XOS V9.0.

3 Release Notes May 19, 2011

These release notes provide important information about the Crossbeam XOS operating system for the X-Series Platform. This document identifies new system features, corrected issues, and known anomalies for XOS V9.0.3 as well as XOS V9.0.2 and XOS V9.0.1. The official XOS V9.0.3 release kit is 9.

1.0 XOS V9.0.3 New Features

XOS V9.0.3 contains no new features.

2.0 XOS V9.0.2 New Features

XOS V9.0.2 introduces the following enhancement.

2.1 Usability Enhancement

Module serial numbers are now captured in syslog output whenever there is a module state change.

3.0 XOS V9.0.1 New Features

XOS V9.0.1 includes support for the new hardware and software features described in the following sections.

3.1 New XOS Features

XOS V9.0.1 includes support for the following new features.

Automated Workflow Installation for IPv6Pack

The installation of Check Point NGX R65 IPv6Pack or Check Point VPN-1 NGX R70 IPv6Pack is now available as part of the Automated Workflow System (AWS). This menu-driven tool provides a simple and efficient method of installing supported applications.

High Availability Monitoring

Application monitoring has been enhanced to validate the High Availability (HA) state of the firewall during initial startup.

Copyright Crossbeam Systems, 2011, ALL RIGHTS RESERVED CROSSBEAM, CROSSBEAM SYSTEMS, X-Series, XOS, X20, X30, X45, X60, X80, X80-S, and any logos associated therewith are trademarks or registered trademarks of Crossbeam Systems, Inc. in the U.S. Patent and Trademark Office, and several international jurisdictions. All other product names mentioned in this document may be trademarks or registered trademarks of their respective companies. 06784A

Firmware Upgrade
XOS V9.0.3 contains no firmware changes. See Minimum Firmware Version Requirements on page 10, Table 3 for complete firmware information. XOS V9.0.1 included the following firmware change: the bootloader version for NPM-86xx has changed to 2.0.0.9. This change allows support for the X45 Bundles.

X45 Bundles
NOTE: Sale of X45 Bundles was discontinued as of 12/31/2010. XOS V9.0.3 supports existing X45 Bundle hardware. X45 Bundles include an X45 chassis, pre-populated with either of two combinations of modules; the X45 8-Core kit, or the X45 16-Core kit. The modules are specific to the X45 chassis, and are easily identified by the -B on the faceplate of the module and the -R in the part number. These modules cannot be installed into an X80 chassis. See Table 1 on page 7 for module and part number information.

3.2 New Application Support

XOS V9.0.1 supports the following new application: Check Point NGX R70 IPv6Pack provides cluster synchronization, accelerated IPv6 packets using SecureXL, and IPS support. See the Check Point NGX R70 IPv6Pack for Crossbeam Release Notes for instructions on installing and configuring this application.

4.0 XOS V9.0.0 New Features

XOS V9.0.0 includes support for the new hardware and software features described in the following sections.

4.1 New XOS Features

The following new features were introduced in XOS V9.0.0.

IPv6 Support
XOS V9.0.0 introduces support for IPv6 traffic on the X-Series Platform. Refer to the XOS Configuration Guide for detailed information on configuring IPv6 functionality in XOS. The following IPv6 features are in XOS V9.0.0:

Dual stack support for IPv4 and IPv6 routing. New IPv6 routing support for OSPFv3, BGPv4, and RIPng.

Supported IPv4 to IPv6 Tunnels

The following transition mechanisms, or tunnels, are provided to allow early adapters of the IPv6 protocol a method to deliver IPv6 traffic over an IPv4 network segment. Support of these tunnels on the X-Series platform uses a standards (RFC) -based approach and is not Crossbeam proprietary.

6to4 An IPv6 transition mechanism, enabling the transmission of IPv6 packets over an IPv4 network (generally the IPv4 internet) without configuring explicit tunnels. ISATAP Intra-Site Automatic Tunnel Addressing Protocol. An IPv6 transition mechanism that enables the transmission of packets between IPv6-enabled hosts/nodes over an IPv4 network. IPv6IP An IP-in-IP tunneling mechanism that encapsulates an IPv6 datagram within an IP datagram. GRE Generic Routing Encapsulation Encapsulates of a wide variety of network layer packets in IP tunneling packets.

See the New or Changed Commands Related to the IPv6 Protocol section in Chapter 2 of the XOS Command Reference Guide for information on IPv6-specific commands.
XOS V9.0.3 Release Notes May 19, 2011 2

Greenlight Element Manager (GEM)

XOS V9.0.x introduces a new system health monitoring Web application called Greenlight Element Manager. GEM provides visibility into the system and status information for modules, VAP groups, alarms, flow tables, CPU utilization, and more, using an intuitive graphical user interface (GUI). See Figure 1.

Figure 1.

Greenlight Element Manager Display

XOS V9.0.3 Release Notes May 19, 2011

Automated Workflow System

The Automated Workflow System (AWS) is a menu- and interview-driven interface launched from the XOS command line interface (CLI). The AWS streamlines and simplifies the process of upgrading XOS software and firmware and is used to upgrade from XOS V9.0.0 to later releases, and to upgrade firmware in XOS V9.0.x. Refer to the XOS Configuration Guide, Chapter 18 for more information.

Figure 2.

Automated Workflow System Main Menu

Chassis Resource Protection

Chassis resource protection provides configuration parameters to prevent malicious traffic from consuming critical NPM resources and to protect the system from inadvertent changes in the network. User-configurable parameters based on TCP flow validation and flow table limits are set to monitor and filter traffic flow. Flows that have not yet been validated can be dropped or aggressively aged-out, preventing the overflow of buffers and flow tables. Additional settings are provided to make effective use of resources for handling fragmented TCP and UDP packets. Basic per-packet validation of IP/TCP packets can be configured to identity and potentially drop invalid packets at line rate to protect APM and end-hosts. These features must be enabled by the user, and are off by default. For more information about chassis resource protection, see the XOS Configuration Guide.

V5 64-bit CPM Software

XOS V9.0.x provides an upgrade of the CPM system software to an x86_64 v5 architecture (based on Linux kernel version 2.6.18-53.el5). This upgrade provides improvements in the following areas:

Upgrades to newer versions of:

DRBD (Distributed Replicated Block Device) used in CP redundancy SNMP server PostgreSQL database Java Runtime Tomcat web server

Incorporates recent linux security enhancements Full multicore processor support on CPM Support for 64-bit VAP group creation

VAP Operating Systems

A new x86_64 version of VAP operating system software called xslinux_v5_64 for APMs is included in this release. This VAP OS is for applications that require 64-bit support. The xslinux_v3 and xslinux_v5 VAP OS are supported in addition to the new xslinux_v5_64 VAP OS. The xslinux_v4 VAP OS is no longer supported.

See the application installation guide for each supported application to determine which VAP OS to use.

XOS V9.0.3 Release Notes May 19, 2011

New Flow Processing Features

There are new parameters for both the ip-flow-rule and non-ip-flow-rule commands. Use these parameters to specify how multi-core and multi-processor APMs handle a flow. A single flow can be dispatched to a single core, or to all cores of a single processor, or to all cores on all processors on an APM. Due to the stateful nature of the majority of applications running on the VAP, these new parameters are applicable to only large flows that cannot otherwise be handled by a single core. For non-ip flows, including IPv6 flows, the single-core parameter routes traffic to core-0 only.

Usability Enhancements

A new swatch script, npmfragstats.swc, displays the output of the CLI command show vdf-status module np1 np2 np3 np4 in table format, providing a single view of virtual defragmentation statistics for all NPMs. The show interface detail command is enhanced to display IPv4, IPv6, and non-IPv4 frame statistics separately. The show interface command output now shows if an interface is not used in the configuration. A new chassis alarm that monitors CPU utilization on a per-core basis has been added. The utilization thresholds for each severity level are user-configurable.

4.2 New Version of Routing Software

XOS V9.0.0 requires the use of RSW V8.0.0. RSW is a software application requiring a license separate from XOS. The following new features are included in RSW V8.0.0.

IPv6 support in the following new routing protocols:

BGPv4 RIPng OSPFv3

See the Routing Software User Guide and the Routing Software V8.0.0 Release Notes for complete information on these and other features.

4.3 New Application Support

XOS V9.0.0 supports the following new applications:

Check Point VSX NGX R67 is the latest virtual firewall product from Check Point Software Technologies, and requires the v5 kernel. Check Point Security Gateway R71.10, the latest release of the Check Point product line, includes support for IPv6. Check Point NGX R65 IPv6Pack, which provides cluster synchronization, accelerated IPv6 packets using SecureXL, and IPS support. See the Check Point TM NGX R65 IPv6Pack for Crossbeam Release Notes for instructions on installing and configuring this application. Sourcefire 3D Sensor v4.9.1 includes support for jumbo frames and IPv6. Sophos PureMessage V5.6 provides an e-mail filtering system that analyzes e-mail messages at the network gateway to protect organizations and enforce corporate communication policies.

See 7.0 Supported Software Applications on page 8 for a list of applications supported in this release.

XOS V9.0.3 Release Notes May 19, 2011

4.4 Changes to XOS Functions

The command configure acl-interface is now available at the main CLI context. Previously, this command was part of these contexts:

configure interface gigabitethernet configure interface 10gigabitethernet configure group-interface

A new command, configure acl-interface-mapping has been added. Use the configure acl-interface and configure acl-interface-mapping commands to configure the mapping of ACLs to interfaces. Refer to the XOS Command Reference Guide and the XOS Configuration Guide for a list of configuration considerations and additional information. The no parameter has been removed from the priority-delta command in the following contexts:

configure vrrp failover-group monitor-circuit <circuit_name> priority-delta configure vrrp failover-group monitor-interface <interface_type> <slot/port> priority-delta configure vrrp failover-group <failover_group_name> virtual-router vrrp-id <ID> circuit <circuit_name> priority-delta configure vrrp failover-group <failover_group_name> virtual_router vrrp-id <ID> circuit <circuit_name> vap-group <VAP_group_name> verify-next-hop-ip <IP_address> priority-delta configure vrrp vap-group <VAP_group_name> priority-delta configure vrrp vap-group priority-delta

The command bi-direct has been renamed to generate-reversed-flow under these contexts: configure vap-group <VAP_group_name> ip-flow-rule <IP_flow_rule_name> and configure vap-group <VAP_group_name> system-ip-flow-rule <System_IP_flow_rule_name> The range of values when priority-delta is enabled is 1-255 and the default value is 1. To disable priority-delta, set the value to 0 (zero).

5.0 Related Documentation

The following documents are provided on the Crossbeam USB Installer or on the Crossbeam Customer Support Portal at http://www.crossbeam.com/support/online-support/.

XOS Configuration Guide XOS Command Reference Guide X80 Platform Hardware Installation Guide X45 Platform Hardware Installation Guide X-Series Module and FRU Installation Instructions (multiple documents) Install Server User Guide Install Server V6.1 Release Notes RSW Installation Guide RSW Version 8.0.0 Release Notes Check Point VPN-1 Power NGX R65 Installation and Configuration Guide Check Point Security Gateway R70 and R71 Installation and Configuration Guide Check Point NGX R65 IPv6Pack for Crossbeam Release Notes

XOS V9.0.3 Release Notes May 19, 2011

Check Point R70 IPv6Pack for Crossbeam Release Notes Check Point FireWall-1 GX Installation and Configuration Guide Check Point VPN-1 Power VSX NGX R65 Installation and Configuration Guide Check Point VSX NGX R67 Installation and Configuration Guide Sophos PureMessage for UNIX 5.6.0 Installation Guide Installation and Configuration Guide for IDS Deployments of IBM Proventia Network IPS on Crossbeam X-Series Platforms Installation and Configuration Guide for IPS Deployments of IBM Proventia Network IPS on Crossbeam X-Series Platforms Serialization Cookbook: Firewall and IPS Multi-System High Availability Configuration Guide

6.0 Supported Hardware

XOS V9.0.x supports only the X45-AC-3, X80-AC-1, -2 and -3, and the X80-DC-1, -2 and -3 chassis. Table 1 identifies the modules supported by XOS V9.0.x on the X45 and X80 chassis. Important: XOS V9.0.x does not support the X40, X45-AC-1, and X45-AC-2 chassis. NOTE: Some X40 chassis can be upgraded to an X80. Contact your Crossbeam support representative for more information. NOTE: XOS V9.0.x requires that the CPM-8600 and CPM-8600-NV modules have 4 GB of memory. Please ensure that four, 1 GB SDRAM modules are installed according to the CPM-8600 and CPM-8600-NV Memory Upgrade Instructions. To validate the installation and configuration, check the Total Memory reported by the CPM. Depending on the kernel version, the CPM will report approximately 3.5 GB of total memory available.

Table 1. XOS V9.0.x Chassis and Module Support

Module NPM-8600, -8620, -8650 NPM-8620 Bundle P/N 005331R APM-8600, -8650* APM-8650 Bundle P/N 004911R CPM-8600 X45-AC-3 part no. 004362 Yes No Yes No Yes X45 Bundles X80-AC-1 X45-KIT-R-16CORE X80-AC-2 X45-KIT-R-8CORE X80-AC-3 Yes Yes Yes Yes Yes Yes No Yes No Yes X80-DC-1 X80-DC-2 X80-DC-3 Yes No Yes No Yes

*APM-8650 requires the use of the new fan tray module. See your Crossbeam representative for details.

XOS V9.0.3 Release Notes May 19, 2011

7.0 Supported Software Applications

At the time of this release, the following applications are certified for use with XOS V9.0.x.

Check Point VPN-1 Power NGX R65

vpn1-NGXR65-1.0.2.0-5.cbi vpn1-NGXR65-1.1.0.0-13.cbi

Check Point NGX R65 IPv6Pack Check Point R70 IPv6Pack Check Point FireWall-1 GX Check Point VPN-1 Power VSX NGX R65 Check Point VSX NGX R67 Check Point Security Gateway R70

CPSG-R70-2.0.0.0-14.cbi CPSG-R70-2.1.0.0-5.cbi CPSG-R71.10-3.0.1.0-1.cbi

Check Point Security Gateway R71.10

IBM Proventia Network IPS 2.0 Imperva SecureSphere 7.0 Routing Software (RSW) V8.0.0 Sophos PureMessage V5.6 Sourcefire 3D Sensor, v4.9.1 Trend IMSS v7.0 Trend IWSS v3.1 Websense Web Security Gateway v6.3.2

See your Crossbeam representative for the latest list of supported applications. If you are running the Crossbeam Routing Software (RSW) application, XOS V9.0.x requires Routing Software (RSW) V8.0.0 or later.

8.0 Release Files Available for Download

The files listed in Table 2 are included in this release and available on the Crossbeam Online Support software download Web page: See section 14.0 Contacting Crossbeam Technical Support on page 14.

Table 2. XOS V9.0.3 Release Files

File xos_903_release_notes_06784a.pdf XOS-system-software-ocode-A000-9.0.3-9.tar.gz xos-upgradepack-A000-9.0.3-9.shar.gz xos-migratepack-9.0.3-9 app-firewallvsx-NGXR65-550-9.0.3.9.7xXOS.x86_64.rpm xos-upgradepack-ocode-A000-9.0.3-9.md5sum.txt Description Release notes for this release in PDF format. XOS System Software - use for new XOS installations XOS Upgrade Pack - use when upgrading from XOS V9.0.x. XOS Migration Pack - use when migrating to XOS V9.0.x from pre-9.0 releases. Check Point VPN-1 Power VSX NGX R65 software. Contains all checksums for all files.

XOS V9.0.3 Release Notes May 19, 2011

9.0 Installation and Upgrade Considerations

The default value for the XOS system-internal-network is 1.1.0.0/16. In January of 2010, IANA allocated 1.0.0.0/8 to APNIC for use on the Internet

Important: Be sure to reset the internal network value to an appropriate unused network, a private address range, or non-allocated address blocks defined by IANA. This configuration change requires a chassis reload.

9.1 New Installations

Perform a new XOS V9.0.3 installation using USB Installer or Install Server V6.1.0. NOTE: If you use the USB Installer, you will need to download the XOS V9.0.3 software and then place the software in the \Crossbeam\XOS directory on the USBI. NOTE: If you use the Install Server, see the Install Server User Guide for more information. Install Server is available for download from the Crossbeam Customer Support Portal at http://www.crossbeam.com/support/technical-support/.

9.2 Migration
IMPORTANT: Upgrading to XOS V9.0.3 from XOS V8.x requires the use of the migration process.

Migrating from XOS V8.x

If you are currently running XOS V8.x, you must use the XOS Migration process to install XOS V9.0.3. The migration process combines elements of a fresh installation with the upgrade process to automatically migrate your application and system configuration to the latest XOS software. For more information, refer to the Migration section of Chapter 18 of the XOS Configuration Guide. NOTE: XOS V9.0.x requires that the CPM-8600 and CPM-8600-NV modules have 4 GB of memory. Please ensure that four, 1 GB SDRAM modules are installed according to the CPM-8600 and CPM-8600-NV Memory Upgrade Instructions. To validate the installation and configuration, check the Total Memory reported by the CPM. Depending on the kernel version, the CPM will report approximately 3.5 GB of total memory available. NOTE: XOS V9.0.x requires that the mirror or pass-through targets of acl-interfaces be configured prior to a migration. For more details, see the XOS Configuration Guide. After migrating to XOS V9.0.x, you can use the Automated Workflow System (AWS) to upgrade firmware or the XOS version.

9.3 Upgrade
Upgrading from XOS V9.0.x
If you are currently running XOS V9.0.x, upgrades can be performed using the Automated Workflow System. The Automated Workflow System (AWS) combines multiple manual steps into simple menu selections to automate the upgrade of XOS software and firmware. AWS allows you to upgrade XOS software beginning with XOS V9.0.0. Refer to the Automated Workflow System section in Chapter 18 of the XOS Configuration Guide for more information.

XOS V9.0.3 Release Notes May 19, 2011

9.4 Minimum Firmware Version Requirements

XOS V9.0.3 requires the following minimum firmware revision levels for the listed modules in Table 3 for proper operation. Notification for modules not at the latest firmware version is provided through the following:

The /var/log/messages file A message during login The Verify XOS software and firmware compatibility menu selection in the Automated Workflow System

A major alarm message The output from the revs_check utility From the System View and the Firmware View in GEM

Table 3. APM, CPM, NPM minimum firmware version requirements

Firmware Boot Strap version Bootloader version Diagnostics version SysCtl FPGA version Focus FPGA CPLD APM-8600, CPM-8600 1.7.0.11 1.7.0.21 1.0.1.21 0xa12 0xa12 0x15 APM-8650 1.7.0.23 1.7.0.33 1.1.0.43 0x6004 0x6004 0x15
4apcp65_fpga_0600.dat 6npm6syscrtl_R04.dat

NPM-8600, -8620, -8650 2.0.0.105 2.0.0.95 2.1.0.25 0x46 0xa7 0x5

Firmware Flash Image files:

1apcp6FlashImage0026.dat 2apcp6_fpga_a1.dat 3apcp65FlashImage0007.dat

5npm6FlashImage0015.dat 7npm6xbprc_R0010_130.dat

IMPORTANT: Starting with XOS 9.0.2, the NPM-8600, -8620, and -8650 modules will remain in a Maintenance state if the firmware does not meet minimum version requirements. All modules must have the same Focus FPGA version within a chassis. If boards do not boot up, check the /var/log/messages file for any FPGA firmware messages. Put affected boards into maintenance mode prior to upgrading them to the latest images. See the XOS Configuration Guide for information on updating the firmware.

9.5 Hardware Considerations

The APM-8650 requires the use of a new fan tray unit in both the upper and lower fan tray locations on the X80 chassis. Call your Crossbeam Representative for more information on how to order.

10.0 IPv6 Configuration Considerations

IPv6 traffic is forwarded only to the Master VAP of a given VAP group that is receiving IPv6 traffic. When using dynamic routing, if the Master VAP fails, the failover time for IPv6 traffic will be longer than IPv4 traffic because the learned routes existed only on the Master VAP and therefore must be rebuilt on the new Master VAP.

11.0 Application Considerations

See the application-related release notes and the various installation and configuration guides for the applications supported in XOS V9.0.x before installing and configuring applications on XOS V9.0.x.

XOS V9.0.3 Release Notes May 19, 2011

10

12.0 Corrected Issues

The following issues are corrected in the XOS V9.0.3 release. This release includes fixes from all previous XOS releases. ID 26548: / ID 27440: ID 27647: ID 27668: The output of the show ip route command now includes all routes on the VAP. A memory leak in the MIB library has been fixed and no longer causes system inconsistencies. For Check Point VSX, if you create a circuit using a Check Point management station such as Dashboard, and attach a VAP group to that circuit (for example, as a tap to monitor the VSX traffic), you can now delete the circuit using the management station. When upgrading firmware on a module using the AWS script, the script can now remove the module from maintenance mode. An event counter reaching its maximum value no longer causes an NPM to crash.

ID 27709: ID 27716:

12.1 Issues Corrected in XOS V9.0.2

The following issues are corrected in the XOS V9.0.2 release. This release includes fixes from all previous XOS releases. ID 20844: ID 23538: ID 24494: XOS no longer displays rpm inconsistency messages when you log into the chassis after a successful shar upgrade on a system that has the VSX application installed. Check Point VSX dynamic routing updates are now synchronized locally with kernel routing table. An issue in XOS 9.0 that caused the password recovery procedure described in Recovering from an Expired CPM Root Interval in the XOS Configuration Guide to fail has been corrected. The recovery procedure now works as documented. A single entry is created in the routing table for the IP control plane subnet. NPM-86xx modules now successfully load the flow-rule table upon NPM reboot. Systems running any Check Point application on xslinux_v5 VAP groups no longer experience KERNEL: assertion (flags & MSG_PEEK) failed conditions. The default gateway can now be configured with an IPv6 address. swatch-groupintstats.swc now displays NPM Packet Rates Statistics and NPM Data Rate Statistics correctly. cbsirmd no longer restarts when next hop is unreachable because an interface is down. Reverse flows of APM-originated traffic are now handled correctly by the NPMs. XOS now allows configuration of IP Domain Names with leading digits as specified in RFC 1101. Rare netag_put_data assertions that can cause an out of memory condition on APM 86xx modules running xslinux_v5 VAP groups no longer occur.

ID 24571: ID 24909: ID 25013: ID 25262 ID 25316: ID 25326: ID 25453: ID 25629: ID 25811:

12.2 Issues Corrected in XOS V9.0.1

The following issues are corrected in the XOS V9.0.1 release. This release includes fixes from all previous XOS releases. ID 15016: The following log message is no longer reported on a VRRP back-up system when verify next hop is configured.
cbsvapcfgd[xxx]: [I] IpVerifyNhEntry: Nexthop host A.B.C.D became reachable

ID 16792:

An issue that resulted in messages such as the following has been resolved. These messages no longer appear in the log file. fw_2 kernel: do_vfs_lock: VFS is out of sync with lock manager! The output from the command show flow distribution now shows the correct uptime for the first NPM in some configurations.

ID 19566:

XOS V9.0.3 Release Notes May 19, 2011

11

ID 21206: ID 21642: ID 23068: ID 23172: ID 23178: ID 23182: ID 23226: ID 23325: ID 23345: ID 23461: ID 23752:

The fabricstats swatch script now reports all byte counts correctly. Fixed an exception in the cbsstatsd function. On an NPM-86xx module, MLT child interfaces on a VRRP backup chassis no longer drop traffic. The VRRP monitor circuit configuration issue has been resolved. The irmd daemon no longer ends up in a loop resulting in maximum cpu activity. A rare NPM control plane communication issue has been resolved. Migration of a system with Check Point VSX R65 no longer displays an erroneous install command message. Migration results are now part of the SystemSoftwareReleaseHistory.log When provisioning a VAP-group with VSX installed, a previously configured group-interface containing the reserved keyword string int now returns an error properly. Users can now delete and recreate a VAP group associated with an MLT circuit carrying traffic for multiple VLANs, without an interruption in service. An unexpected system entry into an mwait state on a CPU no longer causes a persistent hang/lockup of the APM module.

12.3 Issues Corrected in XOS V9.0.0

The following issues have been corrected in the XOS V9.0.0 release. ID 15471: ID 15936: ID 19119: Existing flows are now handled correctly during a CPM failover with delay-flow enabled on a VAP group, with no interruption in service. The NPM-8600 no longer resets when rebooting a single CPM in either slot 7 of an X45 chassis, or slot 14 of an X80 chassis. CPM management configuration changes now propagate to the secondary CPM properly after a CPM failover.

13.0 Known Anomalies

The following sections describe known issues in this release.

13.1 NPM
ID 15145: ID 26070: The XOS architecture does not support traffic ingressing multiple times over a single bridge in a Layer 2 topology. When you reload NPMs on an X80-AC-1 chassis, the output of the show chassis and show module status CLI commands may be incomplete or delayed. There is no operational effect; traffic passes normally. When flows are in a re-routing state, the re-routing tag may not be displayed in show flow active output. Workaround: Use show flow-path active verbose to see the re-routing tag.

ID 26347:

XOS V9.0.3 Release Notes May 19, 2011

12

13.2 APM
ID 15229: The following log message could be reported when creating new circuits or reloading a VAP group. The message can be ignored when seen under the above conditions. kernel: <circuit name>: Dropping NETIF_F_SG since no checksum feature. If a VAP group is configured with an xslinux_v5 kernel, and the device-name of a circuit that is associated with the VAP group begins with a number, the tcpdump utility reports this error: Invalid adapter index Workaround: Rename the circuit device-name to remove the leading digits.

ID 20256:

13.3 CPM
ID 25223: ID 26491: ID 26468: If you change the prompt on an APM, the Automated Workflow system cannot upgrade the firmware on that APM. Do not put large files, such as hot fixes, into the /tftboot/<vap_group>_common directory. This may cause delays when creating vap groups. GEM connectivity is lost using any management virtual IP address after performing one of the following: - configure remote box, unconfigure remote box, create ip-alias for management interfaces, or delete ip-alias for management interfaces Workaround: When this occurs, run the script /crossbeam/bin/cbs_cprm_scripts activate_mgmt_vip eth2 manually from the UNIX prompt on the CPM to restore connectivity. ID 26355: ID 27399: An SNMP ifEntry query on a bridge mode interface returns erroneous data and should be ignored. If a user creates a UNIX alias called su with a value of unix su, the Automated Workflow System (AWS) fails while trying to verify slot count and module information. Workaround: Before you use AWS, disable all command aliases.

XOS V9.0.3 Release Notes May 19, 2011

13

14.0 Contacting Crossbeam Technical Support

Crossbeam Systems offers a variety of service plans designed to meet your specific technical support requirements. For information on purchasing a service plan for your organization, please contact your account representative or refer to http://www.crossbeam.com/support/online-support/ If you have purchased a Crossbeam Systems product service plan and need technical assistance, you can report issues by telephone: United States: EMEA: Asia Pacific: +1 800-331-1338 OR +1 978-318-7595 + 33 4 8986 0400 +1 978-318-7595

Latin America: +1 978-318-7595 You can also report issues via e-mail to support@crossbeam.com. In addition, all of our service plans include access to the Crossbeam Customer Support Portal located at http://www.crossbeam.com/support/online-support/. The Crossbeam Customer Support Portal provides you with access to a variety of resources, including Customer Support Knowledgebase articles, technical bulletins, product documentation, and release notes. You can also access our real-time problem reporting application, which lets you submit new technical support requests and view all your open requests. Crossbeam Systems also offers extensive customer training on all of its products. For current course offerings and schedules, please refer to the Crossbeam Education Services Web pages located at http://www.crossbeam.com/support/training-services/.

XOS V9.0.3 Release Notes May 19, 2011

14