Upgrade and Downgrade Caveats
The following items provide key information about upgrading and downgrading with this software version.
License Keyed Feature Reactivation
On the Acme Packet 1100 and VNF platforms, the software TLS and software SRTP features no longer require license keys. After you upgrade either platform to E-CZ8.1.0, you must run the setup product command to re-activate the features that formerly depended on license keys.
Set the New FIPS Boot File Name
Typically, you change the name of the boot file to the name of the new release by editing the file name. You cannot edit the boot file name when upgrading from E-CZ7.5.0 to E-CZ8.1.0 on the Acme Packet 1100, Acme Packet 3900, and VNF. You must use the set-boot-file command to set the new boot file name.
Reset the rsa_ssh.key
After you upgrade from 7.x to Cz8.1.0, you must manually reset the rsa_ssh.key when the host OpenSSH client version is 7.6 or newer. Applies to all platforms.
- Delete the old ssh_rsa.key in the /code/ssh directory in the shell environment.
- Reboot the E-SBC, using reboot from the ACLI prompt.
Reset Local Passwords for Downgrades
Oracle increased the encryption strength for internal password storage as of the Cz8.1.0 release, which affects downgrading to a previous release because the enhanced password encryption is not compatible with earlier SBC software versions. If you change any local account passwords after upgrading to Cz8.1.0, you cannot directly downgrade to a previous release. Oracle recommends that you do not change any local account passwords after upgrading to Cz8.1.0 from a prior release, until you are sure that you will not need to downgrade. If you do not change any local account passwords after upgrading to Cz8.1.0, downgrading is not affected.
Caution:
If you change the local passwords after you upgrade to Cz8.1.0, and then later want to downgrade to a previous release, you must reset the local user passwords with the following procedure before you downgrade or the system will lock you out until all passwords are cleared. If you get locked out, you must contact Oracle support to clear the passwords.Perform the following procedure on the standby SBC first, and then force a switchover. Repeat steps1-10 on the newly active SBC. During the procedure, the SBC powers down and you must be present to manually power up the SBC.
Caution:
Be aware that the following procedure erases all of your local user passwords, as well as, the log files and CDRs located in the /opt directory of the SBC.- Log on to the console of
the standby SBC in Superuser mode, type
halt sysprep
on the command line, and press ENTER.The system displays the following warning:
********************************************* WARNING: All system-specific data will be permanently erased and unrecoverable. Are you sure [y/n]
- Type
y
, and press ENTER. - Type your Admin password,
and press ENTER.
The system erases your local passwords, log files, and CDRs and powers down.
- Power up the standby SBC.
- During boot up, press the
space bar when prompted to stop auto-boot so that you can enter the new boot
file name.
The system displays the boot parameters.
- For the Boot File
parameter, type the boot file name for the software version to which you want
to downgrade next to the existing version. For example,
nnECZ800.bz
. - At the system prompt, type
@
, and press ENTER.The standby reboots.
- After the standby reboots,
do the following:
- Type
acme
, and press ENTER. - Type
packet
, and press ENTER.
- Type
- Type and confirm the password that you want for the User account.
- Type and confirm the password that you want for the Superuser account.
- Perform a notify berpd force on the standby to force a switchover.
- Repeat steps 1-10 on the newly active SBC.
Time Division Multiplexing
Do not set the replace-uri action when routing to a TDM interface.
Set IPSec Support for Acme Packet 3900 and VNF
- Run setup entitlements, again.
- Select advanced to enable advanced entitlements, which then provides support for IPSEC on Acme Packet 3900 and VNF systems.
Maintain DSA-Based HDR and CDR Push Behavior
- Navigate to the security, ssh-config, hostkey-algorithms configuration element and manually enter the DSA keys you want to use.
- Save and activate your configuration.
- Execute the reboot command from the ACLI prompt.