Upgrade Guide

Radware Alteon
5224 from version
29.0.3.0 to
30.0.4.0
Deployment Guide
Junaid Ahmed
JST IT&S Pvt Ltd
Creation Date: 2nd November 2015
Technical Review: Sujith M

Table of Contents
Objective: ........................................................................................................................ 2
Content:.......................................................................................................................... 2
Release Summary ........................................................................................................... 2
Supported Platforms and Modules .................................................................................. 2
Upgrade Path .................................................................................................................. 2
Before Upgrade ............................................................................................................... 2
Image Upload Procedure: .............................................................................................. 3
ACD-VX envoiroments .................................................................................................... 3
Standalone Devices ........................................................................................................ 3
ADC VX Upgrade Considerations ................................................................................... 4
Alteon VA Installation/Upgrade Considerations...4
After Upgrade5
Whats New?....................................................................................................................5
Reference for AlteonOS version 30.0.4.06
APM Beacons via the Alteon Management Port6
Alteon and APSolute Vision with APM server6
New in Version 30.0.0.0.6
FastView Module Activation ADC-VX..7
FastView Module Activation Alteon VA..7
Integrated Web Application Firewall (AppWall).8
Activating AppWall in a vADC..8
Changed Features in Version 30.0.1.0..8
Note..9
References..9

1|Page

Objective:
Upgrading Alteon 5224 from its current version 29.0.3.0 to 30.0.4.0

Content
Radware announces the release of Alteon OS version 30.0.4.0. These release notes
describe the new and changed features introduced in this version. This version is based
on version 30.0.0.0 and includes relevant fixes for versions 29.0.5.0 and 29.5.3.0.

Release Summary
Release Date: March 31, 2015
Objective: Maintenance software release that solves a number of issues and introduces
some new capabilities.

Supported Platforms and Modules

This version is supported by the following platforms:
4408, 4408 XL
4416
5208, 5208 XL, 5208 Extreme
5224, 5224 XL,
5412, 5412 XL
6420, 6420 XL, 6420 Extreme
6420p, 6420p XL, 6420p Extreme
8420, 8420XL, 8420 Extreme
Alteon VA running on VMware ESX 5.1 and ESX5.5, KVM, OpenXen and HyperV

Upgrade Path
You can upgrade to this AlteonOS from AlteonOS versions 26.x, 27.0.x, 28.x, 29.x and
30.x.

Before Upgrade
Important! Before performing an upgrade, back up your current configuration.
When upgrading from a version earlier than 29.0.0.0:
For an ADC-VX environment, due to stricter validation implemented for some
scenarios, Radware recommends performing the following configuration changes
before upgrade to prevent issues that may occur after the upgrade:
Alteon version 29.0.x does not allow a mixture of shared and non-shared VLANs
on the same port. Before upgrading, ensure that VLANs added to a port are
either all shared or all non-shared
Check that the sum of the SSL CPS limits allocated to all vADCs does not
exceed the SSL CPS
2|Page

License:
In version 28.1, there was no enforcement of the allocated SSL (CPS) limit compared
to the license. This enforcement was added in Alteon version 29.0. Therefore, after
upgrade to version 29.0 and later, if more than the total allowed SSL (CPS) is allocated.
Alteon is able some of the vADCs to enforce the total amount of allowed SSL CPS.
For 5412 XL or 5224 XL platforms, due to changes in the default SSL license,
identify what SSL license string is installed before upgrading (using the
info/swkey CLI command, or System > Licensing in BBI). If the SSL license string
is reported as Default, perform the following procedure before updating the
software version:
Connect to the Hardware License Generator on the Radware Web site.
Generate SSL licenses for the relevant platforms.
Install the SSL licenses on the relevant platforms.
You can now proceed with the software version upgrade.

Image Upload Procedure

The AlteonOS 30.0.x image is much larger than its predecessors. To avoid any possible
issues because of this, Radware recommends using one of the following options for
upgrading from
Versions earlier than 30.0.x:
Option 1 Upgrade to 30.0.x using the recovery process
Option 2 One of the following procedures based on the platform environment:

ADC-VX environments:
Upload the 30.0.x ADC-VX image.
Upload the 30.0.x vADC image.
In rare cases, this upload can fail due to lack of free space on the compact flash.
If this occurs, do the following:
Boot the ADC-VX with the new image
Use the boot/rmimg command to remove inactive versions and free up space on
the compact flash
Upload the 30.0.x vADC image.

Standalone devices
Uploading the 30.0.x ADC-VX image:

Upload 30.0.x vADC image in rare cases this upload can fail due to lack of free space
on the compact flash. If this occurs, do the following:
Upgrade to one of the following versions: 28.1.13, 29.0.3, 29.4.4,
29.5.1,30.0.0
Use the boot/rmimg command to remove inactive versions and free up space
on the compact flash.
Upload the 30.0 vADC image.
3|Page

ADC VX Upgrade Considerations

General Considerations:
Upgrade from a version prior to 27.0.0.0:
Radware recommends upgrading using the recovery procedure (see the
Radware Alteon Installation and Maintenance Guide) with the AlteonOS 30.0
recovery file to ensure that the hard disk, which was not used before version
27.0.0.0, is formatted.
Once you have upgraded from a version earlier than version 27.0.0.0, rollback
(downgrade) is possible only to version 26.3.0 or later. Alteon 5224 requires
12GB RAM to run this version properly. If your device only has 6GB RAM,
upgrade to 12GB is required before installing this software version.
When upgrading from versions earlier than 30 installation of ADC-VX 30.0.x
requires upgrading internal components. This process can take up to 15 minutes.
Do not interrupt the process until its Completion.
Hypervisors (ADC-VX) running a particular version (for example, 30.0) only
support vADCs running the same version or later.

Alteon VA Installation/Upgrade Considerations

The minimum amount of memory required to run Alteon VA has been increased
in version 30.0.1.0 to 3 GB RAM. Before upgrading to version 30.0.1.0 or higher,
increase the memory allocation to 3 GB.RAM for the virtual machine running
Alteon VA. All other requirements remain unchanged: 4.5 GB.hard disk, 1 vCPU,
1 virtual network interface for management, and 1 virtual network interface for
data.
Note: This process is not required if the full deployment package is used (the full
installation, Not upgrade).
Alteon VA with the integrated FastView installation requires a minimum of 2
vCPUs, 6 GB memory, and 50 GB disk space.
Upgrade from version 30.0.0.0 to 30.0.x.0 can be performed using the upgrade
image.
Upgrade from a version earlier than 30.0.0.0 requires full VA installation.
To perform full VA installation:
a. Save the configuration before installing Alteon VA version 30.0.0.0 and
upload it after installation.
b. Follow the Recovery and License Migration procedure detailed in the
Radware Alteon Installation and Maintenance Guide.

4|Page

The default configuration has changed starting with Alteon version 29.0.0.0, where
VLAN 2 is the default PVID for port 2. This change avoids a loop caused by both
ports having VLAN 1 as the default PVID. When upgrading from a version earlier
than 29.0.0.0, if port 2 used the default PVID 1 Before the upgrade, manually set
port 2 to use PVID 1 after the upgrade. You may also need to move some IP
interfaces from VLAN 1 to VLAN 2.
Alteon VA installation on KVM requires that the vhost-net driver is installed. If the
KVM host does not have this driver configured, modifying the configuration with
the following command:
/etc/default/qemu-kvm: VHOST_NET_ENABLED=0 to
VHOST_NET_ENABLED=1

After Upgrade
After upgrade, Radware recommends the following procedure to ensure that the
configuration was correctly applied:
If you are using WEB UI, perform CTRL+F5 (it performs deep refresh including
force cache purge for the page). This is required in order to get the most updated
screen of the new version.
Perform Apply.
Do one of the following:
If the Apply is successful (including a No Apply needed result), perform Save.
b. If the Apply fails (in some rare cases due to enhancements meant to improve
configuration validation, after the upgrade it is possible that some of the
configuration is not accepted), do the following:
Perform the configuration changes required, according to the Apply result.
After the Apply is successful, perform Save.
Note: In very rare cases due to changes in the configuration file structure to support
new features and update current ones, after the upgrade there may appear to be
differences between the saved and running configuration (that is, the diff flash is not
empty). To empty the diff flash, perform any configuration change (for example,
cfg/sys/idle X), and then perform Apply and Save.
When upgrading vADCs from version 28.1, if your configuration includes filters
and the Reverse

Whats New?
This section describes the new features and components introduced in this version on
top of Alteon version 30.0.0.0. For more details on all features described here, see the
Alteon Application Switch Operating System Application Guide and the Alteon
Application Switch Operating System Command

5|Page

Reference for AlteonOS version 30.0.4.0.

New in Version 30.0.4.0

APM Beacons via the Alteon Management Port

Alteon version 30.0.4 route the APM beacons via the Alteon management port. (and not
from the data port as done in previous releases). This simplifies the topology so that
only a single IP routing connectivity is required between

Alteon and APSolute Vision with APM server.

After upgrading from previous Alteon versions to version 30.0.4 with APM configured:
Session parameter (cfg/slb/filter X/adv/reverse) was left at its default value (disable),
after upgrade due to changes to default values you must manually change the
parameter value to disable.
The APM real server and group that were automatically created are removed from the
configuration as they are no longer needed.
It is important that you review the network connectivity between Alteon and
APSoluteVision, to make sure that there is a route between the Alteon
management port and the APM ports on APSolute Vision. This depends on the
APSolute Vision version, as stated in following notes:

New in Version 30.0.0.0

Integrated Web Performance Optimization (FastView):
Radware's FastView is a WPO solution that accelerates Web sites and customer-facing
Web Applications by up to 40% (with the FastView configuration optimized by Radware
Technical Support services). It transforms front-end optimization (FEO) from a lengthy
and complex Process to an automated function performed in real-time, accelerating
Web application Response time for any browser, client, or end-user device. FastView is
a simple-to-deploy Solution, based on an asymmetrical architecture that does not
require any integration into Web application servers or any client installation on the end
user device.
FastView is part of the standard Alteon NG offering, available now as an integrated
module with Alteon 30.0.0.0, complementing and enhancing its ability to offer SLA
assurance for Web applications.

6|Page

FastView uses various acceleration techniques, such as:

Browser-specific acceleration
Resource consolidation
Landing page optimization
Granular suite of deferral features
Auto-learning flow acceleration
Mobile specific acceleration

FastView Module Activation ADC-VX

To activate the FastView module in and ADC-VX environment:
Upgrade Alteon ADC-VX. ADC-VX must support version 30.0.0.0 or later to allow
FastView licensing and FastView CU allocation in the admin (GA) context.
Add a vADC image version 30.0 or later to the vADC repository.
Make sure the platform is licensed for FastView.
Assign a FastView limit and FastView CUs to the relevant vADC. Most of the
FastView processing is performed within the Traffic Processing (SP) CUs.
FastView CUs are used for FastView offline Processing. The minimum number of
CUs for a vADC that uses FastView is 2 offline CUs, and the Maximum is 8.

FastView Module Activation Alteon VA

Install the Alteon VA image that includes FastView, and set the FastView license on the
platform.
Configuration Notes
FastView is an integral part of the ADC configuration, just like SSL or
compression.
Make sure the FastView global configuration flag is enabled.
FastView configuration elements: FastView Web applications and FastView
treatment sets are now available for configuration from the Alteon WBM.
FastView Web applications can be associated to a virtual service serving HTTP
or HTTPS, or, for Granular configuration, to a content rule in an HTTP or HTTPS
service.
The FastView configuration is not available from the Alteon CLI. The FastView
configuration is saved in a separate file in XML format. When using Alteon
configuration export or import, a zip file is enerated including both the Alteon and
FastView configuration files.

7|Page

Integrated Web Application Firewall (AppWall)

The integrated AppWall solution secures Web applications and enables PCI compliance
through mitigation of Web application security threats and vulnerabilities. It prevents
data theft, manipulation of sensitive corporate data, and protects customer information.
The integrated AppWall provides complete Web Application protection, including:
ICSA Certified Web Application Firewall
Full coverage out-of-the-box of OWASP top-10 threats, including injections,
cross-site scripting (XSS), cross-site request forgery (CSRF), broken
authentication, and session management and security misconfiguration.
Data leak prevention, identifying and blocking sensitive information transmission
such as credit card numbers (CCN) and social security numbers (SSN).
Zero-day attacks prevention, including positive security profiles limiting the user
input only to the level required by the application to properly function, thus
blocking zero day attacks. The positive security profiles are a proven protection
against zero-day attacks.
Protocol validation AppWall enables HTTP standards compliance to prevent
evasion techniques and protocol exploits.
XML and Web services protection Alteon WAF offers a rich set of XML and
Web services security protections, including XML validity check Web services
method restrictions, XML structure validation to enforce legitimate SOAP
messages, and XML payloads.

Activating AppWall in a vADC

Install the AppWall License on the device (hypervisor).
Allocate the AppWall throughput limit and dedicated capacity units (CUs) for the
vADC. The minimum number of CUs required for Web Application Security
(AppWall and/or Authentication) on any vADC is 2. The VX hypervisor must run
version 30.0 (or higher). For Web Application Security, you can allocate two (2),
four (4), or multiples of four (4) CUs.
Enable the AppWall module on the vADC.

Changed Features in Version 30.0.1.0

VA Minimum Memory Requirement
The minimum amount of memory required to run Alteon VA has been increased in
version 30.0.1.0 to 3 GB RAM. Before upgrading to version 30.0.1.0, increase the
memory allocation to 3 GB RAM for the virtual machine running Alteon VA. All other
requirements remain unchanged:
4.5 GB hard disk, 1 vCPU, 1 virtual network interface for management, and 1 virtual
network interface for data.

8|Page

Note:
This process is not required if the full deployment package is used (the full installation,
not upgrade).
The estimated down time for such upgrade is 15 minutes.

Highly recommended:
Alteon 5224 requires 12 GB RAM to run this version properly. If your device only
has 6 GB RAM, upgrade to 12 GB is required before installing this software
version.

References:
At the following link you will be able to find the relevant image files for the upgrade:
https://portals.radware.com/Customer/Home/Downloads/Application-Delivery-LoadBalancing/?Product=Alteon
At the following link you will be able to generate the desired upgrade password:
https://portals.radware.com/Customer/Home/Tools/PasswordGenerator/?id=4294967329

9|Page