Avaya Configuring Traffic Filters and Protocol Prioritization User's Manual
Contents
1. Table 7 1 Using the Edit Priority Outbound Template Window Task Site Manager Procedure Notes Adda 1 Choose Criteria gt Add gt criterion The Add A template can have only one criterion criterion Range window opens You must specify at least one range ina 2 Type a range in the Minimum value and template Maximum value fields then click on OK Delete a 1 Select the criterion to delete in the Filter A template must have a criterion Specify a criterion Information field new criterion after deleting one 2 Click on Delete The Delete Criteria window opens 3 Click on Delete Adda 1 Select the criterion in the Filter Information field You can add up to 100 ranges If the range range li A consists of a single value type the value in EIC o Add The Rod Range Windom Opens the Minimum value field only Use the 3 Type a range in the Minimum value and prefix Ox to specify a hexadecimal number Maximum value fields then click on OK Zero is not a valid entry Modify a 1 Select the range to modify in the Filter Ranges are listed below the criterion in the range Information field Filter Information field Selected ranges 2 Click on Modify appear in the Range Min and Range Max epN y fields at the bottom of the Edit Priority 3 Type new values in the Range Min and Range Outbound Template window Max fields Deletea 1 Select the range to delete in the Filter You2. 4 11 RIDE E ACION c 4 11 Chapter 5 Specifying Common Criterion Ranges Speciiying MAG Address Ranges 2 pasci irapa URP cem ar ne e dug dr uso setae 5 2 SRB Source MAD AOORESEBS ousussusesccmitiden cede Uibbps Dc etubl Mae quU cae L DUM ara DUE Cain 5 2 SRB Funclipnal MAC ABESSE 1 uiii ortho td preiccb dui bou ll gdak ento Re ash tae dapi a de Specilying VINES Address RANGES aussi enini duck gw RD 5 8 Specifying Source and Destination SAP Code Ranges sse 5 4 Specifying Frame Relay NLPID Ranges ucceceitemererttt tont ctt tex o pne ue 5 5 apes PPP Protocol ID Rangos sorcatoratenis dae ETE CH S Rad axi acetate use 5 5 Specilying TCP and UDP Part Ranges ouesenguitbestideeherdi epa beri pM ree i dnd heri amon Specilying Ethernet Type Rangog M 5 7 Specifying IP Protocol ID and Type of Service Ranges ccscceseseeeeeeeeseeeeeeeeeetees 5 10 Chapter 6 Applying Inbound Traffic Filters Displaying the Inbound Traffic Filters Window uscire rner ati nn en 6 2 Preparing Inbound Traffic Filter Templates esesseseseemeeeneene O erue Mi urere M 6 4 Customizing M E uei Ec 6 6 Wan DISEMI Is ii th c o T ELT ire ML Ee peii ERES 6 7 Greating an inbound Traffic PAGE uuuoisessuiicca ad die qeu LC eda aud Lee cidit aa ud ost ud iecur 6 10 Ediing an BOUL Tamie aliit 6 11 Enabling or Disabling an Inbound Traffic Filter 6 15 Deleting an
3. cccccceccsscceeessneeeeeeeesaeeeeessnnaeeeeeseaas 1 7 POOS cc P acetone a pac wea bate 1 11 ACIONO assiercos ivan PORE ERROR RUR nU mass vail c nct aed CE tul an ERE a tennis 1 11 Usmo Filer pr NE o o LN 1 13 Gumma sr Tratte Filter GIUSPDON donais x acu Sra ear a Re see sue BE Fa sE RR aco NU Eee Da S 1 14 303543 A Rev 00 V Chapter 2 Using Protocol Prioritization Queues About Protocol PHO Z AUG icsucbcaiicip pas ERE tao cte here niaaa a aaae aaaeaii 2 1 MICAT rc EARUM 2 2 The Dequeuing Process piens E E EAT E M Ei E Le D MEE 2 8 Bandwidth Allocation AIGOFITAIN p 2 4 Suc Degueumg DUGOUT euis cec kunt ix utc aE 2 7 Enabling Protocol PmOIIBESTISH Go etaie oid Ure aa epE bre p CER bre a nM PR TUE Urt aD MES 2 9 TUNNO FOCA PEIDHIZSDOI eser rore rey rrr errr error E bae ERE tren pe Ee ERI PME ERE 2 10 Ta GOOO EE ER U a Terr nm nne erent 2 10 xlcep pA ipe ip T 2 10 SUD EIR E I 2 11 Wigs aec P R enn 2 13 Editing Protocol Prioritization Pursneton 2 14 Monitoring Protocol Prioritization Statistics sessi tenian hine nu iun 2 15 Chapter 3 Inbound Traffic Filter Criteria and Actions Transparent Bridge Criteria and ACHONS uiis cess ptis pp RR uou Xm Ob a a RS 3 2 Predefined Transparent Bridge Criteria sse 3 3 User Defined Transparent Bridge Criteria
4. Description Protocol ID Code decimal ICMP Internet Control Message Packets 1 IGP Interior Gateway Protocol 9 RSVP Reservation Protocol 46 VINES 83 OSPF 89 Table 5 10 IP Type of Service Codes Description Type of Service Code Network Control 111 Internetwork Control 110 CRITIC ECP 101 Flash Override 100 Flash 011 Immediate 010 Priority 001 Routine 000 You use these codes to specify ranges for Protocol or Type of Service criteria in inbound or outbound IP traffic filters Select these criteria as follows e For an inbound traffic filter In either the Create IP Template or Edit IP Filters window choose Criteria Add IP Type of Service Protocol ID e For an outbound traffic filter In either the Create Priority Outbound Template window or Edit Priority Outbound Filters window choose Criteria gt Add gt IP gt IP gt Type of Service Protocol 5 10 303543 A Rev 00 Chapter 6 Applying Inbound Traffic Filters This chapter describes how to use the Configuration Manager to configure inbound traffic filters Topic Page Displaying the Inbound Traffic Filters Window 6 2 Preparing Inbound Traffic Filter Templates 6 3 Creating an Inbound Traffic Filter 6 10 Editing an Inbound Traffic Filter 6 11 Enabling or Disabling an Inbound Traffic Filter 6 15 Deleting an Inbound Traffic
5. eeeeseseeeeeeeceeeeee 3 4 Ene ui Deep rio MP E 3 4 Source Route Bridging Criteria and ACHONS L1 etna xag nk era iniiai 3 5 Predefined Bm CEDE nascere E en rie Eee OE EER e EE ERE COE PvE EY cr rg e eO EROR 3 5 Sp cifying an SAB Criterion Range Liu ipaetsuk ninina x Ree as conan 3 5 User Defined SRB it m 3 6 SPE ACUDE ARTT DID IT 3 6 DECnet Phase IV Criteria and AGHOIIS 2uscoes iudice rendere kon uEXE Eee d EXE EE Fe qd ERA anniina 3 7 PRSCENNED DEC MSE CIENIE M r 3 7 User Defined EU et Ciel scccctcsnciuderasacisiinannadvsesets cvseass arin iaai inaina 3 7 gi PCTS e icc caadce nae dieeGonalagiyinediecarencadonseardiupmraaadeeaeomdacsnwadelamaeetaaaces 3 7 BB IGI ICE and TERCER TEE LL LIEU 3 8 Predelined DLOW CISTA RR E mU 3 8 Weer Deri ned DLSW CMG CN III 3 8 Le ACONES saniainen NEEE EAA EEN EE 3 8 vi 303543 A Rev 00 Predeimed IF mm DM 3 9 User Defined IP CETA naicsiscssasexsssncrsncsiapracsuntenieteneseeentnisat ensued PF cR dpa e ER RR 3 9 IE ACIOS ada Desk o rape undae Ubox e bU RUN UE arte mater ta 3 10 IP Regg t E I EU T TQ T TT 3 11 Piece nme PX GETA siirad inanan a V E eb Ri rd t ca PUR P ded LIN UR 3 11 User Defined IPX Gena cisccuscenciaddi ior Tid pere d index bet va SUAE Oria debe c add ee i pd Ecc A TP fepe rr 3 12 LEGS Cnteria and AGUDIS cesi viii ieeqete ri reptile Ye EY tatiana 3 12 Predeliined LLGZ Criteria sacl ess prp r e 1px o Fu tidr ster E tB nO vetri p Fa TRE prr ET nrbt PT t WE ar EBD LLCS iu
6. esssesss 7 3 Priomtylutbeund Filters WIDBBM sssrinin 7 3 Filter Template Management Window eeeeeeeeeeeeenennnn 7 6 Create Priority Outbound Template Window esee 7 6 Prionization Longih Window RN 7 7 xi Figure 7 6 Edit Priority Outbound Template Window cccseseseeeceeeeeeeeeeeeeeees 7 11 Figure 7 7 Greate Filler WINGO secccctsisascctasaiedanuatnnesmntaccauidaandiaulenn dada n ti cd 7 14 Figure 7 8 Edit Priority Outbound Filters Window seeseeeeene 7 16 Figure 7 9 Add User Defined Field Window esee 7 21 Figure 7 10 Priority Outbound Filters Window Showing Filter Precedence 7 22 Figure 7 11 Change Precedence W IndOW 1 ascesesee csse eroe rte bnt vss tb Ran RCM ue RR 7 23 Figure 7 12 Priority Outbound Filters Window Showing New Order of Precedence 7 23 xii 303543 A Rev 00 Table 1 1 Table 1 2 Table 1 3 Table 1 4 Table 1 5 Table 3 1 Table 3 2 Table 3 3 Table 3 4 Table 3 5 Table 3 6 Table 3 7 Table 3 8 Table 3 9 Table 3 10 Table 3 11 Table 4 1 Table 4 2 Table 4 3 Table 4 4 Table 5 1 Table 5 2 Table 5 3 Table 5 4 Table 5 5 Table 5 6 Table 5 7 Table 5 8 Table 5 9 303543 A Rev 00 Tables Predefined Inbound Traffic Filter Criteria eese 1 8 Predefined Outbound Traffic Filter Criteria c cccccceeeeeeeeeeeee
7. Configuring Traffic Filters and Protocol Prioritization BayRS Version 13 00 Site Manager Software Version 7 00 Part No 303543 A Rev 00 October 1998 CES Bay Networks Where Information Flows Bay Networks Where Information Flows 4401 Great America Parkway 8 Federal Street Santa Clara CA 95054 Billerica MA 01821 Copyright 1998 Bay Networks Inc All rights reserved Printed in the USA October 1998 The information in this document is subject to change without notice The statements configurations technical data and recommendations in this document are believed to be accurate and reliable but are presented without express or implied warranty Users must take full responsibility for their applications of any products specified in this document The information in this document is proprietary to Bay Networks Inc The software described in this document is furnished under a license agreement and may only be used in accordance with the terms of that license A summary of the Software License is included in this document Trademarks AN BCN BLN BN FRE Optivity PPX and Bay Networks are registered trademarks and Advanced Remote Node ANH ARN ASN BayRS BaySecure BayStack BayStream BCC SPEX System 5000 and the Bay Networks logo are trademarks of Bay Networks Inc All other trademarks and registered trademarks are the property of their respective owners Restricted Rights Legend Use duplication or
8. The Copy Filter Template window opens 5 Specify a name for the new template Be sure to use a name that reflects its contents 6 Click on OK The Filter Template Management window opens The new template appears in the templates list 303543 A Rev 00 7 9 Configuring Traffic Filters and Protocol Prioritization Editing a Template After you create or copy a template edit it as follows Site Manager Procedure You do this System responds 1 Select a template in the Filter Template Management window 2 Click on Edit The Edit Priority Outbound Template window opens Figure 7 6 3 Add or delete predefined criteria ranges and actions Table 7 1 4 Click on OK The Filter Template Management window opens 5 Click on Done The Priority Outbound Filters window opens Figure 7 2 Table 7 1 describes how to add delete or modify predefined criteria ranges and actions in the Edit Priority Outbound Template window Figure 7 6 To add a user defined criterion see Specifying User Defined Criteria later in this chapter To add the Length action see Specifying Prioritization Length earlier in this chapter 7 10 303543 A Rev 00 Applying Outbound Traffic Filters Figure 7 6 Edit Priority Outbound Template Window 303543 A Rev 00 7 11 Configuring Traffic Filters and Protocol Prioritization
9. e Synchronous e Token ring You can apply multiple traffic filters to a single interface When more than one filter applies to a packet the order of filters determines the filtering result Inbound Traffic Filters Inbound traffic filters act on packets arriving at a particular router interface Most sites use inbound traffic filters primarily for security to restrict access to nodes in a network When you configure inbound traffic filters you specify a set of conditions that apply to the traffic of a particular bridging or routing protocol The Configuration Manager supports inbound traffic filters for the following protocols e Transparent bridge four encapsulation methods Ethernet 802 2 LLC 802 2 LLC with SNAP and Novell Proprietary e Native source route bridging SRB P PX XNS e OSI e DECnet Phase IV VINES e DLSw e LLC2 APPN and LNM 303543 A Rev 00 Using Traffic Filters Chapter 3 provides protocol specific information for designing inbound traffic filters Chapter 6 explains how to use the Configuration Manager to apply inbound traffic filters Outbound Traffic Filters Outbound traffic filters act on packets that the router forwards to a local area network LAN or wide area network WAN through a particular interface Most sites use outbound traffic filters to ensure timely delivery of critical data or to restrict traffic leaving the local network Outbound traffic filters
10. 3 8 Index 1 criteria inbound traffic filter continued IP Established TCP 3 9 IP Destination Address 3 9 IP Source Address 3 9 Protocol 3 9 TCP Destination Port 3 9 TCP Source Port 3 9 Type of Service 3 9 UDP Destination Port 3 9 UDP Source Port 3 9 IPX Destination Address 3 11 Destination Network 3 11 Destination Socket 3 11 Source Address 3 11 Source Socket 3 11 LLC2 Destination MAC Address 3 12 DSAP 3 12 Source MAC Address 3 12 SSAP 3 12 OSI Destination Area 3 13 Destination System ID 3 13 Source Area 3 13 Source System ID 3 13 SNAP Ethertype 3 3 Length 3 3 Protocol ID Organization Code 3 3 source route bridging Destination MAC Address 3 5 Destination NetBIOS Name 3 5 DSAP 3 5 Next Ring 3 5 Source MAC Address 3 5 Source NetBIOS Name 3 5 SSAP 3 5 user defined 6 17 to 6 18 7 20 to 7 21 VINES Destination Address 3 14 Protocol Type 3 14 Source Address 3 14 XNS Destination Address 3 15 Destination Network 3 15 Destination Socket 3 15 Index 2 Source Address 3 15 Source Socket 3 15 criteria outbound traffic filter adding 7 12 7 16 7 17 common headers 4 6 data link header 4 2 defined 1 6 deleting 7 12 7 17 IP header 4 5 user defined 4 7 4 9 D data link header outbound traffic filter criteria 4 2 reference points 4 7 DECnet Phase IV actions 3 7 criteria 3 7 deleting inbound traffic filters 6 16 outbound traffic filters 7 19 del
11. Source Socket XNS_BASE 224 16 303543 A Rev 00 3 15 Configuring Traffic Filters and Protocol Prioritization User Defined XNS Criteria In addition to the predefined filter criteria you can create traffic filters with user defined criteria by specifying an offset and length to this reference field in the XNS header Reference Field Description XNS_BASE Points to the first byte in the XNS header XNS Actions The XNS filtering actions are Accept Drop and Log 3 16 303543 A Rev 00 Chapter 4 Outbound Traffic Filter Criteria and Actions You create outbound traffic filters using templates that consist of criteria ranges and actions To define a template you need to know the specific criteria and actions that Site Manager supports for outbound traffic filters This chapter lists the following e Predefined outbound traffic filter criteria and actions Reference points for user defined criteria Topic Page Selecting Predefined Criteria 4 2 Selecting User Defined Criteria 4 7 Selecting Actions 4 1 For an overview of traffic filters templates and their criteria ranges and actions see Chapter 1 For instructions on using Site Manager to create outbound traffic filters see Chapter 7 Note For information about DLSw outbound traffic filters see Configuring DLSw Services 303543 A Rev 00 4 1 Configuring Traffic Filters and Protoc
12. you specify the offset and length to a supported reference point in the data link or IP packet header This section describes the following reference points for specifying user defined outbound traffic filter criteria e Data Link Reference Points IP Reference Points Data Link Reference Points Table 4 3 defines the reference points in the data link header from which you can build user defined criterion Table 4 3 Data Link Reference Points Reference Point Definition MAC Points to the high order byte of the destination address DATA LINK Points to the first byte following the length type criteria DL HEADER START Points to the beginning of the header beginning of the packet for PPP and Frame Relay packets DL HEADER END Points to the first byte following the DLCI in a Frame Relay packet and the first byte following the protocol ID in a PPP packet DL FR MPE Points to the NLPID Frame Relay packets only DL SR START Points to the beginning of the SRB packet which is the high order byte of the destination address DL SR DATA LINK Points to the first byte following the RIF Figures 4 3 and 4 4 show examples of where these reference points are located in a packet 303543 A Rev 00 4 7 Configuring Traffic Filters and Protocol Prioritization DL_HEADER_START MAC DATA_LINK d HEADER END DL FR MPE DLCI OXO03 po 00 80 00 80 C2 00 07 pafe
13. 6 9 6 14 303543 A Rev 00 outbound traffic filter changing 7 12 7 16 7 17 deleting 7 12 7 17 specifying NetBIOS Name 3 5 SRB 3 5 token ring as MSB 5 2 VINES 5 3 reference points data link header 4 7 DECnet Phase IV 3 7 DLSw 3 8 IP header inbound traffic filters 3 9 outbound traffic filters 4 9 IPX 3 12 LLC2 3 13 OSI 3 14 SRB 3 6 transparent bridge 3 2 VINES 3 15 XNS 3 15 RIP traffic prioritizing B 10 S SNA traffic 4 2 B 9 source route bridging SRB actions 3 6 criteria inbound 3 5 outbound 4 3 ranges 3 5 Spanning Tree Protocol STP traffic prioritizing B 10 SRB See source route bridging STP See Spanning Tree Protocol traffic strict dequeuing algorithm 2 7 support Bay Networks xix synchronous pass through traffic prioritizing B 10 T TCP port ranges 5 6 technical publications xix Index 5 technical support xix Telnet traffic prioritizing B 10 template flt Site Manager file 7 9 templates 1 13 templates inbound traffic filter applying to an interface 6 10 copying 6 6 creating 6 4 7 4 7 9 7 10 7 13 7 15 deleting actions 6 9 6 14 deleting criteria 6 9 deleting ranges 6 9 editing 6 6 6 7 naming 6 4 renaming 6 6 user defined criteria 6 17 7 20 templates outbound traffic filter creating 7 4 deleting actions 7 12 7 16 deleting criteria 7 12 7 16 deleting ranges 7 12 editing 7 9 7 10 naming 7 4 renaming 7 9
14. B 9 STP B 10 synchronous pass through B 10 Telnet B 10 extended traffic filters IP 1 5 303543 A Rev 00 F filter templates See templates firewall strategy 1 5 B 12 Flood action 3 4 Forward action 3 10 Forward to Circuit List action 3 4 3 6 Forward to First Up Next Hop Interface action 3 11 Forward to IP Address action 3 10 Forward to Next Hop Interfaces action 3 10 Forward to Peer action 3 8 Frame Relay Normal Queue Size parameter A 3 specifying an Ethernet Type code 5 4 5 7 FTP traffic prioritizing B 10 G Greater Than Queue parameter 7 8 A 8 H High action 4 11 High Queue Percent Bandwidth parameter A 5 High Water Packets Clear parameter A 4 High Water Packets Mark 2 15 ICMP traffic example B 9 inbound traffic filters See traffic filters inbound IP extended traffic filters 1 5 inbound traffic filters actions 3 10 criteria 3 9 outbound traffic filters 4 5 IP header inbound traffic filters 3 9 outbound traffic filters 4 2 4 9 reference points inbound traffic filters 3 9 outbound traffic filters 4 9 Index 3 IPX actions 3 12 criteria 3 11 to 3 12 specifying an Ethernet Type code 5 9 ISDN PRI filtering actions 4 11 L LAN Network Manager LNM 3 12 5 4 LAN protocols outbound traffic filters on B 13 performance B 13 LAT filter example B 9 latency 2 13 Length action 4 11 Less Than or Equal Queue parameter 7 7 A 8 line delay
15. DE bit for all Frame Relay packets in the Low queue 1 3 6 1 4 1 18 3 5 1 4 1 1 37 A 6 303543 A Rev 00 Site Manager Protocol Prioritization Parameters Parameter Path Default Options Function Instructions MIB Object ID Discard Eligible Bit Normal Configuration Manager gt interface connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface DISABLE ENABLE DISABLE Sets the Frame Relay discard eligible DE bit for packets sent to the Normal queue By default Frame Relay packets in the Normal queue do not have the DE bit set Select ENABLE if you want to set the DE bit for all Frame Relay packets in the Normal queue 1 3 6 1 4 1 18 3 5 1 4 1 1 38 Prioritization Length Parameters Parameter Path Default Options Function Instructions MIB Object ID Use the following descriptions as guidelines when you edit parameters in the Prioritization Length window Packet Length Configuration Manager gt interface connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Priority Outbound Filters gt Create gt Create Priority Outbound Template gt Actions gt Length gt Prioritization Length None 0 to 4608 bytes Defines a packet length measurement by which each packet that passes the filter criterion is compared The action that is applied to each packet depends on whether it is less than equal to or greater than the value you spe
16. Destination Network field Destination Ethernet precedence over all other traffic or 48 48 16 16 16 8 8 Network number for example 1234 On a DLSw circuit filter on NetBIOS Names DLS_DATA_START 376 Destination NetBIOS Names 504 Source NetBIOS Names The offset of 376 applies only if you want to filter the beginning of the NetBIOS Name field If you want to find a particular section of the NetBIOS Name increase the offset by X 8 where X is the number of bytes into the NetBIOS Name field NetBIOS Names are up to 16 bytes long How they are oriented in the field right justified or left justified may depend on the application Before creating the filter criteria use an analyzer to check the packets Specify NetBIOS Name ranges using the ASCII equivalent of the first 15 characters in the name For names with less than 15 characters use 0x20 as pad characters 303543 A Rev 00 Examples and Implementation Notes Protocol Prioritization Examples This section summarizes the steps and provides examples Table B 3 for configuring protocol priority queues If Table B 3 does not include an example for the filter you want to configure use these examples as guidelines Chapter 7 provides detailed procedures for configuring outbound traffic filters Chapter 4 lists the outbound traffic filter criteria and actions Chapter 2 describes protocol prioritizat
17. Filter 6 16 Specifying User Defined Criteria 6 17 Changing Inbound Traffic Filter Precedence 6 18 To complete the procedures in this chapter you must be familiar with protocol specific filtering criteria and actions See Chapter 3 for this information 303543 A Rev 00 6 1 Configuring Traffic Filters and Protocol Prioritization Displaying the Inbound Traffic Filters Window To apply inbound traffic filters to a particular interface you first display the Filters window for the protocol you are filtering To display the Filters window for all protocols except DLSw Site Manager Procedure You do this System responds 1 Display the Configuration Manager window Click on the circuit interface connector for example COM1 XCVR2 The Edit Connector window opens Click on Edit Circuit The Circuit Definition window opens the circuit you selected is highlighted Choose Protocols gt Edit protocol gt Traffic Filters The menu path to the Filters window is protocol specific The Filters window for the selected circuit and protocol opens Figure 6 1 To display the Filters window for DLSw Site Manager Procedure You do this System responds 1 Display the Configuration Manager window Choose Protocols gt DLSw gt Traffic Filters Inbound The DLS Filters window opens Although the Filters window is protocol spec
18. Outbound Traffic Filter There may be times when you want to turn off a filter temporarily Instead of deleting a filter from a circuit you can disable the filter and then reenable it later To disable or reenable an outbound traffic filter Site Manager Procedure You do this System responds 1 Display the Priority Outbound Filters window Figure 7 2 Select the filter to disable or enable The Filter Enable and Filter Name fields show the current status of the selected filter Click on Values The Values Selection window opens To disable the filter select Disabled To enable the filter select Enabled Click on OK The Values Selection window closes The Filter Enable field in the Priority Outbound Filters window indicates the change Click on Apply The filter s action is now disabled or enabled 7 18 303543 A Rev 00 Applying Outbound Traffic Filters Deleting an Outbound Traffic Filter Deleting an outbound traffic filter permanently removes the filter from the circuit but does not affect the template used to create the filter Note Instead of deleting a filter you may want to turn off the filter temporarily You can do this by disabling the filter on a circuit See Enabling or Disabling an Outbound Traffic Filter earlier in this chapter To delete an outbound traffic filter from a circuit Site Manager Procedure You
19. Priority Interface window Enable Configuration Manager gt interface connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface Enable Enable Disable Toggles protocol prioritization on and off on this interface If you set this parameter to Disable all outbound traffic filters will be disabled on this interface Setting this parameter to Disable is useful if you want to temporarily disable all outbound traffic filters rather than delete them Set to Disable if you want to temporarily disable all protocol prioritization activity on this interface Set to Enable if you previously disabled protocol prioritization on this interface and now want to reenable it 1 3 6 1 4 1 18 3 5 1 4 1 1 2 High Queue Size Configuration Manager gt interface connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 20 Any integer value Specifies the maximum number of packets in the High queue at any one time regardless of packet size Accept the default or specify a new value 1 3 6 1 4 1 18 3 5 1 4 1 1 4 A 2 303543 A Rev 00 Site Manager Protocol Prioritization Parameters Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Normal Queue Size Configuration Manager gt
20. READ THIS AGREEMENT UNDERSTANDS IT AND AGREES TO BE BOUND BY ITS TERMS AND CONDITIONS LICENSEE FURTHER AGREES THAT THIS AGREEMENT IS THE ENTIRE AND EXCLUSIVE AGREEMENT BETWEEN BAY NETWORKS AND LICENSEE WHICH SUPERSEDES ALL PRIOR ORAL AND WRITTEN AGREEMENTS AND COMMUNICATIONS BETWEEN THE PARTIES PERTAINING TO THE SUBJECT MATTER OF THIS AGREEMENT NO DIFFERENT OR ADDITIONAL TERMS WILL BE ENFORCEABLE AGAINST BAY NETWORKS UNLESS BAY NETWORKS GIVES ITS EXPRESS WRITTEN CONSENT INCLUDING AN EXPRESS WAIVER OF THE TERMS OF THIS AGREEMENT iv 303543 A Rev 00 Contents Preface Before YOU BEGIN ced ousates tt liU iaaa MR s Ere Dux tud In Ra ER DERE nla ERR AO BRUN RR NIRE XV E JH ATE TR E E UL Um RS xvi DIU ETT I S i LIU SU xvii Bay Networks Technical Publications 452 annt hdd dnb dn ont b adl rk aka rab aka oh ain a RR as A Ecrire XIX Chapter 1 Using Traffic Filters Whol Ae Tane FINIS em 1 1 WAG Tane FINES orsina 1 2 Outbound Traffic Filters 2 25 itr niens m EA PA T eii o What ls Protocol Priori nl airesin aie oE OSETE 1 3 PRENO ec i i sn PRETEND 1 4 I SM Tae aonaran aa T A Delgo Garg ACCE T 1 4 Poote MES DP E a 1 4 a FIETS inaia aa r a e EEN 1 5 Build a Firewall ccrexccerssnavssesiesiastrsat FR Ru b px DE NANE 1 5 Trafic Fiter Components xi iccccedoostncexeneedacdnedbeiadsontesidaduerasadioneeeieiadhenteeiadonvessiaiesemoidene 12 del M RM dues Mada A A E E EETA 1 6 Predefined and User Defined Criteria
21. The Software and user manuals embody Bay Networks and its licensors confidential and proprietary intellectual property Licensee shall not sublicense assign or otherwise disclose to any third party the Software or any information about the operation design performance or implementation of the Software and user manuals that is confidential to Bay Networks and its licensors however Licensee may grant permission to its consultants subcontractors and agents to use the Software at Licensee s facility provided they have agreed to use the Software only in accordance with the terms of this license 3 Limited warranty Bay Networks warrants each item of Software as delivered by Bay Networks and properly installed and operated on Bay Networks hardware or other equipment it is originally licensed for to function substantially as described in its accompanying user manual during its warranty period which begins on the date Software is first shipped to Licensee If any item of Software fails to so function during its warranty period as the sole remedy Bay Networks will at its discretion provide a suitable fix patch or workaround for the problem that may be included in a future Software release Bay Networks further warrants to Licensee that the media on which the Software is provided will be free from defects in materials and workmanship under normal use for a period of 90 days from the date Software is first shipped to Licensee Bay Networks will repl
22. consider reducing the amount of high priority traffic You should be selective in assigning high priority status Too many traffic types with high priority status can defeat the purpose of protocol prioritization With the strict dequeuing algorithm too much high priority traffic can result in discarding or clipping normal and low priority traffic To configure the percent of bandwidth for the priority queues you edit these Configuration Manager parameters High Queue Percent Bandwidth Normal Queue Percent Bandwidth e Low Queue Percent Bandwidth When changing bandwidth allocation remember that the percent of bandwidth for the High queue Normal queue and Low queue must total 100 percent Queue Size Queue size or queue depth is the configurable number of packets that each priority queue can hold The default value for bandwidth allocation is 20 packets regardless of packet size Note The buffer size for priority queues is not configurable when using the strict dequeuing algorithm When you set the queue size you assign buffers which hold the packets to each queue queue is full when it exceeds the buffer size The router discards clips traffic sent to a full queue To configure queue size you edit these Configuration Manager parameters High Queue Size e Normal Queue Size Low Queue Size High Water Packets Clear 303543 A Rev 00 2 11 Configuring Traffic Filters and Protocol Prioritiza
23. disclosure by the United States Government is subject to restrictions as set forth in subparagraph c 1 i1 of the Rights in Technical Data and Computer Software clause at DFARS 252 227 7013 Notwithstanding any other license agreement that may pertain to or accompany the delivery of this computer software the rights of the United States Government regarding its use reproduction and disclosure are as set forth in the Commercial Computer Software Restricted Rights clause at FAR 52 227 19 Statement of Conditions In the interest of improving internal design operational function and or reliability Bay Networks Inc reserves the right to make changes to the products described in this document without notice Bay Networks Inc does not assume any liability that may occur due to the use or application of the product s or circuit layout s described herein Portions of the code in this software product may be Copyright O 1988 Regents of the University of California AII rights reserved Redistribution and use in source and binary forms of such portions are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation advertising materials and other materials related to such distribution and use acknowledge that such portions of the software were developed by the University of California Berkeley The name of the University may not be used to endorse or promote products der
24. filters B 12 inbound traffic filters 6 18 outbound traffic filters 7 21 predefined criteria 1 7 Prioritization Algorithm Type parameter A 4 prioritization protocol See protocol prioritization priority filters See protocol prioritization product support xix 303543 A Rev 00 protocol prioritization Clipped Packets Count 2 12 2 15 defined 2 1 4 11 dequeuing algorithms bandwidth allocation 2 3 strict dequeuing 2 7 Discard Eligible Bit Low parameter A 6 Discard Eligible Bit Normal parameter A 7 dropped packets 2 12 2 15 editing interface parameters 2 14 Enable parameter A 2 examples B 9 Frame Relay A 3 Greater Than Queue parameter 7 8 A 8 High Queue Percent Bandwidth parameter A 5 High Queue Size parameter A 2 High Water Packets Clear parameter A 4 High Water Packets Mark 2 15 latency 2 13 Less Than or Equal Queue parameter 7 7 A 8 Low Queue Percent Bandwidth parameter A 6 Low Queue Size parameter A 3 Max High Queue Latency parameter A 3 Normal Queue Percent Bandwidth parameter A 5 Normal Queue Size parameter A 3 outbound traffic filters 7 1 Packet Length parameter A 7 Prioritization Algorithm Type parameter A 4 process 2 3 protocols supported 2 1 queue size 2 11 tuning 2 13 within DLSw 2 1 publications Bay Networks xix Q queue size 2 11 queues priority High Normal Low See protocol prioritization R ranges inbound traffic filter changing 6 9 6 14 deleting
25. license 8 Export and Re export Licensee agrees not to export directly or indirectly the Software or related technical data or information without first obtaining any required export licenses or other governmental approvals Without limiting the foregoing Licensee on behalf of itself and its subsidiaries and affiliates agrees that it will not without first obtaining all export licenses and approvals required by the U S Government i export re export transfer or divert any such Software or technical data or any direct product thereof to any country to which such exports or re exports are restricted or embargoed under United States export control laws and regulations or to any national or resident of such restricted or embargoed countries or ii provide the Software or related technical data or information to any military end user or for any military end use including the design development or production of any chemical nuclear or biological weapons 9 General If any provision of this Agreement is held to be invalid or unenforceable by a court of competent jurisdiction the remainder of the provisions of this Agreement shall remain in full force and effect This Agreement will be governed by the laws of the state of California Should you have any questions concerning this Agreement contact Bay Networks Inc 4401 Great America Parkway P O Box 58185 Santa Clara California 95054 8185 LICENSEE ACKNOWLEDGES THAT LICENSEE HAS
26. line The router does not transfer data link protocol prioritization or outbound traffic filters to the backup line You must manually configure new data link outbound traffic filters on the backup line after that line is activated Be careful when configuring outbound traffic filters on a backup line As soon as the primary line is reactivated it uses the priority queues and filters you configured for the backup line These priority queues and filters may be completely inappropriate for the protocol running on the primary line 303543 A Rev 00 Configuring Traffic Filters and Protocol Prioritization Using a Drop All Filter as a Firewall If your filtering strategy involves forwarding most traffic and dropping only specified packets you need only configure filters with a drop action Drop filters for the traffic you want the router to reject If your strategy involves blocking most traffic and accepting only specified packets begin by defining filters to accept specified packets Accept filters Then add a filter on the interface to drop all packets a Drop all filter A Drop all filter describes the broadest range of packets you want to block from an interface To ensure that all unwanted traffic is dropped configure the Drop all filter to contain e Criteria that appears in every packet of the protocol you want to filter e The maximum value of the range e The minimum value of the range With a Drop all filter high
27. must specify at least one range for range Information field each criterion 2 Click on Delete The Delete Range window opens 3 Click on Delete Add an 1 Choose Action gt Add gt action With the exception of the Log action each action template has only one action Delete 1 Select an action in the Filter Information field You must specify at least one action in a anactor 2 Click on Delete The Delete Action window template opens 3 Click on Delete Save the 1 Click on OK The Filter Template Management Be sure you have specified template window opens Onlyone criterion Only one action e 1 100 ranges 7 12 303543 A Rev 00 Applying Outbound Traffic Filters Creating an Outbound Traffic Filter You create an outbound traffic filter by applying a filter template to an interface Note You should create the filters on an interface in order of precedence The first filter you create has the highest precedence and a rule number of 1 Subsequent filters that you create have lower precedence For more information see Changing Outbound Traffic Filter Precedence later in this chapter To create an outbound traffic filter Site Manager Procedure You do this System responds 1 Display the Priority Outbound Filters window Figure 7 2 2 Click on Create The Create Filter window opens Figure 7 7 3 Select a circuit in the Interfaces field 4 Select a template in the Tem
28. of the Create IP Filter Template window 10 Choose Action Add Accept The action now appears in the Filter Information field 11 Click on OK The Filter Template Management window opens The new template appears in the templates list 12 Click on Done The IP Filters window opens 13 Click on Create The Create Filters window opens 14 Select a template in the Templates field 15 Select a circuit in the Interfaces field continued 303543 A Rev 00 Examples and Implementation Notes Site Manager Procedure continued You do this System responds 16 Specify a descriptive name in the Filter Name field Use a name that indicates the circuit for example S41 accepted 17 Click on OK The IP Filters window opens 18 Click on Apply The filter is applied to the circuit Inbound Traffic Filter Examples This section summarizes the steps for creating an inbound traffic filter and provides examples Table B 1 and Table B 2 for using inbound traffic filters to accomplish common filtering goals If Tables B 1 and B 2 do not include an example for the protocol you want to configure use these examples as guidelines for implementing inbound traffic filters for other traffic types Chapter 3 lists the inbound traffic filter criteria and actions for all supported protocols To create an inbound traffic filter Site Manager Procedure You do this System
29. pascvapa Guuc duda rts ducc NR pulsi em tae pda 4 7 IP Relerence PONS auoscsnsceexeteuricrctistbetetxtaMurtestdu t bec vu aec cud eia ERR d 4 9 Format for Specifying MAC Addresses TES Functional MAG AdUIBSSES user ett nt exc dp oet e me ER 5 3 SAF COJE RTT ETT EEE R e 5 4 Frame Relay MLPIDS 12r vancsunieviaaduniebuadedinedpencamnivncndsahiinenstvninebasiindee 5 5 PPP Proloeo IDs tici ER RO EX ERE RR EETpa Edd cuts e YE NM Rt 5 5 Source and Destination TOP Poris 12er ro ort peh homi eaa prO d duda n pnra iUe e PU Source and Destination UDP POTIS sert eco r tad np R ortae arp ame ee Reuse cu 5 6 Ethernet Type Codos ce 5 7 IF eto NE Ce nacenan d e xiii Tabe S 10 IP Type ot Servia Ores adcisigesiicanvaivenieied toned DRE ERIS SUP eA COST EAE 5 10 Table 6 1 Using the Edit Template Window ccccscceececeeeeeeeceeeeceaeeeteeteaeeeeeetaes 6 9 Table 6 2 Using the Edit Filters Vidal iciicscsnissrorcrraccemeriasssareureanceeenehisanteveceience 6 14 Table 7 1 Using the Edit Priority Outbound Template Window 7 12 Table 7 2 Using the Edit Priority Outbound Filters Window ssssss 7 17 Table B 1 Predefined Criteria Ranges and Actions for Sample inbound Trati FHUBES ceca pucx dca tit tapa td dades cc eene kii B 5 Table B 2 User Defined Criteria and Ranges for Sample Inbound Traffic Filters B 6 Table B 3 Sample Criteria Ranges and Actions for Protocol Priori
30. priority filters 2 2 303543 A Rev 00 Using Protocol Prioritization Queues The Dequeuing Process After queuing packets the router empties the priority queues by sending the traffic to the transmit queue using one of two dequeuing algorithms e Bandwidth Allocation Algorithm e Strict Dequeuing Algorithm By default protocol prioritization uses the bandwidth allocation algorithm to send traffic from the three priority queues to the transmit queue You specify the active dequeuing algorithm by setting the Prioritization Algorithm Type parameter as described in Editing Protocol Prioritization Parameters later in this chapter Figure 2 1 illustrates the dequeuing process with default configuration values High queue No qu rmal eue Low queue aia 20 of bandwidth 7M 10 of bandwidth Dequeuing algorithm Default algorithm bandwidth allocation Transmit queue Default latency 250 ms Physical i EE interface TF0001A Figure 2 1 Protocol Prioritization Dequeuing 303543 A Rev 00 2 3 Configuring Traffic Filters and Protocol Prioritization Bandwidth Allocation Algorithm The bandwidth allocation algorithm uses a configurable percentage of bandwidth for each of the three priority queues to determine how to transmit queued traffic The default configuration is as follows High queue 70 of bandwidth e Normal queue 20 of bandwidth e Low queue 10 of bandwidth When
31. to suit your needs you may not need to make further edits When you customize a filter you have the following options e Add or delete predefined criteria Add or delete user defined criteria Add or delete actions e Add modify or delete ranges To add a user defined criterion see Specifying User Defined Criteria later in this chapter 303543 A Rev 00 6 11 Configuring Traffic Filters and Protocol Prioritization To add predefined criteria ranges and actions or delete any criterion range or action Site Manager Procedure You do this System responds 1 Display the Filters window Figure 6 1 See Displaying the Inbound Traffic Filters Window 2 Select a filter 3 Click on Edit The Edit Filters window opens Figure 6 6 4 Add or delete predefined criteria ranges and actions Table 6 2 5 Click on OK The Filters window opens Table 6 2 describes how to add delete or modify predefined criteria ranges and actions in the Edit Filters window Figure 6 6 6 12 303543 A Rev 00 Applying Inbound Traffic Filters Figure 6 6 Edit Filters Window 303543 A Rev 00 6 13 Configuring Traffic Filters and Protocol Prioritization Table 6 2 Using the Edit Filters Window Task Site Manager Procedure Notes Adda 1 Choose Criteria gt Add gt criterion The Add A fi
32. to the first byte of the Destination SAP DSAP LLC2 Actions The LLC2 filtering actions are Accept Drop and Log OSI Criteria and Actions You can configure OSI inbound traffic filters based on specified bit patterns in the Connectionless Network Protocol CLNP header Predefined OSI Criteria Table 3 9 lists the predefined criteria for OSI inbound traffic filters and the reference field offset and length for each criterion Table 3 9 Predefined Criteria for OSI Inbound Traffic Filters Criterion Name Reference Field Offset Length Destination Area OSI DEST 0 16 Destination System ID OSI DEST 16 48 Source Area OSI SRC 0 16 Source System ID OSI SRC 16 48 303543 A Rev 00 3 13 Configuring Traffic Filters and Protocol Prioritization User Defined OSI Criteria In addition to the predefined OSI filter criteria you can create traffic filters with user defined criteria by specifying an offset and length to these reference fields in the CLNP header Reference Field Description OSI BASE Points to the first byte of the CLNP header OSI DEST Points to the last two bytes of the OSI DEST reference field OSI SRC Points to the last two bytes of the OSI SRC reference field OSI Actions The OSI filtering actions are Accept Drop and Log VINES Criteria and Actions You can filter inbound VINES traffic based on specified bit patterns in the VINES header Predefined VI
33. window opens Figure 7 4 The new criterion and range appear in the Filter Information field 8 To add more ranges choose Range Add You can add up to 100 ranges in each template 9 Choose Action gt Add gt Datalink IP gt action For a Datalink criterion choose a Datalink action for an IP criterion choose an IP action If you selected the Length action the Prioritization Length window opens Figure 7 5 See Specifying Prioritization Length for instructions Otherwise the Create Priority Outbound Template window opens showing the criteria range and action in the Filter Information field 10 Click on OK The Filter Template Management window opens The new template appears in the templates list 303543 A Rev 00 7 5 Configuring Traffic Filters and Protocol Prioritization Figure 7 3 Filter Template Management Window Figure 7 4 Create Priority Outbound Template Window 7 6 303543 A Rev 00 Applying Outbound Traffic Filters Specifying Prioritization Length When you select the Length action in the Create Priority Outbound Template window the Prioritization Length window opens Figure 7 5 The Length action directs the router to place each packet in a priority queue based on the specified byte length of the packet Carel 3 Values sa Help Packet Length Lens Than or Egal Queue Greater Than Queue Figure 7 5 Prior
34. you may want to turn off the filter temporarily You can do this by disabling the filter on a circuit See Enabling or Disabling an Inbound Traffic Filter earlier in this chapter To delete an inbound traffic filter from a circuit Site Manager Procedure You do this System responds 1 Display the Filters window Figure 6 1 See Displaying the Inbound Traffic Filters Window 2 Select the filter to delete There is no confirmation of a filter deletion Make sure you select a filter you want to delete 3 Click on Delete The filter no longer appears in the Filters window 4 Click on Apply 6 16 303543 A Rev 00 Applying Inbound Traffic Filters Specifying User Defined Criteria The Edit Filters window and Edit Template window provide a User Defined criterion option for most protocols The User Defined option allows you to set up a user defined criterion based on bit patterns in the packet header that are not supported in predefined criteria Adding user defined criteria is similar to adding predefined criteria except you must specify the criterion s location in the packet With predefined criteria the locations are established See Chapter 3 for the supported protocol header reference points you can use to specify user defined criteria for inbound traffic filters To add a user defined criterion Site Manager Procedure You do this System
35. 1 Using Traffic Filters This chapter describes concepts and terms to help you understand and plan for traffic filter configurations on Bay Networks routers Topic Page What Are Traffic Filters dd What Is Protocol Prioritization 1 3 Filtering Strategies 1 4 Traffic Filter Components 1 6 Using Filter Templates 1 13 Summary of Traffic Filter Support 1 14 What Are Traffic Filters Traffic filters are router files that instruct an interface to selectively handle specified network traffic packets frames or datagrams You determine which packets receive special handling based on information fields in the packet headers Using traffic filters you can reduce network congestion and control access to network resources by blocking forwarding logging or prioritizing specified traffic on an interface Note Be careful not to confuse traffic filters with other router filters such as route filters which force filtered protocol traffic to take particular routes 303543 A Rev 00 1 1 Configuring Traffic Filters and Protocol Prioritization Bay Networks routers support two types of traffic filters e Inbound traffic filters act on packets that the router is receiving e Outbound traffic filters act on packets that the router is forwarding You can create traffic filters on the following router interfaces Ethernet IOBASE T and 100BASE T e FDDI e HSSI e MCEI e MCTI
36. 2 13 LLC2 See Logical Link Control 2 LNM See LAN Network Manager Logical Link Control 2 LLC2 inbound traffic filters 3 13 Low action 4 11 Low Queue Percent Bandwidth parameter A 6 Low Queue Size parameter A 3 M Max High Queue Latency parameter A 3 modifying ranges inbound traffic filter 6 9 6 14 outbound traffic filter 7 12 7 16 7 17 most significant bit MSB 5 2 N naming templates inbound traffic filter 6 4 outbound traffic filter 7 4 NetBIOS filter example B 6 NetBIOS Name specifying range 3 5 NetBIOS traffic 4 2 No Call action 4 11 Index 4 Normal queue 2 2 Normal Queue Percent Bandwidth parameter A 5 Normal Queue Size parameter A 3 0 OSI actions 3 14 criteria 3 13 to 3 14 OSPF BGP traffic prioritizing B 10 outbound traffic filters See traffic filters outbound P Packet Length parameter A 7 parameters protocol prioritization Clipped Packets Count 2 12 2 15 Discard Eligible Bit Low A 6 Discard Eligible Bit Normal A 7 Enable A 2 Greater Than Queue 7 8 A 8 High Queue Percent Bandwidth A 5 High Queue Size A 2 High Water Packets Clear A 4 Less Than or Equal Queue 7 7 A 8 Low Queue Percent Bandwidth A 6 Low Queue Size A 3 Max High Queue Latency A 3 Normal Queue Percent Bandwidth A 5 Normal Queue Size A 3 Packet Length A 7 Prioritization Algorithm Type A 4 performance Drop filters 1 4 outbound traffic filters B 13 precedence and Drop all
37. 3 A Rev 00 iii its own data and information and for maintaining adequate procedures apart from the Software to reconstruct lost or altered files data or programs 4 Limitation of liability INNO EVENT WILL BAY NETWORKS OR ITS LICENSORS BE LIABLE FOR ANY COST OF SUBSTITUTE PROCUREMENT SPECIAL INDIRECT INCIDENTAL OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES RESULTING FROM INACCURATE OR LOST DATA OR LOSS OF USE OR PROFITS ARISING OUT OF OR IN CONNECTION WITH THE PERFORMANCE OF THE SOFTWARE EVEN IF BAY NETWORKS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN NO EVENT SHALL THE LIABILITY OF BAY NETWORKS RELATING TO THE SOFTWARE OR THIS AGREEMENT EXCEED THE PRICE PAID TO BAY NETWORKS FOR THE SOFTWARE LICENSE 5 Government Licensees This provision applies to all Software and documentation acquired directly or indirectly by or on behalf of the United States Government The Software and documentation are commercial products licensed on the open market at market prices and were developed entirely at private expense and without the use of any U S Government funds The license to the U S Government is granted only with restricted rights and use duplication or disclosure by the U S Government is subject to the restrictions set forth in subparagraph c 1 of the Commercial Computer Software Restricted Rights clause of FAR 52 227 19 and the limitations set out in this license for civilian agencies and subparagraph c 1 ii of the Rights i
38. 5 9 in traffic in the Low Protocol Low Queue Chapter 5 for a list of queue ICMP is common IP Protocol nota and Type codes time sensitive protocol Place SNA traffic Criteria gt Add gt Datalink DSAP values Action gt Datalink gt You can also choose in the High queue gt Source Routing gt DSAP Note To prioritize IP encapsulated SNA traffic choose Criteria gt Add gt IP gt Source Routing gt DSAP 0x04 to 0x05 0x08 to 0x09 0x0c to Ox0d See Chapter 5 for information on specifying MAC address or SAP criteria ranges Add gt High Queue Note To prioritize IP encapsulated SNA traffic choose Action gt IP gt Add gt High Queue SSAP Destination MAC Address or Source MAC Address as the criteria Place all DLSw traffic leaving a particular synchronous interface in the High queue Criteria gt Add gt IP gt IP gt TCP Destination Port 2065 to 2067 See Table 5 6 in Chapter 5 for a list of common TCP port ranges Action gt IP gt Add gt High Queue This example shows how to give DLSw traffic priority over other protocols on the interface To modify the priority of specific types of DLSw traffic at the TCP level use DLSw protocol prioritization as described in Configuring DLSw Services continued 303543 A Rev 00 B 9 Configuring Traffic Filters and Protocol Prioritization Table B 3 Sample Crit
39. 5 characters 303543 A Rev 00 3 5 Configuring Traffic Filters and Protocol Prioritization See Chapter 5 for information about specifying SAP and MAC address criteria User Defined SRB Criteria In addition to the predefined filter criteria you can create SRB inbound traffic filters with user defined criteria by specifying an offset and length to these reference fields in the SRB header Reference Field Description NEXT_RING Points to the first byte of the NEXT_RING reference field HEADER_START Points to the first byte of the Destination MAC Address DATA_LINK Points to the first byte of the DATA_LINK reference field SRB Actions In addition to the Accept Drop and Log actions common to all inbound traffic filters there are two SRB actions e Direct IP Explorers Specifies that any explorer frame that matches the filter will be sent to some number of IP addresses You must specify these IP addresses For this action to work IP encapsulation must be configured on the filter s interface If IP encapsulation is not configured and a frame matches the filter the frame will be flooded as if no filter exists e Forward to Circuits Specifies that any frame that matches the filter will be forwarded to some number of circuits on the same router You must specify these circuits Note The circuit names that you specify for the Forward to Circuits action are case sensitive For example if the cir
40. Actions Transparent bridge traffic filters support several encapsulation methods and media types You filter inbound transparent bridge frames based on the contents of the header fields for one of the four supported encapsulation methods e Ethernet IEEE 802 2 LLC e IEEE 802 2 LLC with SNAP e Novell Proprietary Figure 3 1 illustrates the header reference fields for each encapsulation method Ethernet Header MAG MAC Length Destination Source Type 48 bit MAC destination address 48 bit MAC source address 16 bit length type is TYPE 21518 IEEE 802 2 LLC Header MAC MAC Length 48 bit MAC destination address 48 bit MAC source address 16 bit length type is LENGTH 1519 8 bit DSAP IEEE 802 2 LLC with SNAP Encapsulation MAC MAC jLength Org Ethernet Destination Source Type DSAP SSAP Control Code Type 48 bit MAC destination address 48 bit MAC source address 16 bit length type is LENGTH 1519 DSAP SSAP Control is OXAAAAO03 24 bit Organization Code 16 bit Ethernet Type Novell Proprietary Encapsulation MAC MAC Length 48 bit MAC destination address 48 bit MAC source address 8 bit SSAP 16 bit length type is LENGTH 1519 8 bit Control Next 16 bits are all ones part of IPX header TF0007A Figure 3 1 Header Reference Fields for Transparent Bridge Encapsulation Methods Table 3 1 indicates which encapsulation methods are supported for specific router interfaces 303543 A R
41. Definition window opens the click on Circuit circuit you selected is highlighted 4 f Protocol Priority appears in the The Select Protocols window opens Protocols field go to step 7 otherwise choose Protocols Add Delete 5 Select Protocol Priority from the list of 6 Click on OK The Circuit Definition window opens Figure 7 1 7 Choose Protocols Edit Protocol Priority Priority Outbound Filters The Priority Outbound Filters window opens Figure 7 2 303543 A Rev 00 Applying Outbound Traffic Filters Protocols Slot U DOMSOLE Figure 7 1 Displaying the Priority Outbound Filters Window Filter Enable Filter Home Figure 7 2 Priority Outbound Filters Window 303543 A Rev 00 7 3 Configuring Traffic Filters and Protocol Prioritization Preparing Outbound Traffic Filter Templates To add an outbound traffic filter to an interface you apply an outbound traffic filter template to the circuit However you do not always need to create a template often you can begin with an existing template This section describes how to prepare an outbound traffic filter template by e Creating a Template e Customizing Templates See Creating an Outbound Traffic Filter later in this chapter to learn how to create a traffic filter by applying saving a filter template to an interface Note Changing a traffic filter template does not affect interfaces to whic
42. If there is no traffic in the Low queue the algorithm returns to step 1 2 4 303543 A Rev 00 Using Protocol Prioritization Queues 6 The router empties all packets from the Low queue up to the configured bandwidth percentage into the transmit queue and then transmits the packets The default bandwidth percentage for the Low queue is 10 percent If the actual bandwidth use is less than the limit the router empties the Low queue 7 The algorithm returns to step 1 Figure 2 2 illustrates the bandwidth allocation algorithm 303543 A Rev 00 2 5 Configuring Traffic Filters and Protocol Prioritization Scan the High queue gh q A Transmit all Are there packets in the YES packets up to High queue the configured gnq j bandwidth percentage Scan the Normal queue Transmit all Are there YES packets up to a in ne the configured orma queue bandwidth percentage Scan the Low queue Transmit all Are there YES packets up to packets in the the configured gt Low queue bandwidth percentage gt Figure 2 2 Bandwidth Allocation Algorithm TF0002A 2 6 303543 A Rev 00 Using Protocol Prioritization Queues Strict Dequeuing Algorithm Instead of the bandwidth allocation algorithm you can configure the router to use the strict dequeuing algorithm to send traffic to the transmit queue Caution If the router uses
43. Inbound Watt INGE sccmiicsacimrsuiedsuniaraceatoniiaddnmtiiaietei ieee Oe opecilying Leor Eefingpd Creal 1ueceoe ccce ctetur tct netur pao crib pui x LR pura baee 6 17 Changing Inbound Traffic Filter Precedence ssssssssssssseeee 6 18 viii 303543 A Rev 00 Chapter 7 Applying Outbound Traffic Filters Displaying the Priarity Outbound Filters Window serrer rr rnnt 7 2 Preparing Outbound Traffic Filter Templates cccscceeceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeseeeeaees 7 4 Croaung Tompa m 7 4 Sects Priornization DEBOUT iussit ORGS 7 7 eye i scii i sani pcersduauecansadg boca iigpabonesudedoecanddeadeaaehien a Namiedeaneaes 7 9 Copying a NCUUec M 7 9 Edino MI e cr EEUU UE RN 7 10 Creating an Outbound TESTI FET nis cickecc t eplkons i AR hne DOR A Enea dune C To aAR ppc Up P n brrtca pde d d Editing a n Ouibound Tallie TIE ouesieokiiseca s ep a YER ERE TERT Ar DERE EYE RR YR 7 14 Enabling or Disabling an Outbound Traffic Filter essen 7 18 Deleting an Outbound Tretfic FINGI uiua eres etras tazi inantea eaa a nera a a ap Pa ed cag 7 19 Specifying User Defined Criteria Luca rca tur a d rx E nga npn AER RU a 7 20 Changing Outbound Traffic Filter Precedence sss 7 21 Appendix A Site Manager Protocol Prioritization Parameters Priority Interface Parameter Descriptions cccecccceeeeeecceceeteeeaeeeeeeeeaaeeeeseeeaaeeeeeeees A 2 Prottization Lengt
44. Inthe REF field choose the header reference point 4 Inthe OFFSET field specify a bit offset from the reference point 5 Inthe LENGTH field specify the length of the criterion 6 Inthe Minimum value and Maximum value fields specify a range for the criterion 7 Click on OK The Edit Priority Outbound Template window or Edit Priority Outbound Filters window opens 8 Continue editing the template or filter See Table 7 1 Using the Edit Priority Outbound Template Window or Table 7 2 Using the Edit Priority Outbound Filters Window 7 20 303543 A Rev 00 Applying Outbound Traffic Filters Homer UD bridge BRIDGE SER DEFIBET OFFSET 160 bite LENGTH 32 bits Hinimas value 1i Maimun values L Figure 7 9 Add User Defined Field Window Changing Outbound Traffic Filter Precedence You can assign as many as 31 outbound traffic filters based on data link criteria to each interface As you add filters to an interface the Configuration Manager numbers them chronologically 1 2 and so on and adds an IP or data link DL prefix as shown in Figure 7 10 The number determines the filter precedence lower filter numbers have higher precedence If a packet matches two filters the filter with the highest precedence lowest number applies For example if the first filter on the interface 1 accepts a packet and the second filter 2 drops t
45. NES Criteria Table 3 10 lists the predefined criteria for VINES inbound traffic filters and the reference field offset and length for each criterion Table 3 10 Predefined Criteria for VINES Inbound Traffic Filters Criterion Name Reference Field Offset Length Protocol Type VINES BASE 40 8 Destination Address VINES BASE 48 48 Source Address VINES BASE 96 48 3 14 303543 A Rev 00 Inbound Traffic Filter Criteria and Actions User Defined VINES Criteria In addition to the predefined VINES filter criteria you can create traffic filters with user defined criteria by specifying an offset and length to this reference field in the VINES header Reference Field Description VINES BASE Points to the first byte in the VINES header VINES Actions The VINES filtering actions are Accept Drop and Log XNS Criteria and Actions You can filter inbound XNS traffic based on specified bit patterns in the XNS header Predefined XNS Criteria Table 3 11 lists the predefined criteria for XNS inbound traffic filters and the reference field offset and length for each criterion Table 3 11 Predefined Criteria for XNS Inbound Traffic Filters Criterion Name Reference Field Offset Length Destination Network XNS_BASE 48 32 Destination Address XNS_BASE 80 48 Destination Socket XNS_BASE 128 16 Source Network XNS_BASE 144 32 Source Address XNS_BASE 176 48
46. Protocol Criteria Supported Filter Actions Supported Network Interface Inbound Outbound Inbound Outbound Ethernet Transparent bridge Transparent bridge Accept Drop Accept Drop Log 10BASE T or DECnet IV DLSw IP IP SRB Log t 100BASE T IPX LLC2 OSI SRB XNS VINES FDDI Transparent bridget Transparent bridge Accept Drop Accept Drop Log DECnet IV DLSw IP IP SRB Log t IPX LLC2 OSI SRB XNS VINES Token ring Transparent bridget Transparent bridge Accept Drop Accept Drop Log DECnet IV DLSw IP IP SRB Log t IPX LLC2 OSI SRB XNS VINES HSSI Transparent bridge Transparent bridge Accept Drop Accept Drop Log DECnet IV DLSw IP Frame Relay IP Log f IPX LLC2 OSI SRB PPP SRB XNS VINES MCE1 Transparent bridge Transparent bridge None Accept Drop Log DECnet IV DLSw IP Frame Relay IP High Queue Low IPX LLC2 OSI SRB PPP SRB Queue Length No XNS VINES Call No Reset MCT1 Transparent bridge Transparent bridge None Accept Drop Log DECnet IV DLSw IP Frame Relay IP High Queue Low IPX LLC2 OSI SRB PPP SRB Queue Length No XNS VINES Call No Reset Synchronous Transparent bridge Transparent bridge Accept Drop Accept Drop Log DECnet IV DLSw IP Frame Relay IP Log t High Queue Low IPX LLC2 OSI SRB PPP SRB Queue Length No XNS VINES Call No Reset Ethernet 802 2 LLC LLC with SNAP and Novell e
47. Than or Equal Queue Low Greater Than Queue High B 10 303543 A Rev 00 Examples and Implementation Notes Implementation Notes This section contains notes about the following Filtering Outbound Frame Relay Traffic Filtering over a Dial Backup Line Using a Drop AIl Filter as a Firewall Using Outbound Traffic Filters for LAN Protocols Filtering Outbound Frame Relay Traffic When creating outbound filters for Frame Relay traffic keep in mind that Frame Relay packets in the Low queue have the discard eligible DE bit set by default The DE bit is off by default in Frame Relay packets in the Normal and High queues You can change the default setting of the DE bit for packets in the Low and Normal queues using the Edit Protocol Priority Interface window See Enabling Protocol Prioritization in Chapter 2 for instructions Filtering over a Dial Backup Line When configuring protocol prioritization on a synchronous interface on which you have configured a dial backup line consider the following If the primary line is running PPP and the line fails the router automatically transfers all of the priority queues and outbound traffic filters you have configured on the primary line to the backup line If the primary line is running a WAN protocol other than PPP and fails The router transfers IP outbound traffic filters to the backup line regardless of which protocol was running on the primary
48. UB Download 7000 UB NUI 7001 UB Boot Broadcast 7002 Proteon 7030 Cabletron 7034 Cronous 8003 8004 HP Probe 8005 Nestar 8006 Excelan 8010 Silicon Graphics 8013 8014 8015 HP Apollo Native Ethernet 8019 RARP 8035 DEC BPDU 8038 DEC 8039 8042 DEC Encryption 803D DEC LAN Traffic Monitor 803F DEC NetBIOS Emulator 8040 AT amp T 8046 8047 Compugraphic 8069 Vitalink Management 807D 8080 Xyplex 8088 808A Kinetics Ether talk 809B continued 5 8 303543 A Rev 00 Specifying Common Criterion Ranges Table 5 8 Ethernet Type Codes continued Ethernet Type or Description Ethertype Code 0x Spider 809F Nixdorf 80A3 Siemens 80A4 80B3 Pacer Software 80C6 Applitek 80C7 Intergraph 80C8 80CC Harris 3M 80CD 80CE IBM SNA 80D5 Retix Bridge Management 80F2 AARP 80F3 Shiva 80F4 HP Apollo 80F7 Symbolics 8107 8109 Waterloo Software 8130 IPX over Frame Relay 8137 Novell 8137 8138 DEC MOP 9000 XNS Bridge Comm Management 9001 3Com 9002 9003 303543 A Rev 00 5 9 Configuring Traffic Filters and Protocol Prioritization Specifying IP Protocol ID and Type of Service Ranges The Internet Protocol version 4 IPv4 specifies an 8 bit Protocol field to identify the next level protocol Table 5 9 lists some common Protocol ID codes for IP traffic Table 5 10 lists IP Type of Service codes See RFC 1700 for information Table 5 9 IP Protocol ID Codes
49. ables in command syntax descriptions Where a variable is two or more words the words are connected by an underscore Example If the command syntax is show at valid route valid route is one variable and you substitute one value for it Indicates system output for example prompts and system messages Example Set Bay Networks Trap Monitor Filters Shows menu paths Example Protocols IP identifies the IP option on the Protocols menu Separates choices for command keywords and arguments Enter only one of the choices Do not type the vertical line when entering the command Example If the command syntax is show ip alerts routes you enter either show ip alerts or show ip routes but not both xvi 303543 A Rev 00 Preface Acronyms ANSI APPN ARP CCITT CLNP CSMA CD DE DLC DLCI DLCMI DLSw DSAP FDDI FTP HDLC HSSI ICMP IP IPX ISDN ISO ITU T LAN LAT LLC LNM American National Standards Institute Advanced Peer to Peer Networking Address Resolution Protocol International Telegraph and Telephone Consultative Committee now ITU T Connectionless Network Protocol carrier sense multiple access collision detection discard eligible data link control data link connection identifier Data Link Control Management Interface data link switching destination service access point Fiber Distributed Data Interface File Transfer Protocol high level data link control high speed
50. ace defective media at no charge if it is returned to Bay Networks during the warranty period along with proof of the date of shipment This warranty does not apply if the media has been damaged as a result of accident misuse or abuse The Licensee assumes all responsibility for selection of the Software to achieve Licensee s intended results and for the installation use and results obtained from the Software Bay Networks does not warrant a that the functions contained in the software will meet the Licensee s requirements b that the Software will operate in the hardware or software combinations that the Licensee may select c that the operation of the Software will be uninterrupted or error free or d that all defects in the operation of the Software will be corrected Bay Networks is not obligated to remedy any Software defect that cannot be reproduced with the latest Software release These warranties do not apply to the Software if it has been i altered except by Bay Networks or in accordance with its instructions ii used in conjunction with another vendor s product resulting in the defect or iii damaged by improper environment abuse misuse accident or negligence THE FOREGOING WARRANTIES AND LIMITATIONS ARE EXCLUSIVE REMEDIES AND ARE IN LIEU OF ALL OTHER WARRANTIES EXPRESS OR IMPLIED INCLUDING WITHOUT LIMITATION ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE Licensee is responsible for the security of 30354
51. ader IP encapsulated SRB traffic filters are not supported SRB filters affect both explorer and routed frames However filters that include Next Ring as a criterion affect only routed frames because the Next Ring reference field does not appear in explorer frames See Configuring Bridging Services for information about explorer and routed frames Note The router applies SRB filters after it processes a packet The router receives the packet on the incoming interface and updates the routing information field RIF The filters that you configure then act on the updated RIF Predefined SRB Criteria Table 3 3 lists the predefined criteria for SRB inbound traffic filters and the reference field offset and length for each SRB criterion Table 3 3 Predefined Criteria for SRB Inbound Traffic Filters Criterion Name Reference Field Offset bits Length bits Next Ring NEXT_RING 0 12 Destination MAC Address HEADER_START 0 48 Source MAC Address HEADER_START 48 48 DSAP DATA_LINK 0 8 SSAP DATA_LINK 8 8 Destination NetBIOS Name DATA_LINK 120 120 Source NetBIOS Name DATA_LINK 248 120 Specifying an SRB Criterion Range If you create an SRB filter that includes a Source or Destination NetBIOS Name criterion you type the NetBIOS name as the ASCII equivalent of the first 15 characters of the name If the name has fewer than 15 characters use ASCII spaces 0x20 to ensure that the name has exactly 1
52. alue of the Packet Length parameter For example if Packet Length is set to 1024 bytes any packet that is 1025 bytes or larger is placed in the queue you specify for this parameter Accept the default LOW or select NORMAL or HIGH 1 3 6 1 4 1 18 3 5 1 4 4 1 9 A 8 303543 A Rev 00 Appendix B Examples and Implementation Notes This appendix contains examples hints reminders and important notes you may find useful Topic Page Traffic Filter Example for Basic IP Network Security B 1 Inbound Traffic Filter Examples B 3 Protocol Prioritization Examples B 7 Implementation Notes B 11 Filtering Outbound Frame Relay Traffic Filtering over a Dial Backup Line Using a Drop All Filter as a Firewall Using Outbound Traffic Filters for LAN Protocols Traffic Filter Example for Basic IP Network Security In a network configuration with a single leased or dial up connection to the Internet one common use for traffic filters is to restrict external access to the network without restricting outbound service for users This section provides a step by step example for creating an inbound IP traffic filter to prevent access to a network through the well known TCP and UDP ports The procedure assumes that you are working at a station that is running Site Manager To further restrict access you can create additional inbound IP traffic filters to limit services to specific IP sourc
53. always conform to the following rules e Byte0 0xCO e Byte 1 0x00 e The first half of byte 2 0x0 to 0x7 Table 5 2 lists some common functional MAC addresses Table 5 2 Functional MAC Addresses Function Name MAC Address MSB Identifying Bit Ethernet Address Active Monitor 0xC000 0000 0001 Byte 5 bit 7 0x030000000080 Ring Parameter 0xC000 0000 0002 Byte 5 bit 6 0x030000000040 Server Ring Error 0xC000 0000 0008 Byte 5 bit 4 0x030000000010 Monitor Configuration 0xC000 0000 0010 Byte 5 bit 3 0x030000000008 Report Server NetBIOS 0xC000 0000 0080 Byte 5 bit 0 0x030000000001 Bridge 0xC000 0000 0100 Byte 4 bit 7 0x030000008000 LAN Manager 0xC000 0000 2000 Byte 4 bit 2 0x030000000400 User defined 0xC000 0008 0000 to Byte 3 bits 0 4 0x030000100000 to 0xC000 4000 0000 Byte 2 bits 1 7 0x030002000000 Specifying VINES Address Ranges You specify VINES server address ranges in hexadecimal format For example if the address of a VINES server is a2482c 0001 convert the value to hexadecimal and specify the filter criteria range as 0xa2482c0001 You can obtain a VINES server address as follows From a sniffer trace e By using the Technician Interface to obtain the value of the wfVinesIfEntry wfVineslfAdr MIB object 303543 A Rev 00 5 3 Configuring Traffic Filters and Protocol Prioritization Specifying Source and Destination SAP Code Ranges Table 5 3 lists some co
54. an be just one value or a set of values You enter a minimum and a maximum value to specify the range For a range of only one value you enter only the minimum value the Configuration Manager automatically uses that value for both the minimum and maximum value For example if the filter criteria is MAC Source Address you must specify which addresses you want the filter to examine If you specify 0x0000A2000001 as the minimum range value and 0x0000A2000003 as the maximum range value the router checks for packets with a MAC source address between 0x0000A2000001 and 0x0000A2000003 inclusive Note Chapter 5 lists valid ranges for common traffic filter criteria and explains how to specify some common address ranges Actions The filter action determines what happens to packets that match a filter criterion s ranges You can apply the following actions to any traffic filter e Accept The router processes any packet that matches the filter criteria and ranges e Drop The router does not route any packet that matches the filter criteria and ranges e Log For every packet that matches the filter criteria and ranges the router sends an entry to the system Events log You can specify the Log action in combination with other actions 303543 A Rev 00 Configuring Traffic Filters and Protocol Prioritization Note Specify the Log action only to record abnormal events otherwise the Events log will fill up with filtering m
55. an interface Note You should create the filters on an interface in order of precedence The first filter you create has the highest precedence and a rule number of 1 Subsequent filters that you create have lower precedence For more information see Changing Inbound Traffic Filter Precedence later in this chapter To create an inbound traffic filter Site Manager Procedure You do this System responds 1 Display the Filters window Figure 6 1 See Displaying the Inbound Traffic Filters Window 2 Click on Create The Create Filter window opens Figure 6 5 3 Select a circuit in the Interfaces field 4 Select a template in the Templates field If the Templates field is empty complete the steps in Preparing Inbound Traffic Filter Templates 5 Inthe Filter Name field specify a name for the new filter It can be helpful to include the circuit name to differentiate the template from the filter For example specify Drop Telnet S42 as the name of a filter that drops inbound Telnet traffic on the synchronous circuit S42 6 Click on OK The Filters window opens 6 10 303543 A Rev 00 Applying Inbound Traffic Filters Figure 6 5 Create Filter Window Editing an Inbound Traffic Filter After you apply an inbound traffic filter to an interface you can edit its criterion ranges or action If you used a template that you edited
56. and Low called priority queues The router uses a dequeuing algorithm to empty the priority queues to transmit traffic Generally the router transmits higher priority traffic first Other configurable values in the protocol prioritization scheme also affect the transmission of traffic Two of these values are the maximum size of the queue queue depth and the line delay latency described in Tuning Protocol Prioritization later in this chapter Protocol prioritization is considered an outbound filter mechanism for these reasons e You use outbound traffic filters to specify how traffic is prioritized Priority queues affect the sequence in which data leaves an interface they do not affect traffic as it arrives at the router Outbound traffic filters include prioritizing actions for specifying priority queues See Prioritizing Actions in Chapter 4 The following sections describe how the router prioritizes traffic into queues and the options for dequeuing e Priority Queuing e The Dequeuing Process Priority Queuing With protocol prioritization enabled on an interface the router sends each packet leaving an interface to one of three priority queues High queue e Normal queue e Low queue The router automatically queues packets that do not match a priority filter to the Normal queue To send traffic to the other queues you create outbound traffic filters that include a prioritizing action These are called
57. ange range 5 Click on Add The Add Range window opens _ C sists of a single value type the value in the Minimum value field only Use the 3 Type a range in the Minimum value and prefix Ox to specify a hexadecimal number Maximum value fields then click on OK Zero is not a valid entry Modify a 1 Select the range to modify in the Filter Ranges are listed below the criterion in the range Information field Filter Information field Selected ranges 2 Click on Modify appear in the Range Min and Max fields at CES OR y the bottom of the Edit Priority Outbound 3 Type new values in the Range Min and Range Filters window Max fields Deletea 1 Select the range to delete in the Filter You must specify at least one range for range Information field each criterion 2 Click on Delete The Delete Range window opens 3 Click on Delete Add an 1 Choose Action Add action With the exception of the Log action each action filer has only one action Delete 1 Select an action in the Filter Information field You must specify at least one action in a anactor 2 Click on Delete The Delete Action window miter opens 3 Click on Delete Applythe 1 Click on OK The Priority Outbound Filters Be sure you have specified changes window opens Only one criterion 2 Click on Apply Only one action 1 100 ranges 303543 A Rev 00 7 17 Configuring Traffic Filters and Protocol Prioritization Enabling or Disabling an
58. are not based on a routing protocol as are inbound traffic filters When you configure outbound traffic filters you specify a set of conditions that apply to the following packet headers e Data link control DLC header P header To use outbound traffic filters you must select Protocol Priority as one of the configured protocols on an interface Protocol Priority is enabled by default on circuits configured with Frame Relay or PPP Otherwise you must enable Protocol Priority the first time you configure outbound traffic filters on an interface Chapter 4 provides information for designing outbound traffic filters Chapter 7 explains how to use the Configuration Manager to enable Protocol Priority and apply outbound traffic filters What Is Protocol Prioritization Protocol prioritization is an outbound traffic filter mechanism With Protocol Priority enabled on an interface the router sorts traffic into prioritized delivery queues High Normal and Low called priority queues Priority queues affect the sequence in which data leaves an interface they do not affect traffic as it arrives at the router You use outbound traffic filters to specify how traffic is sorted into priority queues By default all outbound traffic goes to the Normal queue See Chapter 2 to learn more about priority queuing and dequeuing 303543 A Rev 00 1 3 Configuring Traffic Filters and Protocol Prioritization Filtering Strategies This sec
59. ce Number field The selected filter s number is either one higher if you chose INSERT BEFORE or one lower if you chose INSERT AFTER than the number you specified 5 Click on OK The Filters window opens The filters appear in the new order of precedence Figure 6 10 303543 A Rev 00 6 19 Configuring Traffic Filters and Protocol Prioritization Precedence Hasbeor z Cancel Figure 6 9 Change Precedence Window Ee Fe lore 1 forugrdto541 8 bridge dropi bel 7 JT 43 bridge dron all Filter Enable t Filter Home Farmardtno Figure 6 10 Filters Window Showing New Order of Precedence 6 20 303543 A Rev 00 Chapter 7 Applying Outbound Traffic Filters This chapter describes how to use the Configuration Manager to configure outbound traffic filters Topic Page Displaying the Priority Outbound Filters Window 7 2 Preparing Outbound Traffic Filter Templates 7 4 Creating an Outbound Traffic Filter Tla Creating an Outbound Traffic Filter 7 14 Enabling or Disabling an Outbound Traffic Filter 18 Deleting an Outbound Traffic Filter I9 Specifying User Defined Criteria 7 20 Changing Outbound Traffic Filter Precedence 7 21 To complete the procedures in this chapter you must be familiar with outbound traffic filter criteria and actions See Chapter 4 for this information You implement protocol priori
60. ce and or Destination TCP Port Source and or Destination UDP or TCP Source Port UDP or TCP Destination Port Established TCP Protocols Protocol Type IPX Network Source or Destination Host Address Source or Destination Socket Source or Destination OSI OSI Area Source or Destination System ID Source or Destination continued 303543 A Rev 00 Using Traffic Filters Table 1 1 Predefined Inbound Traffic Filter Criteria continued Traffic Type Predefined Inbound Filter Criteria LLC2 MAC Address Source or Destination DSAP SSAP VINES Protocol Type VINES Address Source or Destination XNS Network Source or Destination Address Source or Destination Socket Source or Destination Table 1 2 summarizes the predefined outbound traffic filter criteria for data link and IP headers Note See Configuring DLSw Services for information about criteria for outbound traffic filters based on the DLSw header Table 1 2 Predefined Outbound Traffic Filter Criteria Header Traffic Type Predefined Outbound Filter Criteria IP header IP Type of Service Priority IP Address Source and or Destination UDP Port Source and or Destination TCP Port Source and or Destination Established TCP Protocol Type Native SRB SSAP Destination Address Source Address PPP Protocol ID Frame Relay 2 b
61. cedure You do this System responds 1 In the Configuration Manager window The Edit Connector window opens click on the circuit interface connector on which you want to configure protocol prioritization 2 Click on Edit Circuit The Circuit Definition window opens the circuit you selected is highlighted 3 Look for Protocol Priority in the Protocols If Protocol Priority appears in the Scroll box Protocols scroll box protocol prioritization is already enabled for this interface Site Manager automatically enables protocol prioritization for certain WAN protocols 4 f Protocol Priority does not appear in the The Select Protocols window opens Protocols scroll box choose Protocols gt Add Delete 5 Scroll down the list of protocols and select Protocol Priority 6 Click on OK The Circuit Definition window opens From the Circuit Definition window you can do the following e Edit configuration parameters as described in Editing Protocol Prioritization Parameters later in this chapter e Configure an outbound traffic filter with a priority queue action as described in Chapter 7 303543 A Rev 00 2 9 Configuring Traffic Filters and Protocol Prioritization Tuning Protocol Prioritization When you enable Protocol Priority on a circuit the router uses default values that help determine how priority filters work These defaults are designed to work well for mos
62. ch template contains a complete filter specification criterion range and action for one protocol but is not associated with a specific interface or circuit You create an actual traffic filter when you use the Configuration Manager to apply save a traffic filter template to a configured router interface You can apply a single template to as many interfaces as you want thus creating multiple filters for that protocol When you want to add a filter to an interface you have several options If there is a template that contains the exact filtering instructions you want for this interface apply that template to the interface If there is a template that contains filtering instructions similar to what you want copy rename and edit the template Then apply the new template to the appropriate interface If there is no template containing filtering instructions similar to what you want for this interface you must create a template from scratch Then apply the new template to the appropriate interface If there is an existing filter on the interface that contains instructions similar to what you want edit the existing filter and save it 303543 A Rev 00 Configuring Traffic Filters and Protocol Prioritization Summary of Traffic Filter Support Table 1 5 summarizes the inbound and outbound traffic filter criteria and actions supported on specific interfaces Table 1 5 Summary of Traffic Filter Support
63. cify This action also depends on the values of the Less Than or Equal Queue parameter and the Greater Than Queue parameter Specify a packet length value in bytes 1 3 6 1 4 1 18 3 5 1 4 4 1 7 303543 A Rev 00 A 7 Configuring Traffic Filters and Protocol Prioritization Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Less Than or Equal Queue Configuration Manager gt interface connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Priority Outbound Filters gt Create gt Create Priority Outbound Template gt Actions gt Length gt Prioritization Length NORMAL HIGH LOW NORMAL Specifies the queue in which a packet is placed if its length is less than or equal to the value of the Packet Length parameter For example if Packet Length is set to 1024 bytes any packet that is 1024 bytes or less is placed in the queue you specify Accept the default NORMAL or select LOW or HIGH 1 3 6 1 4 1 18 3 5 1 4 4 1 8 Greater Than Queue Configuration Manager gt interface connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Priority Outbound Filters gt Create gt Create Priority Outbound Template gt Actions gt Length gt Prioritization Length LOW HIGH LOW NORMAL Specifies the queue in which a packet is placed if its length is greater than the v
64. col TCP or UDP for example Predefined IP Criteria Table 3 6 lists the predefined criteria for IP inbound traffic filters and the reference field offset and length for each criterion Table 3 6 Predefined Criteria for IP Inbound Traffic Filters Criterion Name Reference Field Offset Length Type of Service HEADER_START 8 8 Protocol ID HEADER_START 72 8 IP Source Address HEADER_START 96 32 IP Destination Address HEADER_START 128 32 UDP or TCP Source Port HEADER_END 0 16 UDP or TCP Destination Port HEADER_END 16 16 Established TCP HEADER_END 107 3 Allows filtering on the ACK and RESET bits in the TCP header You do not specify a range for this criterion User Defined IP Criteria In addition to the predefined filter criteria you can create IP inbound traffic filters with user defined criteria by specifying an offset and length to these reference fields in the IP header Reference Field Description HEADER_START Points to the first byte of the Type of Service HEADER_END Points to the last byte of the IP Destination Address 303543 A Rev 00 3 9 Configuring Traffic Filters and Protocol Prioritization When specifying the user defined criterion length use 8 bits whenever possible IP inbound traffic filters with a length of 1 bit work only when aligned on a byte word boundary Lengths from 2 to 7 bits do not work IP Actions In addition to the Accept Dr
65. cuit name is E21 but you type e21 the filter will not be saved You can specify the Log action with any of the other actions However you should specify the Log action only to record abnormal events otherwise the Events log will fill up with filtering messages leaving no room for critical log messages 3 6 303543 A Rev 00 Inbound Traffic Filter Criteria and Actions DECnet Phase IV Criteria and Actions You can filter inbound DECnet Phase IV traffic based on specified bit patterns in the DECnet header Predefined DECnet Criteria Table 3 4 lists the predefined criteria for DECnet Phase IV inbound traffic filters and the reference field offset and length for each criterion Table 3 4 Predefined Criteria for DECnet Phase IV Inbound Traffic Filters Criterion Name Reference Field Offset Length Destination Area DEC4 BASE 0 6 Destination Node DEC4 BASE 6 10 Source Area DEC4 BASE 16 6 Source Node DEC4 BASE 22 10 User Defined DECnet Criteria In addition to the predefined DECnet Phase IV filter criteria you can create traffic filters with user defined criteria by specifying an offset and length to this reference field in the DECnet header Reference Field Description DECA4 BASE Points to the first byte in the header DECnet Actions The DECnet Phase IV filtering actions are Accept Drop and Log 303543 A Rev 00 3 7 Configuring Traffic Filters and P
66. d Traffic Filters To add predefined criteria ranges and actions or delete any criterion range or action Site Manager Procedure You do this System responds 1 Display the Priority Outbound Filters window Figure 7 2 2 Select a filter 3 Click on Edit The Edit Priority Outbound Filters window opens Figure 7 8 4 Add change or delete predefined criteria ranges and actions Table 7 2 5 Click on OK The Priority Outbound Filters window opens 303543 A Rev 00 7 15 Configuring Traffic Filters and Protocol Prioritization Figure 7 8 Edit Priority Outbound Filters Window 7 16 303543 A Rev 00 Applying Outbound Traffic Filters Table 7 2 Using the Edit Priority Outbound Filters Window Task Site Manager Procedure Notes Adda 1 Choose Criteria gt Add gt criterion The Add A filter can have only one criterion criterion Range window opens You must specify at least one range for the 2 Type a range in the Minimum value and WS Maximum value fields then click on OK Delete a 1 Select the criterion to delete in the Filter A filter must have a criterion Specify a criterion Information field new criterion after deleting one 2 Click on Delete The Delete Criteria window opens 3 Click on Delete Adda 1 Select the criterion in the Filter Information field You can add up to 100 ranges If the r
67. ddresses Address Type Address Format PPP MSB Bay Networks Standard Frame Relay Canonical Bay Networks Proprietary PPP Canonical Token ring MSB Ethernet Canonical For example to drop the address 0x123456789ABC specify the filter range in bit swapped format 0x482C6A1E593D The following sections provide information about specifying SRB source MAC addresses and functional MAC addresses SRB Source MAC Addresses Consider the following when specifying source MAC addresses for SRB traffic filters Set the MSB to 1 by adding the First Bit Set MAC Address 0x800000000000 to the source MAC address For example to filter token ring packets with the source MAC address of 0x400037450440 first add 0x800000000000 Then specify the result 0xC00037450440 as the criteria range If you use a sniffer to analyze packets for their source MAC address keep in mind that the routing information indicator RII is set to 1 if the routing information field RIF is present and is set to O if there is no RIF Bit 0 the 0x80 bit of byte 0 the leftmost byte is the RII bit which indicates the presence of the RIF bit For example a sniffer decodes LAA with the first byte of 40 as 0x400031740001 If the RIF bit is set the hexadecimal value of the packet is 0xC00031740001 5 2 303543 A Rev 00 Specifying Common Criterion Ranges SRB Functional MAC Addresses Functional MAC addresses are destination MAC addresses that
68. dienors DSAP SSAP DL_SR_START DL_SR_DATA_LINK 00 00 A2 8101 DSAP SSAP TF0008A Figure 4 3 Data Link Reference Points in an SRB Packet Bridged over Bay Networks Proprietary Frame Relay MAC DATA LINK MAC DA MAC SA LENGTH DSAP SSAP CONTROL TYPE TF0009A Figure 4 4 Data Link Reference Points in an IEEE 802 2 LLC Header 4 8 303543 A Rev 00 Outbound Traffic Filter Criteria and Actions IP Reference Points Table 4 4 defines the reference points in the IP header from which you can build user defined criterion Figure 4 5 shows an example of where those reference points are located in a packet Table 4 4 IP Reference Points Reference Point Definition HEADER_START Points to the first byte in the IP header HEADER_END Points to the first byte following the IP header IP_WAN_HEADER_START Points to the beginning of the header beginning of the packet for PPP and Frame Relay packets IP_WAN_HEADER_END Points to the first byte following the DLCI ina Frame Relay packet and the first byte following the protocol ID in a PPP packet IP SR START Points to the beginning of the SRB packet which is the high order byte of the destination address IP SR DATA LINK Points to the first byte following the RIF i WAN HEADER START IP START IP SR DATA LINK IP D HEADER END 7 TF0010A HEADER END HEADER START Figure 4 5 IP Reference Points in an IP Encapsulated SRB Packet Br
69. do this System responds 1 Display the Priority Outbound Filters window Figure 7 2 2 Select the filter to delete There is no confirmation of a filter deletion Make sure you select a filter you want to delete 3 Click on Delete The filter no longer appears in the Priority Outbound Filters window 4 Click on Apply 303543 A Rev 00 7 19 Configuring Traffic Filters and Protocol Prioritization Specifying User Defined Criteria The Edit Priority Outbound Filters window and Edit Priority Outbound Template window provide a User Defined criterion option The User Defined option allows you to set up a user defined criterion based on bit patterns in the packet s data link or IP header that are not supported in predefined criteria Adding user defined criteria is similar to adding predefined criteria except you must specify the criterion s location in the packet With predefined criteria the locations are established See Chapter 4 for the supported IP and data link header reference points you can use to specify user defined criteria for outbound traffic filters To add a user defined criterion Site Manager Procedure You do this System responds 1 Display the Edit Priority Outbound Template window Figure 7 6 or Edit Priority Outbound Filters window Figure 7 8 2 Choose Criteria gt User Defined The Add User Defined Field window opens Figure 7 9 3
70. e Filters window opens Be sure you have specified changes Only one criterion 2 Click on Apply Glick OF Appiy Only one action e 1 100 ranges 6 14 303543 A Rev 00 Applying Inbound Traffic Filters Enabling or Disabling an Inbound Traffic Filter There may be times when you want to turn off a filter temporarily Instead of deleting a filter from a circuit you can disable the filter and then reenable it later To disable or reenable an inbound traffic filter Site Manager Procedure You do this System responds 1 Display the Filters window Figure 6 1 See Displaying the Inbound Traffic Filters Window Select the filter to disable or enable The Filter Enable and Filter Name fields show the current status of the selected filter 3 Click on Values The Values Selection window opens 4 To disable the filter select Disabled To enable the filter select Enabled 5 Click on OK The Values Selection window closes The Filter Enable field in the Filters window indicates the change 6 Click on Apply The filter s action is now disabled or enabled 303543 A Rev 00 6 15 Configuring Traffic Filters and Protocol Prioritization Deleting an Inbound Traffic Filter Deleting an inbound traffic filter permanently removes the filter from the circuit but does not affect the template used to create the filter Note Instead of deleting a filter
71. e and destination addresses Inbound Traffic Filter Examples later in this appendix provides an example of allowing only a specified subset of Telnet TFTP and FTP users 303543 A Rev 00 B 1 Configuring Traffic Filters and Protocol Prioritization To create an inbound IP traffic filter that prevents access to a network through TCP and UDP ports Site Manager Procedure You do this System responds 1 In the Site Manager main window choose Tools gt Configuration Manager gt Remote Dynamic Local config file The Configuration Manager window opens 2 Click on the connector for the configured The Edit Connector window opens IP circuit for example COM2 3 Click on Edit Circuit The Circuit Definition window opens the circuit you selected is highlighted 4 Choose Protocols gt Edit IP gt Traffic The IP Filters window opens Filters 5 Click on Template The Filter Template Management window opens 6 Click on Create The Create IP Filter Template window opens 7 Specify a descriptive name in the Filter Name field for example accepted 8 Choose Criteria gt Add gt TCP or UDP The Add Range window opens Frame gt TCP or UDP Source Port 9 Type O in the Minimum value field and The Add Range window closes The 9999 in the Maximum value field then criterion and range now appear in the click on OK Filter Information field
72. e new criterion and ranges now appear in the Filter Information field of the Create Filter Template window 10 Choose Action Add action See Table B 1 or Table B 2 for specific examples The action appears in the Filter Information field 11 Click on OK The Filter Template Management window opens The new template appears in the templates list 12 Click on Done The Filters window opens 13 Click on Create The Create Filter window opens 14 Specify a descriptive name in the Filter Name field 15 Select a template in the Templates field 16 Select a circuit in the Interfaces field 17 Click on OK The Filters window opens 18 Click on Apply The filter is applied to the circuit Chapter 6 provides detailed procedures for creating inbound traffic filters and traffic filter templates B 4 303543 A Rev 00 Examples and Implementation Notes Table B 1 lists sample predefined criteria ranges and actions for some common filtering goals Table B 1 Predefined Criteria Ranges and Actions for Sample Inbound Traffic Filters Filtering Goal Criteria Path Ranges Action Path Notes Configure a Criteria gt Add gt IP Client IP source Action gt Add gt This strategy works only if the subset of Source Address addresses Accept destination IP address is one allowed Telnet of the router s interfaces and if TFTP and FTP Use the
73. ecified 6 Click on OK The Priority Outbound Filters window opens The filters now appear in the new order of precedence Figure 7 12 7 22 303543 A Rev 00 Applying Outbound Traffic Filters Prcomoncco Himba Figure 7 11 Change Precedence Window mai Loo St 00 A3 a Lt The hid SR od nSAr Papa Ly Template Lra e Edit Reordor Filter Enable Filter Home Figure 7 12 Priority Outbound Filters Window Showing New Order of Precedence 303543 A Rev 00 7 23 Appendix A Site Manager Protocol Prioritization Parameters This appendix contains reference information for the Site Manager protocol prioritization parameters Topic Page Priority Interface Parameter Descriptions A 2 Prioritization Length Parameters A 7 For each parameter this appendix provides the following information Parameter name Configuration Manager menu path Default setting Valid parameter options Parameter function Instructions for setting the parameter MIB object ID 303543 A Rev 00 A 1 Configuring Traffic Filters and Protocol Prioritization Priority Interface Parameter Descriptions Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Use the following descriptions as guidelines when you edit parameters in the Edit Protocol
74. eeeeeeeee 179 Mbo und maie Fiter AGIS cussesidizcqdtu vac eee rac tat vede RR be ad IE 1 12 Outbound Traffic Filter Actions cccccccccsscccceeessssecceceesseeeeeeesseeaeeeeeees 1 12 Summary of Traffic Filter Support c cc iisscncoeiassinceoesssantnorsvenscnersdassenseranaaas 1 04 Transparent Bridge Encapsulation Support eeeeeessss 3 3 Predefined Criteria for Transparent Bridge Inbound Traffic Filters 3 3 Predefined Criteria for SRB Inbound Traffic Filters 3 5 Predefined Criteria for DECnet Phase IV Inbound Traffic Filters 3 7 Predefined Criteria for DLSw Inbound Traffic Filters 9 8 Predefined Criteria for IP Inbound Traffic Filters sssesee 3 9 Predefined Criteria for IPX Inbound Traffic Filters ssese 3 11 Predefined Criteria for LLC2 Inbound Traffic Filters 9 12 Predefined Criteria for OSI Inbound Traffic Filters ssee 3 13 Predefined Criteria for VINES Inbound Traffic Filters 3 14 Predefined Criteria for XNS Inbound Traffic Filters ssss 3 15 Predefined Data Link Criteria for Outbound Traffic Filters 4 2 Predefined IP Criteria for Outbound Traffic Filters 4 5 Data Link Reference POS iussis cuis vost
75. er precedence Accept filters create exceptions or holes in the drop all range Since the highest precedence filter in a given address range determines the result of combined filtering within that range the router will process packets that match the Accept filters However the Drop all filter ensures that the router rejects all other traffic For example to configure a circuit that only accepts IP traffic addressed for destination address 192 32 28 55 apply a Drop all filter and one Accept filter as follows Filter Action Rule Number Start of Range End of Range Accept 1 highest precedence 192 32 28 55 192 32 28 55 Drop 2 lower precedence 0 0 0 0 0 255 255 255 255 See Changing Filter Precedence in Chapter 6 inbound traffic filters or Chapter 7 outbound traffic filters for information about using the Configuration Manager to change filter precedence after filters have been applied to an interface 303543 A Rev 00 Examples and Implementation Notes Using Outbound Traffic Filters for LAN Protocols In certain configurations implementing outbound traffic filters for LAN protocols may cause a decline in throughput performance For LAN circuits where the forwarding rate of the router is critical Bay Networks recommends that you monitor the throughput performance after configuring outbound LAN traffic filters If you notice an unacceptable decline in performance use inbound traffic filters t
76. erence field in the IPX header Reference Field Description IPX BASE Points to the first byte in the IPX header IPX Actions The IPX filtering actions are Accept Drop and Log LLC2 Criteria and Actions You can filter inbound LLC2 traffic based on specified bit patterns in the LLC2 header Adding an IBM protocol to a circuit automatically adds LLC2 LLC2 traffic filters apply to LLC2 routed over Frame Relay also known as native SNA over Frame Relay and to any protocol running over LLC2 including Advanced Peer to Peer Networking APPN and LAN Network Manager LNM Predefined LLC2 Criteria Table 3 8 lists the predefined criteria for LLC2 inbound traffic filters and the reference field offset and length for each criterion Table 3 8 Predefined Criteria for LLC2 Inbound Traffic Filters Criterion Name Reference Field Offset Length Destination MAC Address LLC2_DEST_MAC 0 48 Source MAC Address LLC2 SOURCE MAC 48 48 DSAP LLC2 DSAP 0 8 SSAP LLC2 SSAP 8 8 3 12 303543 A Rev 00 Inbound Traffic Filter Criteria and Actions User Defined LLC2 Criteria In addition to the predefined LLC2 criteria you can create traffic filters with user defined criteria by specifying an offset and length to these reference fields in the LLC2 header Reference Field Description LLC2_DEST_MAC Points to the first byte of the Destination MAC Address LLC2 DSAP Points
77. eria Ranges and Actions for Protocol Prioritization continued Filtering Goal Criteria Path Ranges Action Path Notes Place RIP traffic Criteria gt Add gt IP gt IP gt 520 Action gt IP gt Add gt See Table 5 7 in in the Low queue UDP Destination Port Low Queue Chapter 5 for a list of common UDP port codes Place OSPF Criteria gt Add gt IP gt IP gt 89 Action gt IP gt Add gt See Table 5 9 in traffic in the High Protocol Type High Queue Chapter 5 for a list of queue common IP Protocol and Type codes Place OSPF Criteria gt Add gt IP gt IP gt OxEO Action gt IP gt Add gt BGP traffic in the Type of Service High Queue High queue Place Spanning Tree Protocol STP traffic in the High queue Criteria gt Add gt Datalink gt Source Routing gt DSAP SSAP Control 0x42 DSAP or SSAP 0x03 Control code Action Datalink Add High Queue See Table 5 3 in Chapter 5 for a list of SAP codes large packet data traffic by placing smaller packets in the Low queue Place Criteria gt Add gt Datalink Ox80FF Action gt Datalink gt synchronous gt 802 2 SNAP Ethernet Add gt High Queue pass through traffic in the High queue Prioritize FTP Criteria gt Add gt IP gt Client IP Action gt IP gt Add gt In the Prioritization Telnet and other Source Address addresses Length Length window specify Packet Length 500 bytes Less
78. essages leaving no room for critical log messages Table 1 3 lists additional protocol specific actions for inbound traffic filters See Chapter 3 for more information Table 1 3 Inbound Traffic Filter Actions Protocol Inbound Traffic Filters All protocols Drop Accept Log Transparent bridge Flood Forward to Circuit List Native SRB Direct IP Explorers Forward to Circuits DLSw Forward to Peer IP Forward to Next Hop Drop If Next Hop Is Unreachable Forward to IP Address Forward to Next Hop Interface Forward to First Up Next Hop Interface Detailed Logging Table 1 4 lists the actions for outbound traffic filters See Chapter 4 for more information Table 1 4 Outbound Traffic Filter Actions Filtering Actions Prioritizing Actions Dial Service Actions Drop High Queue No Call Accept Low Queue No Reset Log Length Detailed Log Outbound traffic filters with a prioritizing action are sometimes called priority filters 1 12 303543 A Rev 00 Using Traffic Filters Except for the log actions inbound and outbound traffic filter actions are mutually exclusive you can only apply one action to each filter Using Filter Templates When you create traffic filters it is important to understand the difference between a traffic filter template and an actual traffic filter A traffic filter template is a reusable predefined specification for a traffic filter Ea
79. eting actions inbound traffic filter 6 9 6 14 outbound traffic filter 7 12 7 17 deleting criteria inbound traffic filter 6 9 6 14 outbound traffic filter 7 12 7 17 deleting ranges inbound traffic filter 6 9 6 14 outbound traffic filter 7 12 7 17 dequeuing algorithms bandwidth allocation 2 3 strict dequeuing 2 7 Detailed Log action outbound traffic filters 4 10 Detailed Logging action inbound IP traffic filters 3 11 dial backup line filters on B 11 Direct IP Explorers action 3 6 disabling inbound traffic filters 6 15 outbound traffic filters 7 18 Discard Eligible Bit Low parameter A 6 Discard Eligible Bit Normal parameter A 7 303543 A Rev 00 DLSw actions 3 8 criteria 3 8 example B 9 inbound traffic filters 6 2 outbound traffic filters 2 1 prioritization 2 1 Drop If Next Hop Is Unreachable action 3 10 Drop all filters 1 5 B 12 dropping traffic 1 4 B 12 E editing inbound traffic filters 6 11 outbound traffic filters 7 14 educational services xix enabling inbound traffic filters 6 15 outbound traffic filters 7 18 Ethernet Type ranges Frame Relay traffic 5 4 5 7 IPX over Frame Relay traffic 5 9 Events log Detailed Log action outbound traffic filters 4 10 Detailed Logging action inbound IP traffic filters 3 11 Log action 1 11 4 10 examples DLSw B 9 FTP B 10 ICMP B 9 LAT B 9 NetBIOS Names B 6 OSPF B 10 protocol prioritization B 7 RIP B 10 SNA
80. ev 00 Inbound Traffic Filter Criteria and Actions Table 3 1 Transparent Bridge Encapsulation Support Encapsulation Method Router Interface Ethernet 802 2 LLC LLC with SNAP Novell Ethernet 802 3 XCVR Yes Yes Yes Yes FDDI FDDI No Yes Yes No Token ring TOKEN No Yes Yes No Synchronous COM Yes Yes Yes Yes Predefined Transparent Bridge Criteria Each transparent bridge encapsulation method has specific predefined criteria for filtering frames These predefined criteria are based on an offset to a header reference field Figure 3 1 and are a specified length Table 3 2 lists the predefined criteria for each encapsulation method and the reference field offset and length for each criterion Table 3 2 Predefined Criteria for Transparent Bridge Inbound Traffic Filters Encapsulation Reference Offset Length Method Criterion Name Field bits bits All MAC Source Address MAC 0 48 MAC Destination Address MAC 48 48 Ethernet Ethernet Type MAC 96 16 802 2 LLC Length MAC 96 16 Ethernet 802 3 and PPP only SSAP DATA_LINK 0 8 DSAP DATA_LINK 8 8 Control DATA_LINK 16 8 802 2 LLC with Length MAC 96 16 PNA Organization Code Protocol ID DATA_LINK 24 24 Ethernet Type DATA_LINK 48 16 Novell Novell MAC 112 16 303543 A Rev 00 Configuring Traffic Filters and Protocol Prioritization User Defined Transparent Bridge Cri
81. g the High Queue Normal Queue and Low Queue Percent Bandwidth parameters Accept the default of BANDWIDTH ALLOCATION or select STRICT 1 3 6 1 4 1 18 3 5 1 4 1 1 24 A 4 303543 A Rev 00 Site Manager Protocol Prioritization Parameters Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID High Queue Percent Bandwidth Configuration Manager gt interface connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 70 percent 0 to 100 percent If you select the bandwidth allocation dequeuing algorithm this parameter specifies the percentage of the synchronous line s bandwidth allocated to traffic that has been sent to the High queue When you set this parameter to a value less than 100 each time the percentage of bandwidth used by high priority traffic reaches this limit the router transmits traffic in the Normal and Low queues up to the configured percentages for those priority queues Specify the percentage of the line s bandwidth allocated to high priority traffic The High Queue Normal Queue and Low Queue Percent Bandwidth values must total 100 1 3 6 1 4 1 18 3 5 1 4 1 1 25 Normal Queue Percent Bandwidth Configuration Manager gt interface connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 20 percent 0 to 100 percent If you select t
82. h the same criteria and actions You can then modify the new template to suit your needs e Edit an existing template If you do not need to preserve the original template you can edit it without first copying and renaming it Changing a template does not affect interfaces to which the template has already been applied Note You can also edit or copy a template using a text editor The Configuration Manager stores all templates in the file template flt Copying a Template To duplicate an existing template Site Manager Procedure You do this System responds 1 Display the Filters window Figure 6 1 See Displaying the Inbound Traffic Filters Window 2 Click on Template The Filter Template Management window opens Figure 6 2 3 Select a template 4 Click on Copy The Copy Filter Template window opens 5 Specify a name for the new template Be sure to use a name that reflects its contents 6 Click on OK The Filter Template Management window opens The new template appears in the templates list 6 6 303543 A Rev 00 Applying Inbound Traffic Filters Editing a Template After you create or copy a template edit it as follows Site Manager Procedure You do this System responds 1 Select a template in the Filter Template Management window 2 Click on Edit The Edit Template window for the protocol opens Figu
83. h Parameters cessisse mee buc con abaci Le ap ErE GU RR PIE LI RM aed A a Paesi ode A 7 Appendix B Examples and Implementation Notes Traffic Filter Example for Basic IP Network Security eeeseeeeeeeeee B 1 Inbound Tranie Filter EXRITIDIBE sicat erba ren d RC e Pra a E epe E rg wa PR B 3 Protocol Priontization Exaile uc inna acst nci scok cock sax beast Re RP EUREN SED LE nner B 7 Creating an Outbound Trafic FIGE 1 cinese tue dob Enea eoe pesci pee ca s bue dta B 7 iine MUT E pis DD B 11 Filtering Outbound Frame Relay Traffic sewsscssuscocsisisnnecssspanseneisbiunersssonatenestaooeewtaanie B 11 Filtering over a Dial Backup LING uuu oett rtt trece nep repair ener B 11 Using a Drop All Filter as a Firewall ssssseseeeeeeeenn B 12 Using Outbound Traffic Filters for LAN Protocols cecccceeeseeceeeeeeeeeeeeeeeseeeees B 13 Index 303543 A Rev 00 Figure 2 1 Figure 2 2 Figure 2 3 Figure 2 4 Figure 2 5 Figure 3 1 Figure 4 1 Figure 4 2 Figure 4 3 Figure 4 4 Figure 4 5 Figure 6 1 Figure 6 2 Figure 6 3 Figure 6 4 Figure 6 5 Figure 6 6 Figure 6 7 Figure 6 8 Figure 6 9 Figure 6 10 Figure 7 1 Figure 7 2 Figure 7 3 Figure 7 4 Figure 7 5 303543 A Rev 00 Figures Protocol Prigritization DeguSuing sisremare 2 3 Bandwidth Allocation AlgorttFim ciicecsiieesscicnenssicincencsidinmensderiunnecsdicns 2 6 riot Dequeuing JOD asssscseduspetieeisds
84. h the template has already been applied Creating a Template To create an outbound traffic filter template Site Manager Procedure You do this System responds 1 Display the Priority Outbound Filters window Figure 7 1 2 Click on Template The Filter Template Management window opens Figure 7 3 3 Click on Create The Create Priority Outbound Template window opens Figure 7 4 4 Specify a descriptive name for the template in the Filter Name field For example use the name Bridge01to03 for a template that contains information to filter bridge frames from the MAC source addresses 0x0000A2000001 to 0x0000A2000003 continued 303543 A Rev 00 Applying Outbound Traffic Filters Site Manager Procedure continued You do this System responds 5 Choose Criteria gt Add gt Datalink IP gt criterion To configure filters for IP routed packets always choose IP instead of Datalink See Chapter 4 for information about the outbound traffic filter criteria for IP and data link headers The Add Range window opens 6 Specify the range to apply to the selected criterion To enter a hexadecimal number use the prefix Ox Zero is not a valid entry If the range consists of just one value specify that value in both fields See Chapter 5 for information about common traffic filter ranges 7 Click on OK The Create Priority Outbound Template
85. he bandwidth allocation dequeuing algorithm this parameter specifies the percentage of the synchronous line s bandwidth allocated to normal priority traffic Specify the percentage of the line s bandwidth allocated to normal priority traffic The High Queue Normal Queue and Low Queue values must total 100 1 3 6 1 4 1 18 3 5 1 4 1 1 26 303543 A Rev 00 A 5 Configuring Traffic Filters and Protocol Prioritization Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Low Queue Percent Bandwidth Configuration Manager gt interface connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 10 percent 0 to 100 percent If you select the bandwidth allocation dequeuing algorithm this parameter specifies the percentage of the synchronous line s bandwidth allocated to low priority traffic Specify the percentage of the line s bandwidth allocated to low priority traffic The High Queue Normal Queue and Low Queue Percent Bandwidth values must total 100 1 3 6 1 4 1 18 3 5 1 4 1 1 26 Discard Eligible Bit Low Configuration Manager gt interface connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface ENABLE ENABLE DISABLE Sets the Frame Relay discard eligible DE bit for packets sent to the Low queue Select DISABLE if you do not want to set the
86. he same packet filter 1 has precedence and the interface accepts the packet Figure 7 10 shows how the Priority Outbound Filters window displays the filters on an interface The first filter listed has the highest precedence You should create the filters on an interface in order of precedence However if you do not or if your filtering strategy changes you can use the Priority Outbound Filters window to rearrange the precedence of existing filters 303543 A Rev 00 7 21 Configuring Traffic Filters and Protocol Prioritization Ds Lo 5R Dalee Falter Enable Filter Hom Figure 7 10 Precedence Feely Template Crake Edit Priority Outbound Filters Window Showing Filter To change the order of precedence for outbound traffic filters Site Manager Procedure You do this System responds 1 Display the Priority Outbound Filters window Figure 7 2 2 Select the filter whose precedence you want to change 3 Click on Reorder The Change Precedence window opens Figure 7 11 4 Click on INSERT BEFORE or INSERT AFTER 5 Type a filter rule number in the Precedence Number field For example in Figure 7 10 to place the selected filter 1 after filter 2 click on INSERT BEFORE and type 2 in the Precedence Number field The selected filters number is either one higher if you chose INSERT BEFORE or one lower if you chose INSERT AFTER than the number you sp
87. he value in leon pe Add Mange window opens the Minimum value field only Use the 3 Type a range in the Minimum value and prefix 0x to specify a hexadecimal number Maximum value fields then click on OK Zero is not a valid entry Modify a 1 Select the range to modify in the Filter Ranges are listed below the criterion in the range Information field Filter Information field Selected ranges 2 Click on Modify appear in the Range Min and Range Max epN y fields at the bottom of the Edit Template 3 Type new values in the Range Min and Range window Max fields Deletea 1 Select the range to delete in the Filter You must specify at least one range for range Information field each criterion 2 Click on Delete The Delete Range window opens 3 Click on Delete Add an 1 Choose Action gt Add gt action With the exception of the Log action each action template has only one action Delete 1 Select an action in the Filter Information field You must specify at least one action in a anactor 2 Click on Delete The Delete Action window template opens 3 Click on Delete Save the 1 Click on OK The Filter Template Management Be sure you have specified template window opens Only one criterion Only one action e 1 100 ranges 303543 A Rev 00 6 9 Configuring Traffic Filters and Protocol Prioritization Creating an Inbound Traffic Filter You create an inbound traffic filter by applying a filter template to
88. higher precedence If a packet matches two filters the filter with the highest precedence lowest number applies For example if the first filter on the interface 1 accepts a packet and the second filter 2 drops the same packet filter 1 has precedence and the interface accepts the packet Figure 6 8 shows how the Filters window displays the filters on an interface The first filter listed has the highest precedence You should create filters on an interface in order of precedence However if you do not or if your filtering strategy changes you can use the Filters window to rearrange the precedence of existing filters 6 18 303543 A Rev 00 Applying Inbound Traffic Filters 41 bridge droplltons a2 bridge dreg_al Falter Enable Dor Figg lig Teaplate Ina lr PET Edit Filter Haec Forerio Figure 6 8 Filters Window Showing Filter Precedence To change the order of precedence for inbound traffic filters Site Manager Procedure You do this System responds 1 Display the Filters window Figure 6 1 2 Select the filter whose precedence you want to change 3 Click on Reorder The Change Precedence window opens Figure 6 9 4 Click on INSERT BEFORE or INSERT AFTER then type a filter rule number in the Precedence Number field For example in Figure 6 8 to place the selected filter 3 before filter 1 click on INSERT BEFORE and type 1 in the Preceden
89. ick on OK The Values Selection window closes The Prioritization Length window now displays the new value 10 Click on OK The Create Priority Outbound Template window opens showing the newly selected criterion range and action in the Filter Information field Figure 7 4 11 Click on OK The Filter Template Management window opens Figure 7 3 303543 A Rev 00 Applying Outbound Traffic Filters Customizing Templates There are two ways to customize a filter template e Copy an existing template rename it and then edit it This preserves the original template and creates an entirely new template with the same criteria and actions You can then modify the new template to suit your needs e Edit an existing template If you do not need to preserve the original template you can edit it without first copying and renaming it Changing a template does not affect interfaces to which the template has already been applied Note You can also edit or copy a template using a text editor The Configuration Manager stores all templates in the file template flt Copying a Template To duplicate an existing template Site Manager Procedure You do this System responds 1 Display the Priority Outbound Filters window Figure 7 2 2 Click on Template The Filter Template Management window opens Figure 7 3 3 Select a template 4 Click on Copy
90. idged over PPP 303543 A Rev 00 4 9 Configuring Traffic Filters and Protocol Prioritization Selecting Actions For outbound traffic filters you can specify different types of actions Filtering Actions Prioritizing Actions Dial Service Actions Filtering Actions You can apply the following actions to an outbound traffic filter Accept The router processes any packet that matches the filter criteria and ranges Drop The router does not route any packet that matches the filter criteria and ranges Log For every packet that matches the filter criteria and ranges the router sends an entry to the system Events log You can specify the Log action in combination with other actions Detailed Log For every packet that matches the filter criteria and ranges the router adds a more detailed entry to the system Events log containing IP header information Note Specify the Log actions to record abnormal events only otherwise the Events log will fill up with filtering messages leaving no room for critical log messages 4 10 303543 A Rev 00 Outbound Traffic Filter Criteria and Actions Prioritizing Actions You can apply the following actions to outbound traffic filters for WAN protocols High Directs packets that match the filter criteria and ranges to the High queue Low Directs packets that match the filter criteria and ranges to the Low queue e Length Uses the length of packet
91. ific you use it the same way for all protocols Figure 6 1 shows the Bridge Filters window 303543 A Rev 00 Applying Inbound Traffic Filters A ane z 4 40 iy Filter Enable Filter Haec Figure 6 1 Inbound Traffic Filters Window Preparing Inbound Traffic Filter Templates To add an inbound traffic filter to a router interface you apply a protocol specific traffic filter template to the circuit However you do not always need to create a template often you can begin with an existing template This section describes how to prepare an inbound traffic filter template by e Creating a Template e Customizing Templates See Creating an Inbound Traffic Filter later in this chapter to learn how to create the filter by applying saving a filter template to an interface 303543 A Rev 00 6 3 Configuring Traffic Filters and Protocol Prioritization Creating a Template To create an inbound traffic filter template Site Manager Procedure You do this System responds 1 Display the Filters window Figure 6 1 See Displaying the Inbound Traffic Filters Window 2 Click on Template The Filter Template Management window opens Figure 6 2 3 Click on Create The Create Template window for the protocol opens Figure 6 3 4 Specify a name for the new template in the Filter Name field Use a descriptive name For example the name Drop Telnet suggests the crite
92. ifying PPP Protocol ID Ranges Table 5 5 lists some common PPP protocol ID values See RFC 1700 for a complete list You use these values to specify ranges for Protocol ID criteria in an outbound traffic filter Table 5 5 PPP Protocol IDs Protocol ID 0x Description 0021 IP 0023 OSI 0033 Stream Protocol ST2 Use this value only to specify ranges for the criterion selected by choosing Criteria gt Add gt IP gt PPP gt Protocol ID on the Create Priority Outbound Template window Do not use a data link criterion to specify IP traffic 303543 A Rev 00 5 5 Configuring Traffic Filters and Protocol Prioritization Specifying TCP and UDP Port Ranges Table 5 6 lists some common TCP port values to use when specifying TCP source or destination port ranges in inbound or outbound IP traffic filters Table 5 6 Source and Destination TCP Ports Description TCP Port FTP 20 21 Telnet 23 SMTP 25 DNS 53 Gopher 70 World Wide Web http 80 to 84 DLSw Read Port 2065 DLSw Write Port 2067 Table 5 7 lists some common UDP port values to use when specifying UDP source or destination port ranges in inbound or outbound IP traffic filters Table 5 7 Source and Destination UDP Ports Description UDP Port DNS 53 TFTP 69 SNMP 161 SNMPTRAP 162 5 6 303543 A Rev 00 Specifying Common Criterion Ranges Specifying Ether
93. interface connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 20 200 for Frame Relay Any integer value Specifies the maximum number of packets in the Normal queue at any one time regardless of packet size Accept the default or specify a new value For Frame Relay interfaces a value less than 200 might cause a broadcast message to be dropped clipped 1 3 6 1 4 1 18 3 5 1 4 1 1 5 Low Queue Size Configuration Manager gt interface connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 20 Any integer value Specifies the maximum number of packets in the Low queue at any one time regardless of packet size Accept the default or specify a new value 1 3 6 1 4 1 18 3 5 1 4 1 1 6 Max High Queue Latency Configuration Manager gt interface connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 250 milliseconds ms 100 to 5000 ms Specifies the greatest delay that a high priority packet can experience and consequently how many normal priority or low priority bits can be in the transmit queue at any one time Accept the default or specify anew value Bay Networks recommends accepting the default value of 250 ms 1 3 6 1 4 1 18 3 5 1 4 1 1 8 303543 A Rev 00 A 3 Configuring Traffic Filters and Protocol Prioritization Parameter Path Default Options Function Instructions MIB Object ID Parame
94. ion and provides procedures for setting configuration parameters Creating an Outbound Traffic Filter To create an outbound traffic filter Site Manager Procedure You do this System responds 1 In the Configuration Manager window choose Circuits gt Edit Circuits The Circuit List window opens Select a circuit Click on Edit The Circuit Definition window opens the circuit you selected is highlighted Choose Protocols gt Edit Protocol Priority gt Priority Outbound Filters The Priority Outbound Filters window opens Click on Template The Filter Template Management window opens Click on Create The Create Priority Outbound Template window opens Specify a descriptive name in the Filter Name field Choose Criteria gt Add gt Datalink IP gt criterion See Table B 3 for specific examples The Add Range window opens If you chose the User Defined criterion the Add User Defined Field window opens first continued 303543 A Rev 00 B 7 Configuring Traffic Filters and Protocol Prioritization Site Manager Procedure continued You do this System responds 9 Type a minimum and maximum value to specify the range then click on OK See Table B 3 for specific examples To specify additional ranges choose Range gt Add The Add Range window closes The new criterion and ranges now appear in the Filte
95. iteria for Outbound Traffic Filters continued Packet Component Predefined Criteria SRB DSAP SSAP PPP Protocol ID Frame Relay 2 byte DLCI 3 byte DLCI 4 byte DLCI NLPID Ethernet Type Ethertype Figure 4 1 shows the Configuration Manager menu path for specifying these criteria See Chapter 7 for detailed instructions on creating outbound filters 303543 A Rev 00 4 3 Configuring Traffic Filters and Protocol Prioritization Figure 4 1 Predefined Data Link Criteria for Outbound Traffic Filters 4 4 303543 A Rev 00 Outbound Traffic Filter Criteria and Actions Predefined IP Criteria You configure outbound traffic filters for routing protocols based on the predefined criteria listed in Table 4 2 Table 4 2 Predefined IP Criteria for Outbound Traffic Filters Packet Type or Component Predefined Criteria Protocol IP header Type of Service IP Source Address IP Destination Address Both Source Address and Destination Address UDP Source Port UDP Destination Port TCP Source Port TCP Destination Port TCP or UDP Source Port TCP or UDP Destination Port Established TCP Port SSAP DSAP SRB MAC Destination Address MAC Source Address PPP Protocol ID NLPID Frame Relay 2 byte DLCI 3 byte DLCI 4 byte DLCI You can assign as many as 31 outbound traffic filters with IP criteria to an interface Figure 4 2 shows the Configuration Manager menu path for
96. itiates connections for data transmission This reduction in update only traffic called dial optimized routing prevents unnecessary connections and reduces line costs See Configuring Dial Services for information about dial services such as dial on demand and dial optimized routing 4 12 303543 A Rev 00 Chapter 5 Specifying Common Criterion Ranges For every inbound or outbound traffic filter criterion you must specify a valid range a series of target values appropriate for the criterion For many criteria you specify an address range This chapter explains how to specify common address ranges and lists valid ranges Topic Page Specifying MAC Address Ranges 5 2 Specifying VINES Address Ranges 5 3 Specifying Source and Destination SAP Code Ranges 5 4 Specifying Frame Relay NLPID Ranges 5 5 Specifying PPP Protocol ID Ranges 5 5 Specifying TCP and UDP Port Ranges 5 6 Specifying Ethernet Type Ranges 5 7 Specifying IP Protocol ID and Type of Service Ranges 5 10 303543 A Rev 00 5 1 Configuring Traffic Filters and Protocol Prioritization Specifying MAC Address Ranges When you create a traffic filter that includes a Source or Destination MAC Address criterion you specify the MAC address range in either canonical format or most significant bit MSB format Table 5 1 lists the MAC address formats Table 5 1 Format for Specifying MAC A
97. itization Length Window To set the prioritization length parameters Site Manager Procedure You do this System responds 1 Inthe Prioritization Length window specify a byte value between 0 and 4608 in the Packet Length field Click on Help for information or refer to the description on page A 7 in Appendix A 2 Select the Less Than or Equal Queue field then click on Help for information or refer to the description on page A 8 in Appendix A 3 Click on Values The Values Selection window opens continued 303543 A Rev 00 7 7 Configuring Traffic Filters and Protocol Prioritization Site Manager Procedure continued You do this System responds 4 Select High Low or Normal as the queue in which a packet is placed if the length is less than or equal to the value of Packet Length For example if Packet Length is set to 1024 bytes any packet that is 1024 bytes or less is placed in the queue you selected 5 Click on OK The Values Selection window closes The Prioritization Length window now displays the new value 6 Select the Greater Than Queue field then click on Help for information or refer to the description on page A 8 in Appendix A 7 Click on Values The Values Selection window opens 8 Select High Low or Normal as the queue in which a packet is placed if the length is greater than the value of Packet Length 9 Cl
98. ived from such portions of the software without specific prior written permission SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE In addition the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure that may incorporate by reference certain limitations and notices imposed by third parties ii 303543 A Rev 00 Bay Networks Inc Software License Agreement NOTICE Please carefully read this license agreement before copying or using the accompanying software or installing the hardware unit with pre enabled software each of which is referred to as Software in this Agreement BY COPYING OR USING THE SOFTWARE YOU ACCEPT ALL OF THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT THE TERMS EXPRESSED IN THIS AGREEMENT ARE THE ONLY TERMS UNDER WHICH BAY NETWORKS WILL PERMIT YOU TO USE THE SOFTWARE If you do not accept these terms and conditions return the product unused and in the original shipping container within 30 days of purchase to obtain a credit for the full purchase price 1 License Grant Bay Networks Inc Bay Networks grants the end user of the Software Licensee a personal nonexclusive nontransferable license a to use the Software either on a single computer o
99. l E Eo 0o o OS m 3 13 LECE eU MEER EE 3 13 QSi Grena and POTIONS T E ETE Predefined OSI CIBUS oeerooitidqeiin kepettlas p a a DX EDU E REOR ERR PORE PE a DU 3 13 HECTORE UELUT T T T TM 3 14 Wo rere e NET 3 14 VINES Criteria and ACHONG uerit o UR n I EO ERR DRM rU ER Rar d Dr a Rs 3 14 Predefined VINES Cente cuucudcsictaok misai aaa T M E User Delmed VINES CHI sesinin d n trs et pU ae EENE 3 15 EADEM NT RS UNES 3 15 ANS Grterna and JO 2 laptoeetdsq eo beeiddpbokeciu d ener Qo p Ee ta 249N aa t La Piedenned ANS CEDE e rti ir p E n CO UE R l waren tess eee 3 15 User Defined ANG Criteria rece eee enn nanninannan nnna kac XR kac MA 3 16 Pa eI NOTTE TO TREES 3 16 Chapter 4 Outbound Traffic Filter Criteria and Actions Selecting Predefined Criteria Losses peut rei REP DEN Ene IA IURE pex cU NIA MR Ep a LUda pre dua NUR AA Predefined Data Dk CMETIA uccisi pon cp d x ERR UE GR E Rer tud e Rev RR 4 2 Fiecetnas IP OPENS aia e duh hobs dde oes aden URBE ERR a aun eee ih KR RE 4 5 Specifying Criteria Common to IP and Data Link Headers sssss 4 6 Selecting User Defined Criteria usse e ania a t e adu due ee LO KL PR D 4 7 Data Link Reference POWIES accicccccssatraucensnaieamcosssansacdiesdaa EK raseligeomaagpandondeddaenresinaudies 4 7 TP Reference zs came e beebiedsarecudddanie e a huadgeane te 4 9 303543 A Rev 00 vii c coupler E 4 10 Gud cs D ETT a aa D T 4 10 Poort ACIOS c
100. ll packets from the Low queue up to the latency value into the transmit queue and then transmits the packets The algorithm returns to step 1 whether or not the latency value is reached 303543 A Rev 00 2 7 Configuring Traffic Filters and Protocol Prioritization Figure 2 3 illustrates the strict dequeuing algorithm Scan the High queue Was the aximum transmi queue size reached Are there packets in the Transmit all packets High queue Was the latency value reached YES packets in the Transmit all Was the Normal queue packets up to latency value the latency value reached YES Are there packets in the Low queue Transmit all packets up to gt the latency value _ SS oO TF0003A Figure 2 3 Strict Dequeuing Algorithm 2 8 303543 A Rev 00 Using Protocol Prioritization Queues Enabling Protocol Prioritization You use the Configuration Manager to configure protocol prioritization To configure priority queues with default values do the following 1 Enable Protocol Priority on the circuit as described in this section 2 Apply outbound traffic filters with prioritizing actions to the circuit as described in Chapter 7 See the next section Tuning Protocol Prioritization to learn how to customize the way protocol prioritization works on a circuit To enable protocol prioritization Site Manager Pro
101. lter can have only one criterion criterion Range window opens You must specify at least one range for the 2 Type a range in the Minimum value and filter Maximum value fields then click on OK Delete a 1 Select the criterion to delete in the Filter A filter must have a criterion Specify a criterion Information field new criterion after deleting one 2 Click on Delete The Delete Criteria window opens 3 Click on Delete Adda 1 Select the criterion in the Filter Information field You can add up to 100 ranges If the range range lick on A consists of a single value type the value in Vli onda Tho dd Bangs MIDOOW DRENG the Minimum value field only Use the 3 Type a range in the Minimum value and prefix Ox to specify a hexadecimal number Maximum value fields then click on OK Zero is not a valid entry Selected ranges appear in the Range Min and Max fields at the bottom of the Edit Filters window Deletea 1 Select the range to delete in the Filter You must specify at least one range for range Information field each criterion 2 Click on Delete The Delete Range window opens 3 Click on Delete Add an 1 Choose Action Add action With the exception of the Log action each action filer has only one action Delete 1 Select an action in the Filter Information field You must specify at least one action in a an action 2 Click on Delete The Delete Action window filter opens 3 Click on Delete Applythe 1 Click on OK Th
102. mmon SAP codes The SAP code consists of a 7 bit SAP address and a 1 bit Command Response field Table 5 3 SAP Codes SAP Code Description 00 01 XID or TEST 02 Individual Sublayer Management 03 Group Sublayer Management 04 05 08 09 0C 0D SNA 06 IP 0E Proway Network Management 10 Novell and SDLC Link Servers 20 34 EC CLNP ISO OSI 42 BPDU 7E X 25 over 802 2 LLC2 80 XNS 86 Nestar 8E Active Station List 98 ARP AA SNAP BC Banyan VIP E0 Novell IPX FO IBM NetBIOS F4 F5 LAN Network Manager F8 Remote Program Load FC IBM RPL FE ISO Network Layer FF LLC Broadcast The Command Response bit makes the 0x00 byte look like 0x01 Use these values to specify a range for any Source or Destination SAP traffic filter criteria 303543 A Rev 00 Specifying Common Criterion Ranges Specifying Frame Relay NLPID Ranges Table 5 4 lists some common Frame Relay network layer protocol ID NLPID values You use these values to specify ranges for NLPID criteria in an outbound traffic filter Table 5 4 Frame Relay NLPIDs NLPID 0x Description CC IP 81 82 83 OSI 80 SNAP Use this value only to specify ranges for the criterion selected by choosing Criteria Add IP Frame Relay NLPID on the Create Priority Outbound Template window Do not use a data link criterion to specify IP traffic Spec
103. n Technical Data and Computer Software clause of DFARS 252 227 7013 for agencies of the Department of Defense or their successors whichever is applicable 6 Use of Software in the European Community This provision applies to all Software acquired for use within the European Community If Licensee uses the Software within a country in the European Community the Software Directive enacted by the Council of European Communities Directive dated 14 May 1991 will apply to the examination of the Software to facilitate interoperability Licensee agrees to notify Bay Networks of any such intended examination of the Software and may procure support and assistance from Bay Networks 7 Term and termination This license is effective until terminated however all of the restrictions with respect to Bay Networks copyright in the Software and user manuals will cease being effective at the date of expiration of the Bay Networks copyright those restrictions relating to use and disclosure of Bay Networks confidential information shall continue in effect Licensee may terminate this license at any time The license will automatically terminate if Licensee fails to comply with any of the terms and conditions of the license Upon termination for any reason Licensee will immediately destroy or return to Bay Networks the Software user manuals and all copies Bay Networks is not liable to Licensee for damages in any form solely by reason of the termination of this
104. nager Generally if a queue s Clipped Packets Count is high and the High Water Packets Mark is close to its queue size that queue does not have enough buffers 303543 A Rev 00 2 15 Chapter 3 Inbound Traffic Filter Criteria and Actions You create inbound traffic filters using templates that consist of protocol specific filter criteria ranges and actions To define an inbound traffic filter template you need to know the specific criteria and actions that Site Manager supports for the applicable protocol This chapter lists the following for supported bridging and routing protocols e Predefined inbound traffic filter criteria and actions Reference points for specifying user defined criteria Topic Page Transparent Bridge Criteria and Actions 3 2 Source Route Bridging Criteria and Actions 3 5 DECnet Phase IV Criteria and Actions of DLSw Criteria and Actions 3 8 IP Criteria and Actions 3 9 IPX Criteria and Actions n LLC2 Criteria and Actions 2 12 OSI Criteria and Actions 3 13 VINES Criteria and Actions 3 14 XNS Criteria and Actions 3 15 For an overview of traffic filters templates and their criteria ranges and actions see Chapter 1 For instructions on using Site Manager to create inbound traffic filters see Chapter 6 303543 A Rev 00 3 1 Configuring Traffic Filters and Protocol Prioritization Transparent Bridge Criteria and
105. ncapsulations T Plus additional actions for transparent bridge SRB and IP filters see Chapter 3 t 802 2 LLC and LLC with SNAP encapsulations 1 14 303543 A Rev 00 Chapter 2 Using Protocol Prioritization Queues This chapter describes the priority queues that you can implement using outbound traffic filters protocol prioritization Topic Page About Protocol Prioritization 2 1 Enabling Protocol Prioritization 2 9 Tuning Protocol Prioritization 2 10 For instructions on using the Configuration Manager to create outbound traffic filters see Chapter 7 About Protocol Prioritization Site Manager supports protocol prioritization on synchronous serial HSSI MCEI and MCTI interfaces for the following WAN protocols e PPP e Bay Networks Standard PPP e Frame Relay Note The DLSw software also allows you to prioritize traffic within DLSw based on predefined or user defined fields at the TCP level For information about these DLSw prioritization filters see Configuring DLSw Services 303543 A Rev 00 2 1 Configuring Traffic Filters and Protocol Prioritization While the router is operating network traffic from various sources converges at each WAN interface Without protocol prioritization the router transmits packets in a first in first out FIFO order With Protocol Priority enabled on an interface the router sorts traffic into prioritized delivery queues High Normal
106. net Type Ranges Table 5 8 lists some common Ethernet Type codes to use when specifying Ethertype ranges in inbound or outbound traffic filters See RFC 1700 for a complete list Table 5 8 Ethernet Type Codes Ethernet Type or Description Ethertype Code 0x Bay Networks Synchronous Pass Through 80FF Bay Networks Source Route Traffic non Token Ring media 8101 Bay Networks Breath of Life Packet BofL 8102 Bay Networks Transparent Bridge Traffic on Token Ring 8103 Bridged Ethernet over RFC 1490 Frame Relay 0007 Bridged Token Ring over RFC 1490 Frame Relay 0009 Bridged FDDI over RFC 1490 Frame Relay 000A Bridged PDUs over RFC 1490 Frame Relay 000B 802 3 Length Field 0000 05EE 802 5 Length Field 0000 05FF Xerox PUP 0101 01FF 0200 0201 Nixdorf 0400 XNS IDP 0600 XNS Address Translation 0601 IP 0800 X 25 0801 CHAOSnet 0804 X 25 Level 3 0805 ARP 0806 XNS 0807 Symbolix 081C Xyplex 0888 088A UB Debugger 0900 XNS Address Translation 0A00 0A01 continued 303543 A Rev 00 5 7 Configuring Traffic Filters and Protocol Prioritization Table 5 8 Ethernet Type Codes continued Ethernet Type or Description Ethertype Code 0x Banyan VINES OBAD DEC 6000 6009 DEC MOP 6001 6002 DRP 6003 DEC LAT 6004 LAVC 6007 3COM 6010 6014
107. ng 7 21 precedence 1 5 B 12 ranges 1 11 strategies 1 4 templates 1 13 traffic forwarding strategy B 12 transparent bridge See bridging transparent U UDP port ranges 5 6 user defined criteria components of 1 7 inbound DECnet Phase IV 3 7 DLSw 3 8 IP 3 9 IPX 3 12 LLC2 3 13 OSL 3 14 specifying 6 17 6 18 SRB 3 6 transparent bridge 3 4 VINES 3 15 XNS 3 16 outbound 4 9 data link 4 7 IP 4 9 specifying 7 20 V VINES actions 3 15 criteria 3 14 to 3 15 ranges 5 3 X XNS actions 3 16 criteria 3 15 to 3 16 303543 A Rev 00 Index 7
108. o accomplish the filtering goal 303543 A Rev 00 A Accept filters 1 4 B 12 acronyms xvii actions traffic filter See traffic filter actions adding actions inbound 6 9 6 14 outbound 7 12 7 16 7 17 criteria inbound 6 9 6 14 outbound 7 12 7 16 7 17 ranges 5 1 to 5 10 address ranges See ranges Advanced Peer to Peer Networking APPN 3 12 applying templates inbound traffic filter 6 10 outbound traffic filter 7 13 APPN See Advanced Peer to Peer Networking bandwidth allocation dequeuing algorithm 2 3 bit swapped format 5 2 blocking filters 1 5 B 12 bridging source route inbound actions 3 6 inbound criteria 3 5 outbound actions 4 10 outbound criteria 4 3 ranges 3 5 transparent inbound actions 3 4 inbound criteria 3 2 outbound actions 4 10 outbound criteria 4 2 4 5 303543 A Rev 00 Index C Clipped Packets Count 2 12 2 15 clock speed 2 4 configuring inbound traffic filters 6 2 outbound traffic filters 7 2 conventions text xvi criteria inbound traffic filter 802 2 Control 3 3 DSAP 3 3 Length 3 3 SSAP 3 3 adding 6 9 6 14 bridge transparent 802 2 3 3 Ethernet Type 3 3 MAC Destination Address 3 3 MAC Source Address 3 3 Novell 3 3 SNAP 3 3 DECnet Phase IV Destination Area 3 7 Destination Node 3 7 Source Area 3 7 Source Node 3 7 defined 1 6 deleting 6 9 6 14 DLSw Destination MAC Address 3 8 DSAP 3 8 Source MAC Address 3 8 SSAP
109. o decrease the Low queue size to 10 and increase the High queue size to 30 Figure 2 5 2 12 303543 A Rev 00 Using Protocol Prioritization Queues Queue Size 30 Clipped Packets Count 0 High Water Packets Mark 20 30 Queue Size 20 Clipped Packets Count 0 High Water Packets Mark 10 20 20 Queue Size 10 Clipped Packets Count 0 High Water Packets Mark 06 10 10 10 High Normal Low TF0005A Figure 2 5 Reconfigured Priority Queue Statistics for the Queue Size Examples To see whether this reallocation solves the problem reset the Clipped Packets Count and High Water Packets Mark counters using the Statistics Manager and check them again later Latency Line delay or latency indicates how many bits of normal or low priority traffic the router can allocate to the transmit queue at any one time The latency value is the greatest time delay that a high priority packet can experience Latency is based on the line speed of the attached media The following formula illustrates how the line speed bits queued and latency value are related Latency Bits Queued Line Speed b s The default value for latency is 250 milliseconds ms This value generally ensures good throughput and maintains rapid terminal response rapid echoing of keystrokes and timely response to commands over most media You can change the default latency value by setting the Max High Queue Latency pa
110. ol Prioritization Selecting Predefined Criteria Outbound traffic filter criteria are based on the data link header or IP header For bridged traffic you use predefined criteria based on the data link header e For IP routed traffic you use predefined criteria based on the IP header e For most WAN and LAN routing protocols you can use predefined criteria based on either the data link header or the IP header e For NetBIOS SNA and other DLSw encapsulated traffic you use predefined outbound traffic filter criteria based on the DLSw protocol header For information about DLSw outbound traffic filters see Configuring DLSw Services This section covers the following topics e Predefined Data Link Criteria e Predefined IP Criteria e Specifying Criteria Common to IP and Data Link Headers Predefined Data Link Criteria You can configure outbound traffic filters based on the predefined data link criteria listed in Table 4 1 Table 4 1 Predefined Data Link Criteria for Outbound Traffic Filters Packet Component Predefined Criteria Data link header MAC Source Address Data Link Type MAC Destination Address Ethernet Type Novell 802 2 Length 802 2 DSAP 802 2 SSAP 802 2 Control 802 2 SNAP Length 802 2 SNAP Protocol ID 802 2 SNAP Ethernet Type Ethertype continued 4 2 303543 A Rev 00 Outbound Traffic Filter Criteria and Actions Table 4 1 Predefined Data Link Cr
111. op and Log actions common to all inbound traffic filters there are the following IP actions Forward to Next Hop Specifies that any frame that matches the filter will be forwarded to the next hop router You must specify the IP address of the next hop router If the next hop router is not reachable any packets matching the filter will be forwarded normally unless you also specify Drop If Next Hop Is Unreachable If you specify 255 255 255 255 as the next hop any frame that matches this filter will be forwarded normally Drop If Next Hop Is Unreachable This action is valid only when Forward to Next Hop is in use It specifies that if the next hop address specified is unreachable the frame is dropped Forward to IP Address Specifies that any frame that matches the filter will be forwarded to a single address in a list of specified IP addresses The destination address of the original packet changes to the specified IP address Forward to Next Hop Interfaces Specifies that any frame that matches the filter will be duplicated and forwarded to a group of next hop IP addresses that you specify If none of the next hop interfaces is active the router forwards packets that match the filter to the packet destination address unless you also specify Drop If Next Hop Is Unreachable 3 10 303543 A Rev 00 Inbound Traffic Filter Criteria and Actions Forward to First Up Next Hop Interface Specifies that any frame that matche
112. ot supported in predefined criteria user defined criteria To apply user defined criteria you specify the bit length and offset from a supported reference point Chapter 3 lists the supported reference points for inbound traffic filters Chapter 4 lists the reference points for outbound traffic filters To fit your site s traffic patterns you can use a combination of predefined and user defined criteria in up to 32 traffic filters on each interface 303543 A Rev 00 1 7 Configuring Traffic Filters and Protocol Prioritization Predefined Criteria Table 1 1 summarizes the predefined inbound traffic filter criteria for supported protocols Table 1 1 Predefined Inbound Traffic Filter Criteria Traffic Type Predefined Inbound Filter Criteria Transparent bridge Four data link encapsulation methods Ethernet 802 2 LLC Novell Proprietary 802 2 LLC with SNAP MAC Address Source or Destination Ethernet Type Novell 802 2 LLC Length 802 2 LLC DSAP 802 2 LLC SSAP 802 2 LLC Control 802 2 SNAP Length 802 2 SNAP Protocol ID 802 2 SNAP Ethernet Type SRB Native only IP encapsulated SRB is not supported MAC Address Source or Destination DSAP SSAP NetBIOS Name Source or Destination DECnet Phase IV Area Source or Destination Node Source or Destination DLSw MAC Address Source or Destination DSAP SSAP Type of Service IP Address Source or Destination UDP Port Sour
113. plates field If the Templates field is empty complete the steps in Preparing Outbound Traffic Filter Templates 5 Inthe Filter Name field specify a name for the new filter It can be helpful to include the circuit name to differentiate the template from the filter For example specify Drop Telnet S42 as the name of a filter that drops outbound Telnet traffic on the synchronous circuit S42 For priority filters include the queue name For example specify SHB DSAP hiQ as the name of a filter that places SRB traffic of a certain DSAP range in the High queue 6 Click on OK The Priority Outbound Filters window opens 303543 A Rev 00 7 13 Configuring Traffic Filters and Protocol Prioritization Figure 7 7 Create Filter Window Editing an Outbound Traffic Filter After you apply an outbound traffic filter to an interface you can edit its criterion ranges or action If you used a template that you edited to suit your needs you may not need to make further edits When you customize a filter you have the following options e Add or delete predefined criteria e Add or delete user defined criteria Add or delete actions e Add modify or delete ranges To add a user defined criterion see Specifying User Defined Criteria later in this chapter To add the Length action see Specifying Prioritization Length earlier in this chapter 303543 A Rev 00 Applying Outboun
114. pneterad aqu enti dn S nedu Tdi Eee a MR pO aia 2 8 Priority Queue Statistics for the Queue Size Earn ERRARE E DURAN 2 12 Reconfigured Priority Queue Statistics for the Queue Size Examples 2 13 Header Reference Fields for Transparent Bridge Encapsulation Methods dep 3 2 Predefined Data Link Criteria for Outbound Traffic Filters 4 4 Predefined IP Criteria for Outbound Traffic Filters 4 6 Data Link Reference Points in an SRB Packet Bridged over Bay Networks Proprietary Frame Relay esee 4 8 Data Link Reference Points in an IEEE 802 2 LLC Header 4 8 IP Reference Points in an IP Encapsulated SRB Packet Bridged 15 132 2 per oaa E ER 4 9 Inbound Traffic Filters Window Tn I e 6 3 Filter Template Management Window eecsseeeeeeeeceeneee 6 5 Create Template Window scies Facti tiber c dda Lut ecku ibd bae a MM vba pie uta MERDA 6 5 Edit Template WINGON eve EU O Greate Filter WINdOW A rr 6 11 Edi Filters WENO TT 6 13 Add User Defined Field Window oce iere cette pret tont SE Ram tt enti 6 18 Filters Window Showing Filter Precedence ssssss 6 19 Change Precedence Window 1 easiest nete rra aine tie ord donner x vain ee rxa naue DE Filters Window Showing New Order of Precedence 6 20 Displaying the Priority Outbound Filters Window
115. protocol or well known users dotted decimal format port is Telnet TFTP or FTP Configure a router to drop BootP requests from particular clients Criteria gt Add gt UDP Frame gt UDP Destination Port MAC addresses of the BootP clients Action gt Add gt Drop Drop inbound Telnet traffic Criteria gt Add gt IP gt TCP Frame gt TCP Destination Port 23 See Table 5 6 in Chapter 5 for a list of common TCP port ranges Action gt Add gt Drop For a more secure method create a user defined filter see Table B 2 This filter will not stop remote users from establishing a Telnet session with the router To do that you must also create outbound traffic filters on the remote circuits 303543 A Rev 00 B 5 Configuring Traffic Filters and Protocol Prioritization Table B 2 lists sample user defined criteria ranges and actions for some common filtering goals Table B 2 User Defined Criteria and Ranges for Sample Inbound Traffic Filters User Defined Criteria Filtering Goal Reference Field Offset Length Range Drop inbound IP HEADER END 107 1 0x0 to 0x0 Telnet and FTP 109 traffic on the synchronous interface that receives packets from the Internet Give certain Specify an Ethernet 160 bits sum of all 32 bits Specify the VINES traffic that Type value of criteria that precede the hexadecimal is bridged over OxBAD VINES
116. r if applicable on a single authorized device identified by host ID for which it was originally acquired b to copy the Software solely for backup purposes in support of authorized use of the Software and c to use and copy the associated user manual solely in support of authorized use of the Software by Licensee This license applies to the Software only and does not extend to Bay Networks Agent software or other Bay Networks software products Bay Networks Agent software or other Bay Networks software products are licensed for use under the terms of the applicable Bay Networks Inc Software License Agreement that accompanies such software and upon payment by the end user of the applicable license fees for such software 2 Restrictions on use reservation of rights The Software and user manuals are protected under copyright laws Bay Networks and or its licensors retain all title and ownership in both the Software and user manuals including any revisions made by Bay Networks or its licensors The copyright notice must be reproduced and included with any copy of any portion of the Software or user manuals Licensee may not modify translate decompile disassemble use for any competitive analysis reverse engineer distribute or create derivative works from the Software or user manuals or any copy in whole or in part Except as expressly provided in this Agreement Licensee may not copy or transfer the Software or user manuals in whole or in part
117. r Information field of the Create Priority Outbound Template window 10 Choose Action gt Add gt action See Table B 3 for specific examples 11 Click on OK The Filter Template Management window opens The new template appears in the templates list 12 Click on Done The Priority Outbound Filters window opens 13 Click on Create The Create Filter window opens 14 Select a circuit in the Interfaces field 15 Select a template in the Templates field 16 Specify a descriptive name in the Filter Name field 17 Click on OK The Priority Outbound Filters window opens 18 Click on Apply The filter is applied to the circuit 303543 A Rev 00 Examples and Implementation Notes Table B 3 provides some examples of using outbound traffic filters for protocol prioritization goals Table B 3 Sample Criteria Ranges and Actions for Protocol Prioritization Filtering Goal Criteria Path Ranges Action Path Notes Place LAT traffic Criteria gt Add gt Datalink 6004 Action gt Datalink gt See Table 5 8 in inthe High queue gt Datalink Type gt Add gt High Queue Chapter 5 for a list of since LAT is a Ethernet type common Ethernet time sensitive Type codes protocol Note If this is a Frame Relay interface specify SNAP instead of Ethernet Type Place ICMP Criteria gt Add gt IP gt IP gt 1 Action gt IP gt Add gt See Table
118. rameter Keep in mind however that if you specify a higher latency value thus allowing more room on the transmit queue throughput increases but terminal response time decreases Bay Networks recommends using the default value of 250 ms 303543 A Rev 00 2 13 Configuring Traffic Filters and Protocol Prioritization Editing Protocol Prioritization Parameters To edit protocol prioritization parameters Site Manager Procedure You do this System responds 1 In the Circuit Definition window choose Protocols gt Edit Protocol Priority gt Interface The Edit Protocol Priority Interface window opens 2 Select the parameter you want to change To see additional parameters use the scroll bar on the right side of the window 3 For a description of the parameter click on Help in the Site Manager window or refer to the appropriate parameter description in Appendix A Enable High Queue Size Normal Queue Size Low Queue Size e Max High Queue Latency High Water Packets Clear Prioritization Algorithm Type High Queue Percent Bandwidth Normal Queue Percent Bandwidth Low Queue Percent Bandwidth Discard Eligible Bit Low e Discard Eligible Bit Normal Click on Values The Values Selection window opens listing valid values for the parameter Select the value you want then click on OK The Values Selection window closes The Edit Protocol Priority In
119. re 6 4 3 Add or delete predefined criteria ranges and actions Table 6 1 4 Click on OK The Filter Template Management window opens Figure 6 2 5 Click on Done The Filters window opens Figure 6 1 Table 6 1 describes how to add delete or modify predefined criteria ranges and actions in the Edit Template window Figure 6 4 To add a user defined criterion see Specifying User Defined Criteria later in this chapter 303543 A Rev 00 6 7 Configuring Traffic Filters and Protocol Prioritization Figure 6 4 Edit Template Window 6 8 303543 A Rev 00 Applying Inbound Traffic Filters Table 6 1 Using the Edit Template Window Task Site Manager Procedure Notes Adda 1 Choose Criteria gt Add gt criterion The Add A template can have only one criterion criterion Range window opens You must specify at least one range ina 2 Type a range in the Minimum value and template Maximum value fields then click on OK Delete a 1 Select the criterion to delete in the Filter A template must have a criterion Specify a criterion Information field new criterion after deleting one 2 Click on Delete The Delete Criteria window opens 3 Click on Delete Adda 1 Select the criterion in the Filter Information field You can add up to 100 ranges If the range range lick on Add consists of a single value type t
120. re working with real time applications Bulk transfer applications use too much of the available bandwidth and reduce interactive response time These problems are especially noticeable on low speed WAN interfaces 303543 A Rev 00 Using Traffic Filters You can also improve application response time and prevent session timeouts by implementing protocol prioritization Combine Filters On most interfaces you can apply as many as 31 inbound and 31 outbound traffic filters for each protocol You can configure IP interfaces to support as many as 127 inbound traffic filters As you add filters to an interface the Configuration Manager numbers them chronologically Filter No 1 Filter No 2 Filter No 3 and so on The filter rule number determines the filter s precedence Lower numbers have higher precedence Filter No 1 has the highest precedence If a packet matches two filters the filter with the highest precedence lowest number applies After you create traffic filters you can change their precedence by reordering them See Changing Filter Precedence in Chapter 6 inbound traffic filters or Chapter 7 outbound traffic filters Build a Firewall If your filtering strategy involves blocking most or all inbound traffic a firewall you can create a Drop all filter for each protocol on the interface That means for each protocol you are filtering you choose a filter criterion that appears in every packet of the pro
121. responds 1 In the Configuration Manager window choose Circuits gt Edit Circuits The Circuit List window opens 2 Select a circuit 3 Click on Edit The Circuit Definition window opens the circuit you selected is highlighted 4 Choose Protocols Edit protocol Traffic The Filters window for the selected Filters The menu path to the Filters window is protocol specific protocol opens It lists any inbound traffic filters already applied to the circuit 5 Click on Template The Filter Template Management window opens It lists any inbound traffic filter templates already configured for the selected protocol continued 303543 A Rev 00 B 3 Configuring Traffic Filters and Protocol Prioritization Site Manager Procedure continued You do this System responds 6 Click on Create The Create Filter Template window for the selected protocol opens 7 Specify a descriptive name in the Filter Name field 8 Choose Criteria gt Add gt criterion See Table B 1 or Table B 2 for specific examples The Add Range window opens If you selected the User Defined criterion the Add User Defined Field window opens first 9 Type a minimum and maximum value to specify the range then click on OK See Table B 1 or Table B 2 for specific examples To specify additional ranges choose Range Add The Add Range window closes Th
122. responds 1 Display the Edit Filters window Figure 6 6 or Edit Template window Figure 6 4 for the selected circuit and protocol 2 Choose Criteria gt User Defined The Add User Defined Field window opens Figure 6 7 3 Inthe REF field choose the protocol specific header reference point 4 Inthe OFFSET field specify a bit offset from the reference point 5 Inthe LENGTH field specify the length of the criterion 6 Inthe Minimum value and Maximum value fields specify a range for the criterion 7 Click on OK The Edit Template window or Edit Filters window opens 8 Continue editing the template or filter See Table 6 1 Using the Edit Template Window or Table 6 2 Using the Edit Filters Window 303543 A Rev 00 6 17 Configuring Traffic Filters and Protocol Prioritization Homer UD bridge BRIDGE SER DEFIBET OFFSET 160 bite LENGTH 32 bits Hinimas value 1i Maimun values L Figure 6 7 Add User Defined Field Window Changing Inbound Traffic Filter Precedence You can assign as many as 31 inbound traffic filters per protocol to each router interface You can assign as many as 127 inbound traffic filters for IP As you add filters to an interface the Configuration Manager numbers them chronologically 1 2 3 and so on as shown in Figure 6 8 The number determines the filter precedence lower filter numbers have
123. rint Bay Networks technical manuals and release notes free directly from the Internet Go to support baynetworks com library tpubs Find the Bay Networks product for which you need documentation Then locate the specific category and model or version for your hardware or software product Using Adobe Acrobat Reader you can open the manuals and release notes search for the sections you need and print them on most standard printers You can download Acrobat Reader free from the Adobe Systems Web site www adobe com You can purchase Bay Networks documentation sets CDs and selected technical publications through the Bay Networks Collateral Catalog The catalog is located on the World Wide Web at support baynetworks com catalog html and is divided into sections arranged alphabetically e The CD ROMs section lists available CDs e The Guides Books section lists books on technical topics e The Technical Manuals section lists available printed documentation sets Make a note of the part numbers and prices of the items that you want to order Use the Marketing Collateral Catalog description link to place an order and to print the order form How to Get Help For product assistance support contracts or information about educational services go to the following URL http www baynetworks com corporate contacts Or telephone the Bay Networks Technical Solutions Center at 800 2LANWAN 303543 A Rev 00 xix Chapter
124. rion and action to drop Telnet session requests from remote nodes 5 Choose Criteria gt Add gt criterion See Chapter 3 for information about the criteria for your protocol Each filter template can use only one criterion The Add Range window opens 6 Specify a range for the selected criterion To specify a hexadecimal number use the prefix Ox You must specify at least one range If the range consists of just one value specify that value in the Minimum value field See Chapter 5 for information about common traffic filter ranges 7 Click on OK The Add Range window closes The criterion and range appear in the Filter Information field of the Create Template window 8 To add more ranges choose Range Add Then repeat steps 6 and 7 You can add up to 100 ranges for each criterion 9 Choose Action Add action 10 Click on OK The Filter Template Management window opens Figure 6 2 The template appears in the templates list 6 4 303543 A Rev 00 Applying Inbound Traffic Filters Figure 6 2 Filter Template Management Window Figure 6 3 Create Template Window 303543 A Rev 00 6 5 Configuring Traffic Filters and Protocol Prioritization Customizing Templates There are two ways to customize a filter template e Copy an existing template rename it and then edit it This preserves the original template and creates an entirely new template wit
125. rotocol Prioritization DLSw Criteria and Actions You can filter inbound DLSw traffic based on specified bit patterns in the DLSw header as defined in RFC 1434 Predefined DLSw Criteria Table 3 5 lists the predefined criteria for DLSw inbound traffic filters and the reference field offset and length for each criterion Table 3 5 Predefined Criteria for DLSw Inbound Traffic Filters Criterion Name Reference Field Offset Length Destination MAC Address DLS_BASE 192 48 Source MAC Address DLS_BASE 240 48 DSAP DLS_BASE 296 8 SSAP DLS_BASE 288 8 User Defined DLSw Criteria In addition to the predefined DLSw filter criteria you can create inbound traffic filters with user defined criteria by specifying an offset and length to these reference fields in the DLSw header Reference Field Description DLS_CTRL_START Points to the start of the DLSw header DLS_DATA_START Points to the start of the DLSw data DLSw Actions The DLSw filtering actions are as follows e Drop Log Common to all inbound traffic filters e Forward to Peer Any frame that matches the filter will be sent to the specified DLSw circuits 3 8 303543 A Rev 00 Inbound Traffic Filter Criteria and Actions IP Criteria and Actions You can filter IP inbound traffic based on specified bit patterns in one of the following headers in an IP datagram e The IP header e The header of the upper level proto
126. s the filter will be forwarded to a specified next hop router or to a network connected to the router If the specified hop is not reachable the filter tries all addresses on the next hop interfaces list using ARP messages If none of the next hop interfaces is reachable the router forwards packets that match the filter to the packet destination address unless you also specify Drop If Next Hop Is Unreachable Detailed Logging For every packet that matches the filter criteria and ranges the filter adds an entry containing IP header information to the system Events log IPX Criteria and Actions You filter inbound IPX traffic based on specified bit patterns in the IPX header Predefined IPX Criteria Table 3 7 lists the predefined criteria for IPX inbound traffic filters and the reference field offset and length for each criterion Table 3 7 Predefined Criteria for IPX Inbound Traffic Filters Criterion Name Reference Field Offset Length Destination Network IPX_BASE 48 32 Destination Address IPX_BASE 80 48 Destination Socket IPX_BASE 128 16 Source Network IPX_BASE 144 32 Source Address IPX_BASE 176 48 Source Socket IPX_BASE 224 16 303543 A Rev 00 Configuring Traffic Filters and Protocol Prioritization User Defined IPX Criteria In addition to the predefined filter criteria you can create traffic filters with user defined criteria by specifying an offset and length to this ref
127. s to determine the priority queue Outbound traffic filters with a prioritizing action are called priority filters Note You can apply prioritizing actions only to MCE1 MCTI and synchronous interfaces The Configuration Manager does not support priority filters on the LAN interfaces See Chapter 2 for detailed information about protocol prioritization Dial Service Actions You can apply the following actions to outbound traffic filters for interfaces configured as dial up lines e No Call Packets that match the filter criteria and ranges are dropped and do not initiate a dial connection By default packets transmitted on dial on demand lines always trigger the router to establish a connection e No Reset Packets that match the filter criteria and ranges are processed but do not reset the inactivity timer Note Although No Call and No Reset are available when creating any outbound traffic filter these actions are useful only on dial up interfaces such as synchronous modem lines or MCT 1 interfaces configured with ISDN PRI 303543 A Rev 00 4 11 Configuring Traffic Filters and Protocol Prioritization You can use the dial service actions to configure outbound traffic filters that specify or reduce the type of traffic that initiates dial connections For example you can use dial service actions to configure a dial on demand interface to exchange IP RIP and IPX RIP SAP routing updates only when the router in
128. serial interface Internet Control Message Protocol Internet Protocol Internet Packet Exchange Integrated Services Digital Network International Organization for Standardization International Telecommunications Union Telecommunications sector formerly CCITT local area network Local Area Transport Logical Link Control LAN Network Manager 303543 A Rev 00 xvii Configuring Traffic Filters and Protocol Prioritization MAC media access control MCEI multichannel E1 MCTI multichannel T1 MSB most significant bit NLPID network layer protocol ID OSI Open Systems Interconnection OSPF Open Shortest Path First protocol PPP Point to Point Protocol PRI primary rate interface RIF routing information field RII routing information indicator RIP Routing Information Protocol SAP service access point SDLC Synchronous Data Link Control SMDS switched multimegabit data service SNA Systems Network Architecture SNAP Subnetwork Access Protocol SNMP Simple Network Management Protocol SRB source routing bridge SSAP Source service access point STP shielded twisted pair TCP IP Transmission Control Protocol Internet Protocol Telnet Telecommunication network TFTP Trivial File Transfer Protocol UDP User Datagram Protocol UTP unshielded twisted pair VINES Virtual Network Systems WAN wide area network XNS Xerox Network System xviii 303543 A Rev 00 Preface Bay Networks Technical Publications You can now p
129. specifying these criteria See Chapter 7 for detailed instructions on using Configuration Manager to create outbound traffic filters 303543 A Rev 00 4 5 Configuring Traffic Filters and Protocol Prioritization Figure 4 2 Predefined IP Criteria for Outbound Traffic Filters Specifying Criteria Common to IP and Data Link Headers Several predefined outbound traffic filter criteria are common to both the IP and data link headers such as the PPP Protocol ID SRB SSAP DSAP and Frame Relay DLCI and NLPID criteria To configure outbound traffic filters for IP routed packets always select IP instead of Datalink when choosing the criterion If you create a filter using a data link criterion to identify an IP routed packet for example using the Ethertype range of 0x0800 or the Protocol ID of 0x0021 the filter does not work because the router code recognizes the IP routed packet and expects IP filter rules 4 6 303543 A Rev 00 Outbound Traffic Filter Criteria and Actions To configure criteria for both IP and data link reference points you create two filters one with the IP criterion and the other with the Datalink criterion For example if you want to prioritize Frame Relay traffic with data link connection identifier DLCI 400 in the High queue create filters for both the IP and Datalink DLCI criterion using a range value of 400 Selecting User Defined Criteria To create a filter with a user defined criterion
130. t configurations However you can customize or fune protocol prioritization to maximize its impact on your network This section covers the following topics e Tuning Concepts Editing Protocol Prioritization Parameters e Monitoring Protocol Prioritization Statistics Tuning Concepts How you tune protocol prioritization depends on whether you are using the bandwidth allocation algorithm or strict dequeuing algorithm See The Dequeuing Process earlier in this chapter To tune priority queuing with the bandwidth allocation algorithm consider adjusting the following configuration defaults e Percent of Bandwidth e Queue Size To tune priority queuing with the strict dequeuing algorithm consider adjusting the following configuration defaults e Queue Size e Latency Percent of Bandwidth When using the bandwidth allocation algorithm you can change the default allocation of bandwidth for each of the three priority queues Queued traffic with large packets often require more than the default bandwidth allocation For example if statistics indicate that one interface requires more than 70 percent of bandwidth to properly transmit high priority traffic you can increase the High Queue Size parameter and decrease the Normal or Low Queue Size parameter 2 10 303543 A Rev 00 Using Protocol Prioritization Queues Note If statistics indicate that the High queue does not have enough buffers
131. ter Path Default Options Function Instructions MIB Object ID High Water Packets Clear Configuration Manager gt interface connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 0 Any integer value Toggles the High Water Packets Clear bit When you change the queue depth by changing the value of the High Queue Size Normal Queue Size or Low Queue Size parameter you can also reset the high water mark by changing the value of this parameter When you change the value of this parameter you reset the high water mark for all three queues to zero Specify a new integer value for this parameter to clear the existing high water marks for the priority queues 1 3 6 1 4 1 18 3 5 1 4 1 1 19 Prioritization Algorithm Type Configuration Manager gt interface connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface BANDWIDTH ALLOCATION BANDWIDTH ALLOCATION STRICT Selects the dequeuing algorithm that protocol prioritization uses to drain priority queues and transmit traffic With strict dequeuing the router always transmits traffic in the High queue before transmitting traffic in the other queues With bandwidth allocation dequeuing the router transmits traffic in a queue until the utilization percentage for that queue is reached then the router transmits traffic in the next lower priority queue You configure the percentages for bandwidth allocation by settin
132. terface window now displays the new value Click on OK when you are done setting protocol prioritization parameters You return to the Circuit Definition window 2 14 303543 A Rev 00 Using Protocol Prioritization Queues Monitoring Protocol Prioritization Statistics To monitor and manage protocol prioritization you use the Statistics Manager to view Statistics in the MIB object group wfApplication wfDatalink wfProtocolPriorityGroup For information about using the Statistics Manager to view MIB objects and create custom screen reports see Configuring and Managing Routers with Site Manager To determine whether there are enough buffers in each priority queue for the traffic flow on your network use the Statistics Manager to examine the following protocol prioritization statistics e High Water Packets Mark The greatest number of packets that have been in each queue e Clipped Packets Count The number of packets that have been discarded from each queue The router discards packets from priority queues that become full Note To determine whether statistics reflect a transient event you may want to reset the statistics and check again later before changing the priority queuing configuration You can reset the High Water Packets Mark using the Configuration Manager Edit Protocol Priority Interface window You can reset both the Clipped Packets Count and High Water Packets Mark using the Statistics Ma
133. teria You can create bridge traffic filters with user defined criteria by specifying an offset and length to these supported reference fields Reference Field Description MAC Points to the first byte of the MAC Destination Address DATA_LINK Points to the first byte of the DATA_LINK reference field Transparent Bridge Actions In addition to the Accept Drop and Log actions that are common to all inbound traffic filters there are two transparent bridge actions e Flood Specifies that any frame that matches the filter will be forwarded to all transparent bridge circuits except for the circuit from which it was received e Forward to Circuit List Specifies that any frame that matches the filter will be forwarded to the specified circuits Note The circuit names that you specify for the Forward to Circuits action are case sensitive For example if the circuit name is E21 but you type e21 the filter will not be saved You can specify the Log action with any of the other actions However you should specify the Log action only to record abnormal events otherwise the Events log will fill up with filtering messages leaving no room for critical log messages 3 4 303543 A Rev 00 Inbound Traffic Filter Criteria and Actions Source Route Bridging Criteria and Actions You filter inbound source route bridging SRB traffic based on specified bit patterns in the native SRB frame he
134. text conventions xvi traffic filter actions Accept 1 11 4 10 defined 1 11 Detailed Logging 3 11 Drop 1 11 4 10 Drop If Next Hop Is Unreachable 3 10 Forward to First Up Next Hop Interface 3 11 Forward to IP Address 3 10 Forward to Next Hop Interfaces 3 10 High 4 11 inbound adding 6 9 6 14 DECnet Phase IV 3 7 deleting 6 9 6 14 DLSw 3 8 TP 3 10 IPX 3 12 LLC2 3 13 OSI 3 14 SRB 3 6 Index 6 transparent bridge 3 2 3 4 VINES 3 15 XNS 3 16 Length 4 11 Log 1 11 4 10 Low 4 11 No Call 4 11 No Reset 4 11 outbound adding 7 12 7 16 7 17 deleting 7 12 7 17 source route 4 2 4 5 4 10 transparent bridge 4 3 4 10 traffic filter types Accept B 12 blocking B 12 Drop all B 12 inbound 1 2 outbound 1 2 priority 2 2 traffic filters actions 1 11 adding to an interface 1 13 components of 1 6 defined 1 1 inbound adding to an interface 6 10 creating 6 10 7 13 creating templates 6 3 defined 1 2 deleting from an interface 6 16 editing 6 11 enabling 6 15 media and protocols supported 1 2 precedence 6 18 outbound 7 1 adding to an interface 7 13 creating templates 7 4 defined 1 2 deleting 7 19 disabling 7 18 editing 7 14 enabling 7 18 High action 4 11 LAN protocols B 13 Length action 4 11 Low action 4 11 303543 A Rev 00 media and protocols supported 1 3 No Call action 4 11 No Reset action 4 11 performance B 13 precedence 7 21 reorderi
135. the amount of traffic transmitted from a particular queue reaches the configured percentage the next higher priority queue begins to transmit traffic The amount of actual data transmitted depends on the clock speed of the circuit You can configure the clock speed on a synchronous interface by setting the External Clock Speed parameter in the Configuration Manager Edit Sync Parameters window See Configuring WAN Line Services The bandwidth allocation algorithm works as follows 1 The transmit queue scans the High queue If there is no traffic in the High queue the algorithm proceeds to step 3 2 The router empties all packets from the High queue up to the configured bandwidth percentage into the transmit queue and then transmits the packets The default bandwidth percentage for the High queue is 70 percent If the actual bandwidth use is less than the limit the router empties the High queue and proceeds to the Normal queue 3 The transmit queue scans the Normal queue If there is no traffic in the Normal queue the algorithm proceeds to step 5 4 The router empties all packets from the Normal queue up to the configured bandwidth percentage into the transmit queue and then transmits the packets The default bandwidth percentage for the Normal queue is 20 percent If the actual bandwidth use is less than the limit the router empties the Normal queue and proceeds to the Low queue 5 The transmit queue scans the Low queue
136. the strict dequeuing algorithm and there is a great deal of High queue traffic on the network Normal and Low queue traffic may never be transmitted The strict dequeuing algorithm works as follows 1 The transmit queue scans the High queue If there is no traffic in the High queue the algorithm proceeds to step 4 The router empties all packets from the High queue into the transmit queue up to the latency value or the maximum transmit queue size and then transmits the packets The transmit queue size is the maximum number of packets in the transmit queue at one time You cannot configure this number using Site Manager If the latency value is reached the transmit queue returns to step 1 scanning and emptying traffic from the High queue If neither the latency value nor the maximum transmit queue size is reached the algorithm proceeds to step 4 The transmit queue scans the Normal queue If there is no traffic in the Normal queue the algorithm proceeds to step 7 The router empties all packets from the Normal queue up to the latency value into the transmit queue and then transmits the packets If the latency value is reached the transmit queue returns to step 1 scanning and emptying traffic from the High queue If the latency value is not reached the algorithm proceeds to step 7 The transmit queue scans the Low queue If there is no traffic in the Low queue the algorithm returns to step 1 The router empties a
137. tion 20 Queue Size Example Suppose that you use the default queue size 20 packets for all three priority queues The statistics indicate that the High queue s Clipped Packets Count is 226 and its High Water Packets Mark is 20 This indicates that the High queue has been full at least once and that the router has discarded 226 packets From this information you can conclude that you have not assigned enough buffers to the High queue for the amount of high priority traffic on this interface To prevent additional high priority traffic from being discarded you can reconfigure the size of the queues or reevaluate the amount of traffic assigned to the High queue Reconfiguring Queue Size Suppose that you now look at the statistics of the Normal and Low queues and find that the Low queue has a Clipped Packets Count of zero and a High Water Packets Mark of 06 Figure 2 4 Therefore you can conclude that there have never been more than six packets in the Low queue and the router has not discarded any low priority packets Queue Size 20 Queue Size 20 Queue Size 20 Clipped Packets Count 226 Clipped Packets Count 0 Clipped Packets Count 0 High Water Packets Mark 20 High Water Packets Mark 10 High Water Packets Mark 06 20 20 hund uu eo hia uH 7 CX hid E HH eo eo High Normal Low TF0004A Figure 2 4 Priority Queue Statistics for the Queue Size Example In this case you may choose t
138. tion recommends ways you might use traffic filters in a network See Appendix B for specific examples Direct Traffic You can create traffic filters that affect a particular protocol s traffic For example you can forward all IP traffic to a next hop address You can also create traffic filters that affect certain locations on a bridged network For example if you want all traffic from a node with a particular source MAC address perhaps an application server to take precedence over other traffic you can use protocol prioritization to assign a high priority to any traffic with that source address Drop or Accept Traffic You can configure a router interface to accept only specified traffic and drop all other packets by configuring inbound traffic filters with specific accept criteria Or to accept most traffic and drop only specified packets you can configure inbound traffic filters for the traffic you want to drop Note Drop filters are generally more efficient than Accept filters For example to prevent all NetBIOS traffic from entering a particular LAN segment you can create an inbound traffic filter to drop all packets with a destination or source SAP code of FO Prioritize Traffic You can use protocol prioritization to expedite traffic coming from a particular source or going to a particular destination When a router treats all packets equally there is no way to ensure consistent network services for users who a
139. tization B 9 xiv 303543 A Rev 00 Preface This guide describes configuring traffic filters to filter and prioritize traffic on a Bay Networks router Before You Begin Before using this guide you must complete the following procedures For a new router e Install the router see the installation guide that came with your router e Connect the router to the network and create a pilot configuration file see Quick Starting Routers Configuring BayStack Remote Access or Connecting ASN Routers to a Network Make sure that you are running the latest version of Bay Networks BayRS and Site Manager software For information about upgrading BayRS and Site Manager see the upgrading guide for your version of BayRS 303543 A Rev 00 XV Configuring Traffic Filters and Protocol Prioritization Text Conventions This guide uses the following text conventions bold text brackets italic text Screen text separator gt vertical line Indicates text that you need to enter and command names and options Example Enter show ip alerts routes Example Use the dinfo command Indicate optional elements in syntax descriptions Do not type the brackets when entering the command Example If the command syntax is show ip interfaces alerts you can enter either show ip interfaces or show ip interfaces alerts Indicates file and directory names new terms book titles and vari
140. tization by applying an outbound traffic filter that includes a prioritizing priority queue action This type of outbound traffic filter is called a priority filter For instructions on how to edit protocol prioritization parameters that affect the way priority filters work see Chapter 2 303543 A Rev 00 7 1 Configuring Traffic Filters and Protocol Prioritization Displaying the Priority Outbound Filters Window You must complete the following tasks to configure outbound traffic filters on an interface Add the Protocol Priority protocol if it is not already enabled On circuits configured with Frame Relay or PPP protocol prioritization is enabled by default Otherwise you must enable protocol prioritization the first time you configure outbound traffic filters Display the Configuration Manager Priority Outbound Filters window To display the Priority Outbound Filters window and if necessary enable protocol prioritization Site Manager Procedure You do this System responds 1 Display the Configuration Manager window protocols The Protocol Priority option is located near the bottom of the list 2 Click on the circuit interface connector for For Ethernet FDDI HSSI synchronous example COM1 XCVR2 or token ring interfaces the Edit Connector window opens For MCE1 or MCT1 interfaces the Logical Lines window opens 3 Click on Edit Circuit or for MCE1 MCT1 The Circuit
141. tocol for example a MAC address You can also create exceptions to the Drop all filter by adding more specific higher precedence filters to allow only specified traffic on an interface See Using a Drop All Filter as a Firewall in Appendix B for more information about combining filters to accept certain traffic 303543 A Rev 00 1 5 Configuring Traffic Filters and Protocol Prioritization Traffic Filter Components Criteria The Configuration Manager creates traffic filters from template files that contain filtering information Traffic filter templates consist of three components Criteria The portion of the incoming packet frame or datagram header to be examined Ranges Numeric values often addresses to be compared with the contents of examined packets Actions What happens to packets that match the criteria and ranges specified in a filter To create a traffic filter you apply a filter template to a particular router interface Table 1 5 at the end of this chapter summarizes the inbound and outbound traffic filter criteria and actions supported on specific interfaces A filter criterion is the portion of a packet frame or datagram header to be examined You can break down any packet into at least three components The DLC or data link header Examples of data link header types include Token ring 802 5 Ethernet V 2 and IEEE 802 3 FDDI PPP and Bay Networks Standard Frame Rela
142. y The upper level protocol header Examples of protocol header types include IP and TCP Source route bridging SRB DLSw User data 303543 A Rev 00 Using Traffic Filters A traffic filter criterion is defined by a byte length and an offset from common bit patterns reference points in the data link or protocol header The criterion includes the length of the filtered pattern and an offset from the known reference point The traffic filter uses this information to locate which portion of a packet to examine For bridged traffic predefined criteria are part of the data link header For routed traffic a predefined criterion can be part of the data link header or an upper level protocol header Inbound traffic filter criteria use reference points in the upper level protocol header You select inbound criteria based on the protocol of the incoming traffic Outbound traffic filters use reference points in only the IP or DLSw protocol headers You select outbound criteria based on the WAN protocol configured on the interface transparent bridge SRB PPP or Frame Relay Predefined and User Defined Criteria The Configuration Manager provides a selection of default filter criteria predefined criteria for both inbound and outbound traffic filters Predefined criteria consist of predefined offsets and lengths from common reference points You can also define a criterion based on bit patterns in a packet header that are n
143. yte DLCI 3 byte DLCI 4 byte DLCI NLPID continued 303543 A Rev 00 Configuring Traffic Filters and Protocol Prioritization Table 1 2 Predefined Outbound Traffic Filter Criteria continued Header Traffic Type Predefined Outbound Filter Criteria Data link header Transparent bridge Data Link Type MAC Address Source or Destination Ethernet Type Novell 802 2 Length 802 2 DSAP 802 2 SSAP 802 2 Control 802 2 SNAP Length 802 2 SNAP Protocol ID 802 2 SNAP Ethernet Type Native SRB SSAP DSAP PPP Protocol ID Frame Relay 2 byte DLCI 3 byte DLCI 4 byte DLCI NLPID Ethernet Type User Defined Criteria To apply customized criteria that use fields that are not represented in a protocol s predefined criteria you can create a user defined criterion You specify its location in the packet header by specifying the following e Reference point A known bit position in the packet header e Offset The first position of the filtered bit pattern in relation to the reference point measured in bits e Length The total bit length of the filtered pattern 303543 A Rev 00 Using Traffic Filters Ranges For each traffic filter criterion you also specify the valid range a series of target values that apply to the criterion For most criteria you specify an address range There must be at least one target value for each criterion The range c
Download Pdf Manuals
Related Search