Document fins/I0667-2
FIN #: I0667-2
SYNOPSIS: Sun StorEdge T3 and T3+ array controllers which are connected to a
public ethernet network may disable without warning or experience
availability problems if they are scanned by third party security
software
DATE: Mar/07/02
KEYWORDS: Sun StorEdge T3 and T3+ array controllers which are connected to a
public ethernet network may disable without warning or experience
availability problems if they are scanned by third party security
software
---------------------------------------------------------------------
- Sun Proprietary/Confidential: Internal Use Only -
---------------------------------------------------------------------
FIELD INFORMATION NOTICE
(For Authorized Distribution by SunService)
SYNOPSIS: Sun StorEdge T3 and T3+ array controllers which are connected
to a public ethernet network may disable without warning or
experience availability problems if they are scanned by third
party security software.
Sun Alert: Yes
TOP FIN/FCO REPORT: Yes
PRODUCT_REFERENCE: T3/T3+ StorEdge Array w/Third Party Network Security
Software
PRODUCT CATEGORY: Storage / SW Admin
PRODUCTS AFFECTED:
Systems Affected:
-----------------
Mkt_ID Platform Model Description Serial Number
------ -------- ----- ----------- -------------
- Anysys - System Platform Independent -
X-Options Affected:
-------------------
Mkt_ID Platform Model Description Serial Number
------ -------- ----- ----------- -------------
- T3 ALL StorEdge T3 Array -
- T3+ ALL StorEdge T3+ Array -
PART NUMBERS AFFECTED:
Part Number Description Model
----------- ----------- -----
- - -
REFERENCES:
BugId: 4356418 - Cybercop test causes controller data access exception.
4527674 - H.E.A.T security software scan causes T3 controller
failure.
SunAlert: 26464
PROBLEM DESCRIPTION:
-----------------
|FROM FIN I0667-1:|
-----------------
Any customers that have T3 units connected to a general purpose
ethernet network, and using T3 firmware versions 1.16a / 1.16c, or
earlier, may experience the problems stated below. Depending on the
configuration, I/O performance may decrease, or data may become
inaccessible.
A number of problems have been identified within the ethernet
networking module (pNA) of the T3's embedded real-time operating system
(pSOS). Firmware versions 1.16a / 1.16c, and all earlier versions are
susceptible to these problems.
The problems identified so far include:
o Cybercop security package test causes controller data access exception.
o Executing arp -a on a T3 may cause a controller reset.
o Long http strings can result in a T3 probe break.
As a result of ANY of these issues, and possibly others that have not
yet been identified, the following problems may be observed:
1. StorEdge T3 Partner Group Array Configurations
==============================================
In a partner group configuration, the master controller will disable.
This will cause the alternate master controller to perform a fail-over
and it will be promoted to the master role. As long as multi-pathing
software is installed and properly configured on the data host, I/O
will fail-over to the remaining controller path. This could cause a
performance impact due to the loss of I/O bandwidth and the T3 partner
group cache mode shifting to write through for all LUNs on the partner
group.
2. StorEdge T3 Single Array Configurations
=======================================
With single arrays, the controller will disable and any LUNs defined on
the T3 will be inaccessible to its attached host(s) until the T3 is
rebooted.
The ethernet port and associated TCP/IP services provided by the T3 are
critical to maintaining and monitoring its overall health.
Unfortunately, the TCP/IP services provided with the T3's embedded
real-time operating system prior to FW 1.17a, had a number of
deficiencies, which made the T3 sensitive to certain network events.
Using a Sun StorEdge T3 array with FW 1.16a / 1.16c or earlier versions
on a general purpose network, has been shown under certain conditions
to cause controllers to disable. As a result, performance can decrease,
or data can become inaccessible.
----------------------
|UPDATE FOR FIN I0667-2:|
----------------------
The following sections in the Corrective Action for FIN I0667-1 have
been updated:
. T3+ storage array product has been added to the affected current
storage array product list.
. A command to use to identify the current firmware version installed
in the system is as follows:
The "ver" command can be typed on the Sun StorEdge T3/T3+ array to
display the firmware version of the Sun StorEdge T3/T3+ array
controller. At this point ALL Sun StorEdge T3/T3+ array controller
firmware versions are susceptible to this problem.
Any Sun StorEdge T3/T3+ array controller connected to an ethernet
network where third party security software is in use may be
affected.
. An error message that may be displayed if HEAT software is used:
Below is a snip of the syslog messages on a Sun StorEdge T3 array
partner group which was connected to an ethernet network. The Sun
StorEdge T3 array master controller (u1) was disabled after being
scanned by the H.E.A.T security software developed by third party
software company.
H.E.A.T. is launching the process /usr/local/heat/bin/hydrarecon as
id 1026
H.E.A.T. is launching the process /usr/local/heat/bin/hydraprobe as
id 1027
Nov 15 14:40:14 hws27-41 sh05[1]: N: fru stat
Nov 15 14:41:34 hws27-41 HBTT[2]: N: u2ctr: Takeover process completed
Nov 15 14:41:34 hws27-41 HBTT[2]: W: u1ctr: Offline
H.E.A.T. is launching the process /usr/local/heat/bin/hydraexplore as
id 1030
Nov 15 14:44:52 hws27-41 sh10[2]: N: fru stat
H.E.A.T. is launching the process /usr/local/heat/bin/hydraanalysis as
id 1050
. The recommended workaround is as follows:
A recommended workaround to this problem is to install all Sun StorEdge
T3/T3+ arrays on a private network which is excluded from third party
software security scans.
At this point a fix has not been implemented. PDE engineering has
identified a specific instance of this problem involving the H.E.A.T
security software. It is expected that the specific problem identified
involving the H.E.A.T security software will be corrected in a future
release of the Sun StorEdge T3 array controller firmware.
IMPLEMENTATION:
---
| | MANDATORY (Fully Pro-Active)
---
---
| X | CONTROLLED PRO-ACTIVE (per Sun Geo Plan)
---
---
| | REACTIVE (As Required)
---
CORRECTIVE ACTION:
An Authorized Enterprise Services Field Representative may avoid the
above mentioned problems by following the recommendations as shown
below.
At this point a recommended workaround is to install Sun StorEdge T3/T3+
Arrays on a private network which excludes the use of third party
security software.
COMMENTS:
----------------------------------------------------------------------------
Implementation Footnote:
i) In case of MANDATORY FINs, Enterprise Services will attempt to
contact all affected customers to recommend implementation of
the FIN.
ii) For CONTROLLED PROACTIVE FINs, Enterprise Services mission critical
support teams will recommend implementation of the FIN (to their
respective accounts), at the convenience of the customer.
iii) For REACTIVE FINs, Enterprise Services will implement the FIN as the
need arises.
----------------------------------------------------------------------------
All released FINs and FCOs can be accessed using your favorite network
browser as follows:
SunWeb Access:
--------------
* Access the top level URL of http://sdpsweb.ebay/FIN_FCO/
* From there, select the appropriate link to query or browse the FIN and
FCO Homepage collections.
SunSolve Online Access:
-----------------------
* Access the SunSolve Online URL at http://sunsolve.Corp/
* From there, select the appropriate link to browse the FIN or FCO index.
Internet Access:
----------------
* Access the top level URL of https://infoserver.Sun.COM
--------------------------------------------------------------------------
General:
--------
* Send questions or comments to finfco-manager@Sun.COM
--------------------------------------------------------------------------
Copyright (c) 1997-2003 Sun Microsystems, Inc.