Linux Operating System: Broadcom CryptoNetX SSL Accelerator Adapter User Guide

Installation • Updating the Driver • Software Removal • Diagnostics • Manageability • Failover and Load Balancing • Troubleshooting

Glossary of Terms and Acronyms

Installation

Linux support for the CryptoNetX SSL Accelerator adapter is tightly integrated into Red Hat 7.2. All of the software necessary to enable the adapter can be found on the Red Hat 7.2 installation media. When installing the operating system, support for the CryptoNetX can be included by doing the following:

Select Server from the Installation Type menu and choose Web Server from the Package Group Selection list, or
Select Custom from the Installation Type menu and choose Everything from the Package Group Selection list, or
Opt to Select Individual Packages and include bcm5820 from System Environment > Base.

If the adapter is being added to a computer on which Red Hat 7.2 is already installed, complete the following steps:

If the bcm5820 package is not already installed, install the package from the Red Hat 7.2 operating system installation media, disk 2.
Shut down the computer and install the CryptoNetX adapter, as described in Hardware Installation.
Restart the computer.
When Kudzu, the Red Hat autoconfiguration utility appears, follow the on-screen instructions.
When Kudzu exits, activate the CryptoNetX adapter by typing the following: service bcm5820 start.
Restart any services that rely on SSL, or restart the computer.

NOTE: The CryptoNetX SSL Accelerator adapter supports only the Apache Web server. Apache, version 1.3.20, as provided in Red Hat 7.2 has been tested with the adapter in conjunction with OpenSSL, version 0.9.6b, and was found to operate properly.

Updating the driver

Periodically, driver updates are made available either on the Dell website or on a support CD. When an updated driver is released, it is generally supplied in two forms: a kernel-specific binary RPM and a kernel agnostic, tarred and gzipped, source tree. Unless a customized kernel is in use, follow the instructions below to install the binary RPM.

Upgrading with a binary RPM

Upgrade the driver with the command rpm -Uvh <filename> where "filename" is the name of the binary RPM file.
Reboot the server.

If the kernel has been customized (reconfigured and recompiled) the driver must be built from source to match the kernel. Follow the instructions below.

Upgrading from Source Code

Create a working directory to hold the source files: mkdir bcmdir
Enter the working directory cd bcmdir and unzip the source code with the command tar xzvf <sourcefile> where "sourcefile" is the name of the source code package.
Build the new driver with the command make -f Makefile.bcm
Install the driver with the command make install -f Makefile.bcm
Reboot the server.

NOTE: Updated drivers may also provide updated documentaion in the form of a "readme.txt" file. If such a file exists, it's contents may supercede this document.

Software Removal

Use the following commands to remove the software that supports the CryptoNetX SSL Accelerator adapter:

service bcm5820 stop

rpm -e bcm5820

Diagnostics

The diagnostics program, b58diag, allows you to verify that the driver is loaded and functioning properly. See Troubleshooting.

NOTE: CryptoNet is the generic name for the Broadcom CryptoNetX SSL Accelerator adapter. When you run b58diag, the system software recognizes the generic name.

Manageability

The bcm5820 package, as delivered in Red Hat 7.2, provides extensions to the ucd-snmp package and the MIBs that allow the CryptoNetX adapter to be monitored via SNMP. Further information regarding the shell scripts that extend the functionality of the ucd-snmp daemon can be found in /usr/share/coc/bcm5820-1.17/readme.snmp. The MIB file, which can be used by an SNMP management station, can be found at /usr/share/snmp/mibs/cnStatTrap.mib.

Failover and Load Balancing

If you have multiple Broadcom CryptoNetX SSL Accelerator adapters installed in your computer, traffic is automatically shifted to other adapters in case one or more of the adapters fails or is removed. Even if all CryptoNetX adapters fail, traffic is automatically shifted to the CPU. Also, traffic is distributed among all operational adapters. You do not have to configure the software to realize the failover and load balancing features.

Troubleshooting

WARNING: Before opening the case of your computer, review all precautions outlined under Safety Precautions.

Checking the System

Review the following checklist for recommended actions to take if any functionality problems occur when you install or operate the CryptoNetX SSL Accelerator adapter.

Check the adapter installation by reviewing the Adapter Installation Procedure. Verify that the adapter is properly seated in a PCI slot. Check for specific hardware problems, such as obvious damage to the adapter components or the PCI connector dock.
Check the configuration settings and change them if they are in conflict with another device.
Verify that your system is using the latest BIOS.
Insert the adapter into another PCI slot. If the new position works, the original slot in your computer may be defective.
Replace the adapter with one that is known to work properly. If the second adapter works in the slot where the first adapter failed to work, the original adapter is probably defective.
Install the adapter in another computer and check the functioning of the adapter. If the adapter functions satisfactorily in the other computer, the original computer may be defective.
Remove all other adapters from the computer and check the functionality of the CryptoNetX SSL Accelerator adapter again. If the adapter functions satisfactorily, the other adapters may be causing contention.
Verify that the bcm5820 package is correctly installed by doing the following:
1. At the shell command prompt, type rpm -q bcm5820.
  If the package is correctly installed, the following message appears: bcm5820-<version>.

If you do not see the message, the package is not correctly installed.
To install the package, do the following:

Insert the Red Hat 7.2 operating system installation media, disk 2 in the CD-ROM drive.
Verify that the compact disc is mounted. Then type cd /mnt/cdrom/RedHat/RPMS.
Install the package by typing rpm -i bcm5820-<version>.rpm.
Repeat step 8A to verify that the installation was successful.

Verify that the startup script is enabled.
1. At the shell command prompt, type chkconfig --list|grep bcm5820.
2. Verify that run levels 3, 4, and 5 are on. If the startup script is not enabled, type chkconfig bcm5820 on.
3. Restart the computer.
At the shell command prompt, restart the Apache Web server by typing service httpd restart.
Run lsmod to verify that the BCM5820 driver is properly loaded. If the driver is loaded, a line similar to the one below appears, where size is the size of the driver in bytes, and n is the number of active CryptoNetX processes.

Module	Size	Used by
BCM5820	size	n

The Broadcom 5820 Linux diagnostic program can also be used to verify that the driver is loaded and functioning correctly. To run the diagnostic program, type b58diag.

Verify that OpenSSL is configured to use the Broadcom CryptoNetX SSL Accelerator adapter by looking for the statement "engine = ubsec" in /usr/share/ssl/openssl.cnf.
Make certain that the server has the latest CryptoNetX driver. Run b58diag -v to determine the driver version in use and then check the product support CD or the Dell website for a newer driver.

Known Problems and Workarounds

Problem	Workaround
When you run the b58diag diagnostic using the -v and -s options, the version number that is reported is 0.	None
When you run the b58diag diagnostic using the -s<number of CryptoNetX devices installed> option and you type a number that is greater than the number of CryptoNetX devices that are actually installed, the test reports failure on the nonexistent devices.	When using the -s option, type a value between 1 and n, where n equals the total number of installed CryptoNetX devices.

Please read all restrictions and disclaimers.

Back to Contents