This text was hidden. Now it is visible. Click the link to hide the text.

All of the routing reports, analysis tools, alerts and API queries that were previously provided for IPv4 networks are now provided for IPv6 and mixed-address-family networks using the ISIS and BGP protocols. IPv6 addresses are shown in tables and on the node and link information panels on the map. When GRE tunnels are used for ISIS, those must still be over IPv4, and the BGP peerings must still be IPv4 TCP connections, but in both cases IPv6 as well as IPv4 prefixes may be advertised over the adjacency or peering. IPv6 connections to the appliance are not supported.

The IPv6 capability is a separately licensed feature. Once licensed, it can be selectively enabled for each ISIS domain and BGP peering to be recorded.

RAMS 8.11 extends the visualization and analysis of network topology and routing to enterprises whose networks are partitioned into multiple routing areas connected by a wide-area network comprised of one or more MPLS VPNs. Since the VPNs are typically implemented on an Internet Service Provider's network, RAMS cannot collect topology information inside the VPN. However, RAMS can still display the path from a router within one site to a router within another site. Across the cloud that represents the VPN, RAMS shows a dashed line from the provider edge (PE) router where the path enters the VPN to the PE where the path exits to the destination site.

To monitor the correctness of the VPN routing, RAMS reports on the number of prefixes being announced and received by each site, with drill-downs to show additional details such as a breakdown by VPN or to show the individual prefixes. These values can also be graphed to show changes over time.

Many different VPN configurations are supported. The WAN architecture may be hub and spoke, full mesh, or VPN per link. A single VPN may employ multiple BGP AS numbers, or there may be separate VPN clouds all provided by the same service provider and using the same AS number. Sites may be connected with one or more customer edge (CE) routers to one or more VPNs.

Traffic Analysis augments the existing ability to monitor, analyze, plan and report on traffic within the Enterprise network by providing reports specific to the WAN connections. Reports are available for all the WAN links together or summarized by site ingress or egress or by VPN.

In previous releases, the set of exporting routers needed to be selected such that no traffic flow would pass through more than one exporting router, otherwise as the flow was projected along the path from the exporter to the destination, the traffic would be counted twice for the portion of the path downstream from the second exporter .

Now the projection of the flow from the first exporter is stopped when it reaches the second exporter. From that point onward the flow from the second exporter is projected instead. Therefore, traffic can now be recorded from exporters wherever they are needed to capture all the desired traffic.

For an enterprise, this means that traffic can be measured both at major data centers and at peering points to get better coverage of the network traffic without errors due to double counting. For service providers using the VPN Traffic product, the deduplication feature allows traffic collection from combination P/PE routers, rather than just P routers, so long as the exporting can be restricted to just the interfaces connected to upstream PE routers.

As a companion to the routing reports available through RAMS XML RPC API, the traffic reports available in the Traffic Analysis GUI are now available through the API as well. This allows post-processing by external software for automation or alternative displays. There are 47 different API calls allowing the traffic information to be broken down by source, destination, link, CoS, exporter, etc. The information is available in tabular form for all items within a particular breakdown, or as a timeseries for graphing the changes over time in the value of one item.

In addition to the two primary new features, RAMS 8.11 incorporates several enhancements to the user interface, including the following:

• The network map can be saved as a PDF, PostScript or SVG image using the new "Print to file" item on the Topology menu. These files are vector images so they print clearly and they allow zooming in external viewers. [11728]
• The History Navigator and the Router Groups dialog can be docked into the main map window, or they can be displayed in separate windows as before. Docking may be convenient for users who would like the map to automatically shrink so the whole map is still visible when one of these dialogs is open.
• The hierarchical topology selection widget that was previously used only in the Open Topology dialog has now been employed as a uniform method throughout the GUI to replace other selection methods like tabs, menus and text matching. In the History Navigator, this means that graphs and event analysis may be applied to any combination of topology areas (of a single protocol) in addition to single areas.
• The Administration -> Options preference to suppress suffixes of DNS names has been generalized to apply as well to names collected from the routing protocol or manually configured. If a dot separates the suffix from the rest of the name, the dot will be automatically suppressed as well. Multiple suffixes may be entered.
• The pseudonode info panel on the map now has a link to open the info panel for the Designated Router.
• On the administrator's web page "Users" there is new section displaying a table of active user connections via ssh/X and VNC. This table includes a feature to select one or more users and force disconnection of their sessions. [4297]
• An option has been added to display the numeric value of link traffic utilization as a label adjacent to the link on the map. This label is shown only for links where traffic data is present, and is mutually exclusive with the option to show link metrics.
• Customers who have multiple BGP autonomous systems in their networks can now use the BGP Root Cause Analysis and BGP RIB Visualization features without having to restrict the Open Topology to just one AS. When invoking these features, a dialog is presented to allow selection of one BGP AS for analysis. [12341, 12343]
• In Planning mode, the function Undo All Edits is now available from the Planning menu and from the planning toolbar on the right-hand side of the map rather than having to open the list of edits where this function is available by clicking an icon.
• To save precious screen space, the dock/tear-off icon in the top-right corner of the History Navigator has been merged with the row of tabs below it.

RAMS releases have supported both SSH version 1 and version 2 for X/ssh access to the user interface. Please note that SSH version 1 is deprecated as of this 8.11 release and will be removed from the 8.0 release because it is considered to be a security risk.

The web administration UI includes the following enhancements:

• In previous releases, whenever a new alias interface was added on the Network and Interface web administration page, all recording on the unit would be restarted. This caused concern when the BGP peerings flapped as a result. Now new aliases can be added without affecting recording. When an existing alias is modified, only the recorder instances that are using that alias will be restarted. [11700]
• The "Top N" traffic reports are now automatically archived for 30 days in addition to being sent via email when they are generated. The archived Top N reports may be viewed or downloaded using the web Reports Portal link on the top navigation bar. [11758]
• In the Daily Report that is available via email and a web administration page, users can now select whether statistics should be reported separately for each IGP domain or aggregated together. [11800]
• The web server SSL Certificate Configuration has been enhanced so that now the Certificate Signing Request (CSR) and private key can be created by filling in a form on the appliance itself and then downloading the CSR to send to a signing authority. When the signed certificate is returned, it can be uploaded to the appliance. [11810]

Before installing RAMS or Traffic Analysis, make sure that your system meets the following minimum requirements:

Supported Hardware Platform in descending list of preference:

1. HP ProLiant DL 380 G5
2. DL 360 G5
3. DL 380 G4
4. DL 360 G4p
5. DL 360 G4
6. DL 360 G3

NOTE: Starting with the release of RAMS 8.01, the hardware component requirements specified in the RAMS 8.01/RAMS 8.10/RAMS8.11 Support matrix must be adhered. Problems related to inadequate hardware configuration which do not follow the recommended guidelines will not be supported.

IMPORTANT: Consider your disk space requirements and fault tolerance needs and ensure that all available physical drives are installed before powering up the HP ProLiant server for the first time.

Starting with the RAMS 8.01 release, the Flow Collector is only supported on a DL 380 G5 hardware platform. RAMS will require two logical drives be configured for a Flow Collector unit - the first logical drive must be set at RAID 1 + 0, the second logical drive set at RAID 0. If you have an existing Flow Collector unit running a pre-8.0 software version, you must re-configure the server with two logical volumes and install the 6.1 software version from a CD image. Failing to do so can cause unexpected behavior. Cases reported as such will not be supported.

When using a DL 380 G5 hardware platform as the Flow Collector unit, it is required that the HP RAMS Flow Collector HiCap SW LTU license be purchased and installed.

For all non-Flow Collector units, RAMS will only utilize a single logical drive as configured on the ProLiant DL380/360 hardware; this means any extra physical disks configured in a second logical drive will be not be recognized by RAMS.

For detailed steps to configure a RAMS 8.11 Flow Collector, it is recommended that you use a HP Proliant SmartStart CD (shipped with the server). The SmartStart CD provides a more comprehensive Array Configuration Utility interface. Please refer to instructions in the RAMS Appliance Setup Guide.

The following describes a quick way to configure a single logical drive.

During the initial power-up of a new server, an auto-configuration process uses all of the physical drives on the HP Smart Array controller to set up a single logical drive. The default RAID (fault tolerance) level used for the logical drive depends on the number of physical drives as listed below:

• 1 drive = RAID 0
• 2 drives = RAID 1 +0 (Mirrored set, total disk space* is the size of smallest disk)
• 3 or more drives = RAID 5 (Striped set with 1 drive used for parity, parity drive is not included in total disk space*)

* The available disk space is ~5% less than the disk's reported size. Every physical drive in an array will have the usable capacity of the smallest drive in the array.

NOTE: Multiple drives configured as a RAID 0 striped set will provide maximum disk space but will NOT provide any fault tolerance. If you install more than one drive intended for maximum disk space usage, i.e., not for fault tolerance, you MUST configure to use RAID 0 or the hardware will default to RAID 1 +0.

During the initial hardware boot sequence, you have the opportunity to accept the default logical drive configuration as shown above, or you can create the logical drive based on your drive space and fault tolerance needs. Watch for the following message during the boot process:

Slot 0 HP Smart Array Controller

Press <F8> to run the Option ROM Configuration for Arrays Utility

Press <F7> to Accept the default configuration - 2 drives in RAID 1 +0

Refer to the HP Smart Array Controller Reference Guide for configuration options and details.

IMPORTANT: Make sure the logical drive is configured as needed before installing RAMS. Any changes to the logical drive configuration, e.g., adding drives or changing the RAID level, will require a reload of the RAMS software and a restore (from backup) of the RAMS configuration and databases.

• RAMS 8.11 uses a licensing version different from RAMS 5.x. For this reason, supported migrations of previous versions of RAMS (5.x) license keys must be migrated ( http://webware.hp.com/ ) for use in RAMS 8.11.
• A software update from 5.x version of a Flow Collector to the 6.5 software version in RAMS 8.11 without reconfiguring the hardware minimally with two logical drives is not supported. See text in the above "Hardware Requirements" section for more information.
• After you update from 5.x to 8.11, if you ask to revert to the alternate software and OS, you will receive a warning that the appliance is reset to factory defaults. If you choose to go ahead, all recording configuration, databases, user accounts, etc., are deleted.
• When updating to a new software release, update the master unit first, and let it finish coming up after the reboot before rebooting the client units.
• When updating from pre-8.01 versions, any custom configurations done for the alerts in the previous versions will also have to be manually migrated. This is required since the PD-ROUTE_EXPLORER MIB mib-tree structure has been changed in order to provide a streamlined, smaller set of well-understood, concise alerts in the 8.01 version. Consequently RAMS SNMP trap OIDs from the RAMS 8.01 release are not compatible with previous versions of RAMS.
• Software update to software version 8.11 is only supported from 5.2 and 5.5 releases; updating from pre-5.x requires updating to 5.5 first. [10535]
• When updating from a 5.x software version, the databases are automatically renamed with a "Pre60X" prefix because the database table structure has changed. The older databases can still be viewed, but recording to them is not allowed.
• When updating the software from a pre-8.01 software version release, the existing accounts configured on each unit will be transferred into the new local authentication server running on that unit. To switch to a single authentication server on the master unit, a common shared secret must be configured on the master and each client unit.
• After Patch 3 installation, you must manually deploy the updated trap configuration file for RAMS 8.11. The file is present at the following location on the NNM server after installation : <installdir>/newconfig/HPOvNmsEvent/ directory. However, the file is not deployed.

To deploy trap configuration, follow these steps:

1. Copy the nms-spi-rams-nnm-install.nnm file from <installdir>/newconfig/HPOvNmsEvent/ directory to <installdir>/nonOV/jboss/nms/server/nms/deploy/ directory and rename the file to nms-spi-rams.nnm.This adds the new trap definitions.
2. You must now change the existing trap configuration manually. Compare and change the trap configuration as listed in the following table:
   


Changes in messages for existing RAMS trap table

Note : The changes are highlighted in Bold.

Trap Name	OID	Old message	New Message
rexAdjStateUp	.1.3.6.1.4.1.8083.1.1.12.3.5	Adjacency state Up in $4 for src $5 dest $6 srcType $13 destType $14	Adjacency state Up in $4 for src $16 dest $18 srcType $13 destType $14
rexAdjStateDown	.1.3.6.1.4.1.8083.1.1.12.3.6	Adjacency state Down in $4 for src $5 dest $6 srcType $13 destType $14	Adjacency state Down in $4 for src $16 dest $18 srcType $13 destType $14
rexAdjStateFlap	.1.3.6.1.4.1.8083.1.1.12.3.7	Adjacency state Flap in $4 src $5 dest $6 srcType 13 destType $14 flap count-$15 threshold-$16 duration-$17	Adjacency state Flap in $4 src $19 dest $21 srcType 13 destType $14 flap count-$15 threshold-$16 duration-$17
rexPathChange	.1.3.6.1.4.1.8083.1.1.12.3.8	Path Change for $4 from src $5 to dest $8/$9 newMetric-$12 : newHops-$14 : oldMetric-$11 : oldHops-$13	Path Change for $4 from src $5 to dest $16/$17 newMetric-$12 : newHops-$14 : oldMetric-$11 : oldHops-$13
rexPrefixStateUp	.1.3.6.1.4.1.8083.1.1.12.3.9	Prefix $5/$6 Up announced by node $8	Prefix $11/$12 Up announced by node $8
rexPrefixStateDown	.1.3.6.1.4.1.8083.1.1.12.3.10	Prefix $5/$6 Down announced by node $8	Prefix $11/$12 Down announced by node $8
rexPrefixStateFlap	.1.3.6.1.4.1.8083.1.1.12.3.11	Prefix Flaps $5/$6 announced by node $8 with flap count-$10 : duration-$12 : threshold-$11	Prefix Flaps $14/$15 announced by node $8 with flap count-$10 : duration-$12 : threshold-$11
rexPeeringStateUp	.1.3.6.1.4.1.8083.1.1.12.3.12	Peering is Up between $5 and RAMS appliance $8 in $4	Peering is Up between $5 and RAMS appliance $11 in $4
rexPeeringStateDown	.1.3.6.1.4.1.8083.1.1.12.3.13	Peering is Down between $5 and RAMS appliance $8 in $4	Peering is Down between $5 and RAMS appliance $11 in $4
rexPeeringStateFlap	.1.3.6.1.4.1.8083.1.1.12.3.14	Peering Flaps between $5 and RAMS appliance $8 in $4 with flap count-$10 : duration-$12 : threshold-$11	Peering Flaps between $5 and RAMS appliance $14 in $4 with flap count-$10 : duration-$12 : threshold-$11
rexASPathChange	.1.3.6.1.4.1.8083.1.1.12.3.15	AS Path changed for prefix $5/$6 : new ASPathLength-$8 old ASPathLength-$7	AS Path changed for prefix $10/$11 : new ASPathLength-$8 old ASPathLength-$7
rexBgpRedundChange	.1.3.6.1.4.1.8083.1.1.12.3.18	BGP Redundancy changed in $4 for prefix $5/$6 from Baseline-$7 : CurrHops-$8 : Threshold-$9	BGP Redundancy changed in $4 for prefix $11/$12 from Baseline-$7 : CurrHops-$8 : Threshold-$9

---

• Important: RAMS integration with NNM
  • Since the RAMS 8.01 release, the integration of RAMS is with the NNMi series alone. The integration of RAMS 8.01 and upwards with the NNM 7.x series is not supported.
  • No separate NNM Integration Module is available for RAMS 8.01,RAMS 8.10 and RAMS 8.11 apart from the integration that is part of the NNMi series.
  • Special instructions for NNMi integration with RAMS 8.11
    • The RAMS 8.11 release includes multiple changes to the trap formats. For integrating NNMi with RAMS 8.x, you must install the NNM 8.1x Patch 3 when upgrading to RAMS 8.11. The trap integration does not work as expected if you do not install the NNM 8.1x Patch 3 when upgrading to RAMS 8.11.
      The procedure to change and deploy the updated trap configuration is described in the Upgrading to RAMS 8.11 section.
• Reverting to RAMS version 5.5 from RAMS 8.01, RAMS 8.10 or RAMS 8.11 hangs at grub
  

  This requires the deletion and recreation of the logical drive. The steps to perform that are detailed below:

  • During the boot sequence, the following message would appear:
    

    Slot 0 HP Smart Array Controller

    Press <F8> to run the Option ROM Configuration for Arrays Utility

    Press < F7> to Accept the default configuration - 2 drives in RAID 1 +0

    At this point,

    • Press F8 to enter the array configuration utility.
    • Delete the existing logical drives first.
    • Create a new single logical drive containing the 2 disks.
    • Reboot the system and proceed with the RAMS 5.5 installation.
• The OSPF route calculation of RAMS conforms to RFC2328 and assumes "RFC1583Compatibility" is disabled, so the path chosen from one ABR to another ABR in the same area will be within that area even if there is a lower-metric path through the backbone. Since some routers enable RFC 1583 compatibility by default, the actual path may differ. A future release will support a configuration option to enable RFC 1583 compatibility. [1897]
• If the Route Recorder is configured as a BGP peer with a Cisco router, and the router is configured to send MPLS L3 VPN routes, but you disable MP-BGP support of unicast IPv4 routes (AFI 1, SAFI 1), the BGP peering will constantly reset. [12124]
• In Path Reports, the table All Paths by Destination may show a "Reachable by" count of 1 when the drill-down would show many source routers able to reach the destination. [12163]
• In the RIB Browser and RIB Comparison for an OSPF or ISIS domain, the number of down links reported in the table may be fewer than the number shown when the links are listed from the context menu. [12171, 12295]
• Path Reports for IPv6 networks will show that some paths are incomplete because to reach the destination requires IPv6 connected interface information. That information is not collected yet. [12452]
• The default IPv6 prefix ::/0 is being shown as ::/255 in Events table operations such as Add Prefix. [12474]
• In Traffic Reports -> Top Changes, the context menu on the drill-down button may not appear after sorting a column. The workaround is to select a cell from another column. [12506]
• Consolidation of router nodes on the map may be incorrect when starting a fresh database with BGP, IGP and Static topologies all at once. This problem can be avoided by starting all but the Static recording and letting the full BGP and IGP topologies be recorded, then starting Static Recording separately. Consolidation may also be incorrect if the same interface address is configured on more than one router. [12238, 12578, 12589,12632]
• The Prefix filter on the IPv6 prefixes table does not match correctly when the "less specific" option is chosen. [12585]
• In the XML RPC API, the method api_mp_list_paths requires the source address to be specified in the form of a prefix now; that is, with both an address and a mask. This is consistent with the specification in the Developer's Guide, but earlier releases were more lenient and would accept just an address without the mask.
• In 8.x, the Recorder Configuration allows only a single top-level administrative domain to be created. Users who need multiple domains to configure different portions of their network should create one top-level domain and then subdomains under it. For existing configurations that already contain more than one top-level administrative domain, only the lexicographically first of those domains can have alerts configured. If a recorder client that already contains some configuration is added, that configuration will be pulled up to the master, possibly creating a new top-level domain. This might cause a problem if it comes first.
• If a client unit fails and must be replaced, before adding the replacement unit as a client of the master unit, you must stop replication on the master unit. Then after adding the client, start replication again. This will rename the replicated database on the master and start replicating anew from the database on the replacement client.
• The last TCP ACK packet sent in response to an XML RPC API query sometimes may have a malformed TCP header, causing the user's client to retransmit FIN/ACK packets until giving up. All the data is transferred successfully before this. [8832]
• The latest version (8.2) of the StarNet X-Win32 X Window Server for MS Windows causes progress register dialogs to be left on the screen. As a workaround, the link provided on the RAMS system web server Support page will access the 8.0 version. [8946]
• After installation of the VPN Customer Reports license, it is likely that the query server might not work for the VPN Customer Report APIs. Hence, it is recommended that the Modeling Engine be rebooted in order to rectify this problem.
• If the VNC server was not stopped prior to updating from a 5.x version, the VNC "started" state is retained after the update to 8.10 version. If the RAMS GUI is opened via VNC display 1 soon after the update completes, the RAMS GUI will display a " No valid GUI and router count license" error message. The fix is to stop and restart the VNC server. Note: VNC displays 2 and higher do not exhibit this behavior.
• RAMS does not connect to networks with tagged VLANs. If RAMS has to be connected to VLANs, tagging must not be enabled. For more information about the problem, go to the following URL: http://support.openview.hp.com/selfsolve/document/KM754780

Following are selected fixes and enhancements since RAMS 8.10 release.

• Selection of the default layout is now performed with a drop-down list of layout/owner pairs rather than requiring the user to type a layout name. If modifications are made to a layout owned by someone else, the user has the option to save a copy on exit. [10748]
• When a report window is too small to allow enough room for the report title and the icon buttons in the same frame, the title is now truncated with an ellipsis instead of overlapping. [12558]
• When the Network Summary panel is torn off to become a separate window, it can now be resized to allow for large networks. Also, the count of Isolated Routers could become -1 because transitions of the Route Recorder were being incorrectly included. This is now fixed. [12759, 12590]
• A few improvements were added for Planning mode: When a pseudonode is taken down the prefix of the LAN needed to be taken down on the adjacent routers. When all edits are undone, the traffic allocation to paths is automatically recalculated to avoid showing inaccurate values. Lastly, when the size of an edit dialog is changed, the size is save in the preferences. [12599, 12605, 12844]
• Node labels on the map could be shown inverted when the map first opened if DNS Names display mode was selected and a DNS warning message popup was needed first. This is fixed. [12618]
• The feature to Show Customer Map for VPNs has been enhanced to always highlight both halves of a link in case the paths in the two directions are asymmetric since the path traverses both halves. Conversely, coloring of links between clouds to indicate traffic utilization is now separate for each half since traffic is not the same in both directions. [12727, 12777]
• The features for hiding nodes on the map have been fixed for unconnected nodes and IPv6 nodes. In addition, the time required for hiding many nodes in big topologies has been significantly reduced. [9758, 12603, 12728]
• Performance of the progress dialog during topology loading has been improved so that it does not display a blank dialog as before. Also, additional steps were taken to keep the dialog from being closed by its window control, which would leave the cursor showing a busy icon. [12775, 12816]
• The implementation of the info panels that show details for nodes, links and clouds on the map was significantly reworked to make the presentation and content of the panels be consistent across protocols as much as applicable while omitting functions that do not apply: show the interface address (and secondary addresses if present) rather than the router address for Static links; shows the System ID correctly for ISIS pseudonodes and shows the pseudonode numbers in hex; omit the neighbor button for NextHop nodes; omit the traffic tab and utilization label on the links when in monitoring mode; and add a note to the prefix count for BGP nodes to clarify that for BGP the count includes only prefixes that are in the Up state, whereas for IGPs the count includes both Up and Down prefixes. Also, opening the info panel for a cloud in a large network was slow, causing the UI to appear sluggish. This has been fixed by removing an unnecessary count of prefixes in the router group displayed within that cloud. [12188, 12583, 12653,12765, 12771, 12776, 12793, 12801]
• In VPN Traffic Reports, when the ingress PE is not known, the report was displaying the fake address 254.254.254.254 rather than the text "Unknown". This is now fixed. [12813]
• In the feature Highlight by Exit Router, the exit routers were all flashing yellow/black rather than the color of the group of routers for which they were the exit. Now they flash between that color and black or white depending upon which is more distinct. [12598]
• Clipping of status messages in the Flow Record Browser was fixed by removing excess whitespace, and in the List/Find Paths dialog the error message was clarified for the case where a Return Path was requested but the destination was a prefix rather than a router address. [12574, 12575]
• The configured capacity for a link could be erroneously doubled if the GUI was running during an interval when recording was stopped and restarted, leading to incorrect traffic utilization reports. This was partially fixed, but may still be incorrect with multiple protocols on a link. [12625, 12908]

• Consolidation of multiple protocol instances on a router into a single node on the topology map can be assisted by the collection of a "Static" information with SNMP. That algorithm has been improved to avoid incorrect consolidations caused by use of the same interface address on multiple routers. (However, see the Known Issues section regarding how to start recording Static.) [11530]
• Several problems were fixed so that BGP peers and BGP NextHop nodes on the map will be consolidated correctly with Static NextHop nodes or IGP nodes, and not with nodes where they should not consolidate. This is primarily to show PE nodes correctly in an MPLS WAN system, but also to handle other cases such as moving back and forth in time and when multiple topologies have the same AS number. In addition, for these consolidated nodes the selection of icon type and color is now selected according to the following priority: BGP peers, then Static routers, then BGP NextHops, and last Static NextHops. [12511, 12541, 12632, 12640, 12657, 12667, 12678, 12788]

• Route resolution incorrectly reached a BGP NextHop if it was on a connected interface at a neighboring router. Now a BGP route recursion is forced in that case so that the correct route will be selected. [12234]
• QCCR1B38993: Path tracing on pure IS-IS OSI networks became broken with the introduction of support for IPv6, but is now restored. [12800]

• The RAMS Traffic Instant-On license now enables configuration of LDP for the Flow Collector. [12754]
• Adding a new LDP peer no longer causes the previously existing LDP sessions to restart. [12397]
• The configuration for SNMP Information Collection no longer requires that the Query Server password be set if only /32 prefixes are specified in the authentication configuration. [12636]
• The web reports portal failed to generate the BGP Activity Summary Report. This is now fixed. [12827]
• The Daily Routing Reports have been augmented with ISIS-IPv6 prefixes details. Some improvements are still pending, however. [12790]
• The table of connected users shown on the Users web page displayed incorrect information when a user session had been closed remotely and was not cleaned up. Now this condition is detected and the table shows "(hung)" in place of the unavailable remote address. [12810]
• The limit on the number of router group prefixes that can be specified in the SNMP Security Configuration for collecting Static information has been increased from 120 to 500. [12855]
• If the appliance's SNMP agent is enabled for SNMPv2 access by entering a community string on the SNMP Agent Configuration page, it can once again be disabled by entering a blank community string. Also, special characters don't cause the string to be truncated for the agent configuration and the SNMP Security Configuration for the recorder. [12619, 12650, 12720]
• On the web page for Flow Collector configuration, the Physical Interface field is now shown only for MPLS VPN systems since it is not relevant for others. [12872]
• On the Recorder Configuration page, the popup menu to view a protocol configuration was positioned away from the cursor for some versions of Internet Explorer. The solution was to specialize the code for different versions. [12243]

• The XML RPC call api_mp_links was improved to make its information consistent with what is shown in the GUI Links table, in particular for links to pseudonodes. [12512]
• When adding customer-RT mappings using the api_vpn_cust_rt_list XML RPC API, we protect against duplicate entries being added. [12652]

• A Vpn Site Prefix Flap alert was incorrectly generating Vpn Site Prefix Up/Down SNMP traps, but this is now fixed. [12858]
• SNMP traps for prefix flood/drought alerts were missing the name of the source router. [12873]
• The SNMP trap trafficLinkCoSUtilization was delivering the adjacency source address for both the source and destination varbinds. [12874]

• Fixed a bug that caused SNMP get operations to the agent running in the appliance to fail when SNMPv3 authentication was used. [9896]
• User authentication through remote TACACS and RADIUS servers now works correctly with Cisco ACS 4.x, including systems in which the AAA server is linked to a one-time password system, by avoiding a method that required two authentication exchanges. Backup local authentication grants the correct privilege level when using in conjunction with remote RADIUS as the primary AAA. [11519, 11689]
• When map layouts are restored from a backup file, any background images use with those layouts are now restored as well. [12624]
• Discovery of the EIGRP topology via router login and CLI output parsing has been augmented to support the format differences in routers running NX-OS (versus IOS). [12764]
• Several crashes were fixed in the Route Analyzer daemon that generates alerts [11530, 12291, 12509, 12547] and in the GUI.[12467, 12496, 12639, 12655, 12687, 12807, 12826, 12840, 12857]

• On the Network and Interface Configuration page, when the user makes a change to the IP address of an alias interface, a warning message is displayed for both standalone and distributed systems to say that all BGP peerings will flap if the change is applied. [10505]
• Fixed the retry timer for the SNMP collector (staticd) getting the router list to be queried. [11069]
• Fixed a bug that caused the SNMP collector (staticd) to crash on startup if there was a drop-node event. [11564]
• The HP root public key was not installed for the "toor" account. [11601]
• The XML RPC query api_system_health now returns information for all administrative subdomains, whereas some were missing before. [11747]
• When configuring Path Reports to be generated for specific source and destination routers, the "OK" button was incorrectly disabled. This is now fixed. [11812]
• The parsing of router CLI output for EIGRP topology exploration will now we accept "Kbit/sec" in addition to "Kbit" on the MTU line of "show interface" output, as seen in recent versions of IOS. [11874]
• The OSPF route recorder has added support for the OSPF Do-Not-Age bit that is used for adjacencies over demand circuits so that these adjacencies are no longer timed out when they should not be. [1343]
• An incorrect calculation that occasionally resulted in negative values of Isolated Routers and Down Links seen under Network Summary has been corrected. Also, counts have been corrected for the number of Static interfaces and the number of those that are down. [10401, 11571]
• Parsing of NetFlow data for Traffic Analysis has been enhanced to support the template formats used by Cisco IOS XR. [11091]
• For an alert Dispatch Specification that includes email dispatch, the parsing of the list of email addresses now removes newlines so that the result will display properly when the Dispatch Specification is revisited. [11537]
• There was a potential crash in the GUI that could occur if a new view was created and then a router group container in that map was opened and closed, followed by closing the new view. This is now fixed. [11561]
• Two enhancements have been added to the EIGRP CLI parsing to handle changes in IOS output formats not conforming to previous conventions. These are an interface name "vmi1" rather than "Vmi1" and the addition of the AS number as part of the address family prefix in routing topology entries. [11790, 11982]
• QCCR1B26873: A status report for the Raw Flow Report Analyzer was being incorrectly included in the Daily report on systems without a Customer Reports license that don't run the RFRA. On systems with the license, the status was not passed correctly from the daemon to the web page. These problems are now fixed. [11813, 12053]
• Traffic flow analysis was not tracking routing changes that result from changes in the Static topology. Now it does. [11863]
• The GUI could crash due to exceeding the virtual memory limit when trying to open the Flow Record Browser from the Reports menu because a graph was constructed of unreduced data. [12000]
• The maximum hop count allowed for a path when calculating Path Reports has been increased from 30 to 60 to allow for networks of larger diameter. The purpose of the limit is to avoid loops. [9153]
• The Router Name Repository now implements a button to delete a DNS name in case a name has been collected that is no longer valid. [9260]
• In releases before8.01, one could enter an initial substring for a router name into the Router filter or the Find Router dialog, but in 8.01 a complete regular expression was required. In 8.11 the initial substring is again enabled. [11763]
• Traffic history charts have been improved in several ways. The granularity of the data is adjusted to correspond to the time range; the statistic shown will correspond to the selected column (Average, Min, Max, 95%ile) rather than just Average; and when a column with a time offset (such as minus one day) is selected, the data will be shifted by that time to allow visual comparison with the current data. [10057]
• Several problems have been corrected in the Top Traffic Change reports: configuration of an email server can now be done from either the Modeling Engine or Flow Analyzer; no database name needs to be configured; and the report email attachments are given an .html file extension. [10859, 11534, 11619, 11772, 11833]
• A timing problem has been corrected so that the simulated LED status indicator on the GUI does not turn red with a false indication of a Flow Analyzer failure, and inaccurate status reports for the Flow Analyzer processes on the web page and Daily Report have been fixed. [10971, 11811, 12053]
• The specification of the IS-IS protocol calls for initial Hello packets to be padded to the full MTU of the interface, but allows later Hello packets to omit the padding. Earlier RAMS was always padding, but now it will pad only in response to a Hello from the router that is padded. [10973]
• QCCR1B1122: Differences in the NetFlow v9 template format produced by Cisco's new IOS XR software caused Traffic Analysis to incorrectly interpret some interface indexes as zero. Now the new format is interpreted properly. [11091]
• The GUI has displayed the "overloaded" status of IS-IS routers since several releases ago; in this release, that status is now included in the XML RPC API api_mp_routers output. [11381]
• Several improvements were made in the Set Interface Capacities table: links that are down are shown in red and their capacity is ignored; timed-out links are not included in the table; the aggregate discovered or configured bandwidth is shown on the parent rows in the table that correspond to the lines on the map representing multiple protocols or physical links; the "Import" button has been renamed "Retrieve" to more accurately reflect its function to reload values from the properties database; and filters for Protocol and Area or AS have been added. [11449,11625, 11639]
• A new feature in 8.10 was the ability to hide a link group, such as a group of Forwarding Adjacency links. Now if the group is updated, the hiding is dynamically applied without revisiting the Options dialog. [11469]
• Background images for the map that were uploaded with an uppercase filename extension (such as .JPG) would previously not be shown on the map, but now they will. [11607]
• For EIGRP networks, the router's unique device ID (serial number) is obtained in the topology exploration from those routers where the hardware platform and IOS software version support it. The serial number is displayed in the List Routers table. It is also used internally to avoid creating duplicate nodes on the map when there is an ambiguity about a router being new or old during the topology exploration. [6685, 10949]
• The parsing of router CLI output for EIGRP topology exploration has been augmented to accommodate three changes in the output format as observed in the field.
• Deployment of traffic flows now reflects changes in the topology as they are found by the Static Information Collector. [11863]
• Because the api_system_health method needs to compose output from multiple units, the "brief" modified XML RPC format cannot be accommodated. The full XML RPC format will be returned. [11596]
• Several fixes were made to the traffic API methods and their documentation: time ranges are now interpreted as UTC rather than local time; the source and destination parameters were interpreted backwards in one Customer Reports call, but are now fixed; documentation of fault codes 224 and above has been added; and missing or incorrect descriptions of parameters for other calls have been corrected. [11489, 11823, 11829, 11837, 11838, 11839, 11845]
• The Static Information Collector (staticd) now allows collection of information from routers that are not included in the IGP or BGP topology by configuring the addresses of such routers as /32 prefixes in the table SNMP authentication parameters. It will also record interface addresses as connected routes even when not configured to collect static routes. [11354, 11486]
• In 8.10, collection of static information would not be performed when recording was initially started on a fresh database because no routers would have been discovered by the IGP yet. Now staticd will repeat its query to obtain the router list after a short delay. It also avoids a long timeout delay when attempting to query information using SNMP v3 from a router that does not support that version. The documentation now explains how staticd uses the QueryServer and emphasizes that the QueryServer must be configured before staticd. [11173, 11248, 11592, 11769, 12032]
• Several table filters were fixed or improved, such as removing the limit of 10 groups in the Router Group filter selector, and implementing a CoS Group filter for the IPv4 Flows table. [11669, 11815, 11858, 11903]
• For the Customer Reports feature that was new in 8.10, changes to the customer configuration were not automatically picked up by the QueryServer without a restart. Now they are. [11927]
• Databases restored from archive were left marked as online, which they are not. Now they appear as historical. [11990]
• The BGP Root Cause Analysis function can only be used with a single BGP database. The User's Guide now highlights that point, and the function checks for valid datasets before asking whether the user wants to switch to Analysis mode. [11521, 11698]
• Several memory leaks and crashes were fixed in the GUI and daemons. [10377, 11513, 11555, 11561, 11595, 11630, 11745, 11885, 11896, 11934, 11936, 12000, 12010, 12038]
• QCCR1B1119: In previous releases, it was often the case that the List/Find Paths dialog would report that the total cost of the path was not calculable because of a protocol change along the path. Now, when the only change is to a Connected last hop where the selection of the last hop is assisted by the IGP metric, that metric will be used to calculate the total path cost. In other situations where the total cost cannot be calculated, the distance that the first hop router would calculate to its resolving prefix will be shown instead. A new column was added to the List/Find Paths table to show this distance value for each hop. A related improvement is that path finding follows a static route where the nexthop of the static route is within the prefix of a connected LAN interface, then the path is considered complete. [8998, 9004, 9095, 11303]
• In Planning mode, if an IGP router instance was added to a BGP-only router, the IGP router would be drawn as a new node on the map instead of being consolidated. Now the consolidation will occur correctly. [12286]
• When an action is taken that would cause a router icon on the map to flash, but the router is inside a group container that is closed, then the border of the group will flash so the user can see that the container should be opened to see the router. [11893]
• Routing in the MPLS WAN feature will now work correctly even if the CE routers set next-hop-self on the routes they advertise over IBGP. [11931]
• Successful operation of VNC displays 2-10 was requiring correct forward and reverse DNS resolution for the client hostname and address. This requirement has been removed. [11935]
• In the Trending feature for Capacity Planning to find the threshold for reaching a particular utilization level, the value shown in the threshold column of the table might be inconsistent with the threshold indicated by the drill-down history graph, depending on the pattern of the data. The calculations have been corrected to give consistent results. [12319]
• The Administration menu in the GUI could be long enough in some feature configurations to exceed the screen height of typical monitors. The menu is now divided into submenus. [12218]
• The meaning of the traffic reports for Neighbor AS and Transit AS reports has been clarified by prepending the word "Downstream" to the title of the top-level and drill-down reports and to the tooltip for the relevant column headings. [11511]
• A new checkbox was added to the Users web administration page to require that passwords entered for local authentication of accounts contain at least six characters taken from at least two of the sets of letters, digits, and punctuation. [11661]
• If the Routing Reports window is open when switching from Planning mode to Analysis mode, the Routing Reports window must close because data affected by edits in Planning mode would become invalid, but now a warning dialog allows canceling the change. [11879]
• If the window displaying the Router Groups dialog was sized too small, the right pane that shows the contents of the selected group would not have been visible. Now the dialog is forced to be larger. [11886]
• When configuring a Flow Collector, the selection of theprefix-feeder is now restricted to the valid choices. If there is only one choice, then the system automatically chooses the correct prefix-feeder. [8185]
• The map will choose the backbone area color over non-backbone area colors when multiple areas are present for a node or link. [9485]
• When a router node on the map represented multiple protocols, and one of those protocols is permanently disabled in the router, that protocol instance in the node should temporarily be marked as down and then should be removed after a timeout. This removal was not happening, so the node continued to appear down. Now the protocol instance is removed from the node and its info panel after the timeout. [12160]
• On the map, when all of the links connected to a pseudonode are hidden after going down and timing out, the pseudonode, which represents the LAN joining those links, will also be hidden. [11805]
• For the path change alert, the messages returned for delivery via syslog, email or database have been clarified to distinguish between unreachable paths and paths with incalculable metrics. For the SNMP rexPathChange trap, the MIB description has been clarified to say that the metric varbind value 0 means incalculable while the hops varbind value 0 means unreachable. [10947]
• In release 8.10, the popup to display the login banner message for VNC logins used a font size that was too small. Now the message is shown in 12 point Courier. [11184]
• When the web administration SMB server configuration is changed, the new configuration is now correctly used instead of the original configuration when restoring archives from SMB. [11263]
• In Planning mode, the feature to add VPN prefixes using a filter was not working, but it is now fixed. [11378]
• A GUI crash could occur when using the RIB browser feature due to running out of memory. This was fixed by avoiding excess preallocation of table space. [12428]
• The default layout selection on the Options dialog is now provided with a drop-down list of layout name/owner combinations rather than requiring the user to type in the layout name. [10748]
• The "Interface" column in the Planning -> Reports table has been renamed to "Exporter" to be more clear since what it contains is the IP address of the exporter. [11379]
• When Analysis -> Trending is selected from the History Navigator, the dialog is now kept open after the OK button is clicked so that the Clear Trending button can be clicked after viewing the trending result. The parameters can then be adjusted to get a different trend line if desired. The dialog closes when the Cancel button is clicked. [11505]
• It is now possible to do a backup of databases and/or system configuration to an SMB server from more than one unit at the same time because contention for a filename has been avoided. [11720]
• On the Archival and Remote Storage web administration page, the remote server can now be identified by hostname as an alternative to its IP address. [12052]
• The number of prefixes that could be entered on the Traffic Groups web administration page was constrained by web protocol. The method has been changed to remove that constraint. [11785]
• For the MPLS WAN feature, the Expected Prefixes browser will automatically update when routing changes cause the set of available prefixes to change. [11875]
• Collection of Static topology information with SNMP could get stuck if the SNMP agent in the router did not properly increment a table index. Now the recorder protects against this error. [12244]
• Adding LDP exporter in the VPN Traffic configuration no longer causes all the LDP sessions to be restarted. [12397]
• When a combination of Static and BGP routers and NextHop nodes are consolidated into one node on the map, the icon and label for the node are now selected according to the following priority: BGP peers, then Static routers, then BGP NextHops, and last Static NextHops. [12541]
• The InetAddress varbinds for traps in the PD-ROUTE-EXPLORER-MIB were not being sent for traps in IPv4 networks, only IPv6. Now the IPv4 traps correctly set the address in both the older IpAddress varbind and the newer InetAddress varbind. [12569]
• In the Network Summary display, the count of Isolated Routers could become -1 because transitions of the Route Recorder were being incorrectly included. This is now fixed. [12590]
• The clouds representing VPNs in the map layout for an MPLS WAN configuration are now restored to their proper positions when the topology is reopened. [12608]
• In an MPLS WAN configuration, it is now possible to find a path when starting from a source node that records only BGP and no IGP. [12614]
• Node labels on the map could be shown inverted when the map first opened if DNS Names display mode was selected and a DNS warning message popup was needed first. This is fixed. [12618]
• In an MPLS WAN system, egress site reports were missing for sites with a BGP peering connected by a Static LAN link because that introduces a pseudonode between the CE and PE. Now the two hops between the CE and PE are shown separately in the WAN links report to be correct for a shared LAN connecting two CEs to the PE. [12621]
• The MPLS WAN Prefix State Change alert was not being sent because the prefix-site group that is part of the alert configuration was not read correctly, but now this is fixed. [12642]
• The varbinds rexDstPrfx, rexDstMask, rexSrcRtrSysID, rexSrcRtrIP, and rexSrcRtrName were missing from MPLS WAN traps, but these are now restored. [12643]

VPN Demo Portal Readme

A downloadable demonstration of the VPN Portal is available at ftp://hpovrams.external.hp.com/rams/portal/vpnPortal.tar. The installation instructions for the demo is available at ftp://hpovrams.external.hp.com/rams/portal/vpnPortal.readme.