1. Release Notes
  2. Introduction to E-CZ8.1.0
  3. Upgrade Information
  4. Upgrade and Downgrade Caveats

Upgrade and Downgrade Caveats

The following items provide key information about upgrading and downgrading with this software version.

License Keyed Feature Reactivation

On the Acme Packet 1100 and VNF platforms, the software TLS and software SRTP features no longer require license keys. After you upgrade either platform to E-CZ8.1.0, you must run the setup product command to re-activate the features that formerly depended on license keys.

Set the New FIPS Boot File Name

Typically, you change the name of the boot file to the name of the new release by editing the file name. You cannot edit the boot file name when upgrading from E-CZ7.5.0 to E-CZ8.1.0 on the Acme Packet 1100, Acme Packet 3900, and VNF. You must use the set-boot-file command to set the new boot file name.

Reset the rsa_ssh.key

After you upgrade from 7.x to Cz8.1.0, you must manually reset the rsa_ssh.key when the host OpenSSH client version is 7.6 or newer. Applies to all platforms.

  1. Delete the old ssh_rsa.key in the /code/ssh directory in the shell environment.
  2. Reboot the E-SBC, using reboot from the ACLI prompt.

Reset Local Passwords for Downgrades

Oracle increased the encryption strength for internal password storage as of the Cz8.1.0 release, which affects downgrading to a previous release because the enhanced password encryption is not compatible with earlier SBC software versions. If you change any local account passwords after upgrading to Cz8.1.0, you cannot directly downgrade to a previous release. Oracle recommends that you do not change any local account passwords after upgrading to Cz8.1.0 from a prior release, until you are sure that you will not need to downgrade. If you do not change any local account passwords after upgrading to Cz8.1.0, downgrading is not affected.

Caution:

If you change the local passwords after you upgrade to Cz8.1.0, and then later want to downgrade to a previous release, you must reset the local user passwords with the following procedure before you downgrade or the system will lock you out until all passwords are cleared. If you get locked out, you must contact Oracle support to clear the passwords.

Perform the following procedure on the standby SBC first, and then force a switchover. Repeat steps1-10 on the newly active SBC. During the procedure, the SBC powers down and you must be present to manually power up the SBC.

Caution:

Be aware that the following procedure erases all of your local user passwords, as well as, the log files and CDRs located in the /opt directory of the SBC.
  1. Log on to the console of the standby SBC in Superuser mode, type halt sysprep on the command line, and press ENTER.

    The system displays the following warning: 

    *********************************************
WARNING: All system-specific data will be permanently 
erased and unrecoverable.

Are you sure [y/n]
  2. Type y, and press ENTER.
  3. Type your Admin password, and press ENTER.

    The system erases your local passwords, log files, and CDRs and powers down.

  4. Power up the standby SBC.
  5. During boot up, press the space bar when prompted to stop auto-boot so that you can enter the new boot file name.

    The system displays the boot parameters.

  6. For the Boot File parameter, type the boot file name for the software version to which you want to downgrade next to the existing version. For example,nnECZ800.bz.
  7. At the system prompt, type @, and press ENTER.

    The standby reboots.

  8. After the standby reboots, do the following:
    1. Type acme, and press ENTER.
    2. Type packet, and press ENTER.
  9. Type and confirm the password that you want for the User account.
  10. Type and confirm the password that you want for the Superuser account.
  11. Perform a notify berpd force on the standby to force a switchover.
  12. Repeat steps 1-10 on the newly active SBC.

Time Division Multiplexing

Do not set the replace-uri action when routing to a TDM interface.

Set IPSec Support for Acme Packet 3900 and VNF

IPSec is not supported on the Acme Packet 3900 and VNF in the CZ8.1.0 release. You must upgrade to CZ8.1.0p1 to get this support. After you upgrade to CZ8.1.0p1, do the following:
  1. Run setup entitlements, again.
  2. Select advanced to enable advanced entitlements, which then provides support for IPSEC on Acme Packet 3900 and VNF systems.

Maintain DSA-Based HDR and CDR Push Behavior

To maintain your existing DSA key-based CDR and HDR push behavior after upgrading from 7.x to E-CZ8.1.0, perform the following procedure:
  1. Navigate to the security, ssh-config, hostkey-algorithms configuration element and manually enter the DSA keys you want to use.
  2. Save and activate your configuration.
  3. Execute the reboot command from the ACLI prompt.