New Features
Drop Connection on RS Failure
Closes the connection
immediately upon detection that a Real Server has failed. Also default Idle Connection Timeout to 86400
seconds.
Statistics
Option to view statistics by
‘bits’ now available. 336
Issues Resolved
328 - Packet
Filtering
Now works correctly.
329 - VLANs
Change in VLANs is now
immediately reflected in menu.
334 -
Administrative Default Gateway
Now works correctly and can be
entered.
338 - Wildcard
Services
Include destination port in
connection timeout messages for wildcard services.
341 - LoadMaster
DR
Removed ‘Location’ field in
clusters screen. It was not applicable.
343 - SNMP
Backport
problem resolved.
Known Issues
None
Top
Release 5.1.71
New Features
HTTP Header Size
Increased to 16K –the same as
in IIS
Caching & Compression
Cached and compressed responses
from the LoadMaster can now contain a VIA header and the address in it will be
that of the Virtual Service.
L7 Diagnostics
Improved diagnostics with
respect to Always Persist and connection tracking in a multi-VS situation.
VS Redirect
Option to add an 80 redirector
VS on a non-SSL accelerated port 443 VS.
RS Enable/Re-enable
The LoadMaster sends out traps
when an RS is disabled or re-enabled.
Expanded IP Addressing
Allow IP address ending in 255.
Server Initiating Protocol
Added POP3 as an option.
HTTP Health Checking
Request include a User-Agent
header field.
Issues Resolved
- SSL Server
Now works correctly with Server
Initiating Protocols. In previous versions the serverinit
could not be set over the WUI is SSL Acceleration was set.
283 - Certificates
When using multi-host certificates the names of all hosts
are now correctly displayed in the VS display.
- RS
Statistics
Fixed to accurately count the
number of Active Connections.
- Weighted
response Time
Display on the VS is corrected.
- VS Nickname
Added to the SNMP traps.
- Traps
Now always sent from the shared
IP address of the interface where the WUI administration is located.
- Re-encryption
Corrected an issue with using
re-encrypting VS’s that may have caused dropped
connections when bahd was changed.
294 – HA Configuration
An issue with HA setup from
command line interface corrected.
- VSSLproxy
Functions differently between serverinit and non-serverinit
services.
295 – SNMP VS
Status
Fixed issue with SNMP Get for VS Status that returned a 1
(up) when the service was down.
297 – WUI
Simplified WUI wording to ‘Software Update’ instead of
‘Patch’.
298 – Port 80
'Add a Port 80 Redirector VS' in port 443 VS showed up
twice in WUI.
299 – GEO/DR
Fixed issue when you have multiple FQDN checks going to the
same IP, but different port.
301 – LM-DR & Geo
Update to firmware specifically for multi-site LoadmMasters.
302 – HA Sync Time/Date
Standby in HA pair will now sync time and date.
304 – Data Stream
Fixed SSL re-encrypt data stream.
305 – Log File Time Stamp
Time stamp in log files is automatically updated when time
zone is changed.
303 – VLM Reboot
Fixed problem of VLM rebooting when changing persistence
type.
309 – HA Cluster with Remote LoadMasters
Corrected an issue with the configuration file when adding
or deleting remote partner.
310 – SSL Certificate in HA
Fixed issue of certificate not copying correctly to Standby
unit.
- TSO Disabled VMs
TCPIP
offload disabled on virtual machines due to instability.
- Persistence
Issue resolved that potentially
caused spurious reboots
- Expect 100
Added values to correct various
issues.
- CPU’s
apparent overload
Fixed a problem that makes
CPU’s appear to be running at 100% when they are not anywhere near that level.
317 – LMDR WUI Update
Cleaned up network options that were not relevant to the
DR.
323 – LM-2200
Fixed issue with display of total active connections.
325 – Caching File Extensions
Fixed issue with adding file extensions that should not be
cached..
Known Issues
None
Top
New Features
WUI Home page
Automatically updates its
information: i.e. the CPU load and network load are now updated every
5 seconds. There is also a new field TPS which gives a current and max
TPS of the unit.
It also displays the current
and max SSL TPS. The TPS field INCLUDES the SSL TPS, they should NOT be added
together.
On a HA the IP address and
Active Since/Boot time are also updated. (Serial number, Licensing Info +
Version are NOT updated). - Boot time is also updated on non HA.
New SSL option Re-Encrypt
This allows an SSL connection to be end-to-end. With this
option, you no longer need the separate reverse SSL VS. It simply
"hides" this functionality to make it much more user friendly.
Restrictions: Each re-encrypted SSL connection counts as 2
SSL sessions w.r.t. maximum SSL sessions. This is the same as before.
Transparency is NOT available - the source address of the
connection to the RS will be the LoadMaster's address
on the interface, not the VS IP address.
URL Rewrite rules
Using rules it is now possible to rewrite the HTTP version
to one specified by the system. This feature should not be generally used. It
is only available for URL rewrite rules and ONLY
available via CLI (i.e. not over the WUI).
Option is "forcevers"
when editing a URL rewrite rule. setting it to 1, will force rewriting to
HTTP/1.0, setting it to 2 will force rewriting to HTTP/1.1. Setting to 0 (zero) turns off the feature.
IRQ balancing
This helps to distribute the load more evenly across CPUs,
which is especially important when using a lot of compression. Since there is
NO optimal balance that can be achieved when using multiple ethernet
controllers, the IRQs are randomly distributed across
CPUs once every second.
NOTE: Since there is only one thread that handles each
interface. The theoretical speed limit for a single ethernet
interface is when the processing of it takes 100% of a single CPU core. Moving
the IRQ around does NOT change this. To increase the
rate, bonding multiple interfaces is the only way to go - multiple CPUs can
then handle the stream of packets. (One CPU per interface).
New scheduling method
"Weighted response time" has been implemented.
The weights for the RSs are adjusted every 15 seconds dependent on the response
time of the server.
Force close
Added option to force a close when the LM returns 304 when
a cache entry hasn't changed
New option in the debug page
IRQ balancing is now disabled by
default. IRQ balancing can be turned on by the switch
on the debug page.
Persistence
Persist timeout can now be specified up to 7 days.
Homepage
The maximum CPU load (ever) is displayed on the homepage.
SSL acceleration
Disabling SSL acceleration on a HTTP 443 service disables
all HTTP specific options i.e. cache and persist.
Issues Resolved
Intermediate certificate display bug corrected.
Heartbeat (not CARP) not running properly.
Issue with Wildcard VS traffic being sent to real servers
on port 2.
Bytes statistics wrong for Wildcard Services
Changing Server Initiating Protocols option is not
sticking
Wrong Page after switching Detection Level
Cannot unset "Set Check Port"
Warning limits for VLM incorrect
RS metrics page
Percentage values are now within a usual range
L7 debug traces
Traces correctly dump out the connection to which the
operation is related.
SNMP
Corrected some operational issues.
Date and Time
Setting the ntp server address
now gives a diagnostic and refuses to set the address/time if the server cannot
be found. A diagnostic is also given if it can find the server.
Content rules
A content matching rule that specifies "src-ip" as the header field, then the content matching
will be applied to the clients source address. (as a dotted quad in IPv4).
Known Issues
None
Top
New Features
L7 engine
Improved performance for individual Virtual Service
Support Virtual Hosts in Cache
When not enabled the cache assumes there is only one
virtual host supported on the Real Server. Enabling this option allows the
cache to support multiple virtual hosts which have different content.
SNMP
SNMP overhauled for improved reporting
SSL Offloading
Improved performance
CPU temperature monitoring
Add logging for adaptive scheduling
Log messages for 101 & 102 server messages
Allow multi port RS
Add Extra Ports
Allow User to specify additional ports for VS
RADIUS support
Added RADIUS support for LoadMaster administration
SSL CSR generation
Added UCC/SAN support
Caching/Compression
Added menu to allow configurable file types for caching
& compression
Issues Resolved
222- Bonded interface not aggregated in statistics
238- Server cookie persistence issue
Persist timeout should be => the timeout on the Real
Server. If the server has timed out the cookie,
then it will use a new Set-Cookie and everything will work as expected.
242- WUI not enforcing reboot
Now reboots after
Restore.
244- Request change ARP thresholds 1, 2 & 3
Increased values to 512, 2048 & 4096 respectively.
Caching causing out of sync errors
LoadMaster certificate's date was in 1902
Problems between carp and bonding/vlans
Problems with Expect-100
Unexpectedly large server packets exceed the
TCP-negotiated MSS
Optimizations introduced by VMWare
in their drivers, required addition of
adapter-independent handling for unexpectedly large packets
Known Issues
None
Top
Release 5.1.28
New Features
Enhanced Debugging/Diagnostics
“tcpdump” capture support enabled
in the Web User Interface, “Ifconfig” and other
utilities added as well. These tools should be used in conjunction with KEMP
Support.
Enhanced HTTP/HTTPS Persistence
Super HTTP – HTTP/HTTPS examination of User Agent and
authorization headers to identify unique visitors.
Selected Header - HTTP/HTTPS examination of a single
configurable header for identifying unique visitors.
GEO LoadMaster Integration
This option allows GEO LoadMaster to read internal
statistics and configuration of LoadMaster.
Enforce Strict IP Routing
When set only accept IP frames from a host over the
interface where the routing algorithm would route frames to the host. (Strict
source route validation).
Graceful Shutdown
Gracefully change the run level before powering the device
off.
Advanced HTTP/HTTPS Header Support
HTTP/HTTPS headers can be deleted, added and modified on
the request to the target Real Server and also on the reply from the Real
Server.
Advanced Content Switching
HTTP/HTTPS headers can be examined to make intelligent decisions
around which Real Server should receive the request.
Enhanced Named User Support
A Web User Interface only named user can now operate at the
default permission level for the “bal” super user.
Enhanced Statistics
Real Server agent values: 0 – 100 reported in the Web User
Interface.
Duplicate Virtual Service
Ability to clone a Virtual Service.
Change Virtual Service
Modify a Virtual Service (VS/VIP) IP or Port number.
Port Range Support
Port range can be mapped directly to Real Server(s) using
only one Virtual Service (the Virtual Service must be “Force L7” enabled).
Wildcard Port Support
An asterisk “*” (wildcard) port can be used to map all
Virtual Service traffic to the same port on the Real Server(s) using only one
Virtual Service.
Health Checking Enhancements
DNS health checker can be configured to query a specific
FQDN.
Health checking has been uncoupled from Real Server port.
Disabling health checking per Virtual Service has been
enabled.
Statistics display
Better pagination in the statistics page for Virtual
Services with large amounts of Real Servers.
Subnet masks
Now displayed in CIDR notation
throughout the WUI consistently.
Log files
Save all log files export button added.
Diagnostics
TCPDump utility from WUI.
Issues Resolved
HTTP Request returns “Invalid Request” due to proxy using
absolute instead of relative URL.
HTTP POST operations using “Expect 100” header fail
Active cookie persistence was not being set when using
compression.
Newly configured devices can only have default gateways on
192.168.1.0/24 network.
When replacing certificate on existing virtual service,
the private key was not being displayed.
Bonded interfaces did not show aggregated speed on stats
screen.
If one email recipient is unknown in a list of recipients,
none of the recipients would receive the alert message.
Known Issues
None
Top
New Features
Highly Available Enhancements
The HA mechanism permits force reload of the standby unit
with configuration information from the active device. The “Force Partner
Update” option is only permitted on the standby device.
HTTP Health Check Support
Health checking can operate at either HTTP 1.0 or 1.1
Enabling HTTP 1.1 allows host header support.
Per Virtual Service L7 Connection Timeout
By default
TCP connections that become idle are garbage collected based on a global
timeout, this value can be overridden on L7 Virtual Services.
Granular SNAT
Per Virtual Service level, IP and port mappings support for
controlling Network Address Translation of Real Servers behind LoadMaster
Custom HTTP Header Support
HTTP/HTTPS Virtual Services support fixed value custom
header injection.
Rules Ignore Case Support
Content Rules can be configured to be case insensitive.
2,048 Bit SSL Key Support
Generating a Certificate Signing Request can be either
based on a 1024 Bit or 2048 Bit private key.
VLAN Trunking Support
Multiple VLAN tags supported per
physical interface. IEEE 802.1Q compliant.
Interface Bonding Support
Link aggregation for bandwidth and link redundancy
supported. IEEE 802.1AX/IEEE 802.3ad/LACP compliant.
Configurable SSH/HTTPS Ports
Remote administrative access using HTTPS or SSH support nonstandard port numbers
Layer 7 Application Drain Stoppin
TCP level connection drain stopping has been enhanced to
support application level drain stopping when administratively disabling Real
Servers.
Alternate Default Gateway Support
Multi-arm deployments support a global default gateway
Selective Transparency
LoadMaster will automatically make a runtime decision for
transparent or non-transparent source IP on all one-armed L7 Virtual Services.
Enhanced Adaptive
Real Server agent values: 0 – 100 (0 Low Usage, 100 High
Usage) and 101 implies remove Real Server from Virtual Service pool without L7
drain stopping, 102 value implies remove Real Server honoring existing L7
persistence entries.
Always Check Persist
LoadMaster can be configured to examine all data over a
single TCP/IP connection for persistence information. Only enable after
contacting support.
Allow connection scaling over 64K Connections
Enhancement to NON Transparent Virtual Service, under very
high load situations, which can lead to local port exhaustion. Enable only at
the request of KEMP Support.
The following features are introduced in the KEMP
Technologies LoadMaster 5.0-72 minor release:
Client Certificates Support
SSL off loaded supports the use of client certificates.
The following features are introduced in the KEMP
Technologies LoadMaster 5.0-74 minor release:
Disable Health Checking
Turn off Real Server health checking, use with caution.
The following features are introduced in the KEMP
Technologies LoadMaster 5.0-79 minor release:
Enhanced Debugging/Diagnostics
Interface summary information has been added to the Diagnostic
and debugging tools. These tools should be used in conjunction with KEMP
Support.
The following features are introduced in the KEMP
Technologies LoadMaster 5.0-100 minor release:
Virtual Appliance Supports DHCP
Initial installation of the Virtual LoadMaster (VLM) will attempt
to use DHCP for IP assignment. The leased IP will be
displayed on the console.
Serial Number Available Remotely
Factory shipped appliances with 5.0-100 or greater will display
the appliance serial number directly in the Web User Interface.
Issues Resolved
The following issues are resolved in the KEMP Technologies
LoadMaster 5.0-71 minor
release:
Unable to set the “Not Available Redirection Handling”
Error Code.
The following issues are resolved in the KEMP Technologies
LoadMaster 5.0-72 minor
release:
Unable to set the “Not Available Redirection Handling”
Error Code.
White space characters not permitted in Virtual Service
Name field.
SNMP Contact field double quoted.
No password reset option for named users.
Adding named users results in no access to third party
certificates.
Longer than expected time for Real Servers to detect a
failover when preferred host not set, approximately ten minutes.
The following issues are resolved in the KEMP Technologies
LoadMaster 5.0-73 minor
release:
Patching HA units from 4.3 causes temporary lose of local administrative access to patched partner
until second unit is patched.
Unavailable Real Servers will remain marked failed in a L4
Virtual Services during LoadMaster reboot.
The following issues are resolved in the KEMP Technologies
LoadMaster 5.0-74 minor
release:
Web User Interface HA status indicators display incorrect
color/state via local administrative access.
The following issues are resolved in the KEMP Technologies
LoadMaster 5.0-75 minor
release:
Real Server statistics page displays inaccurate “System
Total Bytes”.
The following issues are resolved in the KEMP Technologies
LoadMaster 5.0-78 minor
release:
No upper bound for CSR company name, 64 character limit is
mandated by RFC3280.
The following issues are resolved in the KEMP Technologies
LoadMaster 5.0-78 minor
release:
Heading injection disabled when accessing transparent
Virtual Service.
Known Issues
None
Top
New Features
NOTE: This is the highest release available for the
LM-1500 model.
Highly Available Enhancements
The HA mechanism can now be either Heartbeat or CARP. CARP
provides shared-IP or shared-MAC mode, improvements to support prolonged time
to link, and supports cryptographic hashing to validate HA communication .
Virtual MAC support when using CARP.
HA mode can be configured without re-licensing. A
stand-alone appliance can be enabled for HA, each appliance can be assigned
either the First or Second Role.
Web User Interface high availability status includes the
interface(s) state of each appliance.
User Management
Distributed administration and management is possible using
individual user accounts.
Virtual Service Real Server(s) Management
Real Server(s) can be disabled on a per Virtual Service
level
SSL Certificate Export and Import
Certificates can be exported and imported for migration
from LoadMaster to LoadMaster.
Advanced Debugging/Diagnostics
Diagnostic and debugging tools such as ping, ps, and enhanced logging. These tools should be used in
conjunction with KEMP Support.
Hover Help
By default onscreen hover help is enabled. Hover help
explains features and provides tips
Enhanced Remote Access Configuration
When changing the default administrative access you can
also specify the default gateway used for administrative access.
WUI NTP Support
Making changes to the NTP host
can be done in the WUI.
WUI Layout Enhancement
The Web User Interface will expand the entire width of your
supported resolution.
Download Root LoadMaster Certificate
Support available for adding KEMP Technologies as a trusted
CA. Installing this certificate will eliminate security dialogs associated with
a self-signed certificate used for LoadMaster administration.
Issues Resolved
Port unavailable
Resolves observed problem with LoadMaster1500
communication, most commonly manifested as a single network port of a muli-armed deployment becoming unavailable during heavy
load.
Direct Server Return configuration displays invalid
Virtual Service level options.
Medium risk named user security flaw corrected.
Top
Disclaimer
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN
THIS DOCUMENT ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT
ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE
FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE
ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT
FILES AND SOFTWARE OF KEMP OR ITS SUPPLIERS ARE PROVIDED “AS IS” WITH ALL
FAULTS. KEMP AND OTHER SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED,
INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING
FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL KEMP OR ITS SUPPLIERS BE LIABLE FOR ANY
INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR
INABILITY TO USE THIS PRODUCT, EVEN IF KEMP OR ITS SUPPLIERS HAVE BEEN ADVISED
OF THE POSSIBILITY OF SUCH DAMAGES.
KEMP and the KEMP Logo are trademarks of KEMP Technologies
Inc. and/or its affiliates in the U.S. and other countries.
Any Internet Protocol (IP) addresses, phone numbers or other
data that may resemble actual contact information used in this document are not
intended to be actual addresses, phone numbers or contact information. Any
examples, command display output, network topology diagrams, and other figures
included in this document are shown for illustrative purposes only. Any use of
actual addressing or contact information in illustrative content is
unintentional and coincidental.
© 2011 KEMP Technologies Inc. All rights reserved.
We recommend
back up your LoadMaster configuration before upgrading the software. Instructions for backing up the LoadMaster are
described in the LoadMaster
Configuration Guide. Installation of
this software and reloading of the configuration may take up to five (5)
minutes, or possibly more, during which time the LoadMaster being upgraded will
be unavailable to carry traffic.