommunicatewiththeunits consoleserialport: 9600bps,8databits,1stopbit,noparity,hardwareflowcontrol Ifyouareusingamodemconnectedtotheserialport,themodemmustbesetto:9600bps,8data bits,1stopbit,noparity,autoanswer(usuallyATH1inthestandardHayescommandset),andDTR alwayson(usuallyaDIPswitchsetting).Checkthemodemmanualfordetails. 4. 5. PowercyclethePacketShaper. Astheunitisattemptingtoboot,(themessageLoading...appearsinyourterminalemulationprogram), pressCtrl+B.ThisforcesthePacketShapertorebootusingitsbackupimage.

Before Downgrading
Ifyouhavecreatedanycategorybasedclassesinv8.6,youshoulddeletealloftheseclassesbefore downgradingtoanearlierrelease.

Loading a Traffic Configuration

Ifyourconfigurationdidntloadproperlyafterupgrading,youcanloadatrafficconfigurationfroma previousversion.Youmightalsowanttoloadatrafficconfigurationifyouwanttouseaconfigurationfrom anotherunit.SeeHowDoIRestoreConfigurations?onpage4.

PacketWise 8.6.4 Release Notes

10

Known Issues in PacketWise 8.6.4

ThissectionlistsknownissuesinPacketWise8.6.4.

PacketShaper 12000 Issue

AfterrebootingthePacketShaper12000whenaterminalserverisconnectedtotheserialconsole,youmay seetheIntelBootAgentSetupMenu,waitingforinput.Thiscanhappenwithterminalserversthathave smallserialdatabuffers.Ifyouexperiencethisissue,disablesoftwareflowcontrolontheterminalserver.
[B#148371]

URL Category Issues

PacketShaperpasseswebtrafficwhiledeterminingitsURLcategory.Thismeansthatsomecontent maypassthroughthePacketShaperbeforeaconfiguredpolicyisapplied.OncetheURLcategoryis verified,PacketShaperappliesconfiguredpolicyonsubsequenttraffic.Notethatthepolicy applicationforcategorybasedclassesworksmostofthetimewhentheURLisinthecategorycache; whentheURLmustbelookedupinWebPulse,thepolicymaynotbesuccessfullyapplied.In addition,behaviorforasymmetricallyappliedredirectpoliciesisnondeterministicforURL categorybasedclassessinceURLcategorizationisnotpartofpacketprocessing.Therefore,when applyingneveradmitpolicieswiththeredirectoption,besuretoapplythepolicytothecategory classesinbothdirections(InboundandOutbound).[B#140212] Toavoidclasstreeconfigurationerrors,donotcreateclassesthatcontainbothacategorybasedrule andaservice/servicegroupbasedrule.Ifneeded,therecommendedwaytocombinecategory matchingruleswithservice/servicegroupmatchingrulesiswithaparentchildclassrelationship. Forexample,useacategorybasedclassasaparentofaservice/servicegroupbasedclass.[B#143017] HTTPtrafficmaynotbeclassifiedproperlywhencompressionand/oraccelerationisenabled.Ifyou experiencethisissue,saveyourconfiguration,issuethesetupresetallCLIcommand,andthen restoretheconfiguration.HTTPclassificationwillworkproperlyafteryoudothis.[B#141735]

YouTube Classification
YouTubevideostreamssometimesgetclassifiedasFlashVideoorMPEG4insteadofasYouTube.
[B#147944; SR-2-330137634]

Blue Coat Sky UI Issues and Limitations

WhenBlueCoatSkyisthedefaultuserinterface,neithertheLegacyUInortheSkyUItimeoutafter aperiodofinactivity.Previously,theLegacyUIwouldtimeoutafter60minutesofinactivityand wouldrequireyoutologinagain. [B#121938] BlueCoatSky,inparticularitsrealtimegraphingfeatures,canplaceahighCPUloadontheclient machinerunningSky.ToavoidunnecessaryCPUload,BlueCoatrecommendsthatyouonlyrun realtimegraphswhenyouareactivelyviewingthem.Notethatthisdoesntimpacttheperformance ofthePacketShaper,althoughitcanaffecttheperformanceoftheclientmachine.ForbestSky performance,theclientmachineshouldhavethefollowingminimumrequirements:Pentium4@ 3GHzwith2GBofRAM.[B#126889] Inconfigurationswithlargetrafficclasstrees(morethan2000classes),performanceinBlueCoatSky maynotbeoptimal.Forexample,reportgenerationmaybeslow.[B#124017] WhenXpresstunnelsareconfiguredtoruninlegacymode,thestatuslineinBlueCoatSkymaynot accuratelyreflectthecurrentstateofcompression.Forexample,thestatuslinemayshow Compressiononwhen,infact,itisturnedoff.ThestatuslineintheLegacyUIdoesshowthecorrect compressionstate.[B#126917]

11

PacketWise 8.6.4 Release Notes

Graphing IfyouhaveaBlueCoatSkybrowsersessionopenwhenthePacketShaperisreset(forexample,via aCLIcommandorbyturningtheunitoffandbackon),realtimegraphswillstopupdatinganda RetryUpdate?errormessageappears.Beforeresettingtheunit,youshouldclosethebrowserwindow ormanuallylogout(withtheLogoutlink).Ifyoudont,youneedtocloseallopenbrowserwindows afterresettingthePacketShaper.(Loggingoutwontbesufficient.)[B#121281, B#120698] Occasionally,eachselectedclassisgraphedtwiceonhistoricgraphs.Ifyouseethisbehavior,click theRefreshClassTreeNow icon.[B#126824] ThehigherthelatencyonthenetworkorthehighertheloadonthePacketShaper,thelongerittakes forhistoricalgraphstorenderinBlueCoatSky.IfagraphfailstodisplayinSky(inotherwords,it timesout),trycreatingasimilargraphintheLegacyUI.[B#127707] Class Tree TheclasstreeintheSkyUIdoesnotshowalltheinformationthatisdisplayedonthetraffictreein theLegacyUI.Forexample,thedynamicpartitionsettingsandcertainclassproperties(auto discoveredvs.manuallycreated,exceptionvs.standardclass)arenotshown.Youneedtoswitchto theLegacyUItoseethesesettings.[B#121936, B#124235] Incombinedview,whenyouwanttocopyasingledirectionclass(suchasInbound/test)totheother direction(forexample,toOutbound),chooseRootfortheTolocation.Afterthecopyoperation,the classthenappearsinthetreeas (bidirectional).[B#127649] BlueCoatSkycopiesallchildrenwhencopyingaparentwithchildren,evenifyouselectedonly someofthechildclasses.Forexample,supposeyouhaveaparentwithfourchildclasses.Ifyou selecttheparentandthreeofthechildclasses,BlueCoatSkycopiesallfourchildclasses. [B#127487] Policy Manager Aftereditingorcreatingaratepolicy,youmayseetheerrormessage,Policynotboundwithclass. However,thepolicyisstillcreatedsuccessfully. [B#127145] Whencreatingasimplematchclass,theAutoDiscoveryinClassoptionisavailableforallclasses, evenwhenitsnotapplicable.BlueCoatSkywill,however,displayanerrormessageifyou inappropriatelyselectthecheckbox. [B#127437] Incombinedview,ifyoucreateaclassinbothdirectionswhenyourPacketShaperiswithintwo classesofitsconfigurationlimit,Skyisabletocreateonlyoneclass.Theerrormessageindicatesthat itcouldntcreatetheclass,butinfact,itcreatedtheInboundclassbutcouldntcreatetheOutbound class.(Note:Themaximumnumberofclassesinyourclasstreeisactuallyonelessthanthe configurationlimitsonyourPacketShapermodel.Forexample,thePacketShaper900canhaveupto 63classes:64limitminus1.)[B#126939]

Switching Between Sky and Legacy UIs

IfyouswitchtotheLegacyUIandthenpressthebrowsersBackbutton(perhapsbecauseyouwant toreturntoBlueCoatSky),theLoginscreendisplays,givingtheappearancethatyoursessionhas loggedout.Youhavenotactuallyloggedout,though:youcanpressthebrowsersForwardbutton toreturntoBlueCoatSkyatthispoint.TheproperwaytoswitchbetweentheLegacyUIandSkyis tousetheBlueCoatSkylinkinthebanner;avoidusingthebrowsersBackbutton.[B#122616] BlueCoatrecommendsthatyouhaveonlyoneSkysessionopenatatime.

UI Doesnt Display after Logging In

Iftheinitialpage(InfotabinLegacyUI,DashboardinSkyUI)doesntdisplayafterloggingintothe PacketShaper,clickthebrowsersRefreshbutton.YoumayneedtoclicktheStopbuttonfirst.[B#123012]

PacketWise 8.6.4 Release Notes

12

Service Groups Issues

Whileamoveoperationisinprocess,someoftheselectedservicesmightnotbemoved,evenifyou getamessagethattheoperationwassuccessful.Thismightoccurifsomeoneelseiscreatingclasses inanotherusersessionorifyoupressCtrlCtoaborttheoperationwhileitsinprocess.Ifthis happens,repeatthemovecommandontheservicesthatwerentmoved.[B#127414] Priortodeletingacustomgroup,deleteanyclassesbasedonthatgroup.Ifyoufailtodothis,the classwillhaveaconfigurationerrorandyouwillbeunabletodeleteitinthebrowserinterface.A workaroundistousetheclassdeletecommandinthecommandlineinterface.[B#127506] Ifaclasshasduplicatematchingruleswithanotherclass(forexample,alocal/Inbound/HTTPand aninherited/Inbound/Internet/HTTP),oneoftheseclasseswillhaveaconfigurationerror.Untilyou resolvethiserror,trafficwillstillgetclassifiedintotheerroredclass. [B#123916] OccasionallyPacketWisedisplaystheconfigurationbeforeaservicegroupoperationiscompleted. Iftheconfigurationdoesntlookcorrect,tryrefreshingthebrowser.

RADIUS Issue
PAP,CHAP,andversiontwo(v2)ofMSCHAPcanbeusedtoauthenticateagainstaRADIUSserver;MS CHAPv1currentlyhasissues.[B#33044]

Firefox/Flash Issue
SomeversionsofFirefoxmayhavetroubleinitiallyloadingfeaturesrequiringAdobeFlashPlayer(suchas theServiceGroupsandURLCategoriessetuppagesandtheStatisticalGraphingtool).[B#124867]

SNMP Issue
IfSNMPlookandtouchcommunitystringsareidentical,thePacketShaperdoesnotsendSNMPtraps.Be suretosetuniquelookandtouchcommunitystrings.[B#32182]

Issues with User-Defined Services

Ifyoudeleteauserdefinedservice(UDS),makesuretoalsodeleteanytrafficclassesthatarebased onthisservice.Ifyoufailtodeletetheclass,aconfigurationerrorresults.Inaddition,thetraffichit countonaclasscreatedwithaUDSdoesnotgetresetaftertheUDSisdeleted.ThenextUDScreated maycontinuetohittheclasspreviouslycreatedbytheoriginalUDS.[B#32982] IfyoucreateaUDS,deleteit,andthencreateanotherUDS,thenewUDSmayhavethesameservice IDastheonethatwasdeleted.ThiscancreatemisinterpretationofFlowDetailRecord(FDR)datain thirdpartyFDRcollectors.

Customer Portal Issues

DonotsetasecondarycustomerportalIPaddressifusingasecureLDAPconnectionbetween PolicyCenterandtheDirectoryServer;settingtheportalIPaddresscausesLDAPtousetheportalIP addressinsteadofthemanagementaddress.[B#29028] WhenacustomerportalIPaddressisconfigured,severalPacketShaperfeaturesusetheportalIP addressinsteadofthePacketShapersmanagementIPaddress.Inparticular,SNMPsendstheportal IPaddressasthesourceaddressinnotifyandresponsepackets,andheartbeatsaresentfromthe portalIP.Ifthisisanissueforyou,youcancleartheportalIPaddressandhavecustomersloginto theportalwiththefollowingURL:http://<managementIP>/customer. [B#121136, B#112963]

13

PacketWise 8.6.4 Release Notes

Matching Rule Issue

IntheLegacyUI,youmayseeanError0000messagewhentryingtodeleteamatchingrule.Thistypically happensafteryouhaveattemptedtoedittherulewithaninvalidspecification(suchasduplicatematching rule).Ifthishappens,youneedtodeletetheclass.[B#126103]

Classes with Duplicate Matching Rules

Typically,PacketWisedoesnotletyoucreateatrafficclasswithmatchingrulesthatduplicateanotherclass. However,PacketWiseallowsittohappeninthefollowingsituation:whenaclasshasaDefaultchildclass, youareabletocreateaclasswithadifferentnamebutwiththesamematchingrules.Forexample,suppose youhavecreatedaclassnamedInternetthatclassifiestrafficfortheInternetservicegroup,andclass discoveryisenabled(whichcreatesaDefaultchildclass).PacketWiseletsyoucreateanotherclassnamed MyInternetbasedontheInternetservicegroup,withoutdisplayinganerrormessageorconfiguration error.Trafficgetsclassifiedintoonlyoneoftheclasses(whicheverappearsfirstintheclasstree). [B#125541]

Limitations of the VoIP Summary Report

TheClassdropdownlistfortheVoIPSummaryreportonlylistsVoIPclassesifthenameappearswiththe exactupper/lowercaseastheautodiscoveredclass(RTPI).Ifyoucreatedtheclassmanuallyandtypedthe namedifferently(suchasrtpi),thenamedoesnotappearontheClassdropdownlist. [B#126276]

Config Save Filenames

WhenprovidingafilenameintheconfigsaveCLIcommand,enteranamethatiseightcharactersorless; enteringalongerfilenamedisplaysanerrormessageNosuchaddress.[B#127478]

PacketWise 8.6.4 Release Notes

14

Known Issues in Xpress

ThissectionlistsknownissueswiththeXpressfeatureinPacketWise8.6.4.

Classification Issue When Acceleration is Enabled

TheclassificationofCitrixprioritytagsdoesnotworkonacceleratedflows.Notethatallothertypesof Citrixclassificationworksonacceleratedflowsandprioritytaggingclassificationworksonnonaccelerated flows. [B#112859]

MTU Issue
AccelerationdoesnotrespecttheMTUimposedbylowspeedlinkvalues(lessthan384k).Theworkaround istousethetunnelmtu<mtu>CLIcommandtoforcethedesiredMTUvalue.[B#26911]

Command-Line Interface Issues

ThePacketWisecommandlineinterfaceisabletocompletepartialcommandsifauserentersenough informationtospecifyjustasinglecommand.Forexample,enteringjusttrtrreturnstheoutputfor thecommandtraffictree.However,thecommandtodeterminethevalueofthemeasurementengine variablebytessavedbycompression,evenwhentypedinfull,isalsothepartialtextforthe commandtodeterminethevalueofthebytessavedbycompression%variable. IfyouuseasinglemeasuredumpCLIcommandtodeterminethevalueofboththebytessavedby compressionandbytessavedbycompression%measurementvariables,listthebytessavedby compressionvariablebeforethebytessavedbycompression%variable.Ifthevariablesarelistedin theoppositeorder,thebytessavedbycompressionvariablereportsthesamevalueasbytessaved bycompression%.[B#29677]

Miscellaneous Xpress Issues

Withshortflows(thatis,flowscontainingonlyafewpackets),youmaynoticeadiscrepancyin measurementdatabetweendirectstandbypartners.Forexample,theactivePacketShapermayshow morecompressionsavingsthanthepassivePacketShaper.Thissituationoccursinenhancedtunnel modeonly.[B#112747] IfyouarehavingproblemscontrollingVoIPtrafficwithratepoliciesandpartitionswhenthereis significantcompetingtraffic,youmaywanttodisablepackingandcompression. [B#112297] IftwoPacketShapersareconnectedviathedirectstandbyfeature,thoseunitsmaynotformaproper accelerationtunnelforasymmetricflowsunlessthesamestaticlocalhostsandtunnelpasswordsare configuredonbothunits.[B#113176]

15

PacketWise 8.6.4 Release Notes

Additional Information for PacketWise 8.6

Thissectioncontainsimportantadditionalinformationthatwillhelpyoubetterunderstandanduse PacketWise8.6.

URL Categories Additional Information

BecausetheURLcategoryclassificationfeaturerequiresaccesstoanumberofoutsidewebservers, youshouldnotcompletelysecuretheoutsideinterface.Instead,usethesetupsecureoutsidelist commandandaddtheIPaddressesofthefollowingserverstotheexceptionlist:thefastest WebPulseservicepoints(usethesetupurlcategoryshowservicecommandtofindtheIPaddresses), thecategorymapupdateserver(sitereview.bluecoat.com),thesupportupdateserver (updates.bluecoat.com),andtheheartbeatserver(hb.bluecoat.com).Ifyouareusingawebproxy, youalsoneedtoaddthisserversIPaddresstothelistifitwillbeaccessibleviatheoutsideinterface. SeealsoURLCategoryIssuesonpage11. Donttrytocompareclasshitsoncategoryclasseswithcategoryhitsshowninthesetupurlcategory showcategoriesCLIcommand.Aflowcanbecategorizedwithuptofourcategories(forexample, ahitonfourdifferentcategories)butitcanonlyhitonecategoryclassinthetraffictree.Inaddition, classhitscanberesetatanytime(withtheclearstatsbuttonontheMonitortab).Categoryhits accumulateuntilasetupurlcategoryresetcommandisissuedoruntilthePacketShaperisreset.
[B#141205]

PacketShaperidentifiestheserviceforwebtrafficbeforedeterminingitsURLcategory.Therefore,if theservicehasapolicy(suchasneveradmit),thepolicyisappliedbeforethetrafficgetsclassified intothecategoryclass.[B#141497] WhenURLsusingHTTPgetredirected,PacketShaperclassifiestrafficaccordingtothecategoryof theoriginalURLfirst,andthentheredirectedURL.WithHTTPS,however,PacketShaperclassifies trafficaccordingtothecategoryoftheredirectedpageonly;itisnotabletoseethecertificate commonnameoftheoriginalURL. [B#142589] AfterdisablingURLcategorizationorturningoffdiscoveryofaURLcategory,classesmaycontinue tobediscoveredforuptoaminute.Thiscouldhappenifthecategoryreachesthediscovery thresholdrightbeforethefeatureisdisabled.(Thediscoverythresholdisthenumberofflowsthat PacketShapermustseeinaoneminuteintervalbeforeaclassiscreated.)Forexample,iftrafficbased ontheRealEstatecategoryhasalreadyhitthediscoverythresholdbeforeturningoffdiscoveryfor thatcategory,aReal_Estateclasswillbeautocreated.Thisisexpectedbehavior.[B#142832]

SNMP Requests
PacketWise8.3.xandhighersupportsSNMPv1,SNMPv2candSNMPv3.IfyourPacketShaperis configuredtorespondtoSNMPv1requestsandyouupgradethatunittoPacketWise8.3.xorlater,the PacketShaperrespondstobothSNMPv1andSNMPv2crequests. [B#24666]

PacketShaper 3500 Fan Speed

OnaPacketShaper3500,whichhasonlyonefan,theinfotabreportsaspeedof0.00Hzforpowersupply fantwo.Aspeedofzerosimplyindicatesthatthefanisnotpresent.[B#25777]

Unsupported Images
SomePacketShapermodelsrequireaspecificversionofPacketWisesoftwareinordertorun.Forexample, thePacketShaper1400requiresPacketWise7.4(orhigher)or8.1(orhigher).However,itispossibleto overwritethesupportedversionwithanunsupportedimageofPacketWise.Inthiscase,theunitcannot boot,andyouneedtoreboottheunitusingitsbackupsoftwareimage.

PacketWise 8.6.4 Release Notes

16

Direct Standby on PacketShaper 1400

IfyouplantodeployPacketShaper1400modelsinadirectstandbyconfiguration,pleasecontactBlueCoat CustomerSupportforassistance.[B#22087]

17

PacketWise 8.6.4 Release Notes

Additional Information for Xpress

Thissectioncontainsimportantadditionalinformationthatwillhelpyoubetterunderstandandusethe Xpressfeature.

Understanding Acceleration
AccelerationisdesignedtoimproveTCPperformanceinthefollowingthreecases: Onlinksthathavealargebandwidthdelayproduct,accelerationcanprovidesubstantial throughputimprovementoverTCPforbulkdatatransferssuchasFTPtransfersoflargedatafilesor downloadingoflargeimagesinabrowser. Onlinksthathaveahighlossduetotransmissioncharacteristics,asopposedtohighlossfrom congestion,acceleratedflowstypicallyperformsubstantiallybetterthanTCP.(TCPseesanykindof lossascongestionandslowsdownaccordingly.) ForHTTPtraffic,accelerationcanbeconfiguredtoprefetchobjectsonawebpage,substantially reducingthetimeneededtodisplayapageonhighlatencylinks. NonTCPtrafficisneveraccelerated.Also,accelerationprovideslittleornobenefitinthefollowing situations: Transactionprocessingoverahighlatencylinkwillnotbeimproved.Thus,WindowsFileSharing (CIFS)whichreliesonlargenumbersoftransactionstransferringsmallobjectswillnotbenefitfrom acceleration. Lowlatencylinkswithonlycongestionloss.Forexample,linkswithbandwidthdelayproductsunder 100Kbyteswillseeminimalornoperformancebenefit. Inaddition,HTTPprefetchdoesnotuniformlyimprovealltypesofwebpagedownloads.Prefetchrelies onextrabandwidthbeingavailableforprefetchedobjects.Prefetchingisautomaticallydisabledifthe PacketShaperisrunninglowonavailablememory.

Configuration Options for Acceleration

Inordertoachievethebenefitsofacceleration,PacketShapersneedtobeproperlyconfiguredforyour networkandtheflowsyouwishtoaccelerate.SomePacketShaperconfigurationsthatperformperfectly wellwithoutaccelerationmayactuallygetpoorperformancewithacceleration,ifaccelerationisenabled withoutregardtotheissuesstatedaboveandwithoutsomeappropriateconfigurationchanges. Accelerationusesoneoftwostrategiesfortransmittingpackets.Ifcongestioncontrolisenabled(the default),dataissentattheoutboundlinkorpartitionrate,andpacketlossistreatedascongestion;this causesaccelerationtoslowdown.Thismechanismisconceptuallythesameasthecongestioncontrollogic usedbyTCP.Ifcongestioncontrolisdisabled,thenaccelerationreliestotallyontheoutboundlinkor partitionsetting;ittreatslossasdatacorruption,notcongestion,anddoesnotslowdown.

Preferred Configuration for Acceleration

Accelerationworksbestwhentheavailablelinkrateisfixed,andthePacketShaperoutboundlinkor partitionratecanbesettoavaluewhichmatchesthisavailablerate.Byavailable,wemeantheamount ofbandwidththatisavailableforacceleratedTCPflows.Forexample,ifalinkissharedbetweenVoIPand FTPfiletransfers,theavailablebandwidthiswhatisleftoverafteraccountingforVoIPtraffic(which,being UDPbased,isneveraccelerated).Iftheavailablerateisknownandrelativelysteady,thenthebest performancecanbeachievedbysettingtheoutboundlinkorpartitionrateofthesendingsidePacketShaper toavaluethats12%smallerthanthisavailablelimit.Inthiscase,youshoulddisablecongestioncontrol.

PacketWise 8.6.4 Release Notes

18

IfPacketShapersconfiguredfordirectstandbyareusingtheaccelerationfeaturetoaccelerateasymmetric traffic,bothdirectstandbypartnerPacketShapersmustbeabletoaccessInsidehostsviatheunitsXpress IP.IfInsidehostsareonadifferentsubnetfromtheXpressIP,thatPacketShapermusthaveanIngress gatewaydefined.UsetheCLIcommandtunnelipconfiguretoconfigureanIngressgateway.

When to Use Congestion Control with Acceleration

Bydefault,PacketShapersusescongestioncontrolwhenaccelerationisenabled.Thisisaveryconservative approachdesignedtominimizeperformanceproblemsthatmightoccurifthesendingsidePacketShapers outboundlinkandpartitionratesarenotproperlyset.Thisisalsonecessaryforthe(notrecommended) configurationinwhichInboundpoliciesontheremotePacketShaper(s)areusedtocontroldata throughput.Generallyspeaking,youshouldenablecongestioncontrolforlinkswithwildlyvarying availablerates,forexample,whatisleftoverfromVoIP.Congestioncontrolmayalsobenecessaryforfull meshnetworkswhereyoucannotpredicttheactualbandwidthavailablebetweenanytwoendhosts. Notethatsincecongestioncontrolisasuboptimalsettingforacceleration,anyaccelerationbenefitsmay varygreatlyovertimeorbetweendifferenthosts.Youmustassessperformanceonyourparticularnetwork andthendecidewhetherornotitbenefitsfromacceleration.

ICNA Algorithm
TheICNApluginisnotnecessarywhenusingenhancedtunnelmodebecausetheICNAalgorithmisbuilt intoenhancedcompression.However,ifyouareusinglegacyormigrationtunnelmode,youneedtoinstall theICNAplugin.NotethattheICNApluginonlyloadswhenyouareusinglegacyormigrationmode. [B#23518]

Limitations in Xpress
WatchmodeisnotavailablewithenhancedXpresstunnels,andcanbeenabledonlywhen PacketShaperissettolegacytunnelmode.Ifwatchmodewasenabledin7.x,itwillbeenabledafter theupgradeandtheunitwillbeinlegacymode. BecauseTCPisconvertedtoXTPwhenaccelerationisenabled,theresponsetimemeasurement (RTM)variablesarentabletomeasureatransactionthroughitscompleteroundtrip,anddoesnot accountfortheportionthatisnotTCP. Thetcpearlyretxtosspktsandtcpearlyretxtosspkts%variablesrelyonTCPRateControlsothey wontincrementforacceleratedconnections. IfonlylegacycompressiontunnelsexistbetweentwoPacketShapers,andyoucreateanenhanced compressiontunnelbetweenthoseunitsbutthenlaterdisableenhancedcompressionononeorboth ofthoseunits,thepreviouslegacycompressiontunnelsdonotautomaticallyreform.Deletethe enhancedtunneltoreenablethelegacycompressiontunnels.

Multicast Compression
Multicasttrafficcanbecompressedinv8.xassumingthatthefollowingconditionsaremet: TheClassDaddressesmustbeaddedtoremoteand/orlocalhostlistsusingthetunnellocaladdand tunnelremoteaddcommands.Unlikeunicastcompressionhosts,multicasthostsarenotdiscovered automatically. Thetunnelmustbestatic(sinceonlystatictunnelscanbeconfiguredwithremoteandlocalhosts.) Otherimportantpoints: Inorderforthetraffictogetdisseminatedtomultiplerecipients,thedecompressedmulticasttraffic mustbeforwardedtoarouter.Ifnot,onlyonehostreceivestheflow.

19

PacketWise 8.6.4 Release Notes

 Multicastaddresseesareintherange224.0.0.0239.255.255.255.Formoreinformationabout multicastaddresses,see:
http://www.iana.org/assignments/multicast-addresses

Multicasttrafficcannotbeaccelerated.

Asymmetric Flows
Foraccelerationtowork,trafficneedstopassthroughasinglepairofPacketShapersinbothdirections.If aredundanttopologyisconfiguredinsuchawaythataserverisreachablethroughapaththatdoesnot firsttraversetheremotePacketShaper,theasymmetricflowarenotaccelerated. Incertaincircumstances,connectionswillfailwithasymmetricflows: Whenpacketsfromtheclienttotheserverpassthroughbothaclientsideandserverside PacketShaper,butreturnpacketsbypasseitherofthesePacketShapers. WhenroutingchangescauseTCPpacketstonotgothroughtheirnearsidePacketShaper WhenroutingchangescauseXTPpacketstopassthroughanacceleratingPacketShaperthatisnot theoriginalpartner. IfXpressisunabletosuccessfullycompleteanacceleratedconnectiontoaparticularhost(perhapsbecause theflowwasasymmetric),Xpressremembersthisonaperdestinationbasisforaperiodoftimeanddoes nottrytointerceptadditionalconnectionsforthefaileddestination. IfPacketShapersconfiguredforDirectStandbyareusingtheaccelerationfeaturetoaccelerateasymmetric traffic,bothDirectStandbypartnerPacketShapersmustbeabletoaccessInsidehostssourcedviaXTP.If theXIPhostsareonadifferentsubnet(sothereisarouterconnectedtotheInsideportofthePacketShaper, thatPacketShapermusthaveadefinedIngressgateway.

Xpress-IP Configuration for Units on the Same Subnet

WhentwoPacketShapersareconfiguredwithXpressIPaddressesonthesamesubnet,theXpressIP gatewaymustbesettononeonbothPacketShapers,ifeitherofthefollowingistrue: accelerationisoff or alloftheendhostsinthenetworkarealsoonthatsamesubnet. Thissetupismostcommoninnetworkconfigurationsusedfortesting,demonstrations,andtrainingwhere thePacketShapersandhostsbeingusedareallonthesamesubnet.Itmayalsobefoundincaseswhere networksarebridgedoveraWAN.

Localhost Traffic Doesnt Get Tunneled

LocalhosttrafficdoesntgetcompressedorpackedbecauseXpressdoesnttunnelflowsthathavea PacketShaperastheendpoint.Inotherwords,whenyouaccessyourPacketShaperviaTelnet,webbrowser, orFTP,thistrafficdoesnotgettunneled.[B#20973]

Acceleration Notes
Importantnotesaboutacceleration: Thesiteroutermustbesettononewhenyouareusingacceleration.[B#20735] Forbestperformance,BlueCoatrecommendsthatshapingbeenabledwhenusingacceleration. IfaPacketShaperisresetwhilethereareactiveacceleratedconnections,thoseconnectionsare terminated. Fortunnelsusingdynamichostdiscovery,connectionstodestinationsthatarenotalreadyinthe remotehostlistarenotaccelerated.Newconnectionsstartedafterdiscoveryofthehostare accelerated.

PacketWise 8.6.4 Release Notes

20

 Bydefault,Xpressusescongestioncontrolforacceleratedconnectionsonthesender.Thissettingis appropriateformostnetworktopologies,suchasfullymeshednetworks.However,ifthenetwork hasfixed,dedicatedbandwidth,youmaywanttodisablecongestioncontrolusingthetunnel accelerationcongestioncontroloffcommand.

Using Acceleration with Multiple Inline PacketShapers

CertaintopologiesrequiretheaccelerationStrictHostChecksystemvariabletobeenabledinorderfor accelerationtoworkproperly: MultipleinlinePacketShapers HubandspoketopologiesinwhichtrafficacceleratedattheedgePacketShaperwillpassthrough anintermediatePacketShaperatthecentralsite WhentheaccelerationStrictHostCheckvariableisenabled,outboundTCPflowsareacceleratedonlyifthe sourcehostisconfigured(ordiscovered)onthelocaldeviceandthedestinationhostisconfigured/ discoveredasaremotehostviatheoutboundtunnel.Likewise,inboundacceleratedflowsarenot interceptedunlessthesourcehostisconfigured/discoveredasaremotehostviatheinboundtunnelandthe destinationhostisconfigured/discoveredonthelocaldevice. Notes: EnablingthisvariablemayresultinaslightdegradationofperformanceforXTPacceleration,since lookupandvalidationoflocalandremotehostsaredoneperpacket.SCPSaccelerationdoesnothave thissideeffect. IfpacketspassthroughthesamePacketShapermultipletimes,itmaybenecessarytoeitherrestrict hosts(usingthetunneldiscoveryhostcommand),tomanuallyprovisionhostsonaparticularside (usingthehostdbsidemanualcommand),ortodisablehostdiscovery(usingthetunneldiscovery command).[B#21393]

21

PacketWise 8.6.4 Release Notes