Sightline and Threat Mitigation System

Release Notes

Version 9.3.6
Legal Notice
The information contained within this document is subject to change without notice. NETSCOUT SYSTEMS, INC.
makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties
of merchantability and fitness for a particular purpose. NETSCOUT SYSTEMS, INC. shall not be liable for errors
contained herein or for any direct or indirect, incidental, special, or consequential damages in connection with the
furnishings, performance, or use of this material.

© 1999-2021 NETSCOUT SYSTEMS, INC. All rights reserved. Confidential and Proprietary.
Document Number: TMS-RN-936-2021/02
24 February, 2021
Contents

Revision History 4
Introduction 5
New versioning policy for Arbor software 6
Upgrade Information for Threat Mitigation System (TMS) 9.3.6 7
TMS 9.3.6 Release Notes 9
System Requirements for TMS 9.3.6 10
Fixed Issues in TMS 9.3.6 14
Known Issues in TMS 9.3.6 15
Additional Information 17

Sightline and TMS Release Notes, Version 9.3.6 3

Sightline and TMS Release Notes, Version 9.3.6

Revision History
The following table lists the dates when these release notes were updated and a
description of the changes that were made:

Date Description of Changes

02/24/2021 Content finalized.

4 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

Introduction
This document includes release information about Threat Mitigation System 9.3.6. For
release information about Sightline 9.3.6, see the separate release notes for the Sightline
(formerly SP) software.

The Threat Mitigation System 9.3.6 software release is Generally Available until July 29,
2022. After this date, software upgrades for this release will no longer be available.

Note
Threat Mitigation System 9.3.6 is not a maintenance release for the 9.3.x series. It should
not be installed to solely fix recently resolved defects. For more information or assistance,
please contact your account team or the Arbor Technical Assistance Center (ATAC).

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 5

Sightline and TMS Release Notes, Version 9.3.6

New versioning policy for Arbor software

We are adopting a new versioning policy for Arbor software releases, effective
immediately.

Release levels for Arbor products

Release
level Numbering Description
Major x.0.0 A release that includes significant new features,
Example: 4.0.0 enhancements, and bug fixes.

Minor x.y.0 A release that follows a major release and includes new
Example: 4.3.0 features, enhancements, and bug fixes.

Point x.y.z A release that follows a major or minor release and

Examples: includes bug fixes. A point release might also include
4.0.1, 4.3.2 new features and enhancements.

Maintenance x.y.z.n A release that fixes bugs that were found in the
Examples: associated major, minor, or point release.
4.0.0.2, 4.3.0.1,
4.0.1.3, 4.3.2.1

Note
Point releases are a new addition to the Arbor software versioning policy. As of this
release, 3-digit release numbers x.y.z apply to point releases only. They no longer apply to
maintenance releases.

Lifecycle support
n Major and minor releases have a 3-year support lifecycle (with 2 years software
maintenance).
n A point release inherits the support lifecycle from the major or minor release that it is
associated with. For example, 4.3.2 follows the support lifecycle timeline of 4.3.0.
n A maintenance release inherits the support lifecycle from the major or minor release
that it is associated with. For example, 4.3.2.1 follows the support lifecycle timeline of
4.3.0.

6 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

Upgrade Information for Threat Mitigation System (TMS)
9.3.6
For detailed information about supported upgrade paths, multi-version upgrades, and
multi-version deployments, see the Sightline and Threat Mitigation System Compatibility
Guide . You can download this guide from the Arbor Technical Assistance Center
(https://support.arbornetworks.com).

Software Threat Mitigation System (TMS) requires specific CPU instruction

sets
All CPUs used by Software TMS must have the MMX, SSE, SSE2, SSE3 (PNI), and SSSE3
instruction sets. Software TMS may not start if you upgrade to Software TMS 9.3.6 with a
CPU that does not support these instruction sets.
Note
To check which instruction sets the CPU supports, enter cat /proc/cpuinfo in the
shell command line. The supported instruction sets are listed in the Flags field.
Important
(Software TMS running in a KVM hypervisor only) The default KVM64 CPU does not
support the required instruction sets. When you install Software TMS you must specify
a different CPU that supports the instruction sets. See "Installing Software Threat
Mitigation System from a qcow2 disk image" in Software Threat Mitigation System
Virtual Machine Installation Guide .

Supported upgrade paths for TMS 9.3.6

For information about the supported upgrade paths to TMS 9.3.6, see “Supported
Upgrade Paths” in the Sightline and Threat Mitigation System Compatibility Guide ,
available from the Arbor Technical Assistance Center
(https://support.arbornetworks.com).

Important
To upgrade a Cisco ASR 9000 vDDoS Protection device to TMS 9.3.6, follow the
instructions in the topic “Upgrading the Software and Installing Maintenance Releases on
TMS Devices” in the Sightline and Threat Mitigation System User Guide . The installation
procedure described in the Cisco ASR 9000 vDDoS Protection Configuration Guide should
be followed for new installations only.

Multi-version upgrades and deployments

TMS 9.3.6 is multi-version compatible with earlier Sightline, SP, and TMS releases. This
allows you to upgrade the devices in your deployment in stages. For details about multi-
version compatibility, refer to the Sightline and Threat Mitigation System Compatibility
Guide , available from the Arbor Technical Assistance Center
(https://support.arbornetworks.com).

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 7

Sightline and TMS Release Notes, Version 9.3.6

About adding or upgrading TMS 9.3.6 in Sightline deployments

You add or upgrade TMS hardware and software in your Sightline deployment by doing
the following:
n installing new or upgraded TMS software on TMS appliances, Cisco ASR 9000 vDDoS
Protection models, virtual machines, or your own hardware
n configuring TMS software in the Sightline web UI or in the Sightline or TMS command
line interface (CLI)

8 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

TMS 9.3.6 Release Notes
Enhancements in TMS 9.3.6
New 10GbE network card support in the TMS 8100 (8x10G + 8x1G)
The TMS 8100 (8x10G + 8x1G) appliance now supports the Silicom PE310G4i71L-XR quad
port 10GbE Intel x710-based network card.

Important
With support for this network card, the TMS 8100 (8x10G + 8x1G) now requires TMS 9.3.6.
The TMS (8x10G + 8x1G) is no longer supported in TMS 9.3.5.

New QSFP+ optical transceiver support in the TMS HD1000

The TMS HD1000 appliance now supports the 40 GbE InnoLight TR-IQ13L-N00 QSFP+
Gen 2 optical transceiver. A 4 x 10 GbE fiber optic breakout cable must be used with the
transceiver.

See the following Installation Guides for additional information on connecting a

TMS HD1000 appliance:
n Threat Mitigation System (TMS) HD1000 (16x10G) Appliance
n Threat Mitigation System (TMS) HD1000 (4x100G + 8x10G) Appliance

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 9

Sightline and TMS Release Notes, Version 9.3.6

System Requirements for TMS 9.3.6

For information about enforced limits and guideline limits for each currently supported
TMS model, see Sightline and Threat Mitigation System Deployment and Appliance Limits.
You can download this guide from the ATAC website
(https://support.arbornetworks.com).

Supported TMS 9.3.6 devices

The following TMS devices are supported in the TMS 9.3.6 release:
n TMS 2300 series (TMS 2301, 2302, 2305, and 2310)
n TMS 2600
n TMS 2800
n TMS 5000 (32x10G and 4x100G models)
n TMS HD1000 (16x10G)
n TMS HD1000 (4x100G + 8x10G)/PPM-20G
n TMS HD1000 (4x100G + 8x10G)/PPM-50G
n TMS HD1000 (4x100G + 8x10G)/mixed PPMs
n TMS 8100 (8x10G + 8x1G)
n Software Threat Mitigation System
n Cisco ASR 9000 vDDoS Protection (10G, 20G, 40G, and 60G models)

For more information see “TMS Software Compatibility with TMS Devices” in the Sightline
and Threat Mitigation System Compatibility Guide . You can download this guide from the
Arbor Technical Assistance Center (https://support.arbornetworks.com).

Communication ports
Required ports
The following table lists the ports that TMS requires in a Sightline/TMS deployment.

Ports
Service Required Protocol Direction
ArborFlow 31373 UDP n FS appliance to traffic and routing
analysis
n FS appliance to data storage traffic
and routing analysis to data storage
n traffic and routing analysis to data
storage

ArborFlow (if 5000 (default) UDP n TMS appliance to traffic and routing
ArborFlow from analysis
TMS is enabled)

10 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 Ports
Service Required Protocol Direction
BGP 179 TCP n TMS appliance to router
n traffic and routing analysis to router
n user interface to router
n FS appliance to router
n router to traffic and routing analysis
n router to user interface
n router to FS appliance
n router to TMS appliance

DNS 53 UDP n Sightline appliance to DNS server

n Return on same port

Flow 2055 UDP n Router to traffic and routing analysis

(netflow) (configurable) n Router to FS appliance
n By default, traffic and routing
analysis or FS appliances watch all
UDP ports for netflow packets from
configured routers.

HTTPS 443 TCP n Sightline non-leader appliance(s) to

Sightline leader appliance
n Sightline leader appliance to
Sightline non-leader appliance(s)
n TMS appliance to managing
appliance
n Managing appliance to TMS

SNMP polling of 161 UDP n Traffic and routing analysis to router

routers n FS appliance to router
n Return on same port

Sightline user 443 TCP n User workstation to Sightline leader

interface (HTTPS) or user interface

Note
Some of the ports may not be applicable to your deployment.

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 11

Sightline and TMS Release Notes, Version 9.3.6

Optional ports
The following ports are optional and only need to be enabled if you are using the
corresponding service:

Service Ports Protocol Direction

FTP 20-21 TCP n TMS appliance query to FTP client
n FTP client response to TMS
appliance
n Sightline appliance query to FTP
server
n FTP server response to Sightline
appliance

HTTP 80 TCP n TMS appliance query to HTTP client

n HTTP client response to TMS
appliance
n Sightline appliance to HTTP server
n HTTP server response to Sightline
appliance

NTP 123 UDP n Sightline or TMS appliance request

to NTP server
n NTP server response to Sightline or
TMS appliance

ping echorequest, ICMP n Sightline or TMS appliance request

echoreply to remote device
n Remote device response to Sightline
or TMS appliance

RADIUS 1812 UDP n Sightline or TMS appliance query to

Authentication RADIUS server
n RADIUS server response to Sightline
or TMS appliance

RADIUS 1813 UDP n Sightline or TMS appliance query to

Accounting RADIUS server
n RADIUS server response to Sightline
or TMS appliance

SMTP 25 TCP n Leader appliance delivery to SMTP

server
n SMTP server response to leader
appliance

SNMP polling of 161 UDP n User polling equipment query to

appliances Sightline or TMS appliance
n Sightline or TMS appliance response
to user polling equipment

12 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 Service Ports Protocol Direction
SNMP trap 162 UDP n Leader appliance message to SNMP
trap collector
n TMS appliance message to SNMP
trap collector

SSH 22 TCP n Workstation to Sightline or TMS

appliance
n Sightline or TMS appliance response
to workstation
Note
Backup uses SSH

Syslog 514 UDP n Sightline or TMS appliance message

to Syslog server

TACACS+ 49 TCP n Sightline or TMS appliance query to

TACACS+ server
n TACACS+ response to Sightline or
TMS appliance

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 13

Sightline and TMS Release Notes, Version 9.3.6

Fixed Issues in TMS 9.3.6

Fixed
Bug Number Ticket Number In TMS Fixed Issues Description
90002 200126-000023 9.3.6 If a source IP had an exceedingly large
200816-000005 number of connections, network buffers
could become exhausted when TMS sent
RST packets. There is now a limit on the total
number of RST packets sent to each source
IP.

91815 201005-000041 9.3.6 Under certain traffic conditions and

201019-000048 countermeasure configurations, the TMS
experienced packet processing problems
that resulted in the loss of nexthops.

91841 201014-000023 9.3.6 In a deployment with rapidly updating filter

200630-000050 lists, TMS could enter a state where it would
201125-000007 no longer process configuration changes
from Sightline.

91842 201013-000036 9.3.6 Under certain conditions, the modification of

201014-000052 filter list configurations could cause a failure
200909-000026 in packet processing.
201103-000010
200630-000050

92058 201110-000000 9.3.6 Changes to mitigation configurations or filter

201110-000015 lists could result in packet processing
201116-000058 failures or incorrect pass/drop behavior the
201013-000036 next time the affected mitigation processed
201120-000044 traffic.
201028-000014

92146 201013-000036 9.3.6 TMS configuration changes were not

applied.

92193 201116-000051 9.3.6 No alert was raised when a TMS HD1000 lost
its only PPM.

14 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

Known Issues in TMS 9.3.6

Ticket Found
Bug Number Number In TMS Known Issues Description
92849 9.3.6 The following cosmetic error message
appears on the serial console when Software
TMS is booted on KVM or VMware systems.
There is no change in the functionality of the
TMS.
IpmitoolException: ipmitool exited
with error: Could not open device at
/dev/ipmi0 or /dev/ipmi/0 or
/dev/ipmidev/0: No such file or
directory

92016 9.3.5 On the TMS 8100 (8x10G + 8x1G), the power

button LED displays incorrectly, as follows:
n when the appliance is in a normal state the
LED displays as blinking green, but should
be solid green
n when the appliance is in a degraded state
the LED displays as solid green, but should
be blinking green

90663 9.3.0 In tmsdump, certain packets such as LACP

PDU's may get marked as "consumed"
before they have been transmitted. This is a
cosmetic display issue only.

91842 201013-000036 9.3.0 In certain situations, shared memory

201014-000052 corruption causes a failure in packet
200909-000026 processing.
201103-000010

89085 9.2.0 The front panel management port on the

TMS-HD1000 is unable to communicate after
negotiating at 10BASE-T speed.

87174 9.1.0 The following log messages may occur when

running more than 100 mitigations on a TMS
5000. These are harmless and should be
ignored:
n blinky[#]: [S] #MODULE-SKIP
check-hwdevice (already running)
n blinky[#]: [W] #BLINKY apm-X-ipmc
-4 seconds out of sync
n SA_ERR_HPI_NO_RESPONSE

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 15

Sightline and TMS Release Notes, Version 9.3.6

Ticket Found
Bug Number Number In TMS Known Issues Description
88020 9.1.0 If you make certain changes to the TMS patch
panel settings in the presence of traffic, the
system can generate spurious alerts and may
become slightly unstable. You can avoid this
by making patch panel changes only when
the TMS is not actively mitigating traffic, or by
waiting about a minute for the condition to
clear.

83778 8.4.0 The following cosmetic message may appear

in the syslog on the TMS HD1000 (16x10G)
and TMS HD1000 (4x100G + 8x10G):
[LOGIN]Failed to get switch chip
temperature from lcmgr: Command
failed: pica_get_system_temperature_
info failed
This message can be ignored.

84017 8.4.0 After upgrading to TMS 8.4.0, there may be

warnings about having an invalid GRE
configuration and tunnels will not exist. This
issue will resolve itself upon the first
configuration push from the Sightline leader.

84130 8.4.0 On a TMS HD1000

(4x100G + 8x10G)/PPM-50G with eight PPMs,
dropped packets for a mitigation are not
shown in Sightline when viewing sample
packets and filtering by All Packets.

84373 8.4.0 The summary graph on the TMS Mitigation

Status page continues to update for a short
time when a custom time range is entered.

82696 8.3.0 On the Add/Edit Appliance page, if a Software

TMS has fewer than 16 physical interfaces
configured and if Capabilities is set to
Enable Full Reporting on the Deployment
tab, the following TMS Fault alert will appear:
Config File 'dpi.conf' is 'Error'
(physical interface(s) invalid
This alert is not a legitimate TMS fault.
Workaround: Change the Capabilities
setting to Advanced. Then, on the Patch
Panel tab, under Interfaces, for each
interface that is configured for mitigation or
reporting, select the following Capabilities
check boxes only: Mitigate , Flow, DNS,
HTTP, and VOIP.

16 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

Additional Information
Downloading the software and documentation
You can download the software releases and user documentation from the Arbor
Technical Assistance Center website (https://support.arbornetworks.com):

1. Go to https://support.arbornetworks.com and log in with your Arbor Support Portal

credentials.
2. On the welcome page, click Software Downloads.
3. On the Arbor Networks Software Downloads page, click the Arbor TMS link.
4. On the Product Information page, click the link for the appropriate version, and then
download the file(s).

Contacting Arbor Technical Assistance Center

If you do not already have a customer account, contact the Arbor Technical Assistance
Center (ATAC) at:

n 1 877 272 6721 [U.S. toll free]

n +1 781 768 4301 [Worldwide]
n https://support.arbornetworks.com
(You need a username and password to access the ATAC website.)

Documentation for TMS 9.3.6

The following documentation is available for Sightline and TMS devices and software. All
documentation is available from the Arbor Technical Assistance Center
(https://support.arbornetworks.com).

Note
Software TMS performance benchmarks have been removed from the following
documents:
n Software Threat Mitigation System Virtual Machine Installation Guide
n Software Threat Mitigation System Installation on Hardware
Software TMS performance benchmarks are now published in the Software Threat
Mitigation System Performance Benchmarks document, which is published when
benchmark information is available.

Document Title Description

Sightline Release Release information about Sightline and TMS, including new
Notes features, enhancements, fixed issues, and known issues.

Threat Mitigation
System Release
Notes

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 17

Sightline and TMS Release Notes, Version 9.3.6

Document Title Description

Sightline and Threat Instructions and information that explain how to configure and
Mitigation System use Sightline and TMS devices and software via the Sightline user
User Guide interface (UI) and the command line interface (CLI).
You can access the User Guide by clicking the  icon in the
Sightline UI. It is also available as a PDF.
Note
The User Guide contains all information that was previously
included in the Sightline and Threat Mitigation System
Advanced Configuration Guide .

Sightline and Threat Descriptions of the support for multi-version, multi-platform

Mitigation System Sightline and TMS deployments.
Compatibility Guide

Sightline and Threat Lists the enforced limits and guideline limits for Sightline and
Mitigation System Sightline/TMS deployments. It also covers the enforced limits and
Deployment and guideline limits for each currently supported Sightline and TMS
Appliance Limits appliance.

Sightline and Threat Descriptions of each Sightline and TMS software licensing mode,
Mitigation System how to obtain licenses to run your Sightline and TMS software,
Licensing Guide and how to add and change the licensed capabilities and
capacities in your deployment.

Sightline and Threat Instructions and information for the managed services
Mitigation System customers who use the Sightline user interface.
Managed Services
Customer Guide

Sightline and Threat Instructions for remotely accessing Sightline and TMS using the
Mitigation System REST, SOAP, and Arbor Web Services APIs.
API Guide

Sightline REST API Instructions and information that explain how to use Sightline
Documentation REST API. You can access this documentation from the Sightline
UI by selecting Administration > REST API Documentation . It
is also available for download.

Sightline Virtual Instructions on installing Sightline in a VM environment. Follow

Machine Installation the instructions in this guide if you are using a VM instead of
Guide hardware for Sightline.

Software Threat Instructions on installing Software TMS on your own hardware.

Mitigation System Follow the instructions in this guide if you are installing Software
Installation on TMS on hardware instead of a VM.
Hardware

Software Threat Instructions on installing Software TMS in a VM environment.

Mitigation System Follow the instructions in this guide if you are using a VM instead
Virtual Machine of hardware for Software TMS.
Installation Guide

18 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary

 Document Title Description
Software Threat Performance benchmarks for Software TMS installations on a VM
Mitigation System and your own hardware.
Performance
Benchmarks

Installation Guide Instructions and requirements for the initial installation and
for Sightline and configuration of Sightline and TMS appliances.
Threat Mitigation
System appliances

© NETSCOUT SYSTEMS, INC. Confidential and Proprietary 19

Sightline and TMS Release Notes, Version 9.3.6

20 © NETSCOUT SYSTEMS, INC. Confidential and Proprietary