Avaya Configuring Traffic Filters and Protocol Prioritization User's Manual
Contents
1. Table B 3 Example Criteria Ranges and Actions for Protocol Prioritization Filtering Goal Criteria Path Ranges Action Path Notes Place LAT traffic Criteria gt Add gt Datalink 6004 Action gt Datalink gt Table 5 8 in in the high gt Datalink type gt Add gt High Queue Chapter 5 includes a priority queue Ethernet type list of common since LAT isa Ethernet type codes time sensitive NOTE If this is a Frame protocol Relay interface specify SNAP instead of Ethernet type Place ICMP CriteriaAdd gt IP gt IP gt 1 Action gt IP gt Add Table 5 9 in traffic in the low Protocol gt Low Queue Chapter 5 includes a priority queue list of some common ICMP is nota IP Protocol codes time sensitive protocol Place SNA traffic Criteria gt Add gt Data link DSAP values Action gt Datalink gt You can also select in the high gt Source Routing gt 0x04 to 0x05 Add gt High Queue SSAP Destination priority queue DSAP NOTE To prioritize IP encapsulated SNA traffic select Criteria gt Add gt IP gt Source Routing gt DSAP 0x08 to 0x09 OxOc to OxOd See Chapter 5 for information on specifying MAC address or SAP criteria ranges NOTE To prioritize IP encapsulated SNA traffic select Action gt IP gt Add gt High Queue MAC address or Source MAC address as the criteria Place all DLSw traffic leaving particular a synchronous interface in the high priority2. Source Routing Actions In addition to the Accept Drop and Log actions common to all protocols Source Routing supports two additional actions e Direct IP Explorers Specifies that any explorer frame that matches the filter will be sent to some number of IP addresses You are required to specify these IP addresses For this action to work IP encapsulation must be configured on the filter s interface If IP encapsulation is not configured and a frame matches the filter the frame will be flooded as if no filter existed e Forward to Circuits Specifies that any frame that matches the filter will be forwarded to certain circuits that you specify Note The circuit names you enter in the Forward to Circuit list are case sensitive For example if the circuit name is E21 but you enter it as e21 the filter will not be saved 3 6 114081 Rev A Inbound Traffic Filter Criteria and Actions DECnet Phase IV Criteria and Actions You can filter inbound DECnet Phase IV traffic based on specified bit patterns contained within the DECnet header Predefined DECnet Criteria Table 3 2 lists the predefined filtering fields for DECnet IV inbound traffic filters and the reference field offset and length value for each criterion Table 3 4 Predefined Criteria for DECnet Inbound Traffic Filters Criterion Name Reference Field Offset Length Destination Area DEC4 BASE 0 6 Destination Node DEC4 BASE 6 10 Source
3. 4 6 114081 Rev A Outbound Traffic Filter Criteria and Actions DL HEADER START MAC DATA LINK d HEADER END e FR MPE DLCI OX03 z 0080 00 80 C2 00 07 pafeaienors DSAP SSAP DL SR START DL SR DATA LINK 00 00 A2 8101 DSAP SSAP TF0008A Figure 4 3 Data Link Reference Points in a Source Routing Packet Bridged over Bay Networks Proprietary Frame Relay MAC DATA LINK MAC DA MAC SA LENGTH DSAP SSAP CONTROL TYPE TF0009A Figure 4 4 Data Link Reference Points in an IEEE 802 2 LLC Header 114081 Rev A 4 7 Configuring Traffic Filters and Protocol Prioritization IP Reference Points Table 4 4 defines the IP reference points and Figure 4 5 shows an example of where those reference points are located in a packet Table 4 4 IP Reference Points Reference Point Definition HEADER_START Points to the first byte in the IP header HEADER_END Points to the first byte after the IP header IP_WAN_HEADER_START Points to the beginning of the header beginning of the packet for PPP and Frame Relay IP_WAN_HEADER_END Points to the first byte after DLCI in Frame Relay and the first byte after the Protocol ID in PPP IP_SR_START Points to the beginning of the source routing packet which is the high order byte of the destination address IP_SR_DATA_LINK Points to the first byte after the RIF field WAN HEADER START IP START P SR DATA LINK IP Ti HEADER END B T
4. Figure 7 10 Edit Priority Outbound Template Window You can add or delete filter criteria ranges and actions in the Edit Priority Outbound Template window as described in Table 7 1 114081 Rev A 7 13 Configuring Traffic Filters and Protocol Prioritization Table 7 1 Using the Edit Priority Outbound Filter Template Window Task Site Manager Instructions Notes Adda 1 Select Criteria gt Add then select the criterion to use to For any criterion you choose criterion filter packets you must specify at least one 2 Add a range in the Add Range window range Each template can have only one criterion Delete a 1 Select the criterion to delete in the Filter Information scroll Each filter template has only criterion box one criterion 2 Click on Delete Create new templates for 3 To confirm click on Delete in the Delete Criteria window additional criteria Adda 1 Select the criterion in the Filter Information box Ranges are listed beneath a range 2 Click on Add criteria in the Filter information 3 Use the Range Min and Max boxes to specify low and high scroll box values for the range You can add up to 100 ranges for each filter criterion Modify a 1 Select the range to modify in the Filter Information box When entering range values range 2 Click on Modify you must use the prefix Ox to 3 Use the Range Min and Max boxes to specify new low and specify a hexadecimal number high values for t
5. About This Guide American National Standards Institute Advanced Peer to Peer Networking Address Resolution Protocol Discard Eligible Data Link Control data link switching Destination Service Access Point file transfer protocol Internet Control Message Protocol high level data link control Internet Protocol Internet Package Exchange Local Area Transport logical link control LAN Network Manager media access control most significant bit Open Systems Interconnection Open Shortest Path First Interior Gateway Protocol Open Shortest Path First Border Gateway Protocol Point to Point Protocol routing information field Routing Information Protocol Service Access Point Synchronous Data Link Control switched multimegabit data service Systems Network Architecture IBM Subnetwork Access Protocol source routing bridge Source Service Access Point Transmission Control Protocol 114081 Rev A xvii Configuring Traffic Filters and Protocol Prioritization TELNET Telecommunication Network UDP User Datagram Protocol VINES Virtual Networking System Banyan XNS Xerox Network System Ordering Bay Networks Publications To purchase additional copies of this document or other Bay Networks publications order by part number from the Bay Networks Press at the following telephone or fax numbers Telephone U S Canada 1 888 4BAYPRESS Telephone International 1 510 490 4752 Fax 1 510 498 2609 You can
6. Configuring Traffic Filters and Protocol Prioritization Router Software Version 11 0 Site Manager Software Version 5 0 Part No 114081 Rev A August 1996 rS Bay Networks CES Bay Networks 4401 Great America Parkway 8 Federal Street Santa Clara CA 95054 Billerica MA 01821 Copyright 1988 1996 Bay Networks Inc All rights reserved Printed in the USA August 1996 The information in this document is subject to change without notice The statements configurations technical data and recommendations in this document are believed to be accurate and reliable but are presented without express or implied warranty Users must take full responsibility for their applications of any products specified in this document The information in this document is proprietary to Bay Networks Inc The software described in this document is furnished under a license agreement and may only be used in accordance with the terms of that license A summary of the Software License is included in this document Restricted Rights Legend Use duplication or disclosure by the United States Government is subject to restrictions as set forth in subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause at DFARS 252 227 7013 Notice for All Other Executive Agencies Notwithstanding any other license agreement that may pertain to or accompany the delivery of this computer software the rights of the United States Governme
7. Creating an Outbound Filter If there is no existing template to match your needs you must first create a new template for the circuit To create a new template from scratch 1 Display the Priority Outbound Filters window Figure 7 2 See the previous section Displaying the Priority Outbound Filters Window for instructions Spo Prioritw utboud Filters o e Apply Template Create Edit Reorder Delete Values Help Filter Enable Filter Name Figure 7 2 Priority Outbound Filters Window 2 Click on Template The Filter Template Management window appears Figure 7 3 7 4 114081 Rev A Applying Outbound Traffic Filters Figure 7 3 Filter Template Management Window 3 Click on Create The Create Priority Outbound Template window appears 114081 Rev A 7 5 Configuring Traffic Filters and Protocol Prioritization Figure 7 4 Create Priority Outbound Template Window 4 Enter a descriptive name for the template in the Filter Name box For instance the name Bridge01t003 might be appropriate for a template that contains information for filtering bridge frames from MAC source addresses 0x0000A2000001 to 0x0000A2000003 5 Select Criteria gt Add then select either Datalink or IP Figure 7 6 114081 Rev A Applying Outbound Traffic Filters Figure 7 5 Selecting Outbound Traffic Filter Criteria 6 Select the protocol specific criterion y
8. Four Data Link encapsulation methods Ethernet 802 2 LLC Novell Proprietary 802 2 LLC with SNAP MAC Address Source or Destination Ethernet type Novell 802 2 LLC Length 802 2 LLC DSAP 802 2 LLC SSAP 802 2 LLC Control 802 2 SNAP Length 802 2 SNAP Protocol ID 802 2 SNAP Ethernet Type Source Route Bridge Native only IP encapsulated SRB is not supported MAC Address Source or Destination DSAP SSAP NetBIOS Name Source or Destination DECnet Phase IV Area Source or Destination Node Source or Destination DLSw MAC Address Source or Destination DSAP SSAP continued 114081 Rev A Configuring Traffic Filters and Protocol Prioritization Table 1 1 Predefined Inbound Traffic Filter Criteria continued Protocol Predefined Criteria IP Type of Service IP Address Source and or Destination UDP port Source and or Destination TCP port Source and or Destination Established TCP protocols Protocol Type IPX Network Source or Destination Host Address Source or Destination Socket Source or Destination OSI OSI Area Source or Destination System ID Source or Destination LLC2 MAC Address Source or Destination DSAP SSAP VINES Protocol Type VINES Address Source or Destination XNS Network Source or Destination Address Source or Destination Socket Source or Destination Table 1 2 summarizes the predefined out
9. IP Header Type of Service IP Source Address IP Destination Address Both Source Address and Destination Address UDP Source Por UDP Destination Port TCP Source Port TCP Destination Port TCP or UDP Source Port TCP or UDP Destination Port Established TCP Port Protocol Source Routing MAC Destination Address MAC Source Address PPP Protocol ID Frame Relay 2 byte DLC 3 byte DLCI 4 byte DLCI NLPID Figure 4 2 shows the Configuration Manager menu path for specifying these criteria See Chapter 7 for detailed instructions on using Configuration Manager to create outbound filters 4 4 114081 Rev A Outbound Traffic Filter Criteria and Actions Figure 4 2 Predefined IP Outbound Filter Criteria Specifying Criteria Common to IP and Data Link Headers To configure outbound filters for criteria that are common to both IP and Data Link headers DSAP SSAP Protocol ID DLCI NLPID create two filters one for IP and the other for the Data Link type For example if you want a filter rule with a priority of High for all Frame Relay traffic with DLCI 400 create filters for both IP and Data Link using the DLCI criterion and a range of 400 To configure a filter to apply to either the IP or Data Link header only create only one filter 114081 Rev A 4 5 Configuring Traffic Filters and Protocol Prioritization To configure filters for IP routed packets only always select IP instead of Data Link
10. The amount of actual data transmitted depends on the clock speed of the circuit You can configure the clock speed on a synchronous interface by setting the External Clock Speed parameter in the Configuration Manager Edit Sync Parameters window Refer to Configuring Line Services 114081 Rev A 2 3 Configuring Traffic Filters and Protocol Prioritization The bandwidth allocation algorithm works as follows 1 7 The transmit queue scans the high priority queue If there is no traffic in the high priority queue the algorithm proceeds to Step 3 The router empties all packets from the high priority queue up to the configured bandwidth percentage into the transmit queue and transmits them The default bandwidth percentage for high priority traffic is 70 percent If the actual bandwidth use is less than the limit the router empties the high priority queue and proceeds to the normal priority queue The transmit queue scans the normal priority queue If there is no traffic in the normal priority queue the algorithm proceeds to Step 5 The router empties all packets from the normal priority queue up to the bandwidth percentage you have configured into the transmit queue and transmits them The default bandwidth percentage for the normal priority queue is 20 percent If the actual bandwidth use is less than the limit the router empties the normal priority queue and proceeds to the next queue The transmit queue sc
11. 3 8 example B 10 Drop if Next Hop is Unreachable action 3 10 drop traffic strategy 1 6 drop all filters 1 6 B 2 E editing inbound traffic filters 6 17 outbound traffic filters 7 17 enabling inbound traffic filters 6 24 outbound traffic filters 7 22 Ethernet Type ranges Frame Relay traffic 5 4 5 7 IPX over Frame Relay traffic 5 9 Index examples DLSw B 10 FTP B 11 ICMP traffic B 10 LAT B 10 NetBIOS names B 7 OSPF B 11 OSPF traffic B 11 protocol prioritization B 1 RIP traffic B 11 SNA B 10 Spanning Tree B 11 synchronous pass through B 11 Telnet B 11 F filter templates See templates firewall strategy 1 6 B 2 Flood action 3 4 Forward action 3 10 Forward to Circuit List action 3 4 3 6 Forward to First Up Next Hop Interface action 3 10 Forward to IP Address action 3 10 Forward to Next Hop Interfaces action 3 10 Forward to Peer action 3 8 Frame Relay Normal Queue size 2 18 A 2 specifying Ethernet Type code 5 4 5 7 FTP traffic prioritizing B 11 G getting help from a Bay Networks Technical Response Center xxiii from the Support Source CD xxii through CompuServe xxii through Customer Service FTP xxi through InfoFACTS service xxiii through World Wide Web xxi 114081 Rev A Index 3 Configuring Traffic Filters and Protocol Prioritization Greater Than Queue parameter 7 10 A 8 H High Queue action 1 14 4 9 High Queue Percent Bandwidth
12. Configuration Manager gt Interface Connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 250 milliseconds ms 100 to 5000 ms Specifies the greatest delay that a high priority packet can experience and consequently how many normal priority or low priority bits can be in the transmit queue at any one time Accept the default latency of 250 ms or enter a new latency value We recommend accepting the default latency value of 250 ms 1 3 6 1 4 1 18 3 5 1 4 1 1 8 High Water Packets Clear Configuration Manager gt Interface Connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 0 Any integer value Toggles the High Water Packets Clear bit When you change queue depth by changing the value of the High Queue Size Normal Queue Size or Low Queue Size parameter you can also reset the high water mark by changing the value of this parameter When you change the value of this parameter you reset the high water mark for all three queues to zero Enter any new integer value for this parameter to clear the existing high water marks for the priority queues 1 3 6 1 4 1 18 3 5 1 4 1 1 19 114081 Rev A A 3 Configuring Traffic Filters and Protocol Prioritization Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Prioritization Algorithm Type Confi
13. High Queue Size Configuration Manager gt Interface Connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 20 packets Any integer value Specifies the maximum number of packets in the high priority queue at any one time regardless of packet size Accept the default or enter a new value 1 3 6 1 4 1 18 3 5 1 4 1 1 4 Normal Queue Size Configuration Manager gt Interface Connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 20 200 for Frame Relay Any integer value Specifies the maximum number of packets in the normal priority queue at any one time regardless of packet size Accept the default or enter a new value For Frame Relay interfaces a value less than 200 might cause a broadcast message to be clipped 1 3 6 1 4 1 18 3 5 1 4 1 1 5 Low Queue Size Configuration Manager gt Interface Connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 20 Any integer value Specifies the maximum number of packets in the low priority queue at any one time regardless of packet size Accept the default of 20 packets or enter a new value 1 3 6 1 4 1 18 3 5 1 4 1 1 6 A 2 114081 Rev A Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Site Manager Protocol Prioritization Parameters Max High Queue Latency
14. XCVR1 F C M1 COM2 COM3 M COM4 M CONSOLE Figure 2 6 Circuit Definition Window 3 Look for Protocol Priority in the Protocols scroll box If Protocol Priority appears in the Circuit Definition Protocols box as shown in Figure 2 6 protocol prioritization is already enabled for this interface When you select some WAN protocols Site Manager automatically enables protocol prioritization 4 If Protocol Priority does not appear in the Protocols scroll box select Protocols gt Add Delete The Select Protocols window appears Figure 2 7 114081 Rev A 2 13 Configuring Traffic Filters and Protocol Prioritization Select Protocols W Protocol Priority LLC2 a Ea Em Figure 2 7 Selecting Protocol Priority from the Select Protocols List 5 Scroll down the list of protocols to select Protocol Priority 6 Click on OK The Circuit Definition window reappears refer to Figure 2 6 From the Circuit Definition window you can e Customize parameters as described in the next section e Configure an outbound traffic filter with a priority queue action as described in Chapter 7 2 14 114081 Rev A Using Protocol Prioritization Editing Protocol Prioritization Parameters Any circuit to which you have added protocol prioritization uses default values that determine how outbound filters work on the interface You can edit these parameters according to your network traffic needs To
15. e Dial Service Actions Note In addition to the traffic filter actions described in this section there are additional protocol specific actions for Bridge IP and DLSw inbound traffic filters described in Chapter 3 Filtering actions are common to all traffic filters Prioritizing and Dial Service actions are available only for outbound traffic filters on WAN interfaces Except the Log action traffic filter actions are mutually exclusive you can only apply one action per filter Filtering Actions You can apply the following actions to any traffic filter e Accept The router processes any packet that matches the filter criteria and ranges e Drop The router does not route any packet that matches the filter criteria and ranges Log For every packet that matches the filter criteria and ranges the router sends an entry to the system Events log You can specify the Log action in combination with other actions Note Specify the Log action only to record abnormal events otherwise the Events log will fill up with filtering messages leaving no room for critical log messages 114081 Rev A Configuring Traffic Filters and Protocol Prioritization Prioritizing Actions Outbound traffic filters for WAN protocols include the following actions for directing matching traffic into protocol prioritization queues High Packets that match the filter criteria and ranges are processed in the high queue Low Pa
16. suessssss 6 24 Talie Filters WINdOw RE EM 6 25 Selecting the Priority Outbound Filters Window seesssssss 7 3 Priority Outbound Filters VIRGONW iiie ertt reet P e RR nic Ro etat 7 4 Filter Template Management Window seeeeeennnnnee 7 5 Create Priority Outbound Template Window ssssesees 7 6 Selecting Outbound Traffic Filter Criteria seesseeeeeeee 7 7 ADS Hange VRBE ascetur se uper vtt at ctu fta ipu EE 7 8 Create Priority Outbound Template Window with Criteria and Actions 7 9 Prioritization Length VIERGE 1 ecexinekgsa to naanahanae 7 10 Copy Filler Template Window Lodel risa ird err nitrates 7 12 Edit Priority Outbound Template Window eee 7 13 Priority Outbound Filters Window ere Scale ere eee 7 15 Cae PUM NOON TL 7 16 Edit Priority Outbound Filters Window seseeeennnn 7 18 Sample List of Outbound FIRSTS iei storico ro yn bibe to PA adeo FR Und Ee te d cR 7 20 Ghange Precedence Window ose ori RE dni iae 7 21 Example of Outbound Filter Order Change sss 7 22 114081 Rev A Table 1 1 Table 1 2 Table 1 3 Table 3 1 Table 3 2 Table 3 3 Table 3 4 Table 3 5 Table 3 6 Table 3 7 Table 3 8 Table 3 9 Table 3 10 Table 3 11 Table 4 1 Table 4 2 Table 4 3 Table 4 4 Table 5 1 Table 5 2 Table 5 3 Table 5 4 Table 5 5 Table
17. 1 In the Traffic Filters window select the filter whose precedence you want to change 2 Click on Reorder The Change Precedence window appears Figure 6 18 Change Precedence INSERT BEFORE gt INSERT AFTER Cancel OK Figure 6 18 Change Precedence Window 3 Click on either INSERT BEFORE or INSERT AFTER then type a filter rule number in the Precedence Number box The selected filter will now have a filter number that is either one higher if you chose INSERT BEFORE or one lower if you chose INSERT AFTER than the number you entered For the example shown in Figure 6 19 if you wish to place the selected filter before 1 click on INSERT BEFORE and type 1 in the Precedence Number box Note When reversing the order of the second to lowest and lowest precedence filters the filter you select with the Reorder button and the filter number you specify in the Precedence Number box are the same For example to put Filter No 2 at the bottom of a list of three filters 1 2 and 3 select Filter No 2 and specify INSERT AFTER Precedence Number 2 4 Click on OK 114081 Rev A 6 23 Configuring Traffic Filters and Protocol Prioritization You are returned to the Filters window The filters now appear in their new order of precedence Figure 6 19 1 forwardtoS41 Done 2 bridge drop01to03 Apply 3 bridge drop_all i Template Create Edit Reorder Delete Val
18. 5 6 Table 5 7 Table 5 8 Table 5 9 Table 6 1 Table 6 2 114081 Rev A Tables Predefined Inbound Traffic Filter Criteria 1 9 Predefined Outbound Traffic Filter Criteria esses 1 11 Summary or Trame Fiter SUD DOM ccstecectssasicncetdenienseernicoacinscouteeaneatviuess 1 17 Bridge Encapsulation Support for Physical Media Types 3 3 Predefined Criteria for Transparent Bridge Encapsulations 3 3 Predefined Criteria for Source Routing Bridge n s 3 5 Predefined Criteria for DECnet Inbound Traffic Filters 3 7 Predefined Criteria for DLSw Inbound Traffic Filters iced Predefined Criteria for IP Inbound Traffic Filters ssssssss 3 9 Predefined Criteria for IPX Inbound Traffic Filters 3 11 Predefined Criteria for LLC2 Inbound Traffic Filters 3 12 Predefined Criteria for OSI Inbound Traffic Filters 3 13 Predefined Criteria for VINES Inbound Traffic Filters 9 14 Predefined Criteria for XNS Inbound Traffic Filters 3 15 Predefined Data Link Outbound Filter Criteria ssssssss 4 2 Predefined IP Outbound Filter Criteria eeesseeeseeeeese 4 4 Dara Link Reterence Points 15 3 pd e ER
19. 9 The transmit queue scans the high priority queue If there is no traffic in the high priority queue the algorithm proceeds to Step 4 The router empties all packets from the high priority queue into the transmit queue up to the latency value or the maximum transmit queue size and then transmits them The transmit queue size is the maximum number of packets in the transmit queue at one time You cannot configure this number using Site Manager If the latency value is reached the transmit queue starts again scanning and emptying traffic from the high priority queue If neither latency nor the maximum transmit queue size is reached the algorithm proceeds to Step 4 The transmit queue scans the normal priority queue If there is no traffic in the normal priority queue the algorithm proceeds to Step 7 The router empties all packets from the normal priority queue up to the latency value into the transmit queue and then transmits them If latency is reached the transmit queue starts again at Step 1 scanning and emptying traffic from the high priority queue If latency is not reached the algorithm proceeds to Step 7 The transmit queue scans the low priority queue If there is no traffic in the low priority queue the algorithm starts again at Step 1 The router empties all packets from the low priority queue up to the latency value into the transmit queue and then transmits them The algorithm starts again at S
20. A 3 Normal Queue Percent Bandwidth parameter 2 20 A 5 Normal Queue Size parameter 2 18 A 2 outbound traffic filters 7 1 Packet Length parameter 7 10 A 7 Prioritization Algorithm Type parameter 2 19 A 4 protocols supported 2 1 queue depth 2 10 tuning 2 12 usefulness of 1 3 Q queue depth 2 10 queues priority High Normal Low See protocol prioritization 2 2 R ranges inbound traffic filter changing 6 14 6 19 defined 3 1 deleting 6 14 6 19 outbound traffic filter changing 7 14 7 17 7 19 deleting 7 14 7 19 specifying NetBIOS Name 3 5 SRB 3 5 VINES 5 3 114081 Rev A Index 5 Configuring Traffic Filters and Protocol Prioritization reference points Data Link header 4 6 DECnet Phase IV 3 7 DLSw 3 8 IP header inbound filters 3 9 outbound filters 4 8 IPX 3 11 LLC2 3 12 OSI 3 13 Source Routing 3 6 Transparent Bridge 3 2 VINES 3 14 XNS 3 14 RIP traffic prioritizing B 11 S SNA traffic 4 2 SNA traffic example B 10 source routing actions 3 6 4 0 criteria 4 2 inbound 3 5 3 6 ranges 3 5 Spanning Tree traffic prioritizing B 11 strict dequeuing algorithm 2 6 Support Source CD xxii synchronous pass through traffic prioritizing B 11 T TCP Port criteria 5 5 Telnet traffic prioritizing B 11 templates about 1 15 to 1 16 templates inbound traffic filter applying to an interface 6 15 copying 6 12 creating 6 5 deleting
21. OSI Criteria and Actions ETE T TIN Tm iude 3 13 Pied eimod OSI CHENS MEE OS 3 13 User Defined OSI Criteria auia rear tak das a RR x teu SA DUK Ea AK cea ndi 3 13 ELA od ust M eM EI MEM E UE 3 13 MINES ORO Sd AGO 2 52 n Oodd adde A d edo ba a t cid bao ta dean 3 14 Predefined VINES Criteria eesssssssssssssssssssee senten nennen nennt nnns 3 14 User Defined VINES Criteria aciei aieiie casia ioeet EID qun E dor bu eR 2L Ice RE LU IS pasa tig eda di ed nem 3 14 SINE S VC nehm TET 3 14 ANS Cntera alid BOBO sss cts em mee tula eto db elisa dd mca 3 15 Piedeln eg ANS BUS s doti a exta E e ib api Lei Ic atta 3 15 User Defined XNS Criteria ssssssssssesssssssssese enne enenatis 3 15 MING REGIS sccccarssnssian TET Rm M 3 15 Chapter 4 Outbound Traffic Filter Criteria and Actions Predenmnsd OMEra os seca toss ssid en metit lad oem endi miei hoe Ra Ne perat dels 4 2 Predenned Data Link Orere seccion eee Ra o br Hie ba ape ua NES ee cR idea 4 2 Predefined IP Criteria 22 iaceccecei ce etae tan s KK tad nck Kad d a XR Ka Ka a RA KA 4 4 Specifying Criteria Common to IP and Data Link Headers s 4 5 Reference Points for User Defined Criteria sssssssseeeennenne 4 6 Data Link Reference POS iuuentus Ee FI KH n3 ARI a ARA x ca tA A 4 6 mich re me yi MS E LS E 4 8 Acting for Outbound Traic FASES ood eris Cc daai 4 9 Filtering Actions Di
22. OSI header Reference Field Description OSI BASE Points to the first byte of the CLNP header OSI DEST Points to the last two bytes of the Destination Address field OSI SRC Points to the last two bytes of the Source Address field OSI Actions The OSI filtering actions are Accept Drop and Log 114081 Rev A 3 13 Configuring Traffic Filters and Protocol Prioritization VINES Criteria and Actions You can configure VINES inbound traffic filters based on specified bit patterns contained within the VINES IP header Predefined VINES Criteria Table 3 2 lists the predefined filtering fields for VINES inbound traffic filters and the reference field offset and length value for each criterion Table 3 10 Predefined Criteria for VINES Inbound Traffic Filters Criterion Name Reference Field Offset Length Protocol Type VINES BASE 40 8 Destination Address VINES BASE 48 48 Source Address VINES BASE 96 48 User Defined VINES Criteria In addition to the predefined VINES filter criteria you can create traffic filters with user defined criteria by specifying an offset and length to these reference fields in the VINES header Reference Field Description VINES BASE Points to the first byte in the header VINES Actions The VINES filtering actions are Accept Drop and Log 3 14 114081 Rev A Inbound Traffic Filter Criteria and Actions XNS Criteria and Actions You can configure XNS
23. also use these numbers to request a free catalog of Bay Networks Press product publications xviii 114081 Rev A Technical Support and Online Services To ensure comprehensive network support to our customers and partners worldwide Bay Networks Customer Service has Technical Response Centers in key locations around the globe e Billerica Massachusetts e Santa Clara California e Sydney Australia e Tokyo Japan e Valbonne France The Technical Response Centers are connected via a redundant Frame Relay Network to a Common Problem Resolution system enabling them to transmit and share information and to provide live around the clock support 365 days a year Bay Networks Information Services complement the Bay Networks Service program portfolio by giving customers and partners access to the most current technical and support information through a choice of access retrieval means These include the World Wide Web CompuServe Support Source CD Customer Support FTP and InfoFACTS document fax service 114081 Rev A xix Configuring Traffic Filters and Protocol Prioritization Bay Networks Customer Service If you purchased your Bay Networks product from a distributor or authorized reseller contact that distributor s or reseller s technical support staff for assistance with installation configuration troubleshooting or integration issues Customers can also purchase direct support from Bay Networks through a variety
24. and Protocol Prioritization Changing Filter Precedence You can assign as many as 31 inbound traffic filters per protocol to each router interface As you add filters to an interface the Configuration Manager numbers them chronologically 1 2 3 and so on as seen in Figure 6 17 The number determines the filter precedence lower filter numbers have higher precedence If a packet matches two filters the filter with the highest precedence lowest number applies For example if the first filter on the interface Filter No 1 accepts a packet and the second filter Filter No 2 drops the same packet Filter No 1 has precedence and the packet will be accepted Figure 6 17 shows how the Traffic Filters window displays the filters on an interface The first filter created has the highest precedence and the number 1 Bridge Filters 0000 1 bridge dropO1to03 542 S one 2 bridge drop_all 42 Apply 3 forwardtoS41 542 Template Create Edit Reorder Delete Values Help Filter Enable ENABLED Filter Name forwardtoS41 Figure 6 17 Traffic Filters List in Order Created Try to create filters on an interface in order of precedence However if you can t or if your filtering strategy changes you can use the Traffic Filters window to rearrange the precedence of existing filters 6 22 114081 Rev A Applying Inbound Traffic Filters To change the order of precedence
25. at least one 2 Add a range in the Add Range window range Each template can have only one criterion Delete a 1 Select the criterion to delete in the Filter Information scroll Each filter template has only criterion box one criterion 2 Click on Delete Create new templates for 3 To confirm click on Delete in the Delete Criteria window additional criteria Adda 1 Select the criterion in the Filter Information box Ranges are listed beneath a range 2 Click on Add criteria in the Filter information 3 Use the Range Min and Max boxes to specify low and high scroll box values for the range You can add up to 100 ranges for each filter criterion Modify a 1 Select the range to modify in the Filter Information box When entering range values range 2 Click on Modify you must use the prefix Ox to 3 Use the Range Min and Max boxes to specify new low and specify a hexadecimal number high values for the range Delete a 1 Select the range to delete in the Filter Information scroll You must have at least one range box range specified for each 2 Click on Delete criterion 3 To confirm click on Delete in the Delete Range window Addan 1 Select Action gt Add in the Edit Filters window then select With the exception of the Log Action the action to impose on packets that match any of the action each filter template has template s ranges of filtering criteria only one action You can select 2 When you are finished adding actio
26. grant any Software license whatsoever either explicitly or implicitly except by acceptance of an order for either Software or for a Bay Networks product Equipment that is packaged with Software Each such license is subject to the following restrictions 1 Upon delivery of the Software Bay Networks grants to licensee a personal nontransferable nonexclusive license to use the Software with the Equipment with which or for which it was originally acquired including use at any of licensee s facilities to which the Equipment may be transferred for the useful life of the Equipment unless earlier terminated by default or cancellation Use of the Software shall be limited to such Equipment and to such facility Software which is licensed for use on hardware not offered by Bay Networks is not subject to restricted use on any Equipment however unless otherwise specified on the Documentation each licensed copy of such Software may only be installed on one hardware item at any time Licensee may use the Software with backup Equipment only if the Equipment with which or for which it was acquired is inoperative Licensee may make a single copy of the Software but not firmware for safekeeping archives or backup purposes Licensee may modify Software but not firmware or combine it with other software subject to the provision that those portions of the resulting software which incorporate Software are subject to the restrictions of this
27. inbound traffic filters based on specified bit patterns contained within the XNS header Predefined XNS Criteria Table 3 2 lists the predefined filtering fields for XNS filters and the reference field offset and length value for each criterion Table 3 11 Predefined Criteria for XNS Inbound Traffic Filters Criterion Name Reference Field Offset Length Destination Network XNS_BASE 48 32 Destination Address XNS_ BASE 80 48 Destination Socket XNS_ BASE 128 16 Source Network XNS_BASE 144 32 Source Address XNS_BASE 176 48 Source Socket XNS_ BASE 224 16 User Defined XNS Criteria In addition to the predefined filter criteria you can create traffic filters with criteria you define by specifying an offset and length to the start of the XNS header XNS_BASE as a reference field for a user defined criterion Reference Field Description XNS_BASE Points to the first byte in the XNS header XNS Actions The XNS filtering actions are Accept Drop and Log 114081 Rev A 3 15 Chapter 4 Outbound Traffic Filter Criteria and Actions This chapter lists the filter criteria and actions that Site Manager supports for outbound traffic filters Note For information about DLSw outbound filters refer to the Configuring DLSw Services guide As described in Chapter 1 you create protocol specific filter templates that include either predefined criteria or criteria you define from
28. information Traffic filter templates consist of three components Criteria The part of each incoming packet frame or datagram header to be examined e Ranges Numeric values usually addresses to be compared with the contents of examined packets e Actions What happens to packets that match the criteria and ranges specified in a filter To create a traffic filter you apply a filter template to a particular router interface Table 1 3 at the end of this chapter summarizes the inbound and outbound filter criteria and actions supported on specific interfaces 114081 Rev A 1 7 Configuring Traffic Filters and Protocol Prioritization Criteria A filter criterion is the part of a packet frame or datagram header to be examined You can logically break down any packet into at least three components e The data link control DLC header Examples of DLC header types are Token Ring 802 5 Ethernet V 2 and IEEE 802 3 FDDI PPP and Bay Networks Standard Frame Relay e The upper level protocol header Examples of protocol header types include IP and TCP Source route bridge DLSw e User data A traffic filter criterion is defined by a byte length and an offset from common bit patterns reference points within the DLC or protocol header The criterion includes the length of the filtered pattern and an offset from the known reference point The traffic filter uses this information to locate which part of a
29. license Licensee shall not make the resulting software available for use by any third party Neither title nor ownership to Software passes to licensee Licensee shall not provide or otherwise make available any Software in whole or in part in any form to any third party Third parties do not include consultants subcontractors or agents of licensee who have licensee s permission to use the Software at licensee s facility and who have agreed in writing to use the Software only in accordance with the restrictions of this license Third party owners from whom Bay Networks has acquired license rights to software that is incorporated into Bay Networks products shall have the right to enforce the provisions of this license against licensee Licensee shall not remove or obscure any copyright patent trademark trade secret or similar intellectual property or restricted rights notice within or affixed to any Software and shall reproduce and affix such notice on any backup copy of Software or copies of software resulting from modification or combination performed by licensee as permitted by this license 114081 Rev A iii Bay Networks Software License continued 10 11 12 Licensee shall not reverse assemble reverse compile or in any way reverse engineer the Software Note For licensees in the European Community the Software Directive dated 14 May 1991 as may be amended from time to time shall apply for interoperabi
30. now applied to the selected interface Protocol Prioritization Examples This section provides summary examples for configuring protocol priority queues for the following traffic LAT ICMP SNA DLSw RIP OSPF and OSPF BGP Spanning Tree Sync Pass through FTP Source Routing If this section does not include an exact example for a protocol you want to configure use these examples as guidelines for implementing protocol prioritization for other traffic types B 8 114081 Rev A Examples and Implementation Notes To create an outbound traffic filter with a queue action 1 2 10 11 12 13 Display the Priority Outbound Filter window Click on Template The Filter Template Management window appears The Templates scroll box includes any existing filter templates Click on Create The Create Priority Outbound Template window appears Enter a descriptive name for the new template in the Filter Name box Select a criterion Refer to Table B 3 for specific examples Enter a range Refer to Table B 3 Select a queue action Refer to Table B 3 Click on Done The Priority Outbound Filters window reappears Click on Create The Create Filter window appears Select an interface Select the template file Enter a descriptive name for the filter Click on OK The filter is now applied to the selected interface 114081 Rev A B 9 Configuring Traffic Filters and Protocol Prioritization
31. of service programs As part of our PhonePlus program Bay Networks Service sets the industry standard with 24 hour 7 days a week telephone support available worldwide at no extra cost Our complete range of contract and noncontract services also includes equipment staging and integration installation support on site services and replacement parts delivery within approximately 4 hours To purchase any of the Bay Networks support programs or if you have questions on program features use the following numbers Region Telephone Number Fax Number United States and 1 800 2LANWAN enter Express Routing 508 670 8766 Canada Code ERC 290 when prompted 508 436 8880 direct Europe 33 92 968 300 33 92 968 301 Asia Pacific Region 612 9927 8800 612 9927 8811 Latin America 407 997 1713 407 997 1714 In addition you can receive information on support programs from your local Bay Networks field sales office or purchase Bay Networks support directly from your authorized partner XX 114081 Rev A Technical Support and Online Services Bay Networks Information Services Bay Networks Information Services provide up to date support information as a first line resource for network administration expansion and maintenance This information is available from a variety of sources World Wide Web The Bay Networks Customer Support Web Server offers a diverse library of technical documents sof
32. parameter 2 20 A 4 High Water Packets Clear parameter 2 19 A 3 High Water Packets Mark 2 8 ICMP traffic example B 10 InfoFACTS service xxiii IP criteria to 3 9 inbound actions 3 10 criteria 3 9 outbound traffic filters 4 4 IP header outbound traffic filters 4 8 reference points 4 8 IPX actions 3 12 criteria 3 11 specifying Ethernet Type code 5 9 L LAN Network Manager LNM 3 12 5 4 LAT filter example B 10 latency 2 12 Length action 1 14 4 9 Less Than or Equal Queue parameter 7 10 A 7 line delay 2 12 LEC actions 3 12 criteria 3 12 Low Queue Percent Bandwidth parameter 2 21 A 5 Low Queue Size parameter 2 18 A 2 Max High Queue Latency parameter 2 19 A 3 modifying ranges inbound traffic filter 6 14 6 19 outbound traffic filter 7 14 7 17 7 19 N naming templates inbound traffic filter 6 7 outbound traffic filter 7 6 NetBIOS filter example B 7 NetBIOS Name specifying range 3 5 NetBIOS traffic 4 2 No Call action 1 14 4 10 Normal Queue Percent Bandwidth parameter 2 20 A 5 Normal Queue Size parameter 2 18 A 2 O OSI actions 3 13 criteria 3 13 OSPF traffic prioritizing B 11 OSPF BGP traffic prioritizing B 11 P Packet Length parameter 7 10 A 7 parameters Protocol Prioritization Discard Eligible Bit Low 2 21 A 6 Discard Eligible Bit Normal 2 21 A 6 Enable 2 18 A 1 Greater Than Queue 7 10 A 8 High Queue Percent Ban
33. set up a drop filter on the synchronous port with the same criterion or create outbound filters on the remote links Configure a subset of allowed Telnet TFTP and FTP users Criteria gt Add gt IP Source Address Client addresses Action gt Add gt Accept Use dotted decimal format This strategy works only if the destination IP address is one of the router s interfaces and if the protocol or well known port is Telnet TFTP or FTP Configure a router to drop BOOTP requests from particular clients Criteria gt Add gt UDP Frame gt UDP Destination Port MAC addresses of Action gt Add gt Drop BOOTP clients Creating an Inbound Traffic Filter Template User Defined Criteria This section describes how to create a template with user defined criteria to e Drop or accept VINES traffic bridged over an Ethernet interface e Drop or accept DLSw traffic based on NetBIOS names e Drop inbound but allow outbound Telnet traffic The following summarizes your steps for creating an inbound traffic filter with a user defined criterion Chapter 6 provides detailed information 114081 Rev A B 5 Configuring Traffic Filters and Protocol Prioritization Setting up user defined criteria is similar to setting up predefined criteria except you specify the criterion s location within the packet Refer to Chapter 3 for the supported protocol header reference points you can use to
34. such distribution and use acknowledge that such portions of the software were developed by the University of California Berkeley The name of the University may not be used to endorse or promote products derived from such portions of the software without specific prior written permission SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE In addition the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure that may incorporate by reference certain limitations and notices imposed by third parties ii 114081 Rev A Bay Networks Software License Note This is Bay Networks basic license document In the absence of a software license agreement specifying varying terms this license or the license included with the particular product shall govern licensee s use of Bay Networks software This Software License shall govern the licensing of all software provided to licensee by Bay Networks Software Bay Networks will provide licensee with Software in machine readable form and related documentation Documentation The Software provided under this license is proprietary to Bay Networks and to third parties from whom Bay Networks has acquired license rights Bay Networks will not
35. supported reference points in the protocol header user defined criteria Sections of this chapter define e Predefined Criteria e Reference Points for User Defined Criteria e Actions for Outbound Traffic Filters Note In some configurations implementing outbound traffic filters for LAN protocols may cause a decline in throughput performance For LAN circuits where the forwarding rate of the router is critical we suggest that you monitor the throughput performance after configuring outbound LAN filters If you notice an unacceptable performance degradation use inbound traffic filters to accomplish the filtering goal For instructions on using Site Manager to create outbound filters see Chapter 7 114081 Rev A 4 1 Configuring Traffic Filters and Protocol Prioritization Predefined Criteria Outbound traffic filter criteria are based on a packet s Data Link or IP header e For most WAN and LAN routing protocols you can use predefined outbound filter criteria based on either the Data Link header or the IP protocol header e For bridge traffic all predefined criteria are part of the Data Link header only e For NetBIOS SNA and other DLSw encapsulated traffic predefined criteria for outbound filters are based on the DLSw protocol header For information about DLSw outbound filters refer to the Configuring DLSw Services guide This section explains e Predefined Data Link Criteria e Predefin
36. the 0x00 byte look like 0x01 5 4 114081 Rev A Specifying Common Criterion Ranges Specifying Frame Relay NLPID Range Values Table 5 4 lists several Frame Relay network layer protocol ID NLPID values you can use when specifying Frame Relay over IP traffic filter criteria Table 5 4 Frame Relay NLPID Values Description NLPID 0x IP CC OSI 81 82 83 SNAP 80 Specifying PPP Protocol ID Range Values Table 5 5 lists some Data Link layer Protocol ID values you can use when specifying PPP over IP traffic filter criteria Refer to RFC 1700 for a complete list Table 5 5 PPP Protocol ID Values Description Protocol ID 0x IP 0021 OSI 0023 Stream Protocol ST2 0033 Specifying TCP and UDP Port Range Values Table 5 6 lists some common TCP port ranges you can use when specifying TCP over IP traffic filter criteria Table 5 6 Source and Destination TCP Port Values Description TCP Port FTP 20 21 Telnet 23 SMTP 25 continued 114081 Rev A 5 5 Configuring Traffic Filters and Protocol Prioritization Table 5 6 Source and Destination TCP Port Values continued Description TCP Port DNS 53 Gopher 70 World Wide Web http 80 84 DLSw Read Port 2065 DLSw Write Port 2067 Table 5 7 lists common UDP port values Table 5 7 Source and Destination UDP Port Values Description UDP Port DN
37. the applicable protocol Sections in this chapter lists the predefined inbound traffic filter criteria and actions for all supported bridge and routing protocols as well as the user defined reference points for each protocol Transparent Bridge Criteria and Actions Source Routing Bridge Criteria and Actions DECnet Phase IV Criteria and Actions DLSw Criteria and Actions IP Criteria and Actions IPX Criteria and Actions LLC2 Criteria and Actions OSI Criteria and Actions VINES Criteria and Actions XNS Criteria and Actions 114081 Rev A 3 1 Configuring Traffic Filters and Protocol Prioritization Transparent Bridge Criteria and Actions Transparent bridge traffic filters support multiple encapsulation methods and media types You filter inbound transparent bridge frames based on header fields within one of the four supported encapsulation methods e Ethernet e EEE 802 2 logical link control LLC e IEEE 802 2 LLC with Subnetwork Access Protocol SNAP header e Novell Proprietary Figure 3 1 illustrates the header content of each supported encapsulation method Ethernet Header MAC MAC Length Destination Source Type 48 bit MAC destination address 48 bit MAC source address 16 bit length type is TYPE 21518 IEEE 802 2 LLC Header MAC MAC Length 48 bit MAC destination address 48 bit MAC source address 16 bit length type is LENGTH 1519 8 bit DSAP IEEE 802 2 LLC with SNAP
38. the list of protocols The Protocol Priority option is located near the end of the list Click on OK The Circuit Definition window reappears Select Protocols gt Edit Protocol Priority gt Priority Outbound Filters Figure 7 1 7 2 114081 Rev A Applying Outbound Traffic Filters Conf Protocols Slot Lines I XCVR4 I XCVR3 XCVR2 F XCVR1 M COM1 M COM2 O COM3 COM4 CONSOLE Figure 7 1 Selecting the Priority Outbound Filters Window The Priority Outbound Filters window appears Preparing Filter Templates This section describes how to add a filter template to an interface by e Creating a new filter template or using an existing template Adding filtering criteria ranges and actions to a template e Modifying and deleting templates Note Changing a template does not affect interfaces to which the template has already been applied 114081 Rev A 7 3 Configuring Traffic Filters and Protocol Prioritization The section Creating an Outbound Filter later in this chapter describes how to create a filter by applying saving a filter template to an interface Creating a New Template To add a filter to an interface you do not always need to create a new template Often you can begin with an existing template If there is already a filter template for the circuit you are configuring that includes filter information you might use go to Customizing Templates or
39. 0 2 Add the First Bit Set MAC Address 0x800000000000 3 Enter the filter criteria range as 0xC00037450440 Bit 0 the 0x80 bit of Byte 0 the leftmost byte is the Routing Information Indicator bit which indicates the presence of the Routing Information Field RIF This bit is set to 1 if the RIF is present and to 0 if there is no RIF Keep this in mind if you use a sniffer to analyze packets for their Source MAC address For example a sniffer would decode LAA with the first byte of 40 as 0x400031740001 If the RIF bit is set the hexadecimal value of the packet is 0xC00031740001 5 2 114081 Rev A Specifying Common Criterion Ranges Source Routing Bridge Functional MAC Addresses Functional MAC addresses are Destination MAC addresses that always conform to the following rules e Byte 0 0xCO e Byte 1 0x00 e The first half of byte 2 0x0 to 0x7 Table 5 2 lists some common functional MAC addresses Table 5 2 Functional MAC Addresses Function Name MAC Address MSB Identifying Bit Ethernet Address Active Monitor 0xC000 0000 0001 Byte 5 bit 7 0x030000000080 Ring Parameter 0xC000 0000 0002 Byte 5 bit 6 0x030000000040 Server Ring Error 0xC000 0000 0008 Byte 5 bit 4 0x030000000010 Monitor Configuration 0xC000 0000 0010 Byte 5 bit 3 0x030000000008 Report Server NetBIOS 0xC000 0000 0080 Byte 5 bit 0 0x030000000001 Bridge 0xC000 0000 0100 Byte 4 bit 7 0x030000008000 LAN Manager 0
40. 009 DEC MOP 6001 6002 DRP 6003 DEC LAT 6004 LAVC 6007 3COM 6010 6014 UB Download 7000 UB NUI 7001 UB Boot Broadcast 7002 Proteon 7030 Cabletron 7034 Cronous 8003 8004 HP Probe 8005 Nestar 8006 Excelan 8010 Silicon Graphics 8013 8014 8015 HP Apollo Native Ethernet 8019 RARP 8035 DEC BPDU 8038 DEC 8039 8042 DEC Encryption 803D DEC LAN Traffic Monitor 803F DEC NetBIOS Emulator 8040 AT amp T 8046 8047 Compugraphic 8069 Vitalink Management 807D 8080 Xyplex 8088 808A Kinetics Ether talk 809B Spider 809F continued 5 8 114081 Rev A Specifying Common Criterion Ranges Table 5 8 Ethernet Type Codes continued Description Ethertype 0x Nixdorf 80A3 Siemens 80A4 80B3 Pacer Software 80C6 Applitek 80C7 Intergraph 80C8 80CC Harris 3M 80CD 80CE IBM SNA 80D5 Retix Bridge Management 80F2 AARP 80F3 Shiva 80F4 HP Apollo 80F7 Symbolics 8107 8109 Waterloo Software 8130 IPX over Frame Relay 8137 Novell 8137 8138 DEC MOP 9000 XNS Bridge Comm Management 9001 3Com 9002 9003 114081 Rev A 5 9 Configuring Traffic Filters and Protocol Prioritization Specifying IP Codes Table 5 9 lists some common Protocol and Type codes to use when specifying IP Type of Service and Protocol criteria ranges Refer to RFC 1700 for a complete list Table 5 9 IP Type Codes Description Protocol Type Code decimal ICMP Internet Control Mes
41. 0Base T and 100Base T e FDDI e HSSI e MCEI e MCTI e Synchronous e Token Ring You can apply multiple traffic filters to a single interface When more than one filter applies to a packet the order of filters determines the final filtering result Inbound Traffic Filters Inbound traffic filters act on packets coming in a particular router interface When you configure inbound filters you specify a set of conditions that apply to the traffic of a particular bridging or routing protocol The Configuration Manager supports inbound traffic filters for the following protocols e Transparent Bridge four encapsulation methods Ethernet 802 2 LLC 802 2 LLC with SNAP and Novell Proprietary e Native Source Routing P PX e XNS e OSI e DECnet Phase IV e VINES e DLSw e LLC2 APPN and LNM Most sites use inbound traffic filters primarily for security to restrict access to particular source locations on a network or to certain types of data Chapter 3 provides protocol specific information for designing inbound filters Chapter 6 explains how to use the Configuration Manager to apply inbound filters 1 2 114081 Rev A Using Traffic Filters Outbound Traffic Filters Outbound traffic filters act on packets that the router forwards to a local or wide area network through a particular interface Note In some configurations implementing outbound traffic filters for LAN protocols may cause a decline in
42. 12 CEO TO Eze tz PER N a i 6 12 Eguno a TRE a EE EE OL 6 13 Gresung sn Tbe INET uoa occ pete ror ERE anA 6 15 Ed an inbound Fiia aso bi eb opa pA cREHF LOI SERERE tu BEEF ta pA SUE FeLe Aa Dev o RR EL ELL Spr e be DuRE 6 17 SPSS ING User biben mer eG ruact otters naos i a a 6 20 Changia Ftor 1 02 0 4 cp cious eterna Meee aa 6 22 Enabling or Disabling an Inbound Filter T dps E T EE 6 24 Belding an Inbound FINE DTE EA 6 26 Chapter 7 Applying Outbound Traffic Filters Working Wih Obodna Daftc EMG sxc scecccasccatargecieceeneneiicccutecieerele eae 7 1 Displaying the Priority Outbound Filters Window c cceecceeeeeeeeeeeeeceeeeeaeeeeeeneeetaes 7 2 Preparing Filter Templates TT naddie iOS T ers 7 3 Coating a New TBRIDISIB ususin eid nte XR Ra die Ma e RR a edel aA pack EL tr 7 4 pecina PEIDHEESUOP LSID dissident aad situ bhid a paa Ic dao canes 7 10 Aere gira lye lu e RR 7 11 SB NWI a ge ce EET TENEHOENE 7 11 Editing a Template Morin m T TS 7 12 opea an CANNED ANSP at csenns coche nre aackrksi aaRS 7 15 114081 Rev A Edi ng an Ombound PIE sicsassencdenacaserraacende saan na ert tane r EX Rn OH RR RR X ek P itd 7 17 Changing Fiter urs p i ess inci cats RR T iaE 7 20 Enabling or Dissbling arn Outbound FIREN acia eid cedit the ted oiiae 7 22 IJelitihg an Outbound FRET io cu dre C t Ua CR iP a Ee Ode Ho De eun 7 23 Appendix A Site Manager Protocol Prioritization Parameters Priority Interface
43. 5 Filter Template Management Window eeeeeeeeeeeee 6 6 Create Template Window S 6 7 Selecting a Filler Cero on ininisrcassuein noeh kino iiU eoo bad 6 8 Add Range WINDOW uuseccicnse etico eco te ndns PAE csdaneuonesans TES 6 9 Create Template Window with Criteria and Range Added 6 10 Actions List with New ACON ass aeu cese reati tk ere sauik 113 coa den eee 3 idt nissen 6 11 xi xii Figure 6 11 Figure 6 12 Figure 6 13 Figure 6 14 Figure 6 15 Figure 6 16 Figure 6 17 Figure 6 18 Figure 6 19 Figure 6 20 Figure 7 1 Figure 7 2 Figure 7 3 Figure 7 4 Figure 7 5 Figure 7 6 Figure 7 7 Figure 7 8 Figure 7 9 Figure 7 10 Figure 7 11 Figure 7 12 Figure 7 13 Figure 7 14 Figure 7 15 Figure 7 16 Copy Filter Template Window ccssossssisaciosisecceressssacaraoesssdeatooscseeetessereee 6 12 Create Fiker VEIDOSUE user mid 4 duc ocsa lacer HARE deh QU e ER danced tanta 6 15 New Filter Listed in the Filters Window Scroll Box 6 16 Edi Piers WNOON cacti site P LO WD YR UO REG OH RR 6 18 Add User Defined Field Window n 6 20 User Doimed PITT TET 6 21 Traffic Filters List in Order Created ssessssseeeses 6 22 Change Precedence Window cccccccscccssseseceeeeesseeeccseeeeseeescsseseeaees 6 23 Traffic Filters List Reordered Precedence
44. 6 16 8 8 network number for example 1234 On a DLSw circuit filter on NetBIOS Names DLS DATA START 376 Destination NetBIOS Names 504 Source NetBIOS Names The offset of 376 only NetBIOS names are up to 16 bytes long How they are oriented in the field right justified or left justified may be Enter NetBIOS Name ranges using the ASCII equivalent of the first 15 characters in the name For names with less traffic on the synchronous interface that receives packets from the Internet applies if you want to filter dependent on than 15 the beginning of the application and characters use NetBIOS name field If should be 0x20 to pad you want to find a checked with an characters particular section of the analyzer before NetBIOS name the offset creating filter will increase by X 8 criteria where X is the number of bytes into the name that you want to filter Drop inbound IP HEADER END 107 1 0x0 0x0 Telnet and FTP 109 114081 Rev A B 7 Configuring Traffic Filters and Protocol Prioritization Applying the Traffic Filter Template Create a traffic filter by applying a filter template to an interface 1 2 3 4 5 Begin at the protocol specific Traffic Filter window Click on Create In the Create Filter window enter a name for the filter Select the template file you just created in the Templates scroll box Click on OK The filter is
45. Area DEC4 BASE 16 6 Source Node DEC4_BASE 22 10 User Defined DECnet Criteria In addition to the predefined DECnet filter criteria you can create traffic filters with user defined criteria by specifying an offset and length to these reference fields in the DECnet Phase IV header Reference Field Description DEC4 BASE Points to the first byte in the header DECnet Actions The DECnet Phase IV filtering actions are Accept Drop and Log 114081 Rev A 3 7 Configuring Traffic Filters and Protocol Prioritization DLSw Criteria and Actions You can filter inbound DLSw traffic based on specified bit patterns contained within the DLSw header as defined in RFC 1434 Predefined DLSw Criteria Table 3 2 lists the predefined filtering fields for DLSw inbound traffic filters and the reference field offset and length value for each criterion Table 3 5 Predefined Criteria for DLSw Inbound Traffic Filters Criterion Name Reference Field Offset Length Destination MAC Address DLS_BASE 192 48 Source MAC Address DLS_BASE 240 48 DSAP DLS_BASE 296 8 SSAP DLS_BASE 288 8 User Defined DLSw Criteria In addition to the predefined DLSw filter criteria you can create inbound traffic filters with user defined criteria by specifying an offset and length to these reference fields in the DLSw header Reference Field Description DLS_CTRL_START Points to the st
46. Display the Traffic Filters window see Figure 6 20 2 Select the filter that you want to delete in the scroll box Caution There is no confirmation of a filter deletion Be sure to select a filter that you are certain you want to delete 3 Click on Delete The filter no longer appears in the scroll box of the Filters window 4 Click on Apply to save this change 6 26 114081 Rev A Chapter 7 Applying Outbound Traffic Filters This chapter shows how to use the Configuration Manager to configure outbound traffic filters You implement protocol prioritization by applying an outbound filter that includes a queue action also called priority filters For instructions on how to edit edit the protocol prioritization parameters refer to Chapter 2 Note To complete the steps in this chapter you must be familiar with protocol specific filtering criteria and actions Refer to Chapter 4 for this information Working with Outbound Traffic Filters To configure outbound traffic filters you first display the Configuration Manager Priority Outbound Filters window as described in the next section From the Priority Outbound Filters window you can e Create copy or edit a filter template Preparing Filter Templates e Apply a filter template to an interface Creating an Outbound Filter e Change an existing filter Editing an Outbound Filter e Change the filtering order Changing Filter Prece
47. Encapsulation MAC MAC Length Org Ethernet Destination Source Type DSAP SSAP Control Code Type 48 bit MAC destination address 48 bit MAC source address 16 bit length type is LENGTH 1519 DSAP SSAP CTRL is OxAAAA03 24 bit Organizational Code 16 bit Ethertype Novell Proprietary Encapsulation MAC MAC Length 48 bit MAC destination address 48 bit MAC source address 8 bit SSAP 16 bit length type is LENGTH 1519 8 bit Control next 16 bits are all ones part of IPX header TF0007A Figure 3 1 Header Reference Fields of Transparent Bridge Encapsulation Methods 3 2 114081 Rev A Inbound Traffic Filter Criteria and Actions Table 3 1 shows which encapsulation methods are supported on specific interface types Table 3 1 Bridge Encapsulation Support for Physical Media Types Bridge Encapsulation Method Supported Router Interface Ethernet 802 2 LLC LLC with SNAP Novell Ethernet 802 3 XCVR Yes Yes Yes Yes FDDI FDDI No Yes Yes No Token Ring TOKEN No Yes Yes No Synchronous COM Yes Yes Yes Yes Predefined Transparent Bridge Criteria Each transparent bridge encapsulation method has specific predefined criteria for filtering frames These predefined criteria are based on an offset to a header reference field see Figure 3 1 and are a specified length Table 3 2 lists the predefined filtering criteria for each encapsulation method including the header reference fi
48. F0010A HEADER_END HEADER_START Figure 4 5 IP Reference Points in a PPP Packet with IP Encapsulated Source Routing 4 8 114081 Rev A Outbound Traffic Filter Criteria and Actions Actions for Outbound Traffic Filters For outbound traffic filters you can specify different types of actions Filtering Actions Protocol Prioritization Actions Dial On Demand Actions Filtering Actions You can apply the following actions to any outbound traffic filter Accept The router processes any packet that matches the filter criteria and ranges Drop The router does not route any packet that matches the filter criteria and ranges Log For every packet that matches the filter criteria and ranges the router sends an entry to the system Events log You can specify the Log action in combination with other actions Detailed Log For every packet that matches the filter criteria and ranges the filter adds a more detailed entry to the system Events log containing IP header information Note Specify the Log actions only to record abnormal events otherwise the Events log will fill up with filtering messages leaving no room for critical log messages Protocol Prioritization Actions Outbound traffic filters for WAN protocols also include the following actions for directing matching traffic into circuit based protocol priority queues High Packets that match the filter criteria and ranges are process
49. Ferne i eet Rc dnbio 3 5 Predefined Source Routing Criteria sse 3 5 Specgtying a SRB Cheon Range csinosan nran 3 5 User Defined Source Routing Criteria seen 3 6 Soupe Roning ACIOS sisstociiisrbeo tien cditdibe teri adobe edu iue ione ieee 3 6 DECnet Phase IV Criteria and AGHDES 2 Lccpaiixcenr ase eie birsba tx bun ga Ue eU aa eI NE BE UDINE 3 7 Predefined DECnet Criteria csccissssccctccssececscccascecsscesnastrsceed Log CRua A inina iaaa 3 7 User Defined DECnet Criteria TUR NOM TU T 3 7 DECHE ACTON Ae erare I E 3 7 DLSw Criteria and Tg NNNM 3 8 Predelined DLSw AP A mE 3 8 UserDeimed DLSw TRI PRINT TTE TL 3 8 DL Sw ABS ucc rere TTE EET ere oe IP Comer And PAG RNS eai 3 9 PP ae a ested IP OMETE acsi teats cesta beens setnucisa tea Modest da pecu ana a iniia 3 9 Usor Deimed EU d RT OT OE E 3 9 luci TT rete creer reer rer errr ter retrr ste 3 10 IPX Criteria and Actions esses enne enne enne nennen inert 3 11 Prepaid IPX OUI accicict im Erde E pen Peau R 3 11 User Defined PX EIU CDD RRDETM 3 11 lg P OI m I SM 3 11 114081 Rev A vii LEG Gritleria and ACHONS sissies ssaccvedvescoceiavasocsceensaravccersanacarceavanstareenasansieitansesei Ca ain 3 12 Predefined LLC2 CI io etederaaddaten od int IC eR DU ak cene du a qun dnb unc uA nnn 3 12 User Deincd DECR OMON A ueri iria PR Sera Iacob Lv El d erac duet 3 12 BEN RD E E D eames es 3 12
50. INES Token Ring Transparent Bridge Transparent Bridge Accept Drop Accept Drop Log DECnet IV DLSw IP IP Source Route Log IPX LLC2 OSI Source Bridge Route XNS VINES HSSI Transparent Bridge Accept Drop Log Accept Drop Accept Drop Log DECnet IV DLSw IP Log IPX LLC2 OSI Source Route XNS VINES MCE1 Transparent Bridge Transparent Bridge None Accept Drop Log DECnet IV DLSw IP Frame Relay IP High Queue Low IPX LLC2 OSI Source PPP Source Route Queue Length No Route XNS VINES Bridge Call No Reset MCT1 Transparent Bridge Transparent Bridge None Accept Drop Log DECnet IV DLSw IP Frame Relay IP High Queue Low IPX LLC2 OSI Source PPP Source Route Queue Length No Route XNS VINES Bridge Call No Reset Synchronous Transparent Bridge Transparent Bridge Accept Drop Accept Drop Log High Queue Low Queue Length No Call No Reset Ethernet 802 2 LLC LLC with SNAP and Novell encapsulations 802 2 LLC and LLC with SNAP encapsulations 3 Plus additional actions for Bridge and IP filters 114081 Rev A Chapter 2 Using Protocol Prioritization This chapter describes the priority queuing protocol prioritization you can implement using outbound traffic filters Site Manager supports protocol prioritization on synchronous HSSI MCEI and MCTI interfaces for the following WAN protocols e PPP Point to Point Protocol e Standard Bay Network
51. If you create a filter under Data Link to identify an IP routed packet for example using the Ethertype field and a value of 0x0800 the rule is never triggered because the router code recognizes the IP packet and uses IP filter rules Reference Points for User Defined Criteria Data Link Reference Points To create a filter with a user defined criterion you specify the offset and length to a supported reference point in the protocol s header This section lists reference points for specifying user defined outbound traffic filter criteria e Data Link Reference Points IP Reference Points Table 4 3 defines the Data Link reference points Table 4 3 Data Link Reference Points Reference Point Definition MAC Points to the high order byte of the destination address DATA LINK Points to the first byte after the length type criteria DL HEADER START Points to the beginning of the header beginning of the packet for PPP and Frame Relay DL HEADER END Points to the first byte after DLCI in Frame Relay and the first byte after the protocol ID in PPP DL FR MPE Points to NLPID Frame Relay only DL SR START Points to the beginning of the source routing packet which is the high order byte of the destination address DL SR DATA LINK Points to the first byte after the RIF field Figures 4 3 and 4 4 show examples of where those reference points are located in a packet
52. MP Agent LOCAL FILE File Name usr21 techpub Model Access Stack N MIB Versioni x9 00 Slot Module Description 4 4 34002 Dual Token Ring 4716Mb TOKENZ 3 Empty Module 2 tmeuMedue 1 Empty Module 4 3 2 Empty Module Empty Module Empty Module Figure 6 3 Selecting the DLSw Inbound Traffic Filters Window The DLS Filters window appears Although the Traffic Filters window is protocol specific you use the window the same way for all protocols The examples in this chapter show the Bridge Filters window Figure 6 4 Preparing Filter Templates This section describes how to add a filter template to an interface by e Creating a New Template e Customizing Templates The section Creating an Inbound Filter later in this chapter describes how to create a filter by applying saving a filter template to an interface 6 4 114081 Rev A Applying Inbound Traffic Filters Creating a New Template To add a filter to an interface you do not always need to create a new template Often you can begin with an existing template If there is already a filter template for the circuit you are configuring that includes filter information you might use go to Customizing Templates If there is no existing template to match your needs you must first create a new template for your circuit To create a new template 1 Display the Filters window for your selected circuit Figure 6 4 shows the Brid
53. Parameter DescripliDl iB 5 ott tt tren nete nnt Race A 1 Piontzatoh bendlh Parameters aii epic tir tudceza Fat nea dd a e dba dae ct dia td A 7 Appendix B Examples and Implementation Notes It prsimena S OD PUB sioe een nite mere rr itas niece eite a EE Apu Lupa OUR B 1 Filtering Outbound Frame Relay Traffic n T T B 1 Filtering Over a Dial Backup IDOL nero rtt nee rpm tI EE ERR PASA roe RU B 2 Using a Drop All Filter as a Firewall sse B 2 Dyer aer uiedgu z cups cM rm ET B 3 Creating an Inbound Traffic Filter Template Predefined Criteria B 4 Creating an Inbound Traffic Filter Template User Defined Criteria a BO Applying tus TRIG Fiker Tempe 5 jaccss ach iizestiansqceesiiaciigccrsdandeentnuciqeeeiessadidgentanniiacts B 8 Protocol NUANCES aste ca calcd se satan Andante aA iida daana aude B 8 Index X 114081 Rev A Figure 2 1 Figure 2 2 Figure 2 3 Figure 2 4 Figure 2 5 Figure 2 6 Figure 2 7 Figure 2 8 Figure 2 9 Figure 2 10 Figure 3 1 Figure 4 1 Figure 4 2 Figure 4 3 Figure 4 4 Figure 4 5 Figure 6 1 Figure 6 2 Figure 6 3 Figure 6 4 Figure 6 5 Figure 6 6 Figure 6 7 Figure 6 8 Figure 6 9 Figure 6 10 114081 Rev A Figures Protocol Prioritization DODUOUIDE 45395 iecit en Ru asa Ne Exe e Dawes bis 2 3 Bandwidth Allocation Dequeuing Algorithm seesesss 2 5 Siriel Degueuin
54. Reference Field Offset Length Destination Network IPX_BASE 48 32 Destination Address IPX_BASE 80 48 Destination Socket IPX_BASE 128 16 Source Network IPX_BASE 144 32 Source Address IPX_BASE 176 48 Source Socket IPX_BASE 224 16 User Defined IPX Criteria In addition to the predefined filter criteria you can create traffic filters with criteria you define by specifying an offset and length to the start of the IPX header IPX_BASE as a reference field for a user defined criterion Reference Field Description IPX_BASE Points to the first byte in the IPX header IPX Actions The IPX filtering actions are Accept Drop and Log 114081 Rev A 3 11 Configuring Traffic Filters and Protocol Prioritization LLC2 Criteria and Actions You can filter inbound LLC2 traffic based on specified bit patterns contained within the LLC2 header Adding an IBM protocol to a circuit automatically adds Logical Link Control 2 LLC2 LLC2 traffic filters apply to LLC2 routed over Frame Relay also known as native SNA over Frame Relay and to any protocol running over LLC2 including Advanced Peer to Peer Networking APPN and LAN Network Manager LNM Predefined LLC2 Criteria Table 3 2 lists the predefined filtering fields for DLSw inbound traffic filters and the reference field offset and length value for each criterion Table 3 8 Predefined Criteria for LLC2 Inbound Traffic Filters Criterion Na
55. S 53 TFTP 69 SNMP 161 SNMPTRAP 162 5 6 114081 Rev A Specifying Common Criterion Ranges Specifying Ethernet Type Range Values Table 5 8 lists some common Ethernet Type codes to use when specifying Ethertype criteria ranges Refer to RFC 1700 for a complete and current list Table 5 8 Ethernet Type Codes Description Ethertype 0x Bay Networks Synchronous Pass Through 80FF Bay Networks Source Route Traffic non Token Ring media 8101 Bay Networks Breath of Life Packet BofL 8102 Bay Networks Transparent Bridge Traffic on Token Ring 8103 Bridged Ethernet over RFC 1490 Frame Relay 0007 Bridged Token Ring over RFC 1490 Frame Relay 0009 Bridged FDDI over RFC 1490 Frame Relay 000A Bridged PDUs over RFC 1490 Frame Relay 000B 802 3 Length Field 0000 05EE 802 5 Length Field 0000 05FF Xerox PUP 0101 01FF 0200 0201 Nixdorf 0400 XNS IDP 0600 XNS Address Translation 0601 IP 0800 X 25 0801 CHAOSnet 0804 X 25 Level 3 0805 ARP 0806 XNS 0807 Symbolix 081C Xyplex 0888 088A UB Debugger 0900 XNS Address Translation 0A00 0A01 Banyan VINES OBAD continued 114081 Rev A 5 7 Configuring Traffic Filters and Protocol Prioritization Table 5 8 Ethernet Type Codes continued Description Ethertype 0x DEC 6000 6
56. a template does not affect interfaces to which the template has already been applied To edit an existing template without preserving the original go to Editing a Template Note You can also edit or copy a template using a text editor The Configuration Manager stores all templates in a file called template fit Copying a Template To duplicate an existing template 1 2 3 Display the Filter Template Management window refer to Figure 7 3 Select a template from the scroll box Click on Copy The Copy Filter Template window appears Figure 7 9 114081 Rev A Configuring Traffic Filters and Protocol Prioritization opy Filter Template Copy template drop01t003 co topic NNNNNNENENNNEEE ea eee Figure 7 9 Copy Filter Template Window 4 Enter a name for the new template in the box provided Remember that it is a good idea to give your template a name that reflects its contents 5 Click on OK You are returned to the Filter Template Management window The name you just assigned to the new template appears in the Templates box Editing a Template After you create or copy a template you can edit it to apply the filters you want 1 Display the Filter Template Management window 2 Select the template you to edit from the scroll box 3 Click on Edit The Edit Priority Outbound Template window window appears Figure 7 10 7 12 114081 Rev A Applying Outbound Traffic Filters
57. address ranges in the following sections e Specifying MAC Address Ranges e Specifying VINES Address Ranges e Specifying Source and Destination SAP Code Ranges e Specifying Frame Relay NLPID Range Values e Specifying PPP Protocol ID Range Values e Specifying TCP and UDP Port Range Values e Specifying Ethernet Type Range Values e Specifying IP Codes Note Refer to Chapter 1 for an overview of traffic filters filter templates and their criterion range and action components 114081 Rev A 5 1 Configuring Traffic Filters and Protocol Prioritization Specifying MAC Address Ranges When you create a filter that includes a Source or Destination MAC Address criterion you specify the MAC address range in either most significant bit MSB or canonical format Table 5 1 lists the address formats to use Table 5 1 Format for Specifying Source Routing MAC Addresses Address Type Address Format PPP MSB Bay Networks Standard Frame Relay Canonical Bay Networks Proprietary PPP Canonical Token Ring MSB Ethernet Canonical When defining outbound traffic filters you can specify a MAC address in either MSB or canonical format but the default is canonical Source Routing Bridge Source MAC Addresses When specifying Source MAC addresses for SRB traffic filters set the most significant bit MSB to one For example Token Ring packets 1 The Source MAC address to be filtered is 0x4000003745044
58. andwidth on an interface is allocated to traffic in the high priority queue If you select the bandwidth allocation dequeuing algorithm you can use this parameter to specify the percentage of bandwidth allocated to high priority traffic When you set this parameter to a value less than 100 each time the percentage of bandwidth used by high priority traffic reaches this limit the router transmits traffic in the normal and low priority queues up to the configured percentages for those priority queues Note The High Queue Percent Bandwidth Normal Queue Percent Bandwidth and Low Queue Percent Bandwidth values must total 100 Setting the Normal Queue Percent Bandwidth By default 20 percent of the bandwidth on an interface is allocated to traffic in the normal priority queue If you select the bandwidth allocation dequeuing algorithm you can use this parameter to specify the percentage of bandwidth allocated to normal priority traffic When you set this parameter to a value less than 100 each time the percentage of bandwidth used by normal priority traffic reaches this limit the router transmits traffic in the low priority queues up to its configured percentage Note The High Queue Percent Bandwidth Normal Queue Percent Bandwidth and Low Queue Percent Bandwidth values must total 100 2 20 114081 Rev A Using Protocol Prioritization Setting the Low Queue Percent Bandwidth By default 10 percent of the bandwi
59. ange the value of this parameter you reset the High Water mark for all three priority queues to zero by toggling the High Water Packets Clear bit Enter any new integer value for this parameter to clear the existing High Water marks for the priority queues Whenever you change queue depth by changing the value of the High Queue Size Normal Queue Size or Low Queue Size parameter it s a good idea to also reset the High Water mark by changing the value of this parameter For more information about using queue depths to tune protocol prioritization in your network refer to Tuning Protocol Prioritization earlier in this chapter Selecting the Prioritization Algorithm Type You can select one of two dequeuing algorithms for draining priority queues and transmitting traffic Select STRICT for strict dequeuing the router always transmits traffic in the high priority queue before traffic in the other queues Select BANDWIDTH ALLOC for bandwidth allocation dequeuing the router transmits traffic in a queue until the utilization percentage for that queue is reached and then the router transmits traffic in the next lower priority queue You configure the percentages for bandwidth allocation by setting the High Queue Normal Queue and Low Queue Percent Bandwidth parameters 114081 Rev A 2 19 Configuring Traffic Filters and Protocol Prioritization Setting the High Queue Percent Bandwidth By default 70 percent of the b
60. ans the low priority queue If there is no traffic in the low priority queue the algorithm starts again at Step 1 The router empties all packets from the low priority queue up to the bandwidth percentage you have configured into the transmit queue and transmits them The default bandwidth percentage for the low priority queue is 10 percent If the actual bandwidth use is less than the limit the router empties the low priority queue The algorithm starts again at Step 1 Figure 2 2 illustrates the algorithm for bandwidth allocation dequeuing 2 4 114081 Rev A Scan high priority queue Are there packets in the high priority queue py Scan normal priority queue Are there packets in the normal priority queue Scan low priority queue here packets in the low priority queue YES NO Transmit all packets up to the bandwidth utilization percentage Transmit all packets up to the bandwidth utilization percentage Transmit all packets up to the bandwidth utilization percentage Using Protocol Prioritization OO TF0002A Figure 2 2 Bandwidth Allocation Dequeuing Algorithm 114081 Rev A 2 5 Configuring Traffic Filters and Protocol Prioritization Strict Dequeuing Algorithm Protocol prioritization can also use the strict dequeuing algorithm to send traffic to the transmit queue This algorithm works as follows 1
61. art of the DLSw header DLS_DATA_START Point to start of the DLSw data DLSw Actions The DLSw filtering actions are e Drop Log common to all inbound traffic filters e Forward to Peer specifies that any frame that matches the filter will be sent to the circuits that you specify 3 8 114081 Rev A Inbound Traffic Filter Criteria and Actions IP Criteria and Actions You filter inbound IP traffic based on specified bit patterns contained within the IP header or the header of the upper level protocol TCP or UDP for example conveyed within the IP datagram Predefined IP Criteria Table 3 2 lists the predefined filtering fields for IP filters and the reference field offset and length value for each criterion Table 3 6 Predefined Criteria for IP Inbound Traffic Filters Criterion Name Reference Field Offset Length Type of Service HEADER_START 8 8 Protocol HEADER_START 72 8 IP Source Address HEADER_START 96 32 IP Destination Address HEADER_START 128 32 UDP TCP Source Port HEADER_END 0 16 UDP TCP Destination Port HEADER END 16 16 User Defined IP Criteria In addition to the predefined filter criteria you can create IP traffic filters with user defined criteria by specifying an offset and length to these reference fields in the IP header Reference Field Description HEADER START HEADER END Points to the first byte of the Type of Service Points to the last byt
62. ayer protocol this appendix provides information about default settings valid parameter options the parameter function instructions for setting the parameter and the MIB object ID Priority Interface Parameter Descriptions Parameter Path Default Options Function Instructions MIB Object ID Use the following descriptions as guidelines when you edit parameters in the Edit Protocol Priority Interface window Enable Configuration Manager gt Interface Connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface Enable Enable Disable Toggles protocol prioritization on and off on this interface If you set this parameter to Disable all outbound filters will be disabled on this interface Setting this parameter to Disable is useful if you want to temporarily disable all outbound filters rather than delete them Set to Disable if you want to temporarily disable all protocol prioritization activity on this interface Set to Enable if you previously disabled protocol prioritization on this interface and now want to re enable it 1 3 6 1 4 1 18 3 5 1 4 1 1 2 114081 Rev A A 1 Configuring Traffic Filters and Protocol Prioritization Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID
63. bound traffic filter criteria for DLC and IP headers Note See Configuring DLSw Services for information about criteria for outbound traffic filters based on the DLSw header 1 10 114081 Rev A Using Traffic Filters Table 1 2 Predefined Outbound Traffic Filter Criteria Header Traffic Type Predefined Outbound Filter Criteria Data Link Control Header Transparent Bridge Data Link Type MAC Address Source or Destination Ethernet Type Novell 802 2 Length 802 2 DSAP 802 2 SSAP 802 2 Control 802 2 SNAP Length 802 2 SNAP Protocol ID 802 2 SNAP Ethernet Type Source Routing SSAP DSAP PPP Protocol ID Frame Relay 2 byte DLCI 3 byte DLCI 4 byte DLCI NLPID Ethernet Type IP Header Type of Service Priority IP Address Source and or Destination UDP port Source and or Destination TCP port Source and or Destination Established TCP Protocol Type Source Routing SSAP Destination Address Source Address PPP Protocol ID Frame Relay 2 byte DLCI 3 byte DLCI 4 byte DLCI NLPID 114081 Rev A Configuring Traffic Filters and Protocol Prioritization Ranges User Defined Criteria To apply customized criteria that use fields that are not represented in a protocol s predefined criteria you can create a user defined criterion You specify its location within the packet header in terms of three parameters e Reference point S
64. ch hold the packets to each queue A queue is full when it exceeds buffer size The router discards clips traffic sent to a full queue Note The buffer size for priority queues is not configurable when using the strict dequeuing algorithm Queue Depth Example Suppose that you use the default queue depth 20 packets for all three priority queues You then see from the statistics that the high priority queue s Clipped Packets Count is 226 and its High Water Packets Mark is 20 These statistics indicate that the high priority queue has been full at least once and that the router has discarded 226 packets From this information you can conclude that you have not assigned enough buffers to the high priority queue for the amount of high priority traffic on this interface To prevent further high priority traffic from being discarded you can reconfigure the depth of the queues or re evaluate the amount of traffic assigned to the high priority queue Reconfiguring Queue Depth Suppose that you now look at the statistics of the normal and low priority queues and find that the low priority queue has a Clipped Packets Count of zero and a High Water Packets Mark of 06 Figure 2 4 Thus there have never been more than six packets in the low priority queue and the router has not discarded any low priority packets 2 10 114081 Rev A Using Protocol Prioritization Queue Depth 20 Queue Depth 20 Queue Depth 20 Clip Cou
65. ckets that match the filter criteria and ranges are processed in the low queue e Length For packets that match the filter criteria the packet length determines the priority queue into which it is placed Note Site Manager does not support prioritizing actions on LAN interfaces See What Is Protocol Prioritization earlier in this chapter for a brief overview See Chapter 2 for detailed information about the protocol prioritization process Dial Service Actions Outbound traffic filters for interfaces configured as dialup lines include the following actions e NoCall Packets that match the filter criteria and ranges are dropped and do not initiate a dial connection e No Reset Packets that match the filter criteria and ranges are processed but do not reset the inactivity timer Note Although No Call and No Reset are available when creating outbound traffic filters on any interface these actions are useful only on dial interfaces such as synchronous modem lines or an MCT1 interfaces configured with ISDN PRI 114081 Rev A Using Traffic Filters By default packets transmitted on dial on demand lines always trigger the router to establish a connection You can use the dial service actions to configure outbound traffic filters that specify or reduce the type of traffic to initiate dial connections For example dial optimized routing is a method of exchanging IP RIP and IPX RIP SAP routing updates only whe
66. criteria 6 14 6 19 deleting ranges 6 14 6 19 editing 6 12 naming 6 7 renaming 6 13 templates outbound traffic filter copying 7 11 creating 7 4 deleting actions 7 17 deleting criteria 7 14 7 17 7 19 deleting ranges 7 14 7 19 editing 7 11 naming 7 6 renaming 7 12 traffic filter actions Accept 1 13 4 9 defined 1 13 Drop 1 13 4 9 High Queue 1 14 4 9 inbound adding 6 14 6 19 Bridge 3 4 DECnet Phase IV 3 7 deleting 6 14 6 19 DLSw 3 8 IP 3 10 IPX 3 12 LLC2 3 12 OSI 3 13 source routing 3 6 VINES 3 14 XNS 3 15 Length 1 14 4 9 Log 1 13 4 9 Low Queue 1 14 4 9 No Call 1 14 4 10 No Reset 1 14 4 10 outbound adding 7 14 7 17 7 19 Bridge 4 9 deleting 7 14 7 19 deleting from a template 7 17 source routing 4 9 Index 6 114081 Rev A traffic filters about 1 1 actions 1 13 adding to an interface 1 15 blocking strategy B 2 components of 1 7 drop all B 2 dropping strategy B 2 forwarding strategy B 2 inbound adding to an interface 6 15 creating 6 15 creating templates 6 4 defined 1 1 deleting from an interface 6 26 DLSw 6 3 enabling 6 24 media and protocols supported 1 2 precedence 6 22 outbound 7 1 adding to an interface 7 15 creating templates 7 3 defined 1 1 deleting 7 23 disabling 7 22 editing 7 17 enabling 7 22 High Queue action 1 14 4 9 Length action 1 14 4 9 Low Queue action 1 14 4 9 media and protocols supp
67. d percentages for those priority queues Specify the percentage of the line s bandwidth allocated for high priority traffic The High Queue Percent Bandwidth Normal Queue Percent Bandwidth and Low Queue Percent Bandwidth values must total 100 1 3 6 1 4 1 18 3 5 1 4 1 1 25 A 4 114081 Rev A Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Site Manager Protocol Prioritization Parameters Normal Queue Percent Bandwidth Configuration Manager gt Interface Connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 20 percent 0 to 100 percent If you select the bandwidth allocation dequeuing algorithm this parameter specifies the percentage of the synchronous line s bandwidth that normal priority traffic can use Specify the percentage of the line s bandwidth allocated to normal traffic The High Queue Percent Bandwidth Normal Queue Percent Bandwidth and Low Queue Percent Bandwidth values must total 100 1 3 6 1 4 1 18 3 5 1 4 1 1 26 Low Queue Percent Bandwidth Configuration Manager gt Interface Connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 10 percent 0 to 100 percent If you select the bandwidth allocation dequeuing algorithm this parameter specifies the percentage of the synchronous line s bandwidth that low priority t
68. dd gt High Queue Chapter 5 for a list of large packet data traffic by placing smaller packets in the low priority queue high priority DSAP SSAP Control SAP codes queue 0x03 Control code Place Criteria gt Add gt Datalink Ox80FF Action gt Datalink gt synchronous gt 802 2 SNAP Ethernet Add gt High Queue pass through traffic in the high priority queue Prioritize FTP Criteria gt Add gt IP gt Client Action gt IP gt Add In the Prioritization Telnet and other Source Address addresses gt Length Length window specify Packet Length 500 bytes Less Than or Equal Queue Low Greater Than Queue High 114081 Rev A A accept filters 1 6 B 2 B 3 actions traffic filter See traffic filter actions adding actions inbound 6 14 6 19 outbound 7 14 7 17 7 19 criteria inbound 6 14 6 19 outbound 7 14 7 17 7 19 ranges 5 1 to 5 10 applying templates inbound traffic filter 6 15 outbound traffic filter 7 15 APPN 3 12 bandwidth allocation dequeuing algorithm 2 2 Bay Networks CompuServe forum xxii Customer Service FTP xxi home page on World Wide Web xxi InfoFACTS service xxiii publications ordering xviii support programs xx Support Source CD xxii Technical Response Center xix xxiii technical support xix blocking filters 1 6 B 2 Bridge Source Route actions inbound 3 6 outbound 4 9 Index criteria inbound 3 5 to 3 6 outbou
69. dence e Temporarily disable or enable a filter Enabling or Disabling an Outbound Filter e Remove a filter from an interface Deleting an Outbound Filter 114081 Rev A 7 1 Configuring Traffic Filters and Protocol Prioritization Displaying the Priority Outbound Filters Window To configure outbound traffic filters for a particular interface you must first display the Priority Outbound Filters window for the circuit s protocol Note For information about using the outbound traffic filters window for an interface configured with DLSw see Configuring DLSw Services Complete the following steps to display the Priority Outbound Filters window enabling protocol priority if necessary 1 In the Configuration Manager window click on a circuit interface connector For Ethernet FDDI HSSI Synchronous or Token Ring interfaces a popup menu appears For MCEI or MCTI interfaces the Logical Lines window appears Click on Edit Circuit for MCEI MCTI click on Circuit The Circuit Definition window appears Figure 7 1 If Protocol Priority appears in the Protocols scroll box go to Step 6 Note On circuits configured with Frame Relay or PPP protocol prioritization is enabled by default Otherwise you must enable Protocol Priority the first time you configure outbound traffic filters Select Protocols Add Delete The Select Protocols window appears Select Protocol Priority from
70. djust e Queue Depth e Latency Percent of Bandwidth When using the bandwidth allocation algorithm you can tune protocol prioritization by changing the default allocation of bandwidth for each of the three priority queues Queued traffic with large packets often require more than the default bandwidth allocation For example if statistics indicate that one interface requires more than 70 percent of bandwidth to properly transmit high priority traffic you can increase the High Queue Size parameter and decrease the Normal or Low Queue Size Note If statistics indicate that the High queue does not have enough buffers consider reducing the amount of high priority traffic You should be selective in assigning high priority status Too many traffic types with high priority status could defeat the purpose of protocol prioritization With the strict dequeuing algorithm too much high priority traffic could result in clipping of normal and low priority traffic When changing bandwidth allocation remember that the percent of bandwidth for the High Queue Normal Queue and Low Queue must total 100 percent 114081 Rev A 2 9 Configuring Traffic Filters and Protocol Prioritization Queue Depth Queue depth or queue size is the configurable number of packets that each priority queue can hold The default value for bandwidth allocation is 20 packets regardless of packet size When you set the queue size you assign buffers whi
71. dney Australia 612 9927 8800 612 9927 8811 Tokyo Japan 81 3 5402 0180 33 92 966 998 81 3 5402 0173 114081 Rev A xxiii Chapter 1 Using Traffic Filters To help you understand and plan for traffic filter configurations on Bay Networks routers this chapter defines and describes the following concepts What Are Traffic Filters e What Is Protocol Prioritization What Do Traffic Filters Do Filtering Strategies e Components of Traffic Filters e Using Filter Templates Traffic Filter Summary What Are Traffic Filters Traffic filters are router files that instruct an interface to selectively handle specified network traffic packets frames or datagrams Using traffic filters you can block forward log or prioritize certain traffic on an interface You determine which packets receive special handling based on information fields within the packet headers There are two types of traffic filters e Inbound traffic filters which act on packets coming in to the router Outbound traffic filters which act on packets that the router is forwarding Note Be careful not to confuse traffic filters with other router filters such as route filters which force filtered protocol traffic to take particular routes 114081 Rev A Configuring Traffic Filters and Protocol Prioritization You can create traffic filters on the following interfaces Ethernet 1
72. do so complete the steps in this section 1 In the Circuit Definition window select Protocols gt Edit Protocol Priority gt Interface Figure 2 8 Conf Protocols Slot Lines I XCVR4 I XCVR3 F XCVR2 F XCVR1 M COM1 M COM2 inco Mar I CONSOLE Figure 2 8 Selecting the Edit Protocol Priority Interface Window The Edit Protocol Priority Interface window appears Figure 2 9 114081 Rev A 2 15 Configuring Traffic Filters and Protocol Prioritization Edit Protocol Priority Interface 543 Cancel OK Values Help Enable ENABLE High Queue Size Normal Queue Size Low Queue Size Max High Queue Latency High Water Packets Clear Prioritization Algorithm Type High Queue Percent Bandwidth Normal Queue Percent Bandwidth Low Queue Percent Bandwidth Figure 2 9 Edit Protocol Priority Interface Window First Screen To see additional parameters use the scroll bar on the right of the window Figure 2 10 2 16 114081 Rev A Using Protocol Prioritization Normal Queue Size Low Queue Size Max High Queue Latency High Water Packets Clear Prioritization Algorithm Type High Queue Percent Bandwidth Normal Queue Percent Bandwidth Low Queue Percent Bandwidth Discard Eligible Bit Low ENABLE Discard Eligible Bit Normal DISABLE Figure 2 10 Edit Protocol Priority Interface Window Scrolled Screen This window displays parameter values for any interface to which protocol p
73. dth on an interface is allocated to traffic in the low priority queue If you select the bandwidth allocation dequeuing algorithm you can use this parameter to specify the percentage of bandwidth allocated to low priority traffic Note The High Queue Percent Bandwidth Normal Queue Percent Bandwidth and Low Queue Percent Bandwidth values must total 100 Enabling or Disabling the Low Priority Queue Discard Eligible Bit By default Frame Relay packets in the Low priority queue have the Discard Eligible DE bit set Select DISABLE If you do not want the DE bit to be set for all Frame Relay packets in the Low priority queue Enabling or Disabling the Normal Priority Queue Discard Eligible Bit By default Frame Relay packets in the Normal priority queue do not have the Discard Eligible DE bit set Select ENABLE to set the DE bit for all Frame Relay packets in the Normal priority queue 114081 Rev A 2 21 Chapter 3 Inbound Traffic Filter Criteria and Actions You create inbound traffic filters from templates that consist of protocol specific filter criteria ranges and actions Note Refer to Chapter 1 for an overview of traffic filters filter templates and their criterion range and action components For instructions on using Site Manager to create inbound filters see Chapter 6 To define an inbound traffic filter template you need to know the specific criteria and actions that Site Manager supports for
74. dwidth 2 20 A 4 High Queue Size 2 18 A 2 Index 4 114081 Rev A High Water Packets Clear 2 19 A 3 Less Than or Equal Queue 7 10 A 7 Low Queue Percent Bandwidth 2 21 A 5 Low Queue Size 2 18 A 2 Max High Queue Latency 2 19 A 3 Normal Queue Percent Bandwidth 2 20 A 5 Normal Queue Size 2 18 A 2 Packet Length 7 10 A 7 Prioritization Algorithm Type 2 19 A 4 performance 1 6 precedence and drop all filters B 2 inbound traffic filters 6 22 outbound traffic filters 7 20 predefined criteria about 1 8 Prioritization Algorithm Type parameter 2 19 A 4 prioritization protocol See protocol prioritization protocol prioritization clipped packets 2 8 defined 1 4 dequeuing algorithms bandwidth allocation 2 2 strict dequeuing 2 6 Discard Eligible Bit Low parameter 2 21 A 6 Discard Eligible Bit Normal parameter 2 21 A 6 DLSw Inbound Traffic Filters window 6 3 editing interface parameters 2 15 Enable parameter 2 18 A 1 enabling 2 12 examples B 10 Frame Relay 2 18 A 2 Greater Than Queue parameter 7 10 A 8 High Queue Percent Bandwidth parameter 2 20 A 4 High Queue Size parameter 2 18 A 2 High Water Packets Clear parameter 2 19 A 3 HiWater packets mark 2 8 Index how it works 2 2 latency 2 12 Less Than or Equal Queue parameter 7 10 A 7 Low Queue Percent Bandwidth parameter 2 21 A 5 Low Queue Size parameter 2 18 A 2 Max High Queue Latency parameter 2 19
75. e Bandwidth Allocation Algorithm or the Strict Dequeuing Algorithm By default protocol prioritization uses the bandwidth allocation algorithm to send traffic to the transmit queue This is because if the router uses the strict dequeuing algorithm and there is a great deal of high priority traffic on the network the normal and low priority traffic may never get transmitted You specify the active dequeuing algorithm as described in the section Editing Protocol Prioritization Parameters later in this chapter Figure 2 1 illustrates the dequeuing process with default configuration values 2 2 114081 Rev A Using Protocol Prioritization High priority Normal queue priority Low queue priority queue 70 of bandwidth 20 of bandwidth Em 10 of bandwidth Dequeuing Algorithm Default algorithm bandwidth allocation Transmit queue Default latency 250 ms Physical interface TF0001A Figure 2 1 Protocol Prioritization Dequeuing Bandwidth Allocation Algorithm The bandwidth allocation algorithm uses a configurable percentage of bandwidth for each of the three priority queues to determine how to transmit queued traffic The default configuration is HighQ 70 of bandwidth e NormalQ 20 of bandwidth e LowQ 10 of bandwidth When the amount of traffic transmitted from a particular queue reaches the configured percentage the next priority queue begins to transmit traffic
76. e Bay Networks router software to filter and prioritize traffic Configuring Traffic Filters and Protocol Prioritization offers An overview of traffic filters Chapter 1 An overview of protocol prioritization and instructions for customizing protocol prioritization configuration parameters Chapter 2 Protocol specific reference information on inbound traffic filter criteria and actions Chapter 3 Protocol specific reference information on outbound traffic filter criteria and actions Chapter 4 Information on specifying inbound and outbound criteria ranges Chapter 5 Instructions on using the Configuration Manager to create inbound traffic filters Chapter 6 Instructions on using the Configuration Manager to create outbound traffic filters Chapter 7 Site Manager parameter descriptions Appendix A Configuration examples and implementation notes Appendix B Before You Begin Before using this guide make sure that the router is running the latest version of Bay Networks Site Manager and router software For instructions refer to Upgrading Routers from Version 7 10 xx to Version 11 0 For a new router 1 Install the router Refer to the installation manual that came with your router 114081 Rev A XV Configuring Traffic Filters and Protocol Prioritization 2 Connect the router to the network and create a configuration file For instructions refer to one of the following manuals e Quick Startin
77. e Length action go to Specifying Prioritization Length For other actions the Create Priority Outbound Template window appears showing the newly selected criteria range and action in the Filter Information scroll box Figure 7 7 Figure 7 7 Create Priority Outbound Template Window with Criteria and Actions 12 When you are finished adding actions to your template click on OK You return to the Filter Template Management window refer to Figure 7 3 114081 Rev A 7 9 Configuring Traffic Filters and Protocol Prioritization Specifying Prioritization Length If you select the Length action in the Create Priority Outbound Template window the Prioritization Length window Figure 7 8 appears The Length action directs the router to place packets into a priority queue based on a specified byte length The packet length determines which queue PRIORITIZATION LENGTH Cancel OK Values Help Less Than or Equal Queue NORMAL Greater Than Queue LOW Figure 7 8 Prioritization Length Window 1 In the Prioritization Length window edit the Packet Length Enter a packet length value between 0 and 4608 bytes to define a packet length measurement to which each packet is compared An action is imposed on every packet depending on whether it is less than equal to or greater than the value you set for this parameter This action also depends on the values of the Less Than or Equal Queue and the Great
78. e Routing filters and the SRB header reference field offset and length value for each criterion Table 3 3 Predefined Criteria for Source Routing Bridge Criterion Name Reference Field Offset bits Length bits Next Ring NEXT RING 0 12 Destination MAC Address HEADER START 0 48 Source MAC Address HEADER START 48 48 DSAP DATA LINK 0 8 SSAP DATA LINK 8 8 Destination NetBIOS Name DATA LINK 120 120 Source NetBIOS Name DATA LINK 248 120 Specifying a SRB Criterion Range If you create a filter that includes a Source or Destination NetBIOS Name Source Routing protocol you enter the NetBIOS name as the ASCII equivalent of the first 15 characters of the name If the name has fewer than 15 characters use ASCII spaces 0x20 to ensure that the name has 15 characters 114081 Rev A 3 5 Configuring Traffic Filters and Protocol Prioritization Refer to Chapter 5 for information about entering SAP and MAC address criteria User Defined Source Routing Criteria In addition to the predefined filter criteria you can create SRB traffic filters with user defined criteria by specifying an offset and length to these reference fields in the source routing header Reference Field Description NEXT_RING Points to the first byte of the Next Ring field HEADER_START Points to the first byte of the Destination MAC address DATA_LINK Points to the first byte of the DATA_LINK reference field
79. e of the IP Destination Address Note When specifying IP user defined criteria use 8 bit lengths whenever possible User defined IP traffic filters one bit long work only when aligned on a byte word boundary Lengths from 2 to 7 bits do not work 114081 Rev A 3 9 Configuring Traffic Filters and Protocol Prioritization IP Actions In addition to the Accept Drop and Log actions common to all the protocols IP supports the following actions Forward to Next Hop Specifies that any frame that matches the filter will be forwarded to the next hop router You must specify the IP address of the next hop router If the next hop router is not reachable any packets matching the filter will be forwarded normally unless you also specify Drop If Next Hop Is Unreachable If you specify 255 255 255 255 as the Next Hop then any frame that matches this filter will be forwarded normally Drop If Next Hop Is Unreachable This action is valid only when Forward to Next Hop is in use Specifies that if the next hop address specified is unreachable the frame is dropped Forward to IP Address Specifies that any frame that matches the filter will be forwarded to a single address in a list of specified IP addresses The destination address of the original packet changes to the specified IP address Forward to Next Hop Interfaces Specifies that any frame that matches the filter will be duplicated and forwarded to a group of next hop
80. eR D eR E EI Ger e Co 4 6 IP Beisienes POIITIS c dee audi ca PER Ur i Rr d du i Ku MEAE 4 8 Format for Specifying Source Routing MAC Addresses 5 2 Functional MAC Addresses ccccccccccccssssssesscaeeesceseescesseseseseeeaeeeeeeeees 5 3 SAF D OBBE auti cedit teet tiet eae Antia esa EU 5 4 Frame Relay MLPID Valles uiridi ri odi abd ett ead i sedis eiat edens 5 5 PPP Protocol ID Val amp arisini nanana Rete ARR KR ad bun gun Gd cu RR Ke ta a RARE S 5 5 Source and Destination TCP Port Values cccccisnnesciccinnesricnainnortaanannnesenss ut DE Source and Destination UDP Port Values ssseeeeeeene 5 6 Eu s Dar CINES oniinn aAA ERAEN 5 7 P pe COES p ts 5 10 Using the Edit Filter Template Window seen 6 14 Using the Edit Filters Window T P 6 19 xiii Table 7 1 Using the Edit Priority Outbound Filter Template Window 7 14 Table 7 2 Using the Edit Priority Outbound Filters Window seesss 7 19 Table B 1 Predefined Criteria Ranges and Actions for Example Inbound Traffic ABER iecit o ONENE HEU RUE PEU AN ST E dU o E RA S dunes ada USE B 5 Table B 2 User Defined Criteria and Ranges for Example Inbound Traffic Filters B 7 Table B 3 Example Criteria Ranges and Actions for Protocol Prioritization B 10 xiv 114081 Rev A About This Guide Read this guide to learn how to customiz
81. ed IP Criteria e Specifying Criteria Common to IP and Data Link Headers Predefined Data Link Criteria You can configure outbound filters based on the predefined Data Link header criteria listed in Table 4 1 Table 4 1 Predefined Data Link Outbound Filter Criteria Packet Type or Component Predefined Criteria Data Link Type MAC Source Address MAC Destination Address Ethernet Type Novell 802 2 Length 802 2 DSAP 802 2 SSAP 802 2 Control 802 2 SNAP Length 802 2 SNAP Protocol ID 802 2 SNAP Ethernet Type Ethertype Source Routing DSAP SSAP continued 4 2 114081 Rev A Outbound Traffic Filter Criteria and Actions Table 4 1 Predefined Data Link Outbound Filter Criteria continued Packet Type or Component Predefined Criteria PPP Protocol ID Frame Relay 2 byte DLCI 3 byte DLCI 4 byte DLCI NLPID Ethernet Type Ethertype shows the Configuration Manager menu path for specifying these criteria See Chapter 7 for detailed instructions on creating outbound filters Figure 4 1 Predefined Data Link Outbound Filter Criteria 114081 Rev A 4 3 Configuring Traffic Filters and Protocol Prioritization Predefined IP Criteria You configure outbound filters for routing protocols based on the predefined criteria listed in Table 4 2 Table 4 2 Predefined IP Outbound Filter Criteria Packet Type or Component Predefined Criteria
82. ed criteria except you must specify the criterion s location within the packet With predefined criteria the locations are established Refer to Chapter 3 for the supported protocol header reference points you can use to specify user defined traffic filter criteria To specify user defined criteria 1 In the Edit Filters or Create Filter Template window select the User Defined option from the Criteria menu The Add User Defined Field window appears Figure 6 15 In this window you specify the criterion s location Name UD_bridge BRIDGE USER_DEFINED REF MAC d OFFSET LENGTH Minimum value Maximum value Figure 6 15 Add User Defined Field Window 6 20 114081 Rev A Applying Inbound Traffic Filters 2 Select the protocol specific reference field In this example the choices are the MAC or Data Link header 3 Specify an offset and length from the reference field 4 Specify a range associated with the bit criterion described by the reference offset and length Figure 6 16 Name UD bridge BRIDGE USER DEFINED REF MAC OFFSET 160 bits LENGTH 32 bits I umm values 0Ox0000a200001 yo ute 0x0000a2000038l Figure 6 16 User Defined Criteria 5 Clickon OK The procedures in this chapter for adding deleting and editing ranges for predefined criteria can be used for a user defined criterion as well 114081 Rev A 6 21 Configuring Traffic Filters
83. ed in the high queue Low Packets that match the filter criteria and ranges are processed in the low queue Length For packets that match the filter criteria the packet length determines the priority queue into which it is placed 114081 Rev A 4 9 Configuring Traffic Filters and Protocol Prioritization Dial On Demand Actions On lines configured for Dial on Demand DoD all packets transmitted will trigger the router to establish a connection With Dial Optimized Routing implemented a connection is not always necessary for the usual routing packets such as IP RIP or IPX RIP SAP You can use dial on demand actions to specify packet types that should not bring up a dial connection or reset the inactivity timer e No Call Packets that match the filter criteria and ranges are dropped and do not initiate a dial connection e No Reset Packets that match the filter criteria and ranges are processed but do not reset the inactivity timer See Configuring Dial Services for information about dial services such as DoD and Dial Optimized Routing 4 10 114081 Rev A Chapter 5 Specifying Common Criterion Ranges For every inbound or outbound traffic filter criterion you must specify a valid range a series of target values appropriate to the criterion For many criteria you specify an address range This chapter lists valid range values for common traffic filter criteria and explains how to specify common
84. edence and a rule number of 1 Subsequent filters created on the interface have decreasing precedence See Changing Filter Precedence for information on filter precedence To create a new filter 1 Display the Priority Outbound Filters window Figure 7 11 See Displaying the Priority Outbound Filters Window earlier in this chapter E o E Apply Template Create Edit Reorder Delete Values Filter Enable Filter Name Figure 7 11 Priority Outbound Filters Window 2 Click on Create The Create Filter window appears Figure 7 12 114081 Rev A 7 15 Configuring Traffic Filters and Protocol Prioritization Figure 7 12 Create Filter Window 3 If the correct interface is not already highlighted select the interface 4 Select the template you to use for the new filter Complete the steps in Preparing Filter Templates if the Templates box is empty 5 Type a name for the new filter in the Filter Name box 6 Click on OK The Priority Outbound Filters window reappears with the new filter displayed in the scroll box 7 16 114081 Rev A Applying Outbound Traffic Filters Editing an Outbound Filter After you apply a filter to an interface you can edit its criterion ranges and actions However if you used a template edited to suit your needs to create the filter you probably don t need to make further edits To customize an outbound
85. eld offset and length value for each predefined criterion Table 3 2 Predefined Criteria for Transparent Bridge Encapsulations Encapsulatio Reference Offset Length nMethod Criterion Name Field bits bits All MAC Source Address MAC 0 48 MAC Destination Address MAC 48 48 Ethernet Ethernet Type MAC 96 16 802 2 LLC Length MAC 96 16 Ethernet 802 3 and PPP only SSAP DATA_LINK 0 8 DSAP DATA_LINK 8 Control DATA_LINK 16 802 2 LLC Length MAC 96 16 wih SNAR Organization Code Protocol ID DATA_LINK 24 24 Ethernet Type DATA_LINK 48 16 Novell Novell MAC 112 16 114081 Rev A 3 3 Configuring Traffic Filters and Protocol Prioritization User Defined Transparent Bridge Criteria You can create bridge traffic filters with user defined criteria by specifying an offset and length to these supported reference fields Reference Field Description MAC Points to the first byte of the Destination MAC address DATA_LINK Points to the first byte of the DATA_LINK reference field Transparent Bridge Actions In addition to the Accept Drop and Log actions that are common to all the protocols there are two Bridge specific actions Flood Specifies that any frame that matches the filter will be forwarded onto all Bridge circuits except for the circuit from which it was received e Forward to Circuit List Specifies that any frame that matches
86. er 2 Click on Delete template 3 To confirm click on Delete in the Delete Action window 114081 Rev A 7 19 Configuring Traffic Filters and Protocol Prioritization Changing Filter Precedence You can assign as many as 31 outbound traffic filters per protocol to each router interface As you add filters to an interface the Configuration Manager numbers them chronologically Filter No 1 Filter No 2 Filter No 3 and so on The number determines the filter precedence lower rule numbers have higher precedence Figure 7 14 shows a sample listing of filters on an interface E Priority Outbound Filters DL 1 hiQ SR OIDSAP 543 EE DL 2 LoQ_SR_OaDSAP 543 rely Template Create Edit Reorder Delete Values Filter Enable Filter Name Figure 7 14 Sample List of Outbound Filters The first filter has the highest precedence and the number 1 Subsequent filters created on the interface have decreasing precedence and increasing numbers If a packet matches two filters the filter with the highest precedence lowest number applies For example if the first filter on the interface No 1 drops a packet and the second filter No 2 accepts the same packet Filter No 1 has precedence and the packet will be dropped Try to create filters on the interface in order of precedence However if you can t or if your filtering strategy changes you can use the Priority Outbound Filters
87. er Than Queue parameters 2 In the Prioritization Length window edit theLess Than or Equal Queue Specify High Low or Normal as the queue a packet is placed in if its packet length is less than or equal to the value of the Packet Length parameter For example if Packet Length is set to 1024 bytes any packet that is 1024 bytes or smaller is placed in the queue you choose for this parameter 3 In the Prioritization Length window edit the Greater Than Queue 7 10 114081 Rev A Applying Outbound Traffic Filters Specify High Low or Normal as the queue a packet is placed in if its packet length is greater than the value of the Packet Length parameter For example if Packet Length is set to 1024 bytes any packet that is 1025 bytes or larger is placed in the queue you choose for this parameter Click on OK The Create Priority Outbound Template window appears showing the newly selected criteria range and action in the Filter Information scroll box refer to Figure 7 7 Customizing Templates There are two ways to change a filter template Copy the existing template rename it and then edit it This preserves the original template and creates an entirely new template with the same criteria and actions You can then modify the new version to suit your needs Edit the existing template If you do not want or need to preserve the original template you can edit it without first copying and renaming it Changing
88. g Erie iiri MER 2 7 Priority Queue Statistics for the Queue Depth Example 2 11 Reconfigured Priority Queue Statistics for the Queue Depth EXxSmple cesse an ttr ao trai ia ndi nnt b nbn rz coke 2 11 Circuit Definition Ie ENTER 2 13 Selecting Protocol Priority from the Select Protocols List 2 14 Selecting the Edit Protocol Priority Interface Window 2 15 Edit Protocol Priority Interface Window First Screen 2 16 Edit Protocol Priority Interface Window Scrolled Screen 2 17 Header Reference Fields of Transparent Bridge aec wr ES ST RTI gro i r 3 2 Predefined Data Link Outbound Filter Criteria sssssss 4 3 Predefined IP Outbound Filter Criteria urine er innt inne 4 5 Data Link Reference Points in a Source Routing Packet Bridged over Bay Networks Proprietary Frame Relay c cccsscceseeeesteeeeseestteeeeeeeaes 4 7 Data Link Reference Points in an IEEE 802 2 LLC Header 4 7 IP Reference Points in a PPP Packet with IP Encapsulated aleman pne E Ed 4 8 ireu biet VEIIQOW iaa ek bae v c on CD EUR P PE EODD 6 2 Selecting the Inbound Traffic Filters Menu Bridge Example 6 3 Selecting the DLSw Inbound Traffic Filters Window 6 4 Inbound Traffic Filters WiNdOW uscierxcsbe tet re ER D neg EE a d er Y ot ei o 6
89. g Routers e Connecting ASN Routers to a Network Connecting BayStack AN and ANH Systems to a Network Conventions bold text italic text quotation marks screen text separator gt vertical line I Indicates text that you need to enter command names and buttons in menu paths Example Enter wfsm amp Example Use the dinfo command Example ATM DXI gt Interfaces gt PVCs identifies the PVCs button in the window that appears when you select the Interfaces option from the ATM DXI menu Indicates variable values in command syntax descriptions new terms file and directory names and book titles Indicate the title of a chapter or section within a book Indicates data that appears on the screen Example Set Bay Networks Trap Monitor Filters Separates menu and option names in instructions and internal pin to pin wire connections Example Protocols gt AppleTalk identifies the AppleTalk option in the Protocols menu Indicates that you enter only one of the parts of the command The vertical line separates choices Do not type the vertical line when entering the command Example If the command syntax is show at routes nets you enter either show at routes or show at nets but not both xvi 114081 Rev A Acronyms ANSI APPN ARP DE DLC DLSw DSAP FTP ICMP HDLC IP IPX LAT LLC LLM MAC MSB OSI OSPF OSPF BGP PPP RIF RIP SAP SDLC SMDS SNA SNAP SRB SSAP TCP
90. ge Filters window Sp BridgeFilters EE me Apply Template Create Edit Reorder Delete Values Help Filter Enable f Filter Name Figure 6 4 Inbound Traffic Filters Window Note Although the Traffic Filters menu is protocol specific you use the window the same way for all protocols 2 Click on Template The Filter Template Management window appears Figure 6 5 114081 Rev A 6 5 Configuring Traffic Filters and Protocol Prioritization Figure 6 5 Filter Template Management Window 3 Click on Create The Create Template window for your protocol appears Figure 6 6 Note The Create Template window is protocol specific Figure 6 6 shows the Create Bridge Template window but the window for other protocols is similar 6 6 114081 Rev A Applying Inbound Traffic Filters Figure 6 6 Create Template Window 4 Enter a name for the new template in the Filter Name box Give descriptive names to your templates For example Drop_Telnet might be appropriate for a template that drops all locally initiated outbound Telnet sessions to remote nodes 5 Select Criteria gt Add then select the criterion that you want to use to filter packets Figure 6 7 114081 Rev A 6 7 Configuring Traffic Filters and Protocol Prioritization Each filter template can have only one criterion Create new templates for additional criteria Figure 6 7 Selecting a Fil
91. ger Protocol Prioritization Parameters Prioritization Length Parameters Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Use the following descriptions as guidelines when you edit parameters in the Prioritization Length window Packet Length Create Priority Outbound Filters gt Actions gt Length gt Prioritization Length None 0 to 4608 bytes Defines a packet length measurement to which each packet is compared An action is imposed on every packet depending on whether it is less than equal to or greater than the value you set for this parameter This action also depends on the values of the Less Than or Equal Queue and the Greater Than Queue parameters Enter a packet length value in bytes 1 3 6 1 4 1 18 3 5 1 4 4 1 7 Less Than or Equal Queue Create Priority Outbound Filters gt Actions gt Length gt Prioritization Length Normal High Low Normal Specifies which queue a packet is placed in if its packet length is less than or equal to the value of the Packet Length parameter For example if Packet Length is set to 1024 bytes any packet that is 1024 bytes or smaller is placed in the queue you choose for this parameter Accept the default Normal or select either Low or High 1 3 6 1 4 1 18 3 5 1 4 4 1 8 114081 Rev A A 7 Configuring Traffic Filters and Protocol Prioritization Paramete
92. guration Manager gt Interface Connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface BANDWIDTH ALLOCATION BANDWIDTH ALLOCATION STRICT Selects the dequeuing algorithm that protocol prioritization uses to drain priority queues and transmit traffic With strict dequeuing the router always transmits traffic in the high priority queue before traffic in the other queues With bandwidth allocation dequeuing the router transmits traffic in a queue until the utilization percentage for that queue is reached and then the router transmits traffic in the next lower priority queue You configure the percentages for bandwidth allocation by setting the Hiqh Queue Normal Queue and Low Queue Percent Bandwidth parameters Accept the default of BANDWIDTH ALLOCATION or select STRICT 1 3 6 1 4 1 18 3 5 1 4 1 1 24 High Queue Percent Bandwidth Configuration Manager gt Interface Connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface 70 percent 0 to 100 percent If you select the bandwidth allocation dequeuing algorithm this parameter specifies the percentage of the synchronous line s bandwidth allocated to traffic that has been sent to the high priority queue When you set this parameter to a value less than 100 each time the percentage of bandwidth used by high priority traffic reaches this limit the router transmits traffic in the normal and low priority queues up to the configure
93. he range Deletea 1 Select the range to delete in the Filter Information scroll You must have at least one range box range specified for each 2 Click on Delete criterion 3 To confirm click on Delete in the Delete Range window Addan 1 Select Action gt Add in the Edit Filters window then select With the exception of the Log Action the action to impose on packets that match any of the action each filter template has template s ranges of filtering criteria only one action You can select 2 When you are finished adding actions to your template Log in combination with any click on OK other action Create new templates for additional actions Delete 1 Inthe Filter Information scroll box select the action to There must be one at least an Action remove action specified for a filter 2 Click on Delete template 3 To confirm click on Delete in the Delete Action window 4 Click on OK when you are finished editing the template You return to the Filter Template Management window You can continue to create edit or delete templates using this window Click on Done to return to the Priority Outbound Traffic Filters window 114081 Rev A Applying Outbound Traffic Filters Creating an Outbound Filter You create an outbound traffic filter by applying a filter template to an interface Note Try to create the filters on each interface in order of precedence The first filter you create has the highest prec
94. i Configuring Traffic Filters and Protocol Prioritization Support Source CD This CD ROM sent quarterly to all contracted customers is a complete Bay Networks Service troubleshooting knowledge database with an intelligent text search engine The Support Source CD contains extracts from our problem tracking database information from the Bay Networks Forum on CompuServe comprehensive technical documentation such as Customer Support Bulletins Release Notes software patches and fixes and complete information on all Bay Networks Service programs You can run a single version on Macintosh Windows 3 1 Windows 95 Windows NT DOS or UNIX computing platforms A Web links feature enables you to go directly from the CD to various Bay Networks Web pages CompuServe For assistance with noncritical network support issues Bay Networks Information Services maintain an active forum on CompuServe a global bulletin board system This forum provides file services technology conferences and a message section to get assistance from other users The message section is monitored by Bay Networks engineers who provide assistance wherever possible Customers and resellers holding Bay Networks service contracts also have access to special libraries for advanced levels of support documentation and software To take advantage of CompuServe s recently enhanced menu options the Bay Networks Forum has been re engineered to allow links to our Web si
95. ify new low and specify a hexadecimal number high values for the range Delete a 1 Select the range to delete in the Filter Information scroll You must have at least one range box range specified for each 2 Click on Delete criterion 3 To confirm click on Delete in the Delete Range window Addan 1 Select Action gt Add in the Edit Filters window then select With the exception of the Log Action the action to impose on packets that match any of the action each filter template has template s ranges of filtering criteria only one action You can select 2 When you are finished adding actions to your template Log in combination with any click on OK other action Create new templates for additional actions Delete 1 Inthe Filter Information scroll box select the action to There must be one at least an Action remove action specified for a filter 2 Click on Delete template 3 To confirm click on Delete in the Delete Action window 114081 Rev A 6 19 Configuring Traffic Filters and Protocol Prioritization Specifying User Defined Criteria In addition to predefined criteria the Edit Filters and Create Filter Template windows provide a User Defined criterion choice for most protocols The User Defined option allows you to set up filtering criteria based on bit patterns within a packet s header that are not supported in predefined criteria Setting up user defined criteria is similar to using up predefin
96. ilter as a Firewall in Appendix B for more information Direct Certain Traffic You can create traffic filters that affect only a particular protocol s traffic For example you can forward all IP traffic to a next hop address You can also create bridge traffic filters that affect certain locations on the network For example if you want all traffic from a node with a particular MAC address perhaps an application server to take precedence over other traffic you can use protocol prioritization to assign a high priority to any traffic with that source address 1 6 114081 Rev A Using Traffic Filters Combine Filters You can apply as many as 31 inbound and 31 outbound traffic filters per protocol As you add filters to an interface the Configuration Manager numbers them chronologically Filter No 1 Filter No 2 Filter No 3 and so on The filter rule number determines the filter s precedence Lower numbers have higher precedence Filter No 1 has the highest precedence If a packet matches 2 filters the filter with the highest precedence lowest number applies You can reorder filters after creating them to determine the precedence of individual filters Refer to the Changing Filter Precedence section in Chapter 6 inbound traffic filters or Chapter 7 outbound traffic filters Components of Traffic Filters Site Manager creates both inbound and outbound traffic filters from template files that contain filtering
97. ing or Disabling Prioritization 222 u hk rcd phe ed a qc eda ka idi 2 18 SUTIN VG High CS or MP 2 18 Seting me Normal QUEUE SIZE vss cceseissadcnsssancciaeitvssccecieusardceditvanchesvaabseauaienadocede 2 18 Sat ng Hie Low QUU SIZE assii eaa eaea 2 18 vi 114081 Rev A Setting the Max High Queue Latency ccccecccecceceeeseneeeeeseneeeeeesennaeeeeeseneeeseseeaas 2 19 Clearing fe High Weler MaIK 22e te dud it adus n intact Rod Ea tcr eae oan 2 19 Selecting the Prioritization Algorithm Type sesesseseeeeeeeeeenn 2 19 Setting the High Queue Percent Bandwidth essesssseee 2 20 Setting the Normal Queue Percent Bandwidth T TE 2 20 Setting the Low Queue Percent Bandwidth eesssssssses 2 21 Enabling or Disabling the Low Priority Queue Discard Eligible Bit 2 21 Enabling or Disabling the Normal Priority Queue Discard Eligible Bit 2 21 Chapter 3 Inbound Traffic Filter Criteria and Actions Transparent Bridge Criteria and Actions EE gael E rduan 3 2 Predetined Transparent Bridge Crete csc ccoissctcscicesnesicidesnctensvensnascasideesenaiiecerioraleeares 3 3 User Defined Transparent Bridge Criteria essesseeese 3 4 Transparent Bridge ACIONS sii curn oie ista tap setae Ni geb ene ua EDAD le adden eee 3 4 Source Routing Bridge Criteria and ACIE 2 3 ir eet t
98. interfaces based on a list of IP addresses you specify If none of the next hop interfaces is up any packets matching the filter will be forwarded to the default destination for the packet destination address unless you also specify Drop If Next Hop Is Unreachable Forward to First Up Next Hop Interface Ensures traffic forwarding by specifying that any frame that matches the filter will be forwarded to a specified next hop router or network connected to the router If the specified hop is not reachable the filter tries all addresses on the next hop interfaces list using ARP Address Resolution Protocol messages If none of the next hop interfaces is reachable any packets matching the filter will be forwarded to the default destination for the packet destination address unless you also specify Drop If Next Hop Is Unreachable Detailed Logging For every packet that matches the filter criteria and ranges the filter adds an entry containing IP header information to the system Events log 3 10 114081 Rev A Inbound Traffic Filter Criteria and Actions IPX Criteria and Actions You filter inbound IPX traffic based on specified bit patterns contained within the IPX header Predefined IPX Criteria Table 3 2 lists the predefined filtering fields for IPX filters and the reference field offset and length value for each criterion Table 3 7 Predefined Criteria for IPX Inbound Traffic Filters Criterion Name
99. iop OF Accept Certain AMG sce pee ct ge t iecore accented 1 6 site Mee ET I 1 6 Direct Certain Traffic T TUER TIT stirpes ennaii 1 6 Comon mi TETTE EE a a 1 7 Gamponente or Mae FIRES ursidae aaa aai a tarde 1 7 dria LETT 1 8 Predefined and User Defined Criteria seesseseeeees 1 9 User Defined Criteria usque esa e d eei Cui cdd a ku be eid dua eee 1 12 ijo mH 1 12 PENG IS dices sumeenedidentpd sen di ordi r Tao order xatd Ria Ea Ro PRIN HA AC Cer SN ro 1 13 Ute DO ACCIONS asics schctats bb edem inte iadsbbep ide ob hib ate eau adele ed Eois 1 13 uienji2yeElteis Qm 1 14 Dal BEFORE USO ooo pects Nou shanna gaates naan mines eeen E ERE 1 14 Using Filter Templates EAEE deque eru EE m T atis EDENDUM EE 1 16 duae A MERE E EET 1 17 Chapter 2 Using Protocol Prioritization ADOLPHO 10 goer eee MEN NETTE eremrrr reer rrr e 2 2 The Dequeuing Process TE PEE EE P 2 2 Barigwidih Allocation AIBOFIUDIEI uua e rette et tr pater Errat Ra tor Ra 2 3 Motril e n DT ERES 2 6 TENS reis es aiiis Rt E 2 8 donor rM BS soo ito ee bt nta bust adde neci endo Pouf NUR 2 8 Percent of Bandwidth T T T ient 2 9 EDT ru Meme nrc e PER 2 10 E wii er ci acts ac ca ate lle ts Ut T mM 2 12 Enabling Protocol Pronta sesinin 2 12 Editing Protocol Prioritization Palamelers 1 o Gi A NR 2 15 Enabl
100. iority queue For more information about using queue depth for tuning protocol prioritization in your network refer to Tuning Protocol Prioritization earlier in this chapter Note For Frame Relay interfaces a value less than 200 might cause a broadcast message to be clipped Setting the Low Queue Size By default there can be up to 20 packets in the low priority queue at any one time regardless of packet size You can specify any integer value as the maximum number of packets in the low priority queue Specifies the maximum number of packets in the low priority queue at any one time regardless of packet size For more information about using queue depth for tuning protocol prioritization in your network refer to Tuning Protocol Prioritization earlier in this chapter 2 18 114081 Rev A Using Protocol Prioritization Setting the Max High Queue Latency By default 250 ms is the greatest delay that a high priority packet can experience Consequently this value determines how many normal priority or low priority bits can be in the transmit queue at any one time You can accept the default latency of 250 ms or enter a new latency value between 100 and 5000 ms We recommend accepting the default value of 250 ms For more information about using latency to tune strict dequeuing protocol prioritization in your network refer to Latency earlier in this chapter Clearing the High Water Mark When you ch
101. is value usually allows good throughput while preserving rapid terminal response rapid echoing of keystrokes and timely response to commands over most media types You can change the default latency value Keep in mind however that if you configure a higher latency value thus allowing more room on the transmit queue the throughput becomes greater but you sacrifice terminal response We recommend accepting the default value of 250 ms Enabling Protocol Prioritization You use the Configuration Manager to configure the high normal and low priority queues for circuit level protocol prioritization To configure protocol prioritization for a particular interface you e Enable protocol prioritization on the circuit described in this section e Customize the protocol prioritization parameters for the protocol described in Editing Protocol Prioritization Parameters later in this chapter e Apply an outbound traffic filter to the circuit described in Chapter 7 To enable protocol prioritization 1 In the Configuration Manager window click on the circuit interface connector on which you want to configure Protocol Prioritization 2 Click on Edit Circuit The Circuit Definition window appears with the circuit you selected highlighted Figure 2 6 2 12 114081 Rev A Using Protocol Prioritization Configuration Mode local SNMP Agent LOCAL FILE Protocols Slot Lines XCVR4 F XECVR3 I XCVR2 F
102. itional criteria Adda 1 Select the criterion in the Filter Information box You can add up to 100 ranges range 2 Click on Add for each filter criterion 3 Use the Range Min and Max boxes to specify low and high Use the prefix Ox to specify a values for the range hexadecimal number Modify a 1 Select the range to modify in the Filter Information box To specify arange ol just one i value specify that value in the rangs a eean Mady Minimum value box Zero is not 3 Use the Range Min and Max boxes to specify new low and i a valid entry for minimum or high values for the range maximum value Deletea 1 Select the range to delete in the Filter Information scroll You must have at least one range box range specified for each 2 Click on Delete criterion 3 To confirm click on Delete in the Delete Range window Addan 1 Ifthe filter already has an action delete that action With the exception of the Log Action 2 Select Action gt Add in the Edit Filters window then select action each filter template has the action to impose on packets that match any of the only one action You can select template s ranges of filtering criteria Log in combination with any 3 When you are finished adding actions to your template other action click on OK Create new templates for additional actions Delete 1 Inthe Filter Information scroll box select the action you to There must be one at least an Action remove action specified for a filt
103. ividual interfaces When you do only the filter on that interface is affected To disable or re enable a filter 1 2 I RN UL Display the Priority Outbound Filters window refer to Figure 7 16 Select a filter from the scroll box to disable or re enable The current status of the selected filter appears in the Filter Enable and Filter Name boxes at the bottom of the window Click on Values The Values window appears Select ENABLED or DISABLED Click on OK Repeat the steps for each filter you to disable or re enable Click on Done when you are finished 7 22 114081 Rev A Applying Outbound Traffic Filters Deleting an Outbound Filter To delete a priority or outbound filter from an interface 1 Display the Priority Outbound Filters window refer to Figure 7 16 2 Select the outbound filter to delete 3 Click on Delete The system deletes the filter from the interface and the filter no longer appears in the outbound filters scroll box in the Priority Outbound Filters window Caution Do not click on Delete unless you are sure that you want to delete the selected filter There is no way to confirm the deletion 114081 Rev A 7 23 Appendix A Site Manager Protocol Prioritization Parameters This appendix contains reference information on Site Manager parameters e Priority Interface Parameter Descriptions e Prioritization Length Parameters For each arameter associated with a physical l
104. ization Displaying the Inbound Traffic Filters Window To display the inbound Traffic Filters window for all protocols except DLSw 1 Display the Configuration Manager window 2 Select Circuits gt Edit Circuits The Circuit List window appears Figure 6 1 E tmrit Configuration Mode local SNMP Agent LOCAL FILE Circuits Delete Figure 6 1 Circuit List Window 3 Select the circuit to which you want to add a traffic filter 4 Click on Edit The Circuit Definition window appears with the circuit you selected highlighted Figure 6 2 5 Select Protocols gt Edit protocol gt Traffic Filters The menu path to the Traffic Filters window is protocol specific Figure 6 2 shows the menu paths for a circuit configured with the Bridge protocol 6 2 114081 Rev A Applying Inbound Traffic Filters Slot Lines F XCVR4 I XCVR3 XCVR2 XCVR1 M CUM1 COM2 I COM3 COM4 T CONSOLE Figure 6 2 Selecting the Inbound Traffic Filters Menu Bridge Example The Filters window for the selected circuit and protocol appears Figure Go to Preparing Filter Templates Displaying the DLSw Inbound Traffic Filters Window To display the DLS Traffic Filters window 1 Display the Configuration Manager window 2 Select Protocols gt DLSw gt Traffic Filters Inbound Figure 6 3 114081 Rev A 6 3 Configuring Traffic Filters and Protocol Prioritization Configuration Mode local SN
105. lates on a per protocol basis you must become familiar with the specific criteria and actions used for filtering by each protocol before creating templates 3 Save the template file 4 Apply the template to an interface to create a filter After you save the template file you can apply that template to as many interfaces as you want The template remains for future use unless you explicitly delete it For a detailed step by step example of how to create a filter template follow the procedure in Chapter 6 for inbound filters or Chapter 7 for outbound filters 114081 Rev A Traffic Filter Summary Using Traffic Filters Table 1 3 summarizes the inbound and outbound traffic filter criteria and actions supported on specific interfaces Table 1 3 Summary of Traffic Filter Support Network Interface Protocol Criteria Supported Filter Actions Supported Inbound Outbound Inbound Outbound DECnet IV DLSw IP IPX LLC2 OSI Source Route XNS VINES Frame Relay IP PPP Source Route Bridge Log Ethernet Transparent Bridge Transparent Bridge Accept Drop Accept Drop Log 10Base T or DECnet IV DLSw IP IP Source Route Log 100Base T IPX LLC2 OSI Source Bridge Route XNS VINES FDDI Transparent Bridge Transparent Bridge Accept Drop Accept Drop Log DECnet IV DLSw IP IP Source Route Log IPX LLC2 OSI Source Bridge Route XNS V
106. lity purposes Licensee must notify Bay Networks in writing of any such intended examination of the Software and Bay Networks may provide review and assistance Notwithstanding any foregoing terms to the contrary if licensee licenses the Bay Networks product Site Manager licensee may duplicate and install the Site Manager product as specified in the Documentation This right is granted solely as necessary for use of Site Manager on hardware installed with licensee s network This license will automatically terminate upon improper handling of Software such as by disclosure or Bay Networks may terminate this license by written notice to licensee if licensee fails to comply with any of the material provisions of this license and fails to cure such failure within thirty 30 days after the receipt of written notice from Bay Networks Upon termination of this license licensee shall discontinue all use of the Software and return the Software and Documentation including all copies to Bay Networks Licensee s obligations under this license shall survive expiration or termination of this license 114081 Rev A Contents Configuring Traffic Filters and Protocol Prioritization About This Guide Boore OUE eee Pp epe Ee XV gout lli 6 cae mepePre er ree ree RECCET ater Tent Cre Peet re reenter rent ere a err ercr eertre ere tree eter cree xvi AOPORVITIB ooa bct d acces e a vta on ira M d dei tb v S xcd pt dU xvii Ordering Bay Netw
107. lters window the window for other protocols is similar 4 Use the Edit Filters window to add change or delete filter criteria ranges and actions as described in Table 6 2 114081 Rev A 6 17 Configuring Traffic Filters and Protocol Prioritization Figure 6 14 Edit Filters Window 6 18 114081 Rev A Applying Inbound Traffic Filters Table 6 2 Using the Edit Filters Window Task Site Manager Instructions Notes Adda 1 Select Criteria gt Add then select the criterion to use to For any criterion you choose criterion filter packets you must specify at least one 2 Add a range in the Add Range window range Each template can have only one criterion Delete a 1 Select the criterion to delete in the Filter Information scroll Each filter template has only criterion box one criterion 2 Click on Delete Create new templates for 3 To confirm click on Delete in the Delete Criteria window additional criteria Adda 1 Select the criterion in the Filter Information box Ranges are listed beneath a range 2 Click on Add criteria in the Filter information 3 Use the Range Min and Max boxes to specify low and high scroll box values for the range You can add up to 100 ranges for each filter criterion Modify a 1 Select the range to modify in the Filter Information box When entering range values range 2 Click on Modify you must use the prefix Ox to 3 Use the Range Min and Max boxes to spec
108. me Reference Field Offset Length Destination MAC Address LLC2 DEST MAC 0 48 Source MAC Address LLC2 SOURCE MAC 48 48 DSAP LLC2 DSAP 0 SSAP LLC2 SSAP 8 User Defined LLC2 Criteria You can create traffic filters with user defined criteria by specifying an offset and length to these reference fields in the LLC2 header Reference Field Description LLC2_DEST_MAC Points to the first byte of the Destination MAC address LLC2_DSAP Points to the first byte of the Destination SAP LLC2 Actions The LLC2 filtering actions are Accept Drop and Log 3 12 114081 Rev A Inbound Traffic Filter Criteria and Actions OSI Criteria and Actions You can configure OSI inbound traffic filters based on specified bit patterns contained within the CLNP header Predefined OSI Criteria Table 3 2 lists the predefined filtering fields for OSI inbound traffic filters and the reference field offset and length value for each criterion Table 3 9 Predefined Criteria for OSI Inbound Traffic Filters Criterion Name Reference Field Offset Length Destination Area OSI DEST 0 16 Destination System ID OSI DEST 16 48 Source Area OSI SRC 0 16 Source System ID OSI SRC 16 48 User Defined OSI Criteria In addition to the predefined OSI filter criteria you can create traffic filters with user defined criteria by specifying an offset and length to these reference fields in the
109. n NetBIOS Name 3 5 DSAP 3 5 Next Ring 3 5 Source MAC Address 3 5 Source NetBIOS Name 3 5 SSAP 3 5 user defined 6 20 to 6 21 VINES Destination Address 3 14 Protocol Type 3 14 Source Address 3 14 XNS Destination Address 3 15 Destination Network 3 15 Destination Socket 3 15 Source Address 3 15 Source Socket 3 15 criteria outbound traffic filter adding 7 14 7 17 7 19 common headers 4 5 Data Link header 4 2 defined 1 8 4 1 deleting 7 14 7 19 IP header 4 4 user defined 4 6 to 4 8 Customer Service FTP xxi customer support See getting help D Data Link header outbound traffic filter criteria 4 2 reference points 4 6 DECnet actions 3 7 criteria 3 7 deleting inbound traffic filters 6 26 outbound traffic filters 7 23 Index 2 114081 Rev A deleting actions inbound traffic filter 6 14 6 19 outbound traffic filter 7 14 7 19 deleting criteria inbound traffic filter 6 14 6 19 outbound traffic filter 7 14 7 19 deleting ranges inbound traffic filter 6 14 6 19 outbound traffic filter 7 14 7 19 dequeuing algorithms bandwidth allocation 2 2 strict dequeuing 2 6 Detailed Log action 4 9 Detailed Logging action 3 10 dial backup line filters on B 2 Direct IP Explorers action 3 6 disabling inbound traffic filters 6 24 outbound traffic filters 7 22 Discard Eligible Bit Low parameter 2 21 A 6 Discard Eligible Bit Normal parameter 2 21 A 6 DLSw actions 3 8 criteria
110. n the router activiates connections for data transmissions This reduction in update only traffic limits unecessary connections and reduced line costs See Configuring Dial Services for information about dial services such as dial optimized routing Using Filter Templates When you create traffic filters it is important to understand the difference between a traffic filter template and an actual traffic filter A traffic filter template is a reusable predefined specification for a traffic filter Each template contains a complete filter specification criterion range and action for one protocol but is not associated with a specific interface or circuit You create an actual traffic filter when you use the Configuration Manager to apply save a traffic filter template to a configured router interface You can apply a single template to as many interfaces as you want thus creating multiple filters for that protocol When you want to add a filter to an interface you have several options e If there is a template that contains the exact filtering instructions that you want for this interface apply that template to this interface e If there is a template that contains filtering instructions similar to what you want copy rename and edit the template Then apply the new template to the appropriate interface e If there is no template containing filtering instructions similar to what you want for this interface you must create a tem
111. nd 4 2 ranges 3 5 Bridge Transparent actions inbound 3 4 outbound 4 9 criteria inbound 3 2 to 3 4 outbound 4 2 C Clipped Packets Count 2 8 clock speed 2 3 CompuServe Bay Networks forum on xxii configuring inbound traffic filters 6 1 outbound traffic filters 7 1 criteria inbound traffic filter 802 2 Control 3 3 DSAP 3 3 Length 3 3 SSAP 3 3 adding 6 14 6 19 Bridge Transparent 802 2 3 3 Ethernet type 3 3 MAC Destination Address 3 3 MAC Source Address 3 3 Novell 3 3 SNAP 3 3 114081 Rev A Index 1 Configuring Traffic Filters and Protocol Prioritization DECnet Phase IV Destination Area 3 7 Destination Node 3 7 Source Area 3 7 Source Node 3 7 defined 1 8 3 1 deleting 6 14 6 19 DLSw Destination MAC Address 3 8 DSAP 3 8 Source MAC Address 3 8 SSAP 3 8 IP IP Destination Address 3 9 IP Source Address 3 9 Protocol 3 9 TCP Destination Port 3 9 TCP Source Port 3 9 Type of Service 3 9 UDP Destination Port 3 9 UDP Source Port 3 9 IPX Destination Address 3 11 Destination Network 3 11 Destination Socket 3 11 Source Address 3 11 Source Socket 3 11 LLC2 Destination MAC Address 3 12 DSAP 3 12 Source MAC Address 3 12 SSAP 3 12 OSI Destination Area 3 13 Destination System ID 3 13 Source Area 3 13 Source System ID 3 13 SNAP Ethertype 3 3 Length 3 3 Protocol ID Organization Code 3 3 Source Routing Destination MAC Address 3 5 Destinatio
112. ned reference points for each protocol 1 Display the Traffic Filters window for your selected circuit 2 Click on Template 3 Inthe Filter Template Management window click on Create The protocol specific Create Filter Template window appears 4 Enter a descriptive name in the Filter Name box 5 Select a criterion Refer to Table B 1 for specific examples 6 Enter one or more ranges Refer to Table B 1 7 Select an action Refer to Table B 1 8 Click on OK You are returned to the Filter Template Management window 9 Click on Done You are returned to the protocol specific Traffic Filter window 10 Click on Create 11 In the Create Filter window enter a name for the filter 12 Select the template file you just created in the Templates scroll box 13 Click on OK B 4 114081 Rev A Examples and Implementation Notes The filter is now applied to the selected interface Table B 1 Predefined Criteria Ranges and Actions for Example Inbound Traffic Filters Filtering Goal Criteria Path Ranges Action Path Notes Drop inbound Criteria gt Add gt IP gt 23 Action Add Drop For a more secure Telnet traffic TCP Frame TCP Destination Port Refer to Table 5 6 in Chapter 5 for a list of common TCP destination port codes method create a user defined filter see the next section This filter will not stop remote users from establishing a Telnet session with the router itself To do that
113. ns to your template Log in combination with any click on OK other action Create new templates for additional actions Delete 1 Inthe Filter Information scroll box select the action you There must be one at least an Action want to remove action specified for a filter 2 Click on Delete template 3 To confirm click on Delete in the Delete Action window 6 14 114081 Rev A Applying Inbound Traffic Filters Creating an Inbound Filter You create an inbound traffic filter by applying a filter template to an interface Note Try to create the filters on each interface in order of precedence The first filter you create has the highest precedence and a rule number of 1 Subsequent filters created on the interface have decreasing precedence See Changing Filter Precedence for information on filter precedence To create an inbound traffic filter 1 Display the Inbound Filters window for your selected circuit and protocol See the first section of this chapter Working with Inbound Traffic Filters 2 Click on Create Filter The Create Filter window appears Figure 6 12 S Greate Filter T Figure 6 12 Create Filter Window 114081 Rev A 6 15 Configuring Traffic Filters and Protocol Prioritization 3 Verify the name of the selected interface 4 Select the appropriate template in the Templates scroll box 5 Inthe Filter Name field enter a meaningful name for the new filter I
114. nt 226 Clip Count 0 Clip Count 0 High Water Mark 20 High Water Mark 10 High Water Mark 06 20 20 20 10 10 10 High Normal Low TF0004A Figure 2 4 Priority Queue Statistics for the Queue Depth Example In this case you may choose to reconfigure the low priority queue depth to 10 and increase the high priority queue depth to 30 Figure 2 5 Queue Depth 30 Clip Count 0 High Water Mark 20 30 Queue Depth 20 Clip Count 0 High Water Mark 10 20 20 Queue Depth 10 Clip Count 0 e High Water Mark 06 10 10 10 High Normal Low TF0005A Figure 2 5 Reconfigured Priority Queue Statistics for the Queue Depth Example To see whether this reallocation solves the problem reset the Clipped Packets Count and High Water Packets Mark counters using the Statistics Manager and check them again later 114081 Rev A Configuring Traffic Filters and Protocol Prioritization Latency Latency or line delay specifies how many normal or low priority bits the router can allocate to the transmit queue at any one time Latency determines therefore the greatest time delay that a high priority packet can experience Latency is based on the line speed of the attached media The following formula illustrates how line speed bits queued and latency value are related LATENCY Bits Queued Line Speed bits s The default value for latency is 250 milliseconds ms Th
115. nt regarding its use reproduction and disclosure are as set forth in the Commercial Computer Software Restricted Rights clause at FAR 52 227 19 Trademarks of Bay Networks Inc ACE AFN AN BCN BLN BN BNX CN FN FRE GAME LN Optivity PPX SynOptics SynOptics Communications Wellfleet and the Wellfleet logo are registered trademarks and ANH ASN BayeSIS BCNX BLNX EZ Install EZ Internetwork EZ LAN PathMan PhonePlus Quick2Config RouterMan SPEX Bay Networks Bay Networks Press the Bay Networks logo and the SynOptics logo are trademarks of Bay Networks Inc Third Party Trademarks All other trademarks and registered trademarks are the property of their respective owners Statement of Conditions In the interest of improving internal design operational function and or reliability Bay Networks Inc reserves the right to make changes to the products described in this document without notice Bay Networks Inc does not assume any liability that may occur due to the use or application of the product s or circuit layout s described herein Portions of the code in this software product are Copyright 1988 Regents of the University of California All rights reserved Redistribution and use in source and binary forms of such portions are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation advertising materials and other materials related to
116. objects and create custom screen reports refer to Managing Routers and BNX Platforms To determine whether there are enough buffers in each priority queue for the traffic flow on your network use the Statistics Manager to examine the following protocol prioritization statistics e High Water Packets Mark The greatest number of packets that have been in each queue e Clipped Packets Count The number of packets that have been discarded from each queue The router discards packets from full priority queues Note To determine whether statistics reflect a transient event you may want to reset the statistics and check again later before changing the configuration of priority queuing You can reset the High Water Mark in Site Manager s Edit Protocol Priority Interface window You can reset both the Clipped Packets Count and High Water Packets Mark using the Statistics Manager Generally if a queue s Clipped Packets Count is high and the High Water Packets Mark is close to its queue size that queue does not have enough buffers 2 8 114081 Rev A Using Protocol Prioritization How you tune protocol prioritization depends on whether the bandwidth allocation or strict dequeuing algorithm is active To tune priority queueing with the bandwidth allocation algorithm active consider modifying the e Percent of Bandwidth e Queue Depth To improve strict dequeuing results for your protocol prioritization configuration you can a
117. orks Publications sssssse M xviii Technical Support and Online Services Bay Networks Customer SOVICO s esiitusdetndad isa ici Eae adds rubet EE Ida da D post Aa dira pd bet RR Xx Bay Networks Information Services sessssssesesssssseeee enne xxi World Wide Web ERR RE T xxi Gustomer elvis FTP keane er a tct hae oti eec o teg Sa etaed xxi BUDDDU UM TBI sa is bn tula A ATAA decades ese hays can T TN xxii Me ecrit xxii WERA TO qe TET xxiii How to Get Help T xxiii Chapter 1 Using Traffic Filters Wheat Are Tralic Filters PT TETTE ERRARE RN RR EMI 1 1 bound TERR FINES a6 etica tore cere AE 1 2 Dulboupd rame FIBRE ipe rade d E eH E tet e t te a rd 1 3 What Is Protocol Prioritization T T 1 3 DIL S ri Ca PAN oxen i2 2s 22h scalened eaconcaneaccatents Rao Had ie ck dancneesasedansnednatacenedeaaooares 1 4 What Do Traliie Filters DO isinisisi dodo Ead uk Ete sra rund astute eed 1 5 Ensure ConsiBtent Servia cci edu a irati a sedate ISSN EHE TENER 1 5 Reduce Network Gongesnon clades uidit edis aede i ba cet bas 1 5 Prioritize Important TANG uiia ue td iaa DRM E cod ten cuta ER eu lu ku ead MuR 1 5 Reduce Loss or CUIGe Dala ieu iieieemi 2I eei ERE aE S 1 5 114081 Rev A V Bree Se CUI NIE TT TO wens 1 5 E ifs e acia TE E ada ass tup Pinnae usa rx dente eres sa xt c ery ttre 1 6 D
118. orted 1 3 No Call action 1 14 4 10 No Reset action 1 14 4 10 precedence 7 20 reordering 7 20 precedence 1 7 B 2 purpose of 1 5 ranges 1 12 strategies 1 6 templates 1 15 to 1 16 Transparent Bridge See Bridge Index U UDP Port Criteria 5 5 user defined criteria about 1 8 components of 1 8 inbound Bridge 3 4 DECnet 3 7 DLSw 3 8 IP 3 9 IPX 3 11 LLC2 3 12 OSI 3 13 specifying 6 20 6 20 to 6 21 SRB 3 6 VINES 3 14 XNS 3 15 outbound 4 6 to 4 8 V VINES actions 3 14 criteria 3 14 ranges 5 3 W World Wide Web Bay Networks home page on xxi X XNS actions 3 15 criteria 3 15 114081 Rev A Index 7
119. ou to add Each filter template can have only one criterion Create new templates for additional criteria Refer to Chapter 4 for information about the outbound traffic filter criteria for your selected interface The Add Range window appears Figure 7 6 You must specify at least one range value for each criterion 114081 Rev A 7 7 Configuring Traffic Filters and Protocol Prioritization Name Criteria PRIORITY_IP IP_TYPE_OF_SERVICE Maximum value a gg Figure 7 6 Add Range Window Specify the low and high values for the range you to apply to the selected criterion If the range you want consists of just one value specify that value in both boxes Zero is not a valid entry for Minimum or Maximum value Note When you enter values for the Minimum and Maximum value paramters the Configuration Manager assumes the value is a decimal number To enter a hexadecimal number use the prefix Ox 10 11 Click on OK The Create Priority Outbound Template window reappears refer to Figure 7 5 The new criterion and range appear in the Filter Information scroll box Add additional ranges if you want You can add up to 100 ranges for each filter criterion Select Action and either IP or Datalink Select Add Action then select the action you to impose on packets that match any of this template s ranges of filtering criteria 7 8 114081 Rev A Applying Outbound Traffic Filters If you selected th
120. packet to examine For all bridge traffic predefined criteria are part of the DLC header For routed traffic a predefined criterion can be part of the DLC header or part of an upper level network protocol header Inbound traffic filter criteria use reference points in the upper level protocol header You select inbound criteria based on the protocol of the incoming traffic Outbound traffic filters use reference points in only the IP or DLSw protocol headers You select outbound criteria based on the WAN protocol configured on the interface Bridge Source Routing PPP or Frame Relay 1 8 114081 Rev A Using Traffic Filters Predefined and User Defined Criteria The Configuration Manager provides a selection of default filter criteria predefined criteria for both inbound and outbound traffic filters Predefined criteria consist of predefined offsets and lengths from common reference points Instead of using a predefined filter criterion you can define a criterion by specifying the length and offset from a supported reference point user defined criteria One filter can employ multiple criteria including a combination of predefined and user defined criterion to fit a site s traffic patterns Predefined Criteria Table 1 2 summarizes the predefined inbound traffic filter criteria for supported protocols Table 1 1 Predefined Inbound Traffic Filter Criteria Protocol Predefined Criteria Transparent Bridge
121. part of a comprehensive network security strategy You can control access to individual stations networks and network resources through predefined or user defined filter criteria You can use outbound filters to drop completely clip any traffic you do not want leaving the local network 114081 Rev A 1 5 Configuring Traffic Filters and Protocol Prioritization Filtering Strategies This section suggests some ways you might use traffic filters in a network Refer to Appendix B for specific examples Drop or Accept Certain Traffic To accept only specified traffic and drop other packets configure accept filters To accept most traffic and drop only specified packets configure filters only for the traffic you want to drop Note Drop filters usually perform more efficiently than accept filters For example to prevent all NetBIOS traffic from entering a particular LAN segment you can create an inbound traffic filter to drop all packets with a Destination or Source SAP code of FO Build a Firewall If your filtering strategy involves blocking most traffic and accepting only specified packets a firewall begin with a drop all filter on the interface That means you choose a filter criterion that appears in every packet of the protocol you are filtering for example a MAC address Then add more specific higher precedence Accept and Drop filters to achieve the desired result on that interface Refer to Using a Drop All F
122. pecifies a predefined known bit position within the packet header e Offset Specifies the beginning position of the filtered bit pattern in relation to the reference point measured in bits e Length Specifies the total bit length of the filtered pattern For each traffic filter criterion you also specify the valid range a series of target values appropriate to the criterion For most criteria you specify an address range There must be at least one target value per criterion The range can be just one value or it can be a set of values You enter a minimum and a maximum value to specify the range For a range of only one value you enter only the minimum value the Configuration Manager automatically uses that value for both the minimum and maximum For example if the filter criteria is MAC Source Address you must specify which addresses you want the filter to examine If you specify 0x0000A2000001 as the minimum range value and 0x0000A2000003 as the maximum range value the router checks for packets with a MAC source address between 0x0000A 2000001 and 0x0000A2000003 inclusive Note Chapter 5 lists valid range values for common traffic filter criteria and explains how to specify some common address ranges 114081 Rev A Actions Using Traffic Filters The filter action determines what happens to packets that match a filter criterion s ranges Site Manager supports e Filtering Actions Prioritizing Actions
123. plate from scratch Then apply the new template to the appropriate interface e If there is an existing filter on the interface that contains instructions similar to what you want edit the existing filter directly and save it 114081 Rev A Configuring Traffic Filters and Protocol Prioritization Creating a Template You create traffic filter templates using protocol specific windows within the Configuration Manager You can create as many as 500 traffic filter templates for each interface Note You can also edit or copy a template using a text editor The Configuration Manager stores all templates for all protocols in a file called template fit In the Unix file system the pathname is usr filters template fit To create and use a filter template 1 Name the template It is a good idea to give each template a descriptive name For example if you are building a template that is going to instruct the interface to drop all DECnet Phase IV traffic with a Source Node value of 3 name it dec_Snode_3 Or if you are building a template that is going to instruct the interface to queue all LAT traffic to the high priority queue name the template something like LAT_high 2 Select a protocol specific criterion range and action Select the criteria and address range or ranges for checking packets Then select the action to impose on packets that match the specified criteria and ranges Note Because you create filter temp
124. queue Criteria gt Add gt IP gt IP gt TCP Destination Port 2065 to 2067 Refer to Table 5 6 in Chapter 5 fora list of common TCP destination port codes Action gt IP gt Add gt High Queue This example shows how to prioritize DLSw traffic before other protocols on the interface To affect the priority of specific types of DLSw traffic at the TCP level use DLSw protocol prioritization as described in Configuring DLSw Services continued 114081 Rev A Examples and Implementation Notes Table B 3 Example Criteria Ranges and Actions for Protocol Prioritization Filtering Goal Criteria Path Ranges Action Path Notes Place RIP traffic Criteria gt Add gt IP gt IP gt 520 Action gt IP gt Add Refer to Table 5 7 in in the low priority UDP Destination Port gt Low Queue Chapter 5 for a list of queue common UDP destination port codes Place OSPF Criteria gt Add gt IP gt IP gt 89 Action gt IP gt Add Refer to Table 5 9 in traffic in the high Protocol Type gt High Queue Chapter 5 for a list of priority queue common IP Protocol codes Place Criteria gt Add gt IP gt IP gt 0xeO Action gt IP gt Add OSPF BGP traffic Type of Service gt High Queue in the high priority queue Place Spanning Criteria gt Add gt Datalink 0x42 DSAP Action gt Datalink gt Refer to Table 5 3 in Tree traffic in the gt Source Routing gt or SSAP A
125. r Path Default Options Function Instructions MIB Object ID Greater Than Queue Create Priority Outbound Filters gt Actions gt Length gt Prioritization Length Low High Low Normal Specifies which queue a packet is placed in if its packet length is greater than the value of the Packet Length parameter For example if Packet Length is set to 1024 bytes any packet that is 1025 bytes or larger is placed in the queue you choose for this parameter Accept the default Low or select either Normal or High 1 3 6 1 4 1 18 3 5 1 4 4 1 9 A 8 114081 Rev A Appendix B Examples and Implementation Notes This appendix contains examples hints reminders and important notes you could have missed earlier in this guide Sections of this appendix provide Implementation Notes e Inbound Traffic Filter Examples e Protocol Prioritization Examples Implementation Notes This section contains notes about e Filtering Outbound Frame Relay Traffic e Filtering Over a Dial Backup Line e Using a Drop All Filter as a Firewall Filtering Outbound Frame Relay Traffic When creating outbound filters for Frame Relay traffic keep in mind that Frame Relay packets in the Low priority queue have the Discard Eligible DE bit set by default The DE bit is off by default in Frame Relay packets in the Normal and High priority queues You can change the default status of the DE bit for packets in the Low priority q
126. raffic can use Specify the percentage of the line s bandwidth allocated to low priority traffic The High Queue Percent Bandwidth Normal Queue Percent Bandwidth and Low Queue Percent Bandwidth values must total 100 1 3 6 1 4 1 18 3 5 1 4 1 1 26 114081 Rev A A 5 Configuring Traffic Filters and Protocol Prioritization Parameter Path Default Options Function Instructions MIB Object ID Parameter Path Default Options Function Instructions MIB Object ID Discard Eligible Bit Low Configuration Manager gt Interface Connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface ENABLE ENABLE DISABLE Sets the Frame Relay Discard Eligible DE bit for packets sent to the Low priority queue Sets the Frame Relay Discard Eligible DE bit for packets sent to the Low priority queue Select DISABLE if you do not want the DE bit to be set for all Frame Relay packets in the Low priority queue 1 3 6 1 4 1 18 3 5 1 4 1 1 37 Discard Eligible Bit Normal Configuration Manager gt Interface Connector gt Edit Circuit gt Protocols gt Edit Protocol Priority gt Interface DISABLE ENABLE DISABLE Sets the Frame Relay Discard Eligible DE bit for packets sent to the Normal priority queue By default Frame Relay packets in the Normal priority queue do not have the Discard Eligible DE bit set 1 3 6 1 4 1 18 3 5 1 4 1 1 38 A 6 114081 Rev A Site Mana
127. response request header RH you can use this to provide class of service COS priority preference You can also prioritize traffic based on any user defined values within the headers and data packets For detailed information about DLSw prioritization filters refer to Configuring DLSw Services 1 4 114081 Rev A Using Traffic Filters What Do Traffic Filters Do You use inbound traffic filters primarily for security to deflect certain traffic from destination nodes in your network You use outbound filters primarily to ensure timely delivery of critical data Ensure Consistent Service When a router treats all packets equally there is no way to ensure consistent network services to users who are working interactively Bulk transfer applications use too much of the available bandwidth and slow down interactive response times These problems are especially visible on low speed WAN links Reduce Network Congestion Both inbound and outbound traffic filters reduce network congestion by minimizing the flow of unnecessary traffic over LAN and WAN segments Prioritize Important Traffic You can use protocol prioritization to expedite traffic coming from a particular source or going to a certain destination Reduce Loss of Critical Data You can improve application response time and eliminate session timeouts by implementing protocol prioritization Enhance Security Inbound and outbound traffic filters are an integral
128. rioritization has been added whether or not there are any outbound filters currently active on the interface 2 Edit the parameters you want to change using the sections following this procedure as guidelines 3 Click on OK when you are finished editing interface specific parameters 114081 Rev A 2 17 Configuring Traffic Filters and Protocol Prioritization Enabling or Disabling Prioritization You can toggle protocol prioritization on and off on an interface If you set the Enable parameter to Disable all outbound filters are disabled on the interface Setting this parameter to Disable is useful if you want to temporarily disable all outbound filters rather than delete them Set to Enable if you previously disabled protocol prioritization on this interface and now want to re enable it Setting the High Queue Size By default there can be up to 20 packets in the high priority queue at any one time regardless of packet size You can specify any integer value as the maximum number of packets in the high priority queue For information about using queue depth for tuning protocol prioritization in your network refer to Tuning Protocol Prioritization earlier in this chapter Setting the Normal Queue Size By default there can be up to 20 packets 200 for Frame Relay in the normal priority queue at any one time regardless of packet size You can specify any integer value as the maximum number of packets in the normal pr
129. s Standard PPP e Frame Relay Note You cannot implement protocol prioritization on LAN interfaces or protocols For information on DLSw prioritization see the Configuring DLSw Services guide The first section of this chapter provides an overview of priority queues Subsequent sections describe e Tuning Protocol Prioritization e Enabling Protocol Prioritization e Editing Protocol Prioritization Parameters For instructions on using the Configuration Manager to create outbound traffic filters refer to Chapter 7 114081 Rev A 2 1 Configuring Traffic Filters and Protocol Prioritization About Priority Queues Depending on how you configure protocol priority the router queues each packet and holds them in one of three priority queues High queue e Normal queue Low queue The router automatically queues packets that do not match a traffic filter to the normal priority queue The Dequeuing Process After queuing packets the router empties the priority queues by sending the traffic to the transmit queue Generally the router transmits higher priority traffic first Other configured values in the protocol prioritization scheme also affect the transmission of traffic Two of these configurable values are queue depth and line delay or latency described in the section Tuning Protocol Prioritization Protocol prioritization uses one of two dequeuing algorithms to send traffic to the transmit queue th
130. sage Packets 1 IGP 9 RSVP Reservation Protocol 46 VINES 83 OSPF 89 5 10 114081 Rev A Chapter 6 Applying Inbound Traffic Filters This chapter shows how to use the Configuration Manager to configure inbound traffic filters To complete the steps in this chapter you must first be familiar with protocol specific filtering criteria and actions Refer to Chapter 3 for this information Working with Inbound Traffic Filters To apply traffic filters to a particular interface you first use the Configuration Manager to display the Traffic Filters window for the configured protocol For all protocols except DLSw you display the Traffic Filters window as described in the next section Displaying the Inbound Traffic Filters Window For circuits configured with DLSw go to the section Displaying the DLSw Inbound Traffic Filters Window Once you display the protocol specific Traffic Filters window you can e Create copy or edit a filter template Preparing Filter Templates e Apply a template to an interface Creating an Inbound Filter e Change an existing filter Editing an Inbound Filter e Change the filtering order Changing Filter Precedence e Temporarily disable or enable a filter Enabling or Disabling an Inbound Filter e Remove a filter from an interface Deleting an Inbound Filter 114081 Rev A 6 1 Configuring Traffic Filters and Protocol Priorit
131. sing a Drop All Filter as a Firewall If your filtering strategy involves forwarding most traffic and dropping only specified packets you need only configure drop filters for the specific traffic you want the router to reject If your strategy involves blocking most traffic and accepting only specified packets a firewall begin by defining filters to accept specified packets Then add a filter on the interface to drop all packets a drop all filter A drop all filter describes the broadest range of packets you want to block from an interface To ensure that all unwanted traffic gets dropped configure the drop all filter to contain e Criteria that appears in every packet of the protocol you want to filter e The maximum possible value of the range e The minimum value of the range B 2 114081 Rev A Examples and Implementation Notes With a drop all filter specified higher precedence Accept filters create exceptions or holes in the drop all range Since the highest precedence filter in a given address range determines the result of combined filtering within that range the router processes packets that match the accept filters However the drop all filter ensures the router rejects all other traffic For example to configure a circuit that only accepts IP traffic addressed for destination address 192 32 28 55 apply a drop all filter and one accept filter as follows Filter Action Rule Nunber Star
132. sorts the WAN traffic on an individual interface into three delivery queues of varying precedence high normal and low priority called priority queues The router then uses a dequeuing algorithm to drain the priority queues and transmit traffic 114081 Rev A Configuring Traffic Filters and Protocol Prioritization Protocol prioritization is an outbound filter mechanism because e You use outbound traffic filters to specify whether and how traffic gets sorted into priority queues Priority queues affect the sequence in which data leaves an interface they do not affect traffic as it enters the router Outbound filters that include a protocol prioritization action are sometimes called priority filters You can apply priority filters to MCE1 MCTI and synchronous interfaces Note Outbound traffic filters on LAN interfaces do not support protocol prioritization Refer to Chapter 2 to learn more about priority queuing and dequeuing DLSw Prioritization Filters DLSw prioritization allows you to prioritize traffic within DLSw based on predefined or user defined fields at the TCP level Examples of DLSw prioritization criteria include e Source and destination SAP you can use this to assign NetBIOS traffic SAP OxFO to a lower priority than SNA traffic e Source and destination MAC address you can use this to provide host bound traffic preference over other traffic e Any field in the SNA transmission header TH and
133. specify user defined inbound traffic filter criteria To specify user defined criteria 1 2 10 11 12 Display the Traffic Filters window for your selected circuit Click on Template The Filter Template Management window appears Click on Create The protocol specific Create Filter Template window appears Enter a descriptive name in the Filter Name box Select Criteria gt Add gt User Defined The Add User Defined Field window appears In this window you specify the criterion s e Reference Field e Offset e Length e Minimum Range e Maximum Range Select the protocol specific reference field Refer to Table B 2 for specific examples Specify an offset and length from the reference field Refer to Table B 2 Specify a range Click on OK Select an Action Click on OK You are returned to the Filter Template Management window Click on Done The protocol specific Traffic Filter window re appears B 6 114081 Rev A Examples and Implementation Notes Table B 2 User Defined Criteria and Ranges for Example Inbound Traffic Filters User Defined Criteria Filtering Goal Reference Field Offset Length Range Give certain Specify an 160 bits sum of all 32 bits Specify the VINES traffic Ethernet Type field criteria that precede the hexadecimal that is bridged of OxBAD VINES Destination Network field destination over Ethernet precedence over all other traffic or 48 48 16 1
134. stued sdb E od sun AAEE T rr T TE AY Protocol Pronuzaion AG ONE siriar dites er Apte edcatas des aes doesiku TEE 4 9 Disl On Deimand ACHONS 1i san intu tena IX eR AURA ndin eneninda FU E FR AURA Kod AR 4 10 Chapter 5 Specifying Common Criterion Ranges Speciiving MAC Address Ranges d odd Rt Ceteri ba taser id o eee ia epis 5 2 Source Routing Bridge Source MAC Addresses biet epi a 5 2 Source Routing Bridge Functional MAC Addresses sss 5 3 viii 114081 Rev A Specifying VINES Address Ranges erret rtt d tr hne RR n nter 5 3 Specifying Source and Destination SAP Code Ranges sss 5 4 Specifying Frame Relay NLPID Pange Valles saiisine 5 5 speciylng PPP Protocol ID Range ValUBB cade et Gate i nhan eei Gta 5 5 Specifying TCP and UDP Port Range Values TEUER 5 5 Speciiing Ethernet Type Range VANES sictesscsecteseacsisceinesstieasecdenquoarsaecenseettennvanonione lianas 5 7 Speci PN IP Sb tard fast NT epp pET ME 5 10 Chapter 6 Applying Inbound Traffic Filters Working with Inbaur Mate FINETE cue Idi OU eti ta M Eee eet al 6 1 Displaying the Inbound Traffic Filters Window TUO 6 2 Displaying the DLSw Inbound Traffic Filters Window seeeeees 6 3 Propanng Fiter FORI sinsir aiai adddre a dades acad sup tup a nde 6 4 Greaung e Mea TENDER pU tte lady agate tem Quot bo I aa 6 5 e creurpesoyeca cu eee pee PROPER ERE e TEES 6
135. t can be helpful to includes the circuit name For example Drop Telnet E21 Note The name of the filter can be the same name as the template 6 Click on OK You are returned to the Traffic Filters window Figure 6 13 2 Bridge Filters 1 bridge drop01to03 Done Apply Template Create Edit Reorder Delete Values Help Filter Enable ENABLED f Filter Name bridge drop01to03 Figure 6 13 New Filter Listed in the Filters Window Scroll Box In Figure 6 13 the filter named bridge drop011003 consists of the template selected in Figure 6 12 applied to interface S42 6 16 114081 Rev A Applying Inbound Traffic Filters Editing an Inbound Filter After you apply a filter to an interface you can edit its criteria ranges and actions If you used a template edited to suit your needs you probably don t need to make further edits To customize a specific filter you have the following options e Add or delete filtering criteria e Add modify or delete criteria ranges e Add or delete actions To customize an inbound filter 1 Display the Filters window for the circuit you are editing Figure 6 13 2 Inthe scroll box click on the name of the filter you want to edit 3 Click on Edit The Edit Filters window for your protocol appears Figure 6 14 shows the Edit Bridge Filters window Note The Edit Filters window is protocol specific Figure 6 14 shows the Edit Bridge Fi
136. t of Range End of Range Accept 1 highest precedence 192 32 28 55 192 32 28 55 Drop 2 lower precedence 0 0 0 0 0 255 255 255 255 See the Changing Filter Precedence sections in Chapter 6 inbound filters or Chapter 7 outbound filters for information about using the Configuration Manager to changing filter precedence after the filters are applied to an interface Inbound Traffic Filter Examples You create a traffic filter by 1 Creating an Inbound Traffic Filter Template Predefined Criteria Or Creating an Inbound Traffic Filter Template User Defined Criteria 2 Applying the Traffic Filter Template If this section does not include an example for a protocol you want to configure use these examples as guidelines for implementing inbound traffic filters for other traffic types 114081 Rev A B 3 Configuring Traffic Filters and Protocol Prioritization Creating an Inbound Traffic Filter Template Predefined Criteria This section provides examples for creating and applying a template with predefined criteria to e Drop inbound but allow outbound Telnet traffic e Screen Telnet and FTP clients e Customize BOOTP server operation The following summarizes your steps for creating an inbound traffic filter template using a predefined criterion Chapter 6 provides detailed procedures Chapter 2 lists the predefined inbound traffic filter criteria and actions for all supported protocols as well as the user defi
137. tep 1 whether or not latency is reached Figure 2 3 illustrates the strict dequeuing algorithm 2 6 114081 Rev A Using Protocol Prioritization Scan high priority e queue Are there packets in the high priority queue Was the maximum transmit queue size reached YES Transmit all packets YES Was latency reached YES Transmit all Was in the normal priorit packets up to latency latency bytes reached YES Are there packets in the low priority queue YES Transmit all packets up to latency bytes a_l TF0003A Figure 2 3 Strict Dequeuing Algorithm 114081 Rev A 2 7 Configuring Traffic Filters and Protocol Prioritization Tuning Protocol Prioritization Protocol prioritization defaults are designed to work well for most configurations However you can customize protocol prioritization parameters to maximize its impact in your network To set protocol prioritization tuning parameters use the Edit Protocol Priority Interface window Refer to Editing Protocol Prioritization Parameters later in this chapter for instructions Monitoring Statistics To monitor and manage the impact of protocol prioritization use the Statistics Manager to view statistics in the MIB object group wfApplication wfDatalink wfProtocolPriorityGroup For information on using the Statistics Manager to view MIB
138. ter Criterion The Add Range window appears Figure 6 8 You must specify at least one range for each criterion 6 8 114081 Rev A Applying Inbound Traffic Filters Name drop01to035 Criteria BRIDGE MAC SOURCE bertus ROXUULUEPIS UT Eee 0x0000a20003l Ene Figure 6 8 Add Range Window 6 Specify the low and high values for the range you want to apply to the selected criterion In this example refer to Figure 6 8 the range for the MAC source address criterion is from 0x0000A20001 the minimum value to 0x0000A 200003 the maximum value Each incoming packet will be checked to see whether its MAC source address falls into this range of addresses If the range you want to add consists of just one value specify that value in both boxes Note When you enter values for the Minimum and Maximum value parameters the Configuration Manager assumes that the value is a decimal number To enter a hexadecimal number use the prefix Ox 7 Click on OK You return to the Create Filter Template window The new criterion and range appear in the Filter Information scroll box Figure 6 9 114081 Rev A 6 9 Configuring Traffic Filters and Protocol Prioritization Figure 6 9 Create Template Window with Criteria and Range Added 8 Add additional ranges if you want You can add up to 100 ranges for each filter criterion 9 SelectAction Add then select the action you want to impose on packets
139. tes and FTP sites We recommend the use of CompuServe Information Manager software to access these Bay Networks Information Services resources To open an account and receive a local dial up number in the United States call CompuServe at 1 800 524 3388 Outside the United States call 1 614 529 1349 or your nearest CompuServe office Ask for Representative No 591 When you are on line with your CompuServe account you can reach us with the command GO BAYNET xxii 114081 Rev A InfoFACTS Technical Support and Online Services InfoFACTS is the Bay Networks free 24 hour fax on demand service This automated system has libraries of technical and product documents designed to help you manage and troubleshoot your Bay Networks products The system responds to a fax from the caller or to a third party within minutes of being accessed To use InfoFACTS in the United States or Canada call toll free 1 800 786 3228 Outside North America toll calls can be made to 1 408 764 1002 In Europe toll free numbers are also available for contacting both InfoFACTS and CompuServe Please check our Web page for the listing in your country How to Get Help Use the following numbers to reach your Bay Networks Technical Response Center Technical Response Center Telephone Number Fax Number Billerica MA 1 800 2LANWAN 508 670 8765 Santa Clara CA 1 800 2LANWAN 408 764 1188 Valbonne France 33 92 968 968 Sy
140. that match any of the template s ranges of filtering criteria The action is now associated with the new criterion and range which appear in the Filter Information scroll box Figur 6 10 114081 Rev A Applying Inbound Traffic Filters Figure 6 10 Actions List with New Action 10 When you are finished adding actions to your template click on OK You return to the Filter Template Management window refer to Fig 6 5 114081 Rev A 6 11 Configuring Traffic Filters and Protocol Prioritization Customizing Templates There are two ways to change a filter template e Copy the existing template rename it and then edit it This preserves the original template and creates an entirely new template with the same criteria and actions You can then modify the new version to suit your needs e Edit the existing template If you do not want or need to preserve the original template you can edit it without first copying and renaming it Changing a template does not affect interfaces to which the template has already been applied To edit an existing template without preserving the original go to Editing a Template Copying a Template To duplicate an existing template 1 Display the Filter Template Management window refer to Figure 6 5 2 Select a template from the scroll box 3 Click on Copy The Copy Filter Template window appears Figure 6 11 opy Filter Template Copy template dropO1to03 us Fig
141. the filter will be forwarded to certain circuits that you specify Note The circuit names that you enter in the Forward to Circuit List window are case sensitive For example if the circuit name is E21 you must enter it as E21 not e21 or the filter will not work You can combine the Log action with any of the other actions However you should use Log only to record abnormal events otherwise the event log will fill up with filtering messages and thus become useless 3 4 114081 Rev A Inbound Traffic Filter Criteria and Actions Source Routing Bridge Criteria and Actions You filter inbound Source Routing traffic based on specified bit patterns contained within the native source routing bridge SRB frame header IP encapsulated SRB traffic filters are not supported Source Routing filters affect both explorer and routed frames However filters that include Next Ring as a criterion affect only routed frames because the Next Ring reference field does not appear in explorer frames Refer to Configuring Bridging Services for information about explorer and routed frames Note The router applies source route bridge filters after the router processes a packet The router receives the packet on the incoming interface and updates the routing information field RIF The filters that you configure then act on the updated RIF Predefined Source Routing Criteria Table 3 2 lists the predefined filtering fields for Sourc
142. throughput performance For LAN circuits where the forwarding rate of the router is critical we suggest that you monitor the throughput performance after configuring outbound LAN filters If you notice an unacceptable performance degradation it may be best to use inbound traffic filters to accomplish the filtering goal Outbound traffic filters are not based on a routing protocol as are inbound traffic filters When you configure outbound traffic filters you specify a set of conditions that apply to the packet s Data Link header e IP header To use outbound traffic filters you select Protocol Priority as one of the configured protocols on an interface Protocol Priority is enabled by default on circuits configured with Frame Relay or PPP Otherwise you must enable Protocol Priority the first time you configure outbound traffic filters on an interface Chapter 4 provides information for designing outbound filters Chapter 7 explains how to use the Configuration Manager to enable Protocol Priority and apply outbound filters What Is Protocol Prioritization As a router operates network traffic from a variety of sources converges at each WAN interface Without protocol prioritization the router transmits packets in a first in first out FIFO order By implementing protocol prioritization you instruct the router to use a different transmit order for specified ranges of packets With protocol prioritization enabled the router
143. traffic filter 1 2 3 Display the Priority Outbound Filters window refer to Figure 7 11 In the scroll box select the name of the filter you to edit Click on Edit The Edit Priority Outbound Filters window appears Figure 7 13 Use the Edit Priority Outbound Filters window to add change or delete filter criteria ranges and actions as described in Table 7 2 When you are finished editing the filter select File gt Save to exit The new filter information appears in the Filter Information scroll box in the Edit Priority Outbound Filters window 114081 Rev A 7 17 Configuring Traffic Filters and Protocol Prioritization Figure 7 13 Edit Priority Outbound Filters Window 7 18 114081 Rev A Applying Outbound Traffic Filters Table 7 2 Using the Edit Priority Outbound Filters Window Task Site Manager Instructions Notes Adda 1 If the filter already has a criterion delete that criterion For any criterion you choose criterion 2 Select Criteria gt Datalink or IP gt Add gt protocol header gt you must specify at least one filter criterion range Each template can have 3 Add a range in the Add Range window only one criterion Delete a 1 Select the criterion to delete in the Filter Information scroll Each filter template has only criterion box one criterion 2 Click on Delete Create new templates for 3 To confirm click on Delete in the Delete Criteria window add
144. tware agents and other important technical information to Bay Networks customers and partners A special benefit for contracted customers and resellers is the ability to access the Web Server to perform Case Management This feature enables your support staff to interact directly with the network experts in our worldwide Technical Response Centers A registered contact with a valid Site ID can e View a listing of support cases and determine the current status of any open case Case history data includes severity designation and telephone e mail or other logs associated with the case e Customize the listing of cases according to a variety of criteria including date severity status and case ID e Log notes to existing open cases e Create new cases for rapid efficient handling of noncritical network situations Communicate directly via e mail with the specific technical resources assigned to your case The Bay Networks URL is http www baynetworks com Customer Service is a menu item on that home page Customer Service FTP Accessible via URL ftp support baynetworks com 134 177 3 26 this site combines and organizes support files and documentation from across the Bay Networks product suite including switching products from our Centillion and Xylogics business units Central management and sponsorship of this FTP site lets you quickly locate information on any of your Bay Networks products 114081 Rev A xx
145. ues Help Filter Enable ENABLED Filter Name forwardtoS41 Figure 6 19 Traffic Filters List Reordered Precedence Enabling or Disabling an Inbound Filter Instead of deleting a filter from a circuit you may want to turn off the filter temporarily You can do this by disabling the filter on a circuit Later you can re enable the filter To disable or re enable a filter 1 Display the Traffic Filters window for your protocol Figure 6 20 6 24 114081 Rev A Applying Inbound Traffic Filters pp Bridge Filters 1 bridge drop01t003 Done Apply Template Create Edit Reorder Delete Values Help Filter Enable ENABLED Filter Name bridge drop01to003 Figure 6 20 Traffic Filters Window 2 Select the filter that you want to disable or re enable in the filter scroll box 3 Click on Values The Values Selection window appears 4 Todisable a filter change the value in the Filter Enable box from Enabled to Disabled To re enable the filter change the value in the Filter Enable parameter box from Disabled to Enabled 5 Click on OK You return to the Traffic Filters window 6 Click on Apply to save this change 114081 Rev A 6 25 Configuring Traffic Filters and Protocol Prioritization Deleting an Inbound Filter When you delete a filter it affects only the interface from which the filter is removed To delete a filter from an interface 1
146. ueue and the Normal priority queue in the Edit Protocol Priority Interface window Refer to Editing Protocol Prioritization Parameters in Chapter 2 for instructions 114081 Rev A B 1 Configuring Traffic Filters and Protocol Prioritization Filtering Over a Dial Backup Line When configuring outbound filters or protocol prioritization on a synchronous interface on which you have configured a dial backup line keep the following considerations in mind e Ifthe primary line is running PPP and the line fails the router automatically transfers all the priority queues and outbound filters you have configured on the primary line to the backup line e If the primary line is running a wide area protocol other than PPP and the line fails the router does not transfer Datalink protocol prioritization or outbound filters to the backup line You must manually configure new Datalink outbound filters on the backup line after that line is activated e Ifthe primary line is running a wide area protocol other than PPP and the line fails the router does transfer IP outbound filters to the backup line no matter what protocol was running on the primary line Be careful when configuring outbound filters on the backup line As soon as the primary line is reactivated it uses the priority queues and filters you configured for the backup line These priorities and filters may be completely inappropriate for the protocol running on the primary line U
147. ure 6 11 Copy Filter Template Window 6 12 114081 Rev A 4 Applying Inbound Traffic Filters Enter a name for the new template in the box provided Remember that it is a good idea to give your template a name that reflects its contents Click on OK You are returned to the Filter Template Management window The name you just assigned to the new template appears in the Templates box Editing a Template After you create or copy a template you can edit it to apply the filters you want 1 2 3 Display the Filter Template Management window Figure 6 5 Select the template you want to edit from the scroll box Click on Edit The Edit Filter Template window appears As in the Create Filter Template window refer to Figure 6 9 you can add or delete filter criteria ranges and actions as described in Table 6 1 Click on OK when you are finished editing the template You return to the Filter Template Management window You can continue to create edit or delete templates using this window Click on Done to return to the Inbound Traffic Filters window refer to Figure 6 4 114081 Rev A 6 13 Configuring Traffic Filters and Protocol Prioritization Table 6 1 Using the Edit Filter Template Window Task Site Manager Instructions Notes Adda 1 Select Criteria gt Add then select the criterion to use to For any criterion you choose criterion filter packets you must specify
148. window to rearrange the precedence of existing filters 7 20 114081 Rev A Applying Outbound Traffic Filters To change the order of precedence 1 In the Priority Outbound Filters window see Figure 7 14 select the filter for which you want to change the precedence 2 Click on Reorder The Change Precedence window appears Figure 7 15 Change Precedence INSERT BEFORE INSERT AFTER Cancel OK Figure 7 15 Change Precedence Window 3 Click on either INSERT BEFORE or INSERT AFTER 4 Type a number in the Precedence Number box to indicate which filter you should insert the selected filter before or after For the example shown you place the selected filter Filter No 1 after Filter No 2 by typing 1 in the Precedence Number box 5 Click on OK You are returned to the Priority Outbound Filters window The filters are now shown in their new order of precedence Figure 7 16 Compare the order of filters in Figure 7 14 with the order in Figure 7 16 114081 Rev A 7 21 Configuring Traffic Filters and Protocol Prioritization Sa Prioritw utbound Filters DL 1 LoQ_SR_OaDSAP Bane DL 2 hiQ_SR_O1DSAP Apply Template Create Edit Reorder Delete Values Help Filter Enable IF Filter Name Figure 7 16 Example of Outbound Filter Order Change Enabling or Disabling an Outbound Filter You can disable and re enable outbound filters on ind
149. xC000 0000 2000 Byte 4 bit 2 0x030000000400 User defined 0xC000 0008 0000 to Byte 3 bits 0 4 0x0300001 00000 to 0xC000 4000 0000 Byte 2 bits 1 7 0x030002000000 Specifying VINES Address Ranges You can obtain a VINES server address from a sniffer trace or by converting the wfVinesIfEnry wfVinesIfAdr entry determined using the Technician Interface from the decimal value to hexadecimal Example If the address of a VINES server is a2482c 0001 enter the filter range as 0xa2482c0001 114081 Rev A 5 3 Configuring Traffic Filters and Protocol Prioritization Specifying Source and Destination SAP Code Ranges Table 5 3 lists some common SAP codes to use when specifying a range for Source or Destination SAP traffic filter criteria The SAP code consists of a 7 bit SAP address and a 1 bit Command Response field Table 5 3 SAP Codes Description SAP Code XID or TEST 00 01 Individual Sublayer Management 02 Group Sublayer Management 03 SNA 04 05 08 09 0C 0D IP 06 Proway Network Management 0E Novell and SDLC Link Servers 10 CLNP ISO OSI 20 34 EC BPDU 42 X 25 over 802 2 LLC2 7E XNS 80 Nestar 86 Active station list 8E ARP 98 SNAP AA Banyan VIP BC Novell IPX EO IBM NetBIOS FO LAN Network Manager F4 F5 Remote Program Load F8 IBM RPL FC ISO Network Layer FE LLC Broadcast FF The Command Response bit makes
Download Pdf Manuals
Related Search