Release Notes: IBM Aspera FASP Proxy 1.4.0
Release Notes: IBM Aspera FASP Proxy 1.4.0

Release Notes: IBM Aspera FASP Proxy 1.4.0

Product Release: June 20, 2016
Release Notes Updated: July 12, 2016

WHAT'S NEW

This release of IBM Aspera FASP Proxy provides the new features, fixes, and other changes listed below.

New Features

  • For use with Aspera Drive, reverse proxy now supports the use of async.
  • Reverse proxy TCP-port based rules. The rule property host_ip accepts an optional port number. The format is ipaddr:port. If no port is specified, ports 22 and 33001 are assumed.

ISSUES FIXED IN THIS RELEASE

#34694 - asuserdata -s does not display the <balancing> tag.

#35731 - With reverse proxy, if one transfer user has a bad SSH key setup, a connection attempt by that user will mark the backend node as failed, at which point all transfers are prevented for all users. The SSH key bug keeps the backend server as a bad server for two minutes, after which it retries that server again. Now, if the SSH key is wrong, reverse proxy no longer marks the backend server as failed.

#35843 - Proxy does not specify the destination IP in the ipTables DNAT rule. This prevents multiple clients using the same source IP from doing transfers to different backend ES servers based on the host_ip setting in the proxy server's aspera.conf. For example, when a client is directed to transfer to one destination and then a second client with the same IP tries to transfer to a different destination, the second-client transfer instead goes to the same destination as the first. This happens because the destination set by reverse proxy in the DNAT rule is "anywhere", as shown in the following example rule for a transfer from 10.0.201.174 (client) to 10.0.113.53 (the proxy), with a backend ES server destination of 10.0.113.54:
target  prot opt source         destination         
DNAT    udp  --  10.0.201.174   anywhere      udp dpt:33001 /* d9829c...14545 */ to:10.0.113.54:33001
With this fix, the DNAT rule would now be:
target  prot opt source         destination         
DNAT    udp  --  10.0.201.174   10.0.113.53   udp dpt:33001 /* 09ba60...66de9 */ to:10.0.113.54:33001

#35902 - When reverse proxy has multiple IP interfaces, the TCP/UDP packets may fail to go to the same backend ES server. For example, this can happen when there is a source-IP-address-based load balancer between the reverse proxy and backend servers. With this fix: (1) the outgoing TCP connection now binds to the same NIC as the incoming request (the request that matches the host_ip specified in aspera.conf); and (2) the SNAT destination rule is now set to the destination IP address of the backend server.

 

SYSTEM REQUIREMENTS

Linux 64-bit: RedHat 6, CentOS 6, Fedora 15-20, Ubuntu 12-14, Debian 6 & 7, SLES 11, Kernel 2.6 or higher, and libc version GLIB 2.5+.

PACKAGE INFORMATION

Linux 64-bit (deb): aspera-proxy-1.4.0.126830-linux-64-release.deb
md5: 3a3428a04b612a788c5cea2dc09a2579
sha1: af90c58453480294997f0728a46324d0c76446a2
Linux 64-bit (rpm): aspera-proxy-1.4.0.126830-linux-64-release.rpm
md5: 4325ea1d6a23665f45acb4b17cab0843
sha1: bad4c15167a433060e4eb9908551211df90d3269

KNOWN ISSUES

#19185 - A log file is created with proxy user permission, preventing a subsequent user from writing in it.

#34615 - Forward proxy is creating rules for UDP from SCP GUI connection, which it is not supposed to do.

#24270 - Transfers cannot be made to a server with a docroot on Azure if routed through an Aspera Proxy server.

#24012 - Rules created in reverse proxy for host_domain are not respected.

#21288 - On some Linux platforms (for example, SUSE) the iptables-restore command is not located in /sbin but /usr/sbin. Workaround: Create a symlink in /sbin for /usr/sbin/iptables-restore.

#19205 - Proxy does not support HTTP fallback.

#19185 - If you specify a directory for <log_dir>, the log file is created with 0640 permissions. As a result, not all transfers will be logged. Workaround: Once the log file has been created, change its permissions to 0660.

PRODUCT SUPPORT

For on-line support resources for Aspera products, including raising new support tickets, please visit the Aspera Support Portal. Note that you may have an existing account if you contacted the Aspera support team in the past. Before creating a new account, first try setting a password for the email that you use to interact with us. You may also call one of our regional support centers.