LoadMaster Release Notes for Version 6
Table of Contents
1.Software Release Notes Introduction
The current software is a maintenance release of the KEMP Technologies LoadMaster series and this document describes the features supported in the current and previous releases.
We recommend you fully back up your LoadMaster configuration before upgrading the software. Instructions for backing up the LoadMaster are described in within the documentation which can be found at http://www.kemptechnologies.com/documentation.
Installation of this software and reloading of the configuration may take up to five minutes, or possibly more, during which time the LoadMaster being upgraded will be unavailable to carry traffic.
1.1Pre-requisites
The following are recommendations for upgrading the software:
- The person undertaking the upgrade should be a network administrator or someone with equivalent knowledge.
- In case of issues restoring backup configurations, configuring LoadMaster or other maintenance issues, please refer to the LoadMaster documentation which can be found at http://www.kemptechnologies.com/documentation .
1.2Support
Should you experience problems loading the software release, you may contact KEMP support staff via our automated trouble ticket system HERE and a KEMP support Engineer will call you promptly.
1.3Compatible Products
|
|
2.Release 6.0-44
2.1New Features
- Session Management
Session Management security features have been added.
- LDAP User Authentication
All administrative users of the LoadMaster can be authenticated against an external LDAP database.
2.2Feature Enhancements
- Viewable End User License Agreement (EULA)
The EULA is now viewable from within the WUI.
- Telnet functionality
Telnet functionality is available within the Diagnostic Shell.
- Additional options for adding headers to HTTP traffic
A number of new optionsfor adding headers to HTTP traffic, including the ‘Via’ option, have been added.
2.3Issues Resolved
1456 |
Some non-alphanumeric characters are allowed in the username input fields |
1849 |
The Source IP Persistence persistence method now works correctly with the ‘Always Check Persist’ option enabled. |
1857 |
An issue with using a non-local ‘Sorry Server’ in a Layer 7, transparent Virtual Service has been resolved |
1862 |
The initial, default IP address is visible on eth0 (until the user changes it) |
2011 |
The POST health check is allowed within the RESTful API |
2046 |
Non-alphanumeric text is no longer accepted within the DNS Search Domain input field. |
2127 |
Issue with clearing SNMP traps has been resolved |
2148 |
Behavior for the Service Name input field when using templates is corrected |
2212 |
An issue with healthchecking on additional IPv6 interfaces has been resolved |
2216 |
An issue with changing URLs in Content Switching has been resolved |
2264 |
An issue with the Force HA Failover functionality has been resolved |
2276 |
An issue with Intermediate Certificates has been resolved |
2279 |
Transparency now works correctly within nested Virtual Services |
2307 |
Inconsistency with Password input rules has been resolved |
2358 |
Display issue with Rules corrected |
2381 |
Issue with users other than bal using the RESTful API has been resolved |
2408 |
Issue for user with Real Server permissions modifying Real Servers has been resolved |
2447 |
Issue with Active Cookie Persistence and Content Switching on the same Virtual Service has been resolved |
2.4Known Issues
- STARTTLS (if requested) does not work properly in SMTP Virtual services using STARTTLS offloading. In STARTTLS if requested mode, if a client does not choose STARTTLS, things go wrong ONLY if the server requires authorization.
- Access control whitelist does not function correctly with wildcard Virtual Services
3.Release 6.0-42a
3.1Issues Resolved
2181 |
Fixed issue relating to RADIUS authentication |
4.Release 6.0-42
4.1New Features
- Least Connections scheduling method has a ‘slow-start’ control
Least Connections scheduling method has a ‘slow-start’ control to enable a controlled ramp-up of the number of connections to the Real Server on start-up.
- The LM-R320 product is available
Add support for the LoadMaster R320 product
4.2Feature Enhancements
- Added Netconsole to the debug menu
All kernel console messages can be sent to the syslog port on the specified host.
- Content Rules: The maximum length of the match string has been increased
The maximum length of the match string has been increased to 250 characters.
- GoDaddy certificate bundles supported
Support is included for GoDaddy certificates
- Simple error pages hosting when HTTP/HTTPS services are unavailable.
Simple error pages can be hosted for when HTTP/HTTPS services are unavailable.
- Increase the amount of information visible in the statistics page
The number of rows visible in the statistics page has been increased from 9 to up to 100 rows.
- Password Verification is required when creating certificate backups
Password Verification is required when creating certificate backups.
- Non-HTML uploads handled correctly
Some issues with non-HTML uploads have been corrected.
- Auto-generated RSA keys are 1024 bits
In order to be accepted by Windows OS, the auto-generated RSA keys are 1024 bits. Any users attempting to upload RSA keys less than 1024 bits are blocked
- Jumbo Frames are supported on the LM-5300
Jumbo Frames are supported on the LM-5300.
- Quicksetup: the requirement for a subnet mask is now clearer
The requirement for a subnet mask during the Quicksetup is now clearer.
- Indicator of the hypervisor used is displayed
Whichever hypervisor is used the hypervisor name is displayed.
- Named users can change their own password
Named users can change their own password.
- Customizable Sorry Server port
The port for the Sorry Server can now be customized.
4.3Issues Resolved
1383 |
DHCP issue for E100 drivers in VMware is resolved |
1707 |
Issue with Content Switching and Redirection when only one rule exists is resolved |
1709 |
Issue with resolving Real Servers is resolved |
1710 |
Missing RESTful API command for Real Server limits is implemented |
1714 |
Issue with users with All Permissions applying Content Rules is resolved |
1721 |
Segfault issue on LM-3600 and LM-3500 HA pair resolved |
1875 |
Issue with setting MTU on fiber interfaces is resolved |
1899 |
Issues handling the’ \’ and ‘&’ characters in packet filters are resolved |
1924 |
Memory issue on ASIC cards with SSL duplication is resolved |
2019 |
Issues with SNORT rules and OWA traffic are resolved |
2040 |
Error message when Real Server is down is handled correctly |
4.4Known Issues
- STARTTLS (if requested) does not work properly in SMTP Virtual services using STARTTLS offloading.
- In STARTTLS if requested mode, if a client does not choose STARTTLS, things go wrong ONLY if the server requires authorization
- LoadMaster requires a reboot after changing SNMP trap hosts
- Cannot set "POST" health check via RESTful API
- Illegal characters may be entered in DNS search domains
5.Release 6.0-40CMa
5.1Issues Resolved
1982 |
Resolved interoperability issues with Microsoft Internet Explorer 6 POST operations |
6.Release 6.0-40CM
The v.6.0-40CM release is dedicated to the memory of our friend and colleague Chris Miller.
May he Rest In Peace
6.1New Features
LM5305-FIPS; FIPS 140-2 Level 2 compliant product
A new FIPS 140-2 Level 2 compliant product, the LM5305-FIPS, is available.
KVM, para-virtualized Virtual LoadMaster (VLM)
A new VLM package, to support VLM installation within a KVM, para-virtualized environment is available.
Xen, para-virtualized Virtual LoadMaster (VLM)
A new VLM package, to support VLM installation within a Xen, para-virtualized environment is available.
End User License Agreement (EULA)
The EULA is now incorporated into the product.
Jumbo Frames support enabled
Jumbo Frames are now supported within product.
Message of the Day (MOTD) Banner
A message can be added, in banner format, to the LoadMaster’s home page.
Configurable Maximum Transmission Unit size
The MTU (or maximum Ethernet frame size) can be configured for each interface.
New ‘POST’ HTTP Healthcheck method
A new HTTP Healthcheck method, POST, allows more robust health checking methods.
Support for Network Level Authentication for RDP Healthcheck
The RDP Healthcheck now supports Network Level Authentication.
6.2Feature Enhancements
Drop Connections when Drainstop Timer Expires
The drainstop functionality can now be configured so that connections are automatically dropped on disabled servers when the drainstop timer expires.
RESTful API command returns the active HA unit’s IP address
The ‘switchha’ RESTful API command returns the active HA unit’s IP address.
Added functionality for Certificates handling
The way certificates are handled has been made more intuitive.
In the CLI, messages are viewable from within a Terminal view
In the CLI messages, logs, boot msg. etc., are viewable from within a Terminal view.
The HA visual indicators are more intuitive
The green HA visual indicators are now more intuitive and indicate which of the units is active.
STARTTLS supports IMAP4
STARTTLS now supports IMAP4.
Openssl upgraded to 0.9.8x
The Openssl version used within the LoadMaster has been upgraded to v.09.8x.
Statistics can be reset
All statistic summary values can be reset to zero.
Automatic Backup test function
The Automatic Backup can be tested to ensure that it functions correctly.
6.3Issues Resolved
1295 |
A vsslproxy segfault issue has been resolved |
1638 |
The size of the tcp time wait table has been increased |
1723 |
Spurious L4 diagnostic messages have been removed |
1726 |
NIC driver failure in VMware after upgrade issue resolved |
1749 |
Issue with ‘Common Name’ not displaying after certificate import resolved |
1751 |
Latency issues when using 10Gb fiber interface resolved |
1611 |
Potential security issue with TLS resolved |
1455 |
Issues with email verifications resolved |
1614 |
A vsslproxy child processes issue has been resolved |
1615 |
Healthcheck replies without content length failing for GET requests resolved |
1722 |
URL header modification issue resolved |
1391 |
Erroneous ‘badrequest’ messages issue resolved |
1457 |
Issue with ‘Certificate’ user permissions resolved |
1618 |
Hover help for "L7 Connection Drain Time" improved |
6.4Known Issues
- No Support for Jumbo frames on LM5300 gigabit NIC (82583V).
- No virtualization environment is shown when the NICs are e1000 in VMware
7.Release 6.0-38
7.1New Features
Hyper-V Support for Synthetic Drivers.
The Virtual LoadMaster for Hyper-V now supports synthetic drivers.
RESTful API Interface.
LoadMaster provides a RESTful API interface for Virtual Services and Real Server functionality designed to allow remote applications access in a simple and consistent manner.
Ability to monitor the number of connections on a Real Server and perform limiting based on it.
LoadMaster monitors the number of open connections on a Real Server and can limit connections to the Real Server when the number of connections exceeds a user defined number.
Updates to how routing is handled for Non-Local Real Servers.
Routing for Non-Local Real Servers has been updated to ensure that traffic is handled in a correct and consistent manner.
Triggered Failover Capability
Switching the roles of a HA pair can be accomplished through a failover button on the WUI.
More detailed Real Server Connect attempt failed messages.
The source IP, port and destination port is included in the Real Server Connect attempt failed messages.
Snapshot of Statistics is included in the backup
A snapshot of the statistics is included in the configuration backup.
7.2Issues Resolved
953 - Resolved issue with LM3600 and “Inter HA L7 Persistency Updates"
An issue with the LM3600 rebooting with “Inter HA L7 Persistency Updates" turned on has been resolved.
1247 - Resolved “Extra port” traffic with per VS Packet Filter enabled issue
An issue with “Extra port” traffic with per VS Packet Filter enabled has been resolved.
1306 - Correct validation of IP address inputs when in iSetup mode
An issue where an incorrect format of IP addresses in console mode was being accepted has been corrected.
1307 - Extended the length of the tcpdump Options field
The length of the tcpdump Options field has been extended to provide greater flexibility.
1370 - Corrected issue with the RADIUS Server Revalidation Interval
Resolved an issue where the RADIUS Server Revalidation Interval was not being set correctly.
1379 - Resolved an issue with the HA Multicast Interface
An issue with the HA Multicast Interface has been resolved.
1380 - Resolved issue with wildcards in the Hyper-V VLM
An issue where wildcards were not functioning correctly in the Hyper-V VLM has been corrected.
1382 - Resolved an issue restoring a 5.1 backup configuration with L7 transparency
An issue restoring a 5.1 configuration backup on a 6.0 build with L7 transparency turned on is resolved.
1384 - The correct method for checking custom ports are configured
When custom ports are configured, LoadMaster no longer incorrectly checks standard ports.
1389 - Inaccuracies in Virtual Services Statistics have been corrected.
Some inaccuracies in how Virtual Services statistics were displayed have been corrected.
1391 - Erratic ‘badrequest’ messages have been resolved
Erratic ‘badrequest’ messages which were being received have been corrected
1392 - Issue with Header Rules and Named Users has been resolved.
An issue using Header Rules with named users has been resolved.
1395 - Resolved a 5.1 to 6.0-34 upgrade issue with the Hyper-V VLM
A 5.1 to 6.0-34 upgrade issue with the Hyper-V VLM has been resolved
1407 - An L7 Transparency issue in the Hyper-V VLM is resolved
An L7 Transparency issue in the Hyper-V VLM is resolved
1459 - An issue with L7 wildcards after switching to L4 has been resolved
An issue with L7 wildcards after switching to L4 has been resolved
1460 - An issue with VS stats and L4 services with Persistency configures has been resolved
An issue with VS stats and L4 services with Persistency configures has been resolved
1461 - A display issue on the homepage with statistics has been rectified
A display issue on the homepage, where numbers were been shown in a negative format in the statistics section, has been rectified
1508 - Resolved an Automated Backup issue
An Automated Backup issue where the directory fails to change, has been resolved.
1509 - An incorrect diagnostic message when using alternate port in log mailer is corrected
An incorrect diagnostic message when using alternate port in log mailer is corrected
1523 - An issue caused by the use of the fixed weight scheduling method has been resolved
A kernel panic caused by the use of the fixed weight scheduling method has been resolved.
1532 - An inconsistent upper boundary error message for the port parameter has been corrected
An inconsistent upper boundary error message for the port parameter has been corrected.
1592 - Correct level for vssslproxy error message set
An error message in the vssslproxy has been reduced in its severity level
7.3Known Issues
- Issue:Setting up an IPv6 deployment requires two reboots before the IPv6 default gateway becomes set.
- Issue: Cannot unset error code for Modify Virtual Service via the RESTful API
8.Release 6.0-36
8.1New Features
Disable/Enable Web User Interface Access from the LoadMaster Console.
Access to the Web user Interface can be disabled or enabled from the LoadMaster Console.
8.2Issues Resolved
651 - Kernel Panic with UNIX Sockets issue resolved
A Kernel Panic issue, arising from the interaction of Layer 7 and UNIX Sockets, has been resolved.
832 - Real Server Statistics Can Now Be Viewed Per Virtual Service
The statistics available for Real Servers can now be expanded out to view each Real Server per Virtual Service.
902, 1153 - Access Control List issues resolved
A number of issues with Access Control Lists were resolved.
908 - Error Message when Content Rule name is too long made more relevant
The error message that appears when the content rule name is too long has been made more relevant.
909 - Issue with overlong Error Messages in Virtual Services causing issues is resolved
An issue with adding extra virtual services caused by error messages in the virtual service being too long, has been resolved
911 - Terminal Services Persistency Timeout Value issue is resolved
An issue where the persistency timeout value is not initially visible on a Terminal Services virtual service is resolved.
941, 943 – New Time Zones added
A number of new time zones have been added..
942 - LoadMaster recognizes netmask given by DHCP
An issue where the VLM ignored a netmask given by DHCP is resolved.
1149 - Issue with Alternative Addresses and Disabling Scaling is resolved
An issue where, after enabling scaling, adding alternative addresses and disabling scaling the
LoadMaster still uses the additional addresses have been resolved
1150 - Persistence options now only show relevant options
An issue where inappropriate persistence options were available has been resolved.
1151 - Using an L4 ‘wildcard’ no longer causes the Real Server to fail
Using an L4 ‘wildcard’ no longer causes the Real Server to fail
1152 - The Reply 200 pattern in Healthcheck no longer requires’/’ around the pattern.
The Reply 200 pattern in Healthcheck no longer requires’/’ around the pattern..
1164 - SNMP OID added for Virtual Service Active Connections
SNMP OID added for Virtual Service Active Connections.
1165 - The 403.4 status Code is now allowed in Redirect Handling
The 403.4 status Code is now allowed in Redirect Handling .
1234 - Non-primary DNS Servers are now recognized by the LoadMaster
An issue where non-primary DNS Servers were ignored by the LoadMaster is resolved
1243 - SNMP OID for ‘ipvsRSTotalTable’ now works correctly
An issue with the SNMP OID for ‘ipvsRSTotalTable’is now resolved
1253 - Confusing label in the Certificates screen relabeled
The ‘Filename’ label has been changed to 'Certificate Identifier'
8.3Known Issues
- Issue: When ‘Inter HA L7 Persistency Updates" is enabled, reboot and warnings may occur.
- Issue: The ‘Allowed Network’ option within the ‘Add User Permissions’ screen does not work.
- Issue:Setting up an IPv6 deployment requires two reboots before the IPv6 default gateway becomes set.
- Issue:Segfault occurswhen switching to SSL mode from cleartext (STARTTLS mode)
- Issue: Using extra ports while the packet filter is enabled will block traffic to the extra ports.
9.Release 6.0-34
9.1New Features
Perl Compatible Regular Expressions (PCRE) can now be used.
PCRE can now be used to create match strings in Content Matching rules and Header Modification rules.
IPv6 can now be used in a Direct Server Return (DSR) configuration.
IPv6 can now be used in Direct Server Return (DSR) configurations.
Snort Rules version 2.9 is now supported
The LoadMaster now supports Snort Rules versions 2.9 and below
Added an lsetup option to unbind interfaces
Within the lsetup menu, an option has been added to unbind all bonded interfaces.
9.2Issues Resolved
628 - User Name field limit increased to 14 characters
The character limit in the User Name field within the User Management screen has been increased to 14 characters.
631 - TCP idle timeout now dynamically watches for ‘Connection Timeout’ message
Layer 4 TCP idle connection timeouts are no longer fixed to 5 minutes but are now set dependent on the ‘Connection Timeout’ value.
632 - SNMP supports IPv6 at Layer 4
SNMP now fully supports IPv6 at Layer 4
633 - Deadlock issues with persistence corrected
Some deadlock issues that occurred in some obscure cases of persistence have been corrected.
635 - User login permissions copying correctly
An issue with user login permissions copying incorrectly to the slave was corrected.
714 - IPv6 Healthchecks originate from the base address of the interface
IPv6 use the base address of the interface as the source IP address.
767 - Corrected WUI issues with the Manage Template option
Template names in the Manage Template option are no longer too long.
768 - Corrected issues with Packet Filtering
Prefixes can now be as low as 1.
Entries in a Whitelist, when there are no entries in the Blacklist ensure only the IP addresses in the Whitelist are allowed pass. All others are blocked.
769 - Access Control issue on a HTTP Redirect issue corrected
An issue with HTTP Redirect, when used with Packet Filtering turned on but with empty Access Control lists, has been corrected.
770 - Migration from some 5.1-74 configurations caused issue with HA
Some issues caused by migrating from specific configurations in 5.1-74 have been resolved.
771 - UDP services no longer displays TCP healthcheck options
If you select a UDP service while configuring a Virtual Service, you can longer select a TCP healthcheck option.
772 - Implementing upgrade controls between 32 bit and 64 bit options
Users are no longer allowed to upgrade from 32 bit to 64 bit versions of the software.
773- User account permissions working correctly
Some issues with user account permissions working incorrectly were corrected.
776 - Issue with Cavium driver on the LoadMaster 5500 corrected
The Cavium driver now works correctly with the LoadMaster 5500.
777 - Passing normal SMTP traffic through a VS which has STARTTLS set corrected
An issue which arose when passing normal SMTP traffic through a VS which has STARTTLS set, has been corrected.
778 - FQDN consistently displays in certificate on the WUI
An issue where FQDNs were not always displayed within certificates on the WUI has been corrected.
779 - Corrected some issues with automated backup
Some issues with automated backup have been corrected.
781 - Added additional information to the backup file
The backup file now also contains the output of ‘netstat –r’, ‘ps –ef’ and ‘cat /proc/interrupts’.
782 - Additional tcpdump parameters allowed
It is now possible to pass additional parameters via a free format field to tcpdump.
784 - Layer 4 support for IPv6
Issues with Layer 4 support for IPv6 corrected.
785 - Display of more than 100 Real Servers on a Virtual Service corrected
Users can now have up to 1024 Real Servers per LoadMaster.
786 - Issues with the use of ‘$’ in user passwords corrected
Users can now use the ‘$’ character within user passwords
797 - Cookie Persistence works correctly when Real Server fails.
Cookie Persistence now works correctly when the Real Server which the cookie points to fails.
803 - Statistics displaying Ipv6 Layer 4 packets correctly
Some issues with displaying Layer 4 packet statistics have been corrected.
814 - Port numbers deal correctly with leading zeroes
Port numbers now deal correctly with leading zeroes.
838 - Issue with ‘Negation’ and ‘Ignore Case’ in Content Rules corrected
An issue where Negation’ and ‘Ignore Case’ in Content Rules were not being deselected correctly was corrected.
840 - Version information is now printed to the boot log file
The software version information is now printed to the boot log file.
847 - Port Range is displayed on Real Server information
When there is a Port Range, this is now displayed within the Real Server information.
848 - Extended the allowable length of fields and headers in the Custom Headers
The allowable length of both fields and headers within Custom Headers have been increased.
850 - No longer allowed to bond eth0 and eth1
Users are no longer allowed to bond eth0 and eth1.
851 - Add Header to Request field now accepts the ‘_’ and ‘- ‘characters
The Add Header to Request field now accepts the ‘_’ and ‘- ‘characters
867 - Can set Switch to Preferred Server of no preferred host within a HyperV environment
Corrected an issue where you could not set Switch to Preferred Server of no preferred host within a HyperV environment
878 - SNAT changed to Server NAT
Throughout the product, the term ‘SNAT’ has been changed to ‘Server NAT’ to avoid confusion with the more common definition of ‘SNAT’.
9.3Known Issues
- Issue: When ‘Inter HA L7 Persistency Updates" is enabled, reboot and warnings may occur.
- Issue: The Terminal Services persistency timeout value not initially visible.
- Issue: You cannot have more than 90 characters in the ‘Error Message’ field when configuring the ‘Not Available Redirection Handling’ option.
- Issue: The error message which appears when a Content Rule name is too long is misleading
- Issue: The ‘Allowed Network’ option within the ‘Add User Permissions’ screen does not work.
- Issue:Setting up an IPv6 deployment requires two reboots before the IPv6 default gateway becomes set.
- Issue:TheGlobal Access Control List feature is not working
10.Release 6.0-28a
10.1New Features
New ‘Cookie-Based’ Persistence Methods
New persistence methods, based on cookies, have been added to the existing methods. The methods added are as follows:
- Server Cookie Persistence
This method uses existing cookies generated from the server to determine which server to send users to.
- Active Cookie Persistence
This method uses cookies generated by the LoadMaster, not the server.
This method is identical to the Server Cookie setting, but with the additional feature that it will fall back to Source IP persistence in the event no cookies are in the HTTP string.
This method is identical to the Active Cookie setting, but with the additional feature that it will fall back to Source IP persistence in the event no cookies are in the HTTP string.
This method creates a hash of the values of all cookies in the HTTP stream.
This method is identical to Hash All Cookies, with the additional feature that it will fall back to Source IP persistence in the event no cookies are in the HTTP string.
10.2Issues Resolved
None
10.3Known Issues
- Issue: Packet option in the RS metrics page is non-functional
- Issue: LM-5500 SSL ASIC cards do not load after upgrade. Call support.
- Issue: Automated backup does not work properly with Windows FTP
- Issue: FQDN is not displayed when filename begins with a uppercase letter
- Issue: GEO/DR binddb segfault errors in logs
Workaround: These can safely be ignored as there is no impact on operation
- Issue: Additional subnets on this Interface: When upgrading to 6.0-28a, these will not be converted correctly. The mask will be incorrectly appended to the end of the actual address. For example, 192.168.0.1/24 becomes 192.168.0.1255.255.255.0
Workaround: Edit the Additional Addresses field to fix the netmask back to the CIDR notation (including the slash)
- Issue: GEO/DR Configuration backup does not work
Workaround: Rebooting post-restore will apply the changes
- Issue: GEO/DR Configuration backup becomes overwritten in a multi-geo/dr deployment
Workaround: None
- Issue: Packet filter/Access Control Lists only causes problems with multiple VS's with the same IP
Workaround: Disable packet filter
11.Release 6.0-28
11.1New Features
None
11.2Issues Resolved
448 - Preferred HA Host
Using preferred HA Host does not cause a change in Master/Standby between units.
474 - WUI Interface
Switching which interface is used for WUI, requires reboot before being applied.
476 - VIP Port Range
VIP displayed port range for RS required small adjustments.
481 - Port Following
Fixed. Did not show as WUI option.
482 - Console CLI
Can now save VS settings..
11.3Known Issues
- Issue: Packet option in the RS metrics page is non-functional
- Issue: LM-5500 SSL ASIC cards do not load after upgrade. Call support.
- Issue: Automated backup does not work properly with Windows FTP
- Issue: FQDN is not displayed when filename begins with a uppercase letter
- Issue: GEO/DR binddb segfault errors in logs
Workaround: These can safely be ignored as there is no impact on operation
- Issue: Additional subnets on this Interface: When upgrading to 6.0-28, these will not be converted correctly. The mask will be incorrectly appended to the end of the actual address. For example, 192.168.0.1/24 becomes 192.168.0.1255.255.255.0
Workaround: Edit the Additional Addresses field to fix the netmask back to the CIDR notation (including the slash)
- Issue: GEO/DR Configuration backup does not work
Workaround: Rebooting post-restore will apply the changes
- Issue: GEO/DR Configuration backup becomes overwritten in a multi-geo/dr deployment
Workaround: None
- Issue: Packet filter/Access Control Lists only causes problems with multiple VS's with the same IP
Workaround: Disable packet filter
12.Release 6.0-27
12.1New Features
Configurable Healthcheck Headers
You can specify up to 4 additional headers/fields which will be sent with each healthcheck request.
12.2Issues Resolved
461 - Disabled Real Server Failure
Stopping an RS prevented further access until drain stop elapsed..
465 - Javascript Resources
Include addrs.js in the index page so it will always be reloaded.
472 - Geo LM Issues
Fixed various sync and filtering issues.
- Multicast Addresses
Can no longer specify invalid / multicast addresses where these would be invalid.
- Carps
The IPv6 address for Carps multicast packets has been changed to the IANA defined value. (Only used on interfaces whose primary address is IPv6).
12.3Known Issues
None
13.Release 6.0-26
13.1New Features
None
13.2Issues Resolved
457 - Adding Addresses
Can now add addresses to eth2 and above.
441 - ACL
Improved diagnostics for Access Control Lists.
460 - Wildcard VS
Can modify a Real Server on Wildcard VS without error message.
13.3Known Issues
None
14.Release 6.0-25
14.1New Features
None
14.2Issues Resolved
448/451 - HA Preferred
Can now set Standby as HA preferred.
454 - VS Statistics
Statistics page shows multiple VS’ per page.
453 - IPv4 Netmask
No longer fills to end of next octet.
452 - VS Healthcheck
SMTP VS health checks now default to port 25 on the RS.
446 - WUI HTTP Header
Issue resolved with caching.
- STARTTLS Service
Creating an SMTP service will automatically select this type! But does not have to STARTTLS in the default configuration mode since it is optional.
14.3Known Issues
None
15.Release 6.0-24
15.1New Features
None
15.2Issues Resolved
432 - Administrative Gateway
Cannot remove admin gateway.
435 - Sorry Server
Now applies to HTTP and is not available for other services.
436 - Automated Backup
Protocol is pure FTP.
437 - Service Specific Access Control
Is an advanced option, not generic.
438 - SSL Acceleration
Renamed to Acceleration Enabled..
439 - Saving Host
Can now save host.
442 - SSH Console
Fixed repeated output message.
443 - Alternate Address eth0
Adding IPv4 alternate address does not require reboot.
15.3Known Issues
None
16.Release 6.0-23
16.1New Features
None
16.2Issues Resolved
431 - RS Check Parameters
Cannot change RS check parameters on duplicated layer 4 VS's. Displays "Down" even when unchecked. User must change IDs of VS and RS when duplicating.
412 - Certificate Backup
On 6.0, using 5.1 cert backup results in disassociation from cert & VS. This also solves the problem of updating from V5.1 to V6 via a patch.
16.3Known Issues
None
17.Release 6.0-22
17.1New Features
None
17.2Issues Resolved
428 - Crash with Compression and Cache
If the client closed a connection while the compression code was running, it could crash the LoadMaster. The error will still occur under these circumstances, but it will no longer crash the device.
- Client Limiter
Can now change values without requiring a reload.
17.3Known Issues
None
18.Release 6.0-21
18.1New Features
None
18.2Issues Resolved
421 - BEAST
"BEAST workaround for SSL". The server has to be told to select ITs certificate instead of letting the client choose.
426 - Restoring Certificates
Restoring certificates results in loss of WUI, reboot fixes. Don't delete the shared certificate file.
- Critical Emails
Are now sent immediately.
18.3Known Issues
None
19.Release 6.0-20
19.1New Features
Security
We have added additional types of STARTTLS service types.
19.2Issues Resolved
389 - Subnet
If subnet originating is enabled, It now works on a per RS basis
- Frame Enable Challenge
Is now based on the machine ID / InstanceId instead of a random number. This allows users to do a "frame enable" over email. The challenge will change every two days, just to make it random.
- Chunked Transfer Posts
Are now fully supported in L7 and over the admin interface. This will help certain java based clients.
19.3Known Issues
None
20.Release 6.0-19
20.1New Features
VS & RS ID
These are now assigned a unique ID which will never change - this is mainly done for SNMP, and it may be used in the future for new features.
Diagnostic Email
The diagnostic email has been upgraded. It is now possible to change the port on the SMTP server. It is now also possible to select SSL or STARTTLS as the security model.
20.2Issues Resolved
405 - Updates
Can't Update - "Update still in progress". -Added better diagnostics also improved message about not being able to update.
414 - Subnets
Fixed issue with "Secondary Network" broken after upgrade from 5.1 to 6.0-17.
- SNMP
SNMP has also been upgraded to support address independent fields instead of IPv4 addresses. A new MIB is required.
- VS & RS Tables
The VS and RS tables which were split between the 12 and 13 trees have been merged – To make it easier for SNMP customers to dump out the state for specific VSs and RSs
20.3Known Issues
None
21.Release 6.0-18
21.1New Features
Security
Added FIPS 140-2 Level 1 support. This is a software implementation of FIPS and may run virtually on a customer’s server or on a LoadMaster model LM-2200 and higher.
21.2Issues Resolved
None
21.3Known Issues
None
22.Release 6.0-17
22.1New Features
None
22.2
22.3Issues Resolved
396 - IPv6
Adding a new IPv6 RS always returned "cannot create".
398 - Automated Backup
Pop up window needed time to be formatted..
404 - Intermediate Certificates
After applying intermediate cert, LM displayed extra/unnecessary text..
401 - SOA Email
Email address requires a trailing dot. Automatically added by LoadMaster.
- PCI Cross Site
If LoadMaster's WUI was requested using a bad method, LoadMaster returned both the bad method and the URL that was requested. Fixed.
22.4Known Issues
None
23.Release 6.0-16
23.1New Features
SSL
Added the ability to replace the administrative SSL certificate with a User specified certificate.
23.2Issues Resolved
387 - isetup
Now able to access Network Configuration in isetup.
390 - SSL ID Persistence
Now displays under a generic VS.
- HA
Corrected issue with HA preferred not turning off once set.
- Healthchecking
Small fix – ticket 1013614
23.3Known Issues
None
24.Release 6.0-15
24.1New Features
L7 Timeout
The timeout waiting for clients has been increased from 20 to 30 seconds.
SNMP
SNMP trap is now sent to indicate that a license has timed out - a new MIB is also available..
24.2Issues Resolved
384 - Additional Ports
Adding extra ports corrected.
383 - HA-1 Address
Changing eth0 no longer locks out a User..
378 - VS Disable
Disabling VS’ no longer disables the RS.
385 - Layer4
Under Layer4, “Alternate Source address’ no longer shows.
379 - HA-2 Setup
Requires a reboot before HA-2 is accessible.
24.3Known Issues
None
25.Release 6.0-14
25.1New Features
Source IP HASH Scheduling
Instead of using the weights or doing round robin, a hash of the source IP is generated and this is used to find the correct real server. This means that the real server is always the same from the same host. You don't need any source IP persistence
LM-5600
Fix for extra ports and MAPing for the 5600.
25.2Issues Resolved
None
25.3Known Issues
None
26.Release 6.0-13
26.1New Features
CPU Efficiency
Improved threading and compression.
Source IP Limiting
If you limit a network, all hosts on the network count towards the limit, in the previous version each host would have separate limits
New Persist
This is the same as superHTTP BUT it also appends the source IP address to the string, thus improving the distribution of the resulting HASH.
HASH Function
The hash function for string persistency types (i.e. non sourceIP) has been improved, it will give a better distribution and fewer clashes
Persistency Timeout
Can now be increased up to one week.
Internal Addressing
Improved handling of internal addresses.
LM-5600
The installable CD-ROM will now allow installation on the 5600.
26.2Issues Resolved
374 - L4
Text corrected after switching to L4
375 - L4
Cannot switch to L4 with IPv6 VS.
26.3Known Issues
None
27.Release 6.0-12
27.1New Features
L7 Network Pages
Yes/No buttons have been replaced by checkboxes..
Client Limiting
It is possible to set a limit of the number of connections per second from a given host. (limit up to 100K is allowed).After setting the "default limit" to a value, the system allows you to set different limits for specific hosts / networksso you can limit a network and / or host. If you set a network and a host on that network, the host should be placed first since the list is processedin the order that it is displayed.
27.2Issues Resolved
None
27.3Known Issues
None
28.Release 6.0-11
28.1New Features
None
28.2Issues Resolved
342 - User Lockout
Prevent User locking themselves out creating a VIP on the loadmaster's wui ip (individual or shared)
364 - Change ethh0 to IPv6.
Maintains connectivity.
366 - IP Address display boxes
Large enough to handle a full v6 address.
367 - gencheck
Displays correct version.
368 - Restore Configurations
Can restore VS and LM base configuration..
28.3Known Issues
None
29.Release 6.0-10
29.1New Features
Default Gateway
Can be set on any address on the interface, i.e. the primary or an additional address.
Automated Backups
The system may be configured to automatically perform backups on a daily or weekly basis.
29.2Issues Resolved
316 - Service Type
When changing from HTTP to Generic service, the LoadMaster will remove all HTTP settings.
348 - DR/GEO
Allows for multiple nameservers.
363 - Port 80 Redirect
Port 80 re-director does now create redirect for "Alternate Address"
29.3Known Issues
None
30.Release 6.0-9
30.1New Features
IPv6 Support
This is the first LoadMaster software that supports IPv6. Along with adding IPv6 colon separated addressing, we have overhauled many of the WUI screens, and added some key features below.
30.2Issues Resolved
354 - Adding RS’
Unable to add RS's on networks made available by "Additional addresses".
357 - WUI Ping
WUI Ping function does not use DNS lookup.
359 - NTP Host
After setting NTP host, time is adjusted, but host field is cleared w/o adjustment popup.
263 - Reverse DNS
RS reverse DNS look up, not working.
30.3Known Issues
None
31.Release 6.0-8
31.1New Features
IPv6 Support
This is the first LoadMaster software that supports IPv6. Along with adding IPv6 colon separated addressing, we have overhauled many of the WUI screens, and added some key features below.
Virtual Service Screen
This now has 5 sections that may be expanded by clicking the ‘+’ sign, i.e. a typical tree view expand/contract, to be more economical on screen real estate.
Network Address Update
Changes to the network address takes effect in real time.
Certificates
There is now a new SSL certificate management page which allows the import of certificates and the association of a certificate to a VS. In addition, more than one VS can be associated with a certificate, and, the VS can have any certificate assigned to it.
FIPS Support
Requires a specific ASIC to be installed along with some other modifications. Contact KEMP support for more details.
Bind Persistency
Fully supports IPv6 functionality.
31.2Issues Resolved
329 - VLAN
The Add/Delete buttons are disabled while waiting for VLAN to be created or deleted.
351 - Change Network Address
After changing the network address the LM does not require a reboot.
349 - LoadMaster Exchange
On factory reset the LM Exchange no longer loses preconfigured VS’s
288 - VS Ports
VS was breaking when using Extra Porta feature on the same IP.
289 - Server Initiating Protocol
Better detection for common VS’s.
31.3Known Issues
None
Date |
Change |
Reason for Change |
Version |
Resp |
Mar 2013 |
Initial Draft of the document |
Release 6.0-44 |
1.0 |
DD |