Professional Documents
Culture Documents
TMS 9.6.0.0 Release Notes 2022-05-02
TMS 9.6.0.0 Release Notes 2022-05-02
TMS 9.6.0.0 Release Notes 2022-05-02
Release Notes
Version 9.6.0.0
Legal Notice
The information contained within this document is subject to change without notice. NETSCOUT SYSTEMS, INC.
makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. NETSCOUT SYSTEMS, INC. shall not be liable for errors
contained herein or for any direct or indirect, incidental, special, or consequential damages in connection with the
furnishings, performance, or use of this material.
Use of this product is subject to the End User License Agreement available at
http://www.NetScout.com/legal/terms-and-conditions or which accompanies the product at the time of shipment
or, if applicable, the legal agreement executed by and between NetScout Systems, Inc. or one of its wholly-owned
subsidiaries (“NETSCOUT”) and the purchaser of this product (“Agreement”).
Government Use and Notice of Restricted Rights: In U.S. government (“Government”) contracts or subcontracts,
Customer will provide that the Products and Documentation, including any technical data (collectively “Materials”),
sold or delivered pursuant to this Agreement for Government use are commercial as defined in Federal
Acquisition Regulation (“FAR”) 2.101and any supplement and further are provided with RESTRICTED RIGHTS. All
Materials were fully developed at private expense. Use, duplication, release, modification, transfer, or disclosure
(“Use”) of the Materials is restricted by the terms of this Agreement and further restricted in accordance with FAR
52.227-14 for civilian Government agency purposes and 252.227- 7015 of the Defense Federal Acquisition
Regulations Supplement (“DFARS”) for military Government agency purposes, or the similar acquisition
regulations of other applicable Government organizations, as applicable and amended. The Use of Materials is
restricted by the terms of this Agreement, and, in accordance with DFARS Section 227.7202 and FAR Section
12.212, is further restricted in accordance with the terms of NETSCOUT’S commercial End User License
Agreement. All other Use is prohibited, except as described herein.
This Product may contain third-party technology. NETSCOUT may license such third-party technology and
documentation (“Third-Party Materials”) for use with the Product only. In the event the Product contains Third-
Party Materials, or in the event you have the option to use the Product in conjunction with Third-Party Materials
(as identified by NETSCOUT in the Documentation provided with this Product), then such third-party materials are
provided or accessible subject to the applicable third-party terms and conditions contained either in the “Read
Me” or “About” file located in the Software or on an Application CD provided with this Product, or in an appendix
located in the documentation provided with this Product. To the extent the Product includes Third-Party Materials
licensed to NETSCOUT by third parties, those third parties are third-party beneficiaries of, and may enforce, the
applicable provisions of such third-party terms and conditions.
Open-Source Software Acknowledgement: This product may incorporate open-source components that are
governed by the GNU General Public License (“GPL”) or licenses that are compatible with the GPL license (“GPL
Compatible License”). In accordance with the terms of the GNU GPL, NETSCOUT will make available a complete,
machine-readable copy of the source code components of this product covered by the GPL or applicable GPL
Compatible License, if any, upon receipt of a written request. Please identify the product and send a request to:
NetScout Systems, Inc.
GNU GPL Source Code Request
310 Littleton Road
Westford, MA 01886
Attn: Legal Department
No portion of this document may be copied, photocopied, reproduced, translated, or reduced to any electronic
medium or machine form without prior consent in writing from NETSCOUT. The information in this document is
subject to change without notice and does not represent a commitment on the part of NETSCOUT.
The products and specifications, configurations, and other technical information regarding the products
described or referenced in this document are subject to change without notice and NETSCOUT reserves the right,
at its sole discretion, to make changes at any time in its technical information, specifications, service, and support
programs. All statements, technical information, and recommendations contained in this document are believed
to be accurate and reliable but are presented “as is” without warranty of any kind, express or implied. You must
take full responsibility for their application of any products specified in this document. NETSCOUT makes no
implied warranties of merchantability or fitness for a purpose as a result of this document or the information
described or referenced within, and all other warranties, express or implied, are excluded.
Except where otherwise indicated, the information contained in this document represents the planned
capabilities and intended functionality offered by the product and version number identified on the front of this
document. Screen images depicted in this document are representative and intended to serve as example images
only.
© 1999-2022 NETSCOUT SYSTEMS, INC. All rights reserved. Confidential and Proprietary.
www.netscout.com
Document Number: TMS-RN-9600-2022/05
02 May, 2022
Contents
Revision History 4
Preface
Introduction 5
Software Versioning Policy 6
Upgrade Information
Software Threat Mitigation System (TMS) requires specific CPU instruction sets 15
TMS HD1000 (16x10G) and TMS 5000 automatic configuration replaces user configuration 16
Supported Upgrade Paths 16
Multi-version Upgrades and Deployments 16
About Adding or Upgrading TMS in Sightline Deployments 16
System Requirements
Supported Devices 17
Communication Ports 17
Revision History
The following table lists the dates when these release notes were updated and a
description of the changes that were made:
Preface
Introduction
This document includes release information about Threat Mitigation System 9.6.0.0.
Maintenance x.y.z.n A release that fixes bugs that were found in the
Examples: associated major, minor, or point release.
4.0.0.2,
4.3.0.1,
4.0.1.3, 4.3.2.1
Lifecycle support
n Major and minor releases have a 3-year support lifecycle (with 2 years of software
maintenance).
n A point release inherits the support lifecycle from the major or minor release that it is
associated with. For example, 4.3.2.0 follows the support lifecycle timeline of 4.3.0.0.
n A maintenance release inherits the support lifecycle from the major or minor release
that it is associated with. For example, 4.3.2.1 follows the support lifecycle timeline of
4.3.0.0.
In Sightline, you define customer managed objects for the traffic you want to mitigate,
and apply Omnis TMS Guardian licenses to the managed objects. You can then do the
following:
n Use the TMS devices that are configured for Omnis TMS Guardian to mitigate traffic
that matches the managed objects.
n View DoS alert traffic dropped by flowspec mitigations that are protecting the
managed objects.
Omnis TMS Guardian is available with the following TMS devices:
n TMS HD1000 (16x10G)
n TMS HD1000 (4x100G + 8x10G)
n TMS 8100 (8x10G + 8x1G)
n Software TMS
For information on using Software TMS devices with Omnis TMS Guardian, see the topic
“Adding a Software TMS Device Using Omnis TMS Guardian Licensing” in either of the
following documents:
n Software Threat Mitigation System Virtual Machine Installation Guide
n Software Threat Mitigation System Installation on Hardware
For additional information on Omnis TMS Guardian, see the following topics in the
Sightline and Threat Mitigation System User Guide:
n “About Licensing for Omnis TMS Guardian”
n “Using Omnis TMS Guardian in your Deployment”
n “Configuring Omnis TMS Guardian”
The bandwidth permitted on the appliance is limited to the bandwidth purchased with
the license. As you modify the number or type of PPMs, you purchase new licenses to
reflect the change in the appliance’s potential bandwidth.
Important
Existing customers can continue using their current TMS HD1000 licenses.
See the following sections in the Sightline and Threat Mitigation System Deployment and
Device Limits document for additional information on TMS HD1000 appliance limits:
n “TMS HD1000 (16x10G) Appliance Limits”
n “TMS HD1000 (4x100G + 8x10G) Appliance Limits”
Automatic configuration for TMS HD1000 (16x10g) and TMS 5000 appliances
In Sightline, you previously needed to manually enter the number and type of Packet
Processing Modules (PPMs) or Application Processing Modules (APM-Es) in TMS HD1000
(16x10g) and TMS 5000 appliances. PPM and APM-E configuration information is now
automatically sent from these appliances to Sightline. The configuration is now shown in
a Slot table displayed in the following areas:
n the Deployment tab of the Add/Edit Appliance page (Administration > Appliances)
n the Appliance Status page (System > Status > Appliance Status)
n the Appliance Monitoring page (System > Status > Appliance Monitoring)
Important
When you upgrade, automatic configuration replaces your previous configuration with
the configuration sent from the appliance.
Filter list capacity calculations exclude TMS devices not communicating with
Sightline
When determining if a filter list is too large for a mitigation or a deployment, Sightline
now excludes the filter list capacity of TMS devices that are not communicating with it.
Previously, the non-communicating TMS devices could cause Sightline to use a lower limit
than is currently necessary for filter list sizes.
If you have TMS devices in your deployment that are not communicating with Sightline,
you may see the following changes in behavior:
n You may no longer see some warnings about filter lists being too large.
n In warnings or messages, you may see a different maximum size allowed for filter lists.
The labels for the check boxes that were on those tabs have also changed. The table
below shows the old and new labels, and the tab that previously contained the check box:
Previous tab
Old labels New label location
Previous tab
Old labels New label location
Require all group members to have Require all TMS group Mitigation
available bandwidth before starting a members to have Preconditions
mitigation available bandwidth.
Fixed Issues
94170 210824-000099 9.6.0.0 On the TMS HD1000, TMS services could improperly
start on a Packet Processing Module.
94793 211015-000014 9.6.0.0 Under certain conditions, the TMS 5000 failed to
handle deny list entries properly. This resulted in any
of the following issues:
n failure to add an item to the deny list
n failure to remove an item from the deny list
n failure to show that an item was on the deny list
220112-000054
211223-000021
220221-000055
220304-000075
220313-000015
220315-000047
Known Issues
82696 211028-000018 9.4.0.0 If a Software TMS device has fewer than 16 physical
interfaces, and on the Deployment tab
(Administration > Appliances), Capabilities is set to
Enable Full Reporting, the following TMS Fault alert
is erroneously generated:
Config File 'dpi.conf' is 'Error' (physical
interface(s) invalid
As a workaround, follow the steps below:
1. Navigate to the Configure Appliances page
(Administration > Appliances).
2. To edit the Software TMS device, click its name
link.
3. On the Deployment tab, set Capabilities to
Advanced.
4. On the Patch Panel tab, select Mitigate, Flow,
DNS, HTTP, and VOIP Capabilities for the ports
used for mitigation or reporting.
5. Click Save, and then commit your changes.
92970 210611-000032 9.3.6 On the TMS 8100 (8x10G + 8x1G), some ports may
incorrectly show their speed as 40 GbE.
93376 9.3.0 When using PCI passthrough with Software TMS, the
passthrough must be configured for the entire card,
rather than individual ports.
87174 9.1.0 The following log messages may occur when running
more than 100 mitigations on a TMS 5000. These are
harmless and should be ignored:
n blinky[#]: [S] #MODULE-SKIP check-hwdevice
(already running)
n blinky[#]: [W] #BLINKY apm-X-ipmc -4
seconds out of sync
n SA_ERR_HPI_NO_RESPONSE
88020 9.1.0 If you make certain changes to the TMS patch panel
settings in the presence of traffic, the system can
generate spurious alerts and may become slightly
unstable. You can avoid this by making patch panel
changes only when the TMS is not actively mitigating
traffic, or by waiting about a minute for the condition
to clear.
Upgrade Information
For detailed information about supported upgrade paths, multi-version upgrades, and
multi-version deployments, see the Sightline and Threat Mitigation System Compatibility
Guide. You can download this guide from the Arbor Technical Assistance Center
(https://support.arbornetworks.com).
Important
To upgrade a Cisco ASR 9000 vDDoS Protection device to TMS 9.6.0.0, follow the
instructions in the topic “Upgrading the Software and Installing Maintenance Releases
on TMS Devices” in the Sightline and Threat Mitigation System User Guide. The installation
procedure described in the Cisco ASR 9000 vDDoS Protection Configuration Guide should
be followed for new installations only.
System Requirements
For information about enforced limits and guideline limits for each currently supported
TMS model, see Sightline and Threat Mitigation System Deployment and Device Limits. You
can download this guide from the ATAC website (https://support.arbornetworks.com).
Supported Devices
The following TMS devices are supported in the TMS 9.6.0.0 release:
n TMS 2600
n TMS 2800
n TMS 5000 (32x10G and 4x100G models)
n TMS HD1000 (16x10G)
n TMS HD1000 (4x100G + 8x10G)/PPM-20G
n TMS HD1000 (4x100G + 8x10G)/PPM-50G
n TMS HD1000 (4x100G + 8x10G)/mixed PPMs
n TMS 8100 (8x10G + 8x1G)
n Software Threat Mitigation System
n Cisco ASR 9000 vDDoS Protection (10G, 20G, 40G, and 60G models)
For more information see “TMS Software Compatibility with TMS Devices” in the Sightline
and Threat Mitigation System Compatibility Guide. You can download this guide from the
Arbor Technical Assistance Center (https://support.arbornetworks.com).
Communication Ports
Required ports
The following table lists the ports that TMS requires in a Sightline/TMS deployment.
Note
Some of the ports may not be applicable to your deployment.
Optional ports
The following ports are optional and only need to be enabled if you are using the
corresponding service:
If you do not already have a customer account, contact the Arbor Technical Assistance
Center (ATAC) at:
n 1 877 272 6721 [U.S. toll free]
n +1 781 768 4301 [Worldwide]
n https://support.arbornetworks.com
Sightline and Threat Mitigation Instructions and information that explain how to
System User Guide configure and use Sightline and TMS devices and
software via the Sightline user interface (UI) and the
command line interface (CLI).
You can access the User Guide by clicking the
icon in the Sightline UI. It is also available as a PDF.
The User Guide contains all information that was
previously included in the following documents:
n Sightline and Threat Mitigation System Advanced
Configuration Guide
n Sightline and Threat Mitigation System Licensing
Guide
Sightline and Threat Mitigation This document has been discontinued. The content
System Advanced Configuration previously included in this document is now
Guide included in the Sightline and Threat Mitigation System
User Guide.
Sightline and Threat Mitigation Descriptions of the support for multi-version, multi-
System Compatibility Guide platform Sightline and TMS deployments.
Sightline and Threat Mitigation Lists the enforced limits and guideline limits for
System Deployment and Device Sightline and TMS deployments. It also covers the
Limits enforced limits and guideline limits for supported
Sightline and TMS devices.
Sightline and Threat Mitigation This document has been discontinued. The content
System Licensing Guide previously included in this document is now
included in the Sightline and Threat Mitigation System
User Guide.
Sightline and Threat Mitigation Instructions and information for the managed
System Managed Services services customers who use the Sightline user
Customer Guide interface.
Sightline and Threat Mitigation General information about the following APIs:
System API Guide n REST API
n Web Services API
n Current SOAP API
n Classic SOAP API (the API that was released prior
to SP version 5.5)
Sightline REST API Documentation Instructions and information that explain how to
use Sightline REST API. You can access this
documentation from the Sightline UI by selecting
Administration > Sightline REST API
Documentation. It is also available for download.
ArbOS REST API Documentation Instructions and information that explain how to
use ArbOS REST API. You can access this
documentation from the Sightline UI by selecting
Administration > ArbOS REST API Documentation.
It is also available for download.
Software Threat Mitigation System Instructions on installing Software TMS on your own
Installation on Hardware hardware. Follow the instructions in this guide if you
are installing Software TMS on hardware instead of
a VM.
Installation Guide for Sightline Instructions and requirements for the initial
and Threat Mitigation System installation and configuration of Sightline and TMS
appliances appliances.