Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

GEO 2.3.59.1 Release Notes

GEO Version 2.3.59.1 is a stability update for the General Availability (GA) branch, made available on 10 May 2023. Install this update to address two DNS-related issues that can cause GEO to become unresponsive. These are listed below under Issues Resolved.

Contents

If you are not using GEO functionality on LoadMaster, then installing this update is not required to maintain system stability.

Before You Upgrade (READ ME FIRST)
Issues Resolved
Existing Known Issues

Before You Upgrade (READ ME FIRST)

Please pay special attention to the issues below before you begin an upgrade to this LMOS release.

Generation of 4096-bit DHE Key

During an upgrade to this version of LMOS from a version prior to 7.2.53.0, a new 4096-bit DHE key is generated. On some virtual or hardware appliances, this can lead to significant CPU and memory consumption that could impact regular virtual service traffic. Kemp strongly recommends that updates to this release from a version prior to 7.2.53.0 be performed in a maintenance interval. 

Best Practices Cipher Set

In LMOS 7.2.52.0, the BestPractices cipher set was updated. If you are upgrading from a version prior to 7.2.52.0, this change is effective immediately after upgrade to this release. This change was made to improve security and conform to the latest industry best practices.

If you depend on any of the cipher sets being removed from the BestPractices set, then before you upgrade you must create a custom cipher set that contains these ciphers and assign this new custom cipher set to the Virtual Services that are currently using the BestPractices cipher set. After this is done, you can upgrade to this release and your services will continue to use the old ciphers. If you do not, then after upgrade any clients that depend on these ciphers being available will no longer be able to connect.

It is recommended, however, that you migrate your services as soon as possible to use the new BestPractices cipher set. For more information on the cipher suites removed from the set, please see the LMOS 7.2.52.0 Release Notes.

Supported Models for Upgrade

This release of LMOS is supported on the Hardware and Virtual models shown in the first three columns of the table below. It is not supported and should not be installed on any model listed in the two columns at right. This update patch can be applied to any supported model regardless of licensing (e.g., SPLA, MELA) or platform (e.g., hardware, local cloud, public cloud).

Supported
Virtual
Models

Supported
Hardware
Models

Supported Bare Metal Models

UNSUPPORTED
Hardware

Models

UNSUPPORTED
Virtual

Models

VLM-200
VLM-500
VLM-2000
VLM-3000
VLM-5000
VLM-10G
VLM-GEO
VLM-MAX
VLM-SPLA-50
VLM-SPLA-100
VLM-SPLA-500
VLM-SPLA-3000
VLM-SPLA-GEO

LM-X1
LM-X3
LM-X15
LM-X25
LM-X40
LM-X40M
LM-XHC-series

LM-3000
LM-3400
LM-4000
LM-5600
LM-8000
LM-8020
LM-8020M

LMB-1G
LMB-2G
LMB-5G
LMB-10G
LMB-MAX

LM-2000
LM-2200
LM-2400
LM-2500
LM-2600
LM-3500
LM-3600
LM-5000
LM-5300
LM-5500
LM-Exchange
LM-GEO
LM-UCS Series
LM-R320
LM-5400

VLM-100
VLM-1000

           

If your model number is not listed above, please see the list of End of Life models.

Upgrade Path

You can upgrade to this release of LMOS from any previous 7.2.x release. For full upgrade path information, please see the article Firmware Upgrade Path.

Upgrade Patch XML File Verification Notes

By default, verification of the digital signature on upgrade images is required in LMOS 7.2.50.0 and above. See the Update Verification Options setting under System Administration > Miscellaneous Options > WUI Settings. If the unit you are upgrading is set to require validation, you'll need to supply the XML Verification File supplied with this release.

Note that:

  • In previous releases, two verification files were provided: one for pre-7.2.51 systems and one for later systems. This restriction has been removed with the 7.2.53.0 release; if upgrading from firmware 7.2.51.0 / 7.2.48.3 and above you can use the XML file provided with this release. If upgrading from any other firmware version you must following the upgrade path detailed in Firmware Upgrade Path article.
  • Appliances running an LMOS version prior to 7.2.49 do not provide the option of XML file verification in the UI or API. If you are upgrading from one of these releases to this release, you can verify the digital signatures offline using a manual process documented on the support website.

Code Signing Certificate Update

On 27 May 2022, the certificate used to sign LoadMaster release artifacts for LoadMaster LMOS version 7.2.56.x and prior releases expired. For most customers, this will not impact normal operations, as explained in this Announcement on the Support website.

All releases that occur after the above date (e.g., LMOS 7.2.57.0) will be digitally signed using a newly obtained code signing certificate. 

Issues Resolved

LM-2505 GEO: GEO becomes unresponsive when the Selection Criteria is set to Weighted Round Robin. This bug has been fixed.
LM-2470 GEO: A segmentation fault is observed in the logs when a DNS PTR query against an FQDN configured under GEO is received. This bug has been fixed.

Existing Known Issues

LM-2034 GEO: Starting with 7.2.55.0, using the Real Server Load selection criteria may result in no traffic being processed. 
LM-1527 GEO Cluster Checks: GEO cluster checks against LoadMasters configured in Clustering mode do not work.

LM-477

GEO Downgrade: When downgrading from a release that supports more than 64 IPs per FQDN to a release that only supports up to 64 IPs per FQDN, the GEO configuration may become corrupted if there is at least one FQDN in the configuration that contains more than 64 IP addresses. The corruption will likely be evidenced by errors in the UI/API when you list the FQDNs.

To avoid this issue entirely, reduce the number of IPs per FQDN to 64 or less for all FQDNs defined before you downgrade.

If you have already downgraded, you can switch back to the previous boot partition to go back to the newer release (which supports > 64 IPs per FQDN); you can then reduce the number of IPs as above and downgrade again.

If neither of these options is possible, please contact Kemp Support who will consult with engineering on a solution to your issues.      

PD-19704

GEO Cluster Status: When adding a Cluster that is unavailable (DOWN) to a Site, the Site may reflect the Cluster's status as available (UP) for a short time before changing to DOWN.  

PD-19108

LM-127

GEO: Modifying an FQDN entry displays a spurious error on the system console, similar to the one shown below. The FQDN is modified properly.

<FQDN>:794 Uncaught ReferenceError: disp_addrr_elements is not defined

    at <FQDN>:794

(anonymous) @ <FQDN>:794

PD-19093

LM-127

GEO: Cannot configure GEO into partnering mode unless there is at least one FQDN already defined.

PD-18615

LM-134

GEO: No statistics (queries per second, etc.) are displayed for a site if the FQDN is configured to use the "All Available" Selection Criteria.

PD-15633

GEO: If you add a Zone Name to GEO after you have created working FQDNs, GEO may no longer respond to queries for one or more of the FQDNs after the Zone Name is added. The workaround is to remove and then re-add the FQDNs that are no longer working.

PD-9765

GEO: DNS TCP requests from unknown sources are not supported.

 


Was this article helpful?
0 out of 0 found this helpful

Comments