Avaya Configuring Traffic Filters and Protocol Prioritization User's Manual
Contents
1. Physical Medium Ethernet 802 2 LLC LLC with SNAP Novell Ethernet 802 3 Yes Yes Yes Yes FDDI No Yes Yes No Synchronous interface Yes Yes Yes Yes Token Ring No Yes Yes No You filter inbound transparent bridge frames based on header fields within each of the four supported encapsulation methods Ethernet IEEE 802 2 logical link control LLC IEEE 802 2 LLC with Subnetwork Access Protocol SNAP header Novell Proprietary Each transparent bridge encapsulation method has specific predefined criteria for filtering frames Figure 3 1 illustrates the header content of each supported encapsulation method 3 2 Ethernet Header MAG MAC Length Destination Source Type 48 bit MAC destination address 48 bit MAC source address 16 bit length type is TYPE gt 1518 IEEE 802 2 LLC Header MAC MAC Length 48 bit MAC destination address 48 bit MAC source address 16 bit length type is LENGTH lt 1519 8 bit DSAP 8 bit SSAP 8 bit Control Inbound Traffic Filter Criteria and Actions IEEE 802 2 LLC with SNAP Encapsulation MAC MAC Length Org Ether petit a i DSAP SSAP Control Code type 48 bit MAC destination address 48 bit MAC source address 16 bit length type is LENGTH lt 1519 DSAP SSAP CTRL is OxAAAA03 24 bit Organizational Code 16 bit Ethertype Novell Proprietary Encapsulation MAC MAC Length 48 bit MAC destination address 48 bit MAC source address 162. italic text quotation marks screen text vertical line 1 About This Guide Indicates text that you need to enter and command names in text Example Use the dinfo command Indicate optional elements You can choose none one or all of the options Indicates variable values in command syntax descriptions new terms file and directory names and book titles Indicate the title of a chapter or section within a book Indicates data that appears on the screen Example set Bay Networks Trap Monitor Filters Indicates that you enter only one of the parts of the command The vertical line separates choices Do not type the vertical line when entering the command Example If the command syntax is show at routes nets you enter either show at routes or show at nets but not both Ordering Bay Networks Publications To purchase additional copies of this document or other Bay Networks publications order by part number from Bay Networks Press at the following numbers You may also request a free catalog of Bay Networks Press product publications Phone FAX U S Canada FAX International 1 800 845 9523 1 800 582 8000 1 916 939 1010 xix Configuring Traffic Filters and Protocol Prioritization Acronyms ANSI DLC DLSw DSAP IP IPX MAC OSI OSPF OSPF BGP PPP RIP SAP SDLC SMDS SNA SNAP SNMP SRB SSAP TCP TCP IP TFTP UDP VINES XB XNS American National Standar
3. Using Traffic Filters Using Filter Templates When you create traffic filters it is important to understand the difference between a traffic filter template and an actual traffic filter A traffic filter template is a reusable predefined specification for a traffic filter Each template contains a complete filter specification criterion ranges and action for one protocol but is not associated with a specific interface or circuit You create a traffic filter when you use the Configuration Manager to apply save a traffic filter template to a configured router interface You can apply a single template to as many interfaces as you want thus creating multiple filters for that protocol When you want to add a filter to an interface you have several options e If there is a template that contains the exact filtering instructions that you want for this interface apply that template to this interface e If there is a template that contains filtering instructions similar to what you want copy rename and edit the template Then apply the new template to the appropriate interface e If there is no template containing filtering instructions similar to what you want for this interface you must create a template from scratch Then apply the new template to the appropriate interface e If there is an existing filter on the interface that contains instructions similar to what you want edit the existing filter directly and save it
4. Creating a Template You create traffic filter templates using protocol specific windows within the Configuration Manager You can create as many as 500 traffic filter templates for each interface Note You can also edit or copy a template using a text editor The Configuration Manager stores all templates for all protocols in a file called template flt In the Unix filesystem the pathname is usr filters template fit Configuring Traffic Filters and Protocol Prioritization To create and use a filter template 1 Name the template It is a good idea to give each template a descriptive name For example if you are building a template that is going to instruct the interface to drop all DECnet Phase IV traffic with a Source Node value of 3 name it dec_Snode_3 Or if you are building a template that is going to instruct the interface to queue all LAT traffic to the high priority queue name the template something like LAT_high Select a protocol specific criterion range and action Select the criteria and address ranges for checking packets Then select the action to impose on packets that match the specified criteria and ranges Note Because you create filter templates on a per protocol basis you must become familiar with the specific criteria and actions used for filtering by each protocol before creating templates 3 4 Save the template file Apply the template to an interface to create a filter After you s
5. 3 Specify an offset and length from the reference field 4 Specify a range associated with the bit criterion described by the reference offset and length Figure 6 16 Name UD_bridge BRIDGE USER_DEFINED REF MAC OFFSET 160 bits LENGTH 32 bits et 0x0000a200001 seo Ox0000a200007 Figure 6 16 User Defined Criteria 5 Click on OK The procedures in this chapter for adding deleting and editing ranges for predefined criteria can be used for a user defined criterion as well 6 21 Configuring Traffic Filters and Protocol Prioritization Changing Filter Precedence You can assign as many as 31 inbound traffic filters per protocol to each router interface As you add filters to an interface the Configuration Manager numbers them chronologically rule 1 rule 2 rule 3 and so on The rule number determines the filter precedence lower rule numbers have higher precedence If a packet matches two filters the filter with the highest precedence lowest number applies For example if the first filter on the interface rule 1 accepts a packet and the second filter rule 2 drops the same packet filter 1 has precedence and the packet will be accepted Figure 6 17 shows how the Traffic Filters window displays the filters on an interface The first filter created has the highest precedence and the rule number 1 fp Bridge Filters OOS O 1 bridge drop01t003 Hane 2 bridge drop_all l Ap
6. Configuring Traffic Filters and Protocol Prioritization Customizing Templates There are two ways to change a filter template Copy the existing template rename it and then edit it This preserves the original template and creates an entirely new template with the same criteria and actions You can then modify the new version to suit your needs Edit the existing template If you do not want or need to preserve the original template you can edit it without first copying and renaming it Changing a template does not affect interfaces to which the template has already been applied To edit an existing template without preserving the original go to Editing a Template Copying a Template To duplicate an existing template 1 2 3 Display the Filter Template Management window refer to Figure 6 5 Select a template from the scroll box Click on Copy The Copy Filter Template window appears Figure 6 11 opy Filter Template Copy template drop01ito03 Kc SH Figure 6 11 Copy Filter Template Window 4 Enter a name for the new template in the box provided 6 12 Applying Inbound Traffic Filters Remember that it is a good idea to give your template a name that reflects its contents Click on OK You are returned to the Filter Template Management window The name you just assigned to the new template appears in the Templates box Editing a Template After you create or copy a template you
7. Editing Protocol Prioritization Parameters later in this chapter Bandwidth Allocation Algorithm The bandwidth allocation algorithm uses a configurable percentage of bandwidth for each of the three priority queues to determine how to transmit queued traffic The default configuration is e HighQ 70 of bandwidth e NormalQ 20 of bandwidth e LowQ 10 of bandwidth When the amount of traffic transmitted from a particular queue reaches the configured percentage the next priority queue begins to transmit traffic The amount of actual data transmitted depends on the clock speed of the circuit You can configure the clock speed on a synchronous interface by setting the External Clock Speed parameter in the Configuration Manager Edit Sync Parameters window Refer to Configuring Line Services The bandwidth allocation algorithm works as follows 1 The transmit queue scans the high priority queue If there is no traffic in the high priority queue the algorithm proceeds to Step 3 2 The router empties all packets from the high priority queue up to the configured bandwidth percentage into the transmit queue and transmits them The default bandwidth percentage for high priority traffic is 70 percent If the actual bandwidth use is less than the limit the router empties the high priority queue and proceeds to the normal priority queue 3 The transmit queue scans the normal priority queue 2 3 Configuring Traffi
8. about 1 8 components of 1 8 inbound Bridge 3 4 DECnet 3 13 DLSw 3 15 IP 3 7 IPX 3 10 LLC2 3 16 OSI 3 12 specifying 6 20 6 20 to 6 21 SRB 3 6 VINES 3 14 XNS 3 11 outbound 4 6 to 4 8 V VINES actions 3 14 criteria 3 13 to 3 14 ranges 3 14 W World Wide Web Bay Networks Home Page on xviii X XNS actions 3 11 criteria 3 10 to 3 11 Index 7
9. xvii MOPACT S a aa a A e N E A EA a a e a a A xviii World Wide E EE xviii How to Get Help EE xviii GONMVENTIONS eege deg ee NEEN ee xviii Ordering Bay Networks Publications c ccccsceeeeeeeeeeeeeeeeeeeeeaeeeceeeeeeeaeeeeeeeeetaeeeeeeeeess xix AGONY INNS ee Ses gece Pe eee eege tae bce ea he a avian ethos N he an a eaten a XX Chapier 1 Using Traffic Filters What Are Traffic Filters eecceecececeeeeeeeeeeeeeeaeeeeeeeeeceaeeeeeneeecaeeeseaaeeseaeeessaaeesseeeeesiaeeeenes 1 1 Inbound Traffic Eltere ENEE irni arisia eeeEEEA EENS EA E 1 2 Supported Protocols and Circuits cccccceeeeeeeeeeeeeeeeeeeeeeeseeeeeeeeeseeeeseaeessaees 1 2 Outbound Traffic Filters eceeeesceeeeeeeeeeeeeeceeeeeeaaeeeceeeeceaaeeeeeeeeseaaeesseaeeseeeeeeeaeeees 1 3 SUPPOKted CIrCUltS AAE E E a eds AE E A 1 3 Supported Protocols cccceceeeeeeceeneeeeeeeeeeeaeeeseeeeeceaeeeseaaeeseeeeesseaeesseeeeessaeeesenes 1 3 What Is Protocol Prioritization cceeeececeeeeeeeeeee eee eeeeeeeecaeeeeeaaeeseaeeeesaaeeseeeeeeseaaeseenes 1 4 Two Types of Site Manager Protocol Prioritization 0 cccceeceeeeeeeeeeeeeeeeeteeeeeeeeees 1 4 What Do Traffic Filters DO ecccceeeseeeeeeeeeeeeeeeeeeeceaeeeeeneeecaeeeseaaeeseaeeeeeaaaeseeeeeesnaaeeeenes 1 5 Ensure Consistent Service cccccccccesceeceeeeeeeaeeeeeneeecaeeseeaeeeseaeeeseaaeeeseeeesaeeneanes 1 5 Reduce Network Congestion ccccccceeseeeeeeeeeeceeeeeeeeecaeeeeeaee
10. 0 to 4608 bytes Function Defines a packet length measurement to which each packet is compared An action is imposed on every packet depending on whether it is less than equal to or greater than the value you set for this parameter This action also depends on the values of the Less Than or Equal Queue and the Greater Than Queue parameters Instructions Accept a packet length value in bytes MIB Object ID 1 3 6 1 4 1 18 3 5 1 4 4 1 7 7 10 Parameter Default Options Function Instructions MIB Object ID Parameter Default Options Function Instructions MIB Object ID 2 Applying Outbound Traffic Filters Less Than or Equal Queue Normal High Low Normal Specifies which queue a packet is placed in if its packet length is less than or equal to the value of the Packet Length parameter For example if Packet Length is set to 1024 bytes any packet that is 1024 bytes or smaller is placed in the queue you choose for this parameter Accept the default Normal or select either Low or High 1 3 6 1 4 1 18 3 5 1 4 4 1 8 Greater Than Queue Low High Low Normal Specifies which queue a packet is placed in if its packet length is greater than the value of the Packet Length parameter For example if Packet Length is set to 1024 bytes any packet that is 1025 bytes or larger is placed in the queue you choose for this parameter Accept the default Low or select either Normal or High 1 3 6 1
11. 3 To confirm click on Delete in the Delete Criteria window additional criteria Adda 1 Select the criterion in the Filter Information box Ranges are listed beneath a range 2 Click on Add criteria in the Filter information 3 Use the Range Min and Max boxes to specify low and high scroll box values for the range You can add up to 100 ranges for each filter criterion Modify a 1 Select the range to modify in the Filter Information box When entering range values range 2 Click on Modify you must use the prefix Ox to 3 Use the Range Min and Max boxes to specify new low and specify a hexadecimal number high values for the range Delete a 1 Select the range to delete in the Filter Information scroll box You must have at least one range 2 Click on Delete range specified for each 3 To confirm click on Delete in the Delete Range window criterion Ac an 1 Select Action Add in the Edit Filters window then select With the exception of the Log Action the action to impose on packets that match any of the action each filter template has template s ranges of filtering criteria only one action You can select 2 When you are finished adding actions to your template click Log in combination with any on OK other action Create new templates for additional actions Delete 1 In the Filter Information scroll box select the action you There must be one at least an Action want to remove action specified for a f
12. 4 1 18 3 5 1 4 4 1 9 Click on OK The Create Priority Outbound Template window appears showing the newly selected criteria range and action in the Filter Information scroll box refer to Figure 7 7 Configuring Traffic Filters and Protocol Prioritization Customizing Templates There are two ways to change a filter template Copy the existing template rename it and then edit it This preserves the original template and creates an entirely new template with the same criteria and actions You can then modify the new version to suit your needs Edit the existing template If you do not want or need to preserve the original template you can edit it without first copying and renaming it Changing a template does not affect interfaces to which the template has already been applied To edit an existing template without preserving the original go to Editing a Template Note You can also edit or copy a template using a text editor The Configuration Manager stores all templates in a file called template fit Copying a Template To duplicate an existing template 1 2 3 Display the Filter Template Management window refer to Figure 7 3 Select a template from the scroll box Click on Copy The Copy Filter Template window appears Figure 7 9 7 12 Applying Outbound Traffic Filters opy Filter Template Copy template drop01to03 Sg PS Figure 7 9 Copy Filter Template Window 4 Enter
13. EEA 2 8 Monitoring Statisties heie eienenn traa ean aa e aE r aa ar enana AE 2 8 Percent of Bandwidth eesececeeeeeseee eee eeseceeeeeesseceeeeeeseceeeeeesseeeseeseseeeeeeeseeceneeeees 2 9 Queue Depth menen eege ees EE a dane eae Bat 2 9 SEN noiai titie he tedepie al devveutaededeubiss E DEER 2 12 Enabling Protocol Prioritization 20 2 eeecseeeeeeeeneeeeeeenaeee eee eaeeeeeeeeaeeeeeeeaaeeeeeenaeeeeeee 2 13 Editing Protocol Prioritization Parameters 0 cccceeeceeeeeeeeneeeeeeeeeaeeeeeeeaeeeeeeeeaeeeeeee 2 15 Priority Interface Parameter Descriptions 2 18 Chapter 3 Inbound Traffic Filter Criteria and Actions Predefined and User Defined Criteria 3 1 Transparent Bridge Criteria and Actions 0 ceccceeceeeeeeeneeeeeeeeeeeeeeeteeeeesaaeeseeeeeesaeeeenes 3 2 Predefined Transparent Bridge Criteria ccccccceececeeceeeeeeeeeeceeeeeeeaeeseeeeeetaeeetenes 3 3 vi User Defined Transparent Bridge Criteria ecccccccceeceeeeeeeeeeeeeeeeeeseaeeeeeeeeestaeeesenes 3 4 Transparent Bridge ACtIONS A 3 4 Source Routing Bridge Criteria and Actions cccccccseeeeeeeeeeeeeeeeeeeeeeaeeteeeeeetsaeeeseneees 3 5 Predefined Source Routing Criteria ccceecccecceeeceeeeeeceneeeeeeeeeseeeeesaeeseeeeeeetaeeesenes 3 5 Specifying a SRB Criterion Range cccceceeeeeeeeeeeeeeeeeeeeseaeeeseaeeeseeeeeeaeeeeaees 3 6 User Defined Source Routing Criteria cccccceeceseeeeeeeeeeeeeeeceaeeeeeseeeseeeesea
14. High Water Packets Clear parameter 2 20 HiWater packets mark 2 8 how it works 2 2 latency 2 12 Less Than or Equal Queue parameter 7 11 Low Queue Percent Bandwidth parameter 2 22 Low Queue Size parameter 2 19 Max High Queue Latency parameter 2 20 Normal Queue Percent Bandwidth parameter 2 22 Normal Queue Size parameter 2 19 outbound traffic filters 7 1 Packet Length parameter 7 10 Prioritization Algorithm Type parameter 2 21 protocols supported 2 1 queue depth 2 9 tuning 2 12 usefulness of 1 4 Q queue depth 2 9 queues priority High Normal Low 2 1 R ranges inbound traffic filter changing 6 14 6 19 defined 3 1 deleting 6 14 6 19 outbound traffic filter changing 7 15 7 18 7 20 defined 4 1 deleting 7 15 7 20 specifying NetBIOS Name 3 6 SRB 3 6 VINES 3 14 reference points Data Link header 4 6 IP header 4 8 RIP traffic prioritizing A 10 S SNA traffic example A 10 source routing actions 3 6 criteria 3 5 to 3 6 ranges 3 6 Spanning Tree traffic prioritizing A 11 strict dequeuing algorithm 2 6 synchronous pass through traffic prioritizing A 11 Index 5 T TCP Port criteria 5 6 Telnet traffic prioritizing A 11 templates about 1 13 to 1 14 templates inbound traffic filter applying to an interface 6 15 copying 6 12 creating 6 5 deleting criteria 6 14 6 19 deleting ranges 6 14 6 19 editing 6 12 naming 6 7 renaming 6 12 templates ou
15. Outbound Filter After you apply a filter to an interface you can edit its criterion ranges and actions However if you used a template edited to suit your needs to create the filter you probably don t need to make further edits To customize an outbound traffic filter 1 2 3 Display the Priority Outbound Filters window refer to Figure 7 11 In the scroll box select the name of the filter you want to edit Click on Edit The Edit Priority Outbound Filters window appears Figure 7 13 Use the Edit Priority Outbound Filters window to add change or delete filter criteria ranges and actions as described in Table 7 2 When you are finished editing the filter select File gt Save to exit The new filter information appears in the Filter Information scroll box in the Edit Priority Outbound Filters window 7 18 Applying Outbound Traffic Filters Figure 7 13 Edit Priority Outbound Filters Window 7 19 Configuring Traffic Filters and Protocol Prioritization Table 7 2 Using the Edit Priority Outbound Filters Window Task Site Manager Instructions Notes Adda 1 If the filter already has a criterion delete that criterion For any criterion you choose criterion 2 Select Criteria gt Datalink or IP gt Add gt lt protocol header gt gt you must specify at least one lt filter criterion gt range Each template can have 3 Add a range in the Add Range window only one criterion
16. Refer to Configuring Bridging Services for information about explorer and routed frames Predefined Source Routing Criteria Table 3 2 lists the predefined filtering fields for Source Routing filters and the reference field offset and length value for each criterion Table 3 3 Predefined Criteria for Source Routing Bridge Criterion Name Reference Field Offset bits Length bits Next Ring NEXT_RING 0 12 Destination MAC Address HEADER_START 0 48 Source MAC Address HEADER_START 48 48 DSAP DATA_LINK 0 8 SSAP DATA_LINK 8 8 Destination NetBIOS Name DATA_LINK 120 120 Source NetBIOS Name DATA_LINK 248 120 3 5 Configuring Traffic Filters and Protocol Prioritization Specifying a SRB Criterion Range If you create a filter that includes a Source or Destination NetBIOS Name Source Routing protocol you enter the NetBIOS name as the ASCII equivalent of the first 15 characters of the name If the name has fewer than 15 characters use ASCII spaces 0x20 to pad the name to 15 characters Refer to Chapter 5 for information about entering SAP and MAC address criteria User Defined Source Routing Criteria In addition to the predefined filter criteria you can create SRB traffic filters with user defined criteria by specifying an offset and length to these reference fields in the source routing header Reference Field Description NEXT_RING Points to the first byte of the
17. TCP Frame gt TCP stop remote users Destination Port Refer to Table 5 6 in from establishing a Chapter 5 for a list Telnet session with of common TCP the router itself To destination port do that set up a codes drop filter on the synchronous port with the same criterion or create outbound filters on the remote links Configure a CriteriaaAdd IP Client addresses Action gt Add gt This strategy works subset of Source Address Accept only if the allowed Telnet Use dotted decimal destination IP TFTP and FTP format address is one of users the router s interfaces and if the protocol or well known port is Telnet TFTP or FTP Configure a Criteria gt Add gt UDP MAC addresses of Action gt Add gt Drop router to drop Frame gt UDP BOOTP clients BOOTP requests from particular clients Destination Port Configuring Traffic Filters and Protocol Prioritization Examples with User defined Criteria Setting up user defined criteria is similar to setting up predefined criteria except you specify the criterion s location within the packet Refer to Chapter 3 for the supported protocol header reference points you can use to specify user defined traffic filter criteria The following summarizes your steps for creating an inbound traffic filter with a user defined criterion Chapter 6 provides detailed information To specify user defined criteria 1 2 8 9 Display the Traffic Filters window for your selected c
18. Table 5 4 Frame Relay NLPID Values Description NLPID 0x IP ce OSI 81 82 83 SNAP 80 Table 5 5 lists some Data Link layer Protocol ID values you can use when Specifying PPP Protocol ID Range Values specifying PPP over IP traffic filter criteria Refer to RFC 1700 for a complete list Table 5 5 PPP Protocol ID Values Description Protocol ID 0x IP 0021 OSI 0023 Stream Protocol ST2 0033 5 5 Configuring Traffic Filters and Protocol Prioritization Specifying TCP and UDP Port Range Values Table 5 6 lists some common TCP port ranges you can use when specifying TCP over IP traffic filter criteria Table 5 7 lists common UDP port values Table 5 6 Source and Destination TCP Port Values Description TCP Port FTP 20 21 Telnet 23 SMTP 25 DNS 53 Gopher 70 World Wide Web http 80 84 DLSw Read Port 2065 DLSw Write Port 2067 Table 5 7 Source and Destination UDP Port Values Description UDP Port DNS 53 TFTP 69 SNMP 161 SNMPTRAP 162 5 6 Specifying Common Criterion Ranges Specifying Ethernet Type Range Values Table 5 8 lists some common Ethernet Type codes to use when specifying Ethertype criteria ranges Refer to RFC 1700 for a complete and current list Table 5 8 Ethernet Type Codes Description Ethe
19. Templates ccceceeeeeceeeeeeeee cece eeeeeeeseeeeeeeeaeeseeeeesaaeseeeeeesiaeeneeeees 6 12 Copying a Template A 6 12 viii Ste Ge 6 13 Creating an Inbound Eiter 6 15 Editing an Inbound Filter AA 6 17 Specifying User Defined Criteria 0 ceecececesceeeceeeeeeneeeeeeeeeeaaeeeeeeeesaaeeseeeeeeseaeeeseneeeeaas 6 20 Changing Filter Precedence ceccceceeseceeeeeeceeeeeeeeeeecaeeeeeaaeeeeeeeesaaeeeeeeeeetiaeeeseaeeeeeas 6 22 Enabling or Disabling an Inbound Filter A 6 24 Deleting an Inbound Elter cece eee cece cece eee eee ee eaaaeeeeeeeaaeeeeeeetaaeeeeeeeaaaeeeeeenaeeeeeee 6 26 Chapter 7 Applying Outbound Traffic Filters Working with Outbound Traffic Filters ccccceecceeecseeeeeeeeeeeneeeeeeaeeseeeeesaeeseeeeeesnaeeseenes 7 1 Displaying the Priority Outbound Filters Window ccccccesseeeeeeeeeeeeeeeeeeeetsaeeeeeneeeeaes 7 2 Preparing Filter Templates sossen veceri eeraa iinei ieaiaia EA na Ei 7 4 Creating a New Template 0 eecceeceeeeeeneeeeeee eee aaeeeceeeeceaaeeeeeeeeseaaeeeseaeesecaeeseeaeeeees 7 5 Specifying Prioritization Length ceeeececeeeeeeeeeeeeeeeeeeeeeeeaeeeseneeeseaeeeeeeeeeaas 7 10 Customizing Templates eeen e aene Eege AER aa aa aeea ete need 7 12 Copying a Template ccceeccceceeeceeeeeeeeeeeeeaeeseneeeesaaeeeeeeeeecsaeeeseneeessaeeeteeeeseas 7 12 Editing a Template sarni oiri a tiraa ede CEE atte EAKATE A EN E E E 7 13 Creating an Outbound Filter daara a ereraa a a
20. a name for the new template in the box provided Remember that it is a good idea to give your template a name that reflects its contents 5 Click on OK You are returned to the Filter Template Management window The name you just assigned to the new template appears in the Templates box Editing a Template After you create or copy a template you can edit it to apply the filters you want 1 Display the Filter Template Management window 2 Select the template you want to edit from the scroll box 3 Click on Edit The Edit Priority Outbound Template window window appears Figure 7 10 7 13 Configuring Traffic Filters and Protocol Prioritization Figure 7 10 Edit Priority Outbound Template Window You can add or delete filter criteria ranges and actions in the Edit Priority Outbound Template window as described in Table 7 1 7 14 Applying Outbound Traffic Filters Table 7 1 Using the Edit Priority Outbound Filter Template Window Task Site Manager Instructions Notes Adda 1 Select CriteriaAdd then select the criterion to use to filter For any criterion you choose criterion packets you must specify at least one 2 Add a range in the Add Range window range Each template can have only one criterion Delete a 1 Select the criterion to delete in the Filter Information scroll Each filter template has only criterion box one criterion 2 Click on Delete Create new templates for
21. amended from time to time shall apply for interoperability purposes Licensee must notify Bay Networks in writing of any such intended examination of the Software and Bay Networks may provide review and assistance Notwithstanding any foregoing terms to the contrary if licensee licenses the Bay Networks product Site Manager licensee may duplicate and install the Site Manager product as specified in the Documentation This right is granted solely as necessary for use of Site Manager on hardware installed with licensee s network This license will automatically terminate upon improper handling of Software such as by disclosure or Bay Networks may terminate this license by written notice to licensee if licensee fails to comply with any of the material provisions of this license and fails to cure such failure within thirty 30 days after the receipt of written notice from Bay Networks Upon termination of this license licensee shall discontinue all use of the Software and return the Software and Documentation including all copies to Bay Networks Licensee s obligations under this license shall survive expiration or termination of this license Bay Networks Inc 4401 Great America Parkway Santa Clara CA 95054 8 Federal Street Billerica MA 01821 Contents About This Guide Allee XV BeTOre YOU BOIN EE Xvi Bay Networks Customer Support ccceceeeeeeeeceeeeeeeeee seas eeeeaeeseceeeeeaaeseceeeeesaeeeeneeeess xvi eu
22. filter change the value in the Filter Enable parameter box from Disabled to Enabled 5 Click on OK You return to the Traffic Filters window 6 Click on Apply to save this change 6 25 Configuring Traffic Filters and Protocol Prioritization Deleting an Inbound Filter When you delete a filter it affects only the interface from which the filter is removed To delete a filter from an interface 1 Display the Traffic Filters window see Figure 6 20 2 Select the filter that you want to delete in the cscroll box Caution There is no confirmation of a filter deletion be sure to select a filter you are certain you want to delete 3 Click on Delete The filter no longer appears in the scroll box of the Filters window 4 Click on Apply to save this change 6 26 Chapter 7 Applying Outbound Traffic Filters This chapter shows how to use the Configuration Manager to configure outbound traffic filters To apply inbound traffic filters refer to Chapter 6 When you configure an outbound traffic filter you specify a set of conditions and an action that apply to a particular protocol running over a specific circuit or interface You implement protocol prioritization by applying an outbound filter that includes a queue action these are sometimes called priority filters For instructions on how to edit edit the protocol prioritization parameters refer to Chapter 2 Note To complete the steps in this chapter you mu
23. information 3 Use the Range Min and Max boxes to specify low and high scroll box values for the range You can add up to 100 ranges for each filter criterion Modify a 1 Select the range to modify in the Filter Information box When entering range values range 2 Click on Modify you must use the prefix Ox to 3 Use the Range Min and Max boxes to specify new low and specify a hexadecimal number high values for the range Delete a 1 Select the range to delete in the Filter Information scroll box You must have at least one range 2 Click on Delete range specified for each 3 To confirm click on Delete in the Delete Range window criterion Add an 1 Select Action gt Add in the Edit Filters window then select With the exception of the Log Action the action to impose on packets that match any of the action each filter template has template s ranges of filtering criteria only one action You can select 2 When you are finished adding actions to your template click Log in combination with any on OK other action Create new templates for additional actions Delete 1 In the Filter Information scroll box select the action you There must be one at least an Action want to remove action specified for a filter 2 Click on Delete template 3 To confirm click on Delete in the Delete Action window 6 14 Applying Inbound Traffic Filters Creating an Inbound Filter To create an inbound traffic filter 1 Displ
24. technical and product documents designed to help you manage and troubleshoot your Bay Networks products The system can return a fax copy to the caller or to a third party within minutes of being accessed World Wide Web The World Wide Web WWW is a global information system for file distribution and online document viewing via the Internet You need a direct connection to the Internet and a Web Browser such as Mosaic or Netscape Bay Networks maintains a WWW Home Page that you can access at http www baynetworks com One of the menu items on the Home Page is the Customer Support Web Server which offers technical documents software agents and an E mail capability for communicating with our technical support engineers How to Get Help For additional information or advice contact the Bay Networks Technical Response Center in your area United States Valbonne France Sydney Australia Tokyo Japan Conventions angle brackets lt gt arrow character gt 1 800 2LAN WAN 33 92 966 968 61 2 903 5800 81 3 328 005 Indicate that you choose the text to enter based on the description inside the brackets Do not type the brackets when entering the command Example if command syntax is ping lt ip_address gt you enter ping 192 32 10 12 Separates menu and option names in instructions Example Protocols gt AppleTalk identifies the AppleTalk option in the Protocols menu xviii bold text brackets
25. that any frame that matches the filter will be sent to the circuits that you specify 3 15 Configuring Traffic Filters and Protocol Prioritization LLC2 Criteria and Actions You can filter inbound LLC2 traffic based on specified bit patterns contained within the LLC2 header Adding an IBM protocol to a circuit automatically adds Logical Link Control 2 LLC2 LLC2 traffic filters apply to LLC2 routed over Frame Relay also known as native SNA over Frame Relay and to any protocol running over LLC2 including APPN and LAN Network Manager LNM Predefined LLC2 Criteria Table 3 2 lists the predefined filtering fields for DLSw inbound traffic filters and the reference field offset and length value for each criterion Table 3 11 Predefined Criteria for LLC2 Inbound Traffic Filters Criterion Name Reference Field Offset Length Destination MAC Address LLC2_DEST_MAC 0 48 Source MAC Address LLC2_SOURCE_MAC 48 48 DSAP LLC2_DSAP 0 SSAP LLC2_SSAP 8 User Defined LLC2 Criteria You can create traffic filters with user defined criteria by specifying an offset and length to these reference fields in the LLC2 header Reference Field Description LLC2_DEST_MAC Points to the first byte of the Destination MAC address LLC2_DSAP Points to the first byte of the Destination SAP LLC2 Actions The LLC2 filtering actions are Accept Drop and Log 3 16 Chapter 4 Outbound Traffic Filter C
26. the headers of supported protocols You can apply as many as 31 traffic filters to a single interface The order of filters determines the final filtering result The Configuration Manager supports two types of traffic filters e Inbound traffic filters which act on packets coming in to the router e Outbound traffic filters which act on packets that the router is forwarding Note Be careful not to confuse traffic filters with other router filters such as route filters which force filtered routed protocol traffic to take particular routes Configuring Traffic Filters and Protocol Prioritization Inbound Traffic Filters Inbound traffic filters act on packets coming in a router circuit interface When you configure inbound filters you specify a set of conditions that apply to a particular protocol s traffic Most sites use inbound traffic filters primarily for security to restrict access to particular source locations on a network or to certain types of data Supported Protocols and Circuits The Configuration Manager supports inbound traffic filters for the following protocols running on any serial Ethernet FDDI or Token Ring interface e Bridge four encapsulation methods Ethernet 802 2 LLC 802 2 LLC with SNAP and Novell Proprietary e Native Source Routing e IP e IPX e ANS e OSI e DECnet Phase IV e VINES e DLSw e LLC2 APPN and LNM Chapter 3 provides protocol specific information for designing inb
27. when creating user defined criteria Predefined Criteria For bridge traffic predefined criteria are part of the Data Link Control DLC header For routed traffic a predefined criterion can be part of the DLC header or part of an upper level network protocol header Table 1 2 summarizes the predefined inbound traffic filter criteria for supported protocols Table 1 2 summarizes the predefined outbound traffic filter criteria 1 8 Using Traffic Filters Table 1 1 Summary of Predefined Inbound Traffic Filter Criteria Protocol Predefined Inbound Filter Criteria Bridge MAC Address Source or Destination Four Data Link encapsulation methods Ethernet 802 2 LLC Novell Proprietary 802 2 LLC with SNAP Novell 802 2 Length 802 2 DSAP 802 2 SSAP 802 2 Control 802 2 SNAP Length 802 2 SNAP Protocol ID 802 2 SNAP Ethernet Type Native Source Route Bridge IP encapsulated SRB not supported MAC Address Source or Destination DSAP SSAP NetBIOS Name Source or Destination IP Type of Service Protocol Type IP Address Source or Destination UDP port Source or Destination TCP port Source or Destination IPX Network Source or Destination IPX Address Source or Destination Socket Source or Destination XNS Network Source or Destination Host Address Source or Destination Socket Source or Destination OSI OSI Area Source or Destination System ID Source or Des
28. 0080 Byte 5 bit 0 0x030000000001 Bridge 0xC000 0000 0100 Byte 4 bit 7 0x030000008000 LAN Manager 0xC000 0000 2000 Byte 4 bit 2 0x030000000400 User defined 0xC000 0008 0000 to Byte 3 bits 0 4 0x030000100000 to 0xC000 4000 0000 Byte 2 bits 1 7 0x030002000000 5 3 Configuring Traffic Filters and Protocol Prioritization Specifying Source and Destination SAP Code Ranges Table 5 3 lists some common SAP codes to use when specifying a range for Source or Destination SAP traffic filter criteria Table 5 3 SAP Codes Description SAP Code XID or TEST 00 01 Individual Sublayer Management 02 Group Sublayer Management 03 SNA 04 08 0C IP 06 Proway Network Management OE Novell and SDLC Link Servers 10 CLNP ISO OSI 20 34 EC BPDU 42 X 25 over 802 2 LLC2 7E XNS 80 Nestar 86 Active station list 8E ARP 98 SNAP Subnet Access Protocol AA Banyan VIP BC Novell IPX E0 IBM NetBIOS FO LAN Network Manager F4 F5 Remote Program Load F8 IBM RPL FC ISO Network Layer FE LLC Broadcast FF j Specify the two byte range 00 01 The Command Response bit makes the 0x00 byte look like 0x01 5 4 Table 5 4 lists several Frame Relay network layer protocol ID NLPID values you can use when specifying Frame Relay over IP traffic filter criteria Specifying Common Criterion Ranges Specifying Frame Relay NLPID Range Values
29. 1 scanning and emptying traffic from the high priority queue If latency is not reached the algorithm proceeds to Step 7 The transmit queue scans the low priority queue If there is no traffic in the low priority queue the algorithm starts again at Step 1 The router empties all packets from the low priority queue up to the latency value into the transmit queue and then transmits them The algorithm starts again at Step 1 whether or not latency is reached Figure 2 3 illustrates the strict dequeuing algorithm 2 6 Using Circuit level Protocol Prioritization Scan high priority queue Was the maximumtransmi queue size reached there packets in the high priority queue Transmitall packets Was latency reached Transmitall Was packets up to latency bytes there packets in the normal priority queue latency reached Transmitall packets up to latency bytes there packets in the low priority queue Figure 2 3 Strict Dequeuing Algorithm 2 7 Configuring Traffic Filters and Protocol Prioritization Tuning Protocol Prioritization Protocol prioritization defaults are designed to work well for most configurations However you can customize protocol prioritization parameters to maximize its impact in your network To set protocol prioritization tuning parameters use the Edit Protocol Priority Interface window Refer to Editing Protoco
30. 7 Priority Queue Statistics for the Queue Depth Example ssassn 2 11 Reconfigured Priority Queue Statistics for the Queue Depth Example 2 11 Circuit Definition WiINdOW cccccceceeeeeeeececeeeeeeeeceaeeeeeaeeseeaeeeeeaeeeeaees 2 13 Selecting Protocol Priority from the Select Protocols List 0 2 14 Selecting the Edit Protocol Priority Interface Window esseeeeeeeenn 2 15 Edit Protocol Priority Interface Window First Screen esee 2 16 Edit Protocol Priority Interface Window Scrolled Screen 008 2 17 Headers of Encapsulation Methods Supported by Transparent Bridge Filters A 3 3 Predefined Data Link Outbound Filter Criteria cccccesseeeeeeeeeeeeeeeees 4 3 Predefined IP Outbound Filter Criteria ccceeceeeeceeeeeeeseeeeeteeeeeseeeesees 4 5 Data Link Reference Points in a Source Routing Packet Bridged over Bay Networks Proprietary Frame Relay 4 7 Data Link Reference Points in an IEEE 802 2 LLC Header n a0see0n 4 7 IP Reference Points in a PPP Packet with IP Encapsulated SOUFCE ROULNG DEE 4 8 Circuit List WiNdOW c cccceeeeeceeeeeeeeeeeeeeeeeceaeeeeeaaeeceaeeeseaaeeseeeeeesaeeeseneees 6 2 Selecting the Inbound Traffic Filters Menu Bridge Example 6 3 Selecting the DLSw Inbound Traffic Filters Window s is 6 4 Inbound Traffic Filters Window AA 6 5 Filter Template Management Wmmdow sssssssssssssesssesirrssssrrrssrrrnnsrrrrnsssrrnns 6 6 Cre
31. Circuit The Circuit Definition window appears with the circuit you selected highlighted Figure 2 6 Circuit Definition Configuration Mode local SNMP Agent LOCAL FILE Protocols Slot Lines M XCVR4 M XCYR3 IT XCVR2 F XCVR1 M COM1 C COM2 M COM3 M COM4 M CONSOLE Figure 2 6 Circuit Definition Window 2 13 Configuring Traffic Filters and Protocol Prioritization 3 Look for Protocol Priority in the Protocols scroll box If Protocol Priority appears in the Circuit Definition Protocols box as shown in Figure 2 6 protocol prioritization is already enabled for this interface When you select some WAN protocols Site Manager automatically enables protocol prioritization 4 If Protocol Priority does not appear in the Protocols scroll box select Protocols gt Add Delete The Select Protocols window appears Figure 2 7 Select Protocols I RIPCXNS AppleTalk O Source Routing SR Span Tree I Translate LB E Protocol Priority OSI Figure 2 7 Selecting Protocol Priority from the Select Protocols List 5 Scroll down the list of protocols to select Protocol Priority 6 Click on OK The Circuit Definition window reappears refer to Figure 2 6 From the Circuit Definition window you can e Customize parameters as described in the next section Configure an outbound traffic filter with a priority queue action as described in Chapter 7 2 14 Using Circu
32. Configuring Traffic Filters and Protocol Prioritization Router Software Version 10 0 Site Manager Software Version 4 0 Part No 112927 Rev A January 1996 a Bay Networks Gs Bay Networks 4401 Great America Parkway 8 Federal Street Santa Clara CA 95054 Billerica MA 01821 Copyright 1988 1996 Bay Networks Inc All rights reserved Printed in the USA January 1996 The information in this document is subject to change without notice The statements configurations technical data and recommendations in this document are believed to be accurate and reliable but are presented without express or implied warranty Users must take full responsibility for their applications of any products specified in this document The information in this document is proprietary to Bay Networks Inc The software described in this document is furnished under a license agreement and may only be used in accordance with the terms of that license A summary of the Software License is included in this document Restricted Rights Legend Use duplication or disclosure by the United States Government is subject to restrictions as set forth in subparagraph c 1 Gi of the Rights in Technical Data and Computer Software clause at DFARS 252 227 7013 Notice for All Other Executive Agencies Notwithstanding any other license agreement that may pertain to or accompany the delivery of this computer software the rights of the United States Government re
33. Defined Criteria To create a filter with a user defined criterion you specify the offset and length to a supported reference point in the protocol s header This section lists the Data Link and IP reference points for specifying user defined outbound traffic filter criteria Data Link Reference Points Table 4 3 defines the Data Link reference points Figures 4 3 and 4 4 show examples of where those reference points are located in a packet Table 4 3 Data Link Reference Points Reference Point Definition MAC DATA_LINK Points to the high order byte of the destination address Points to the first byte after the length type criteria DL_HEADER_START Points to the beginning of the header beginning of the packet for PPP and Frame Relay DL_HEADER_END Points to the first byte after DLCI in Frame Relay and the first byte after the protocol ID in PPP DL_FR_MPE Points to NLPID Frame Relay only DL_SR_START Points to the beginning of the source routing packet which is the high order byte of the destination address DL_SR_DATA_LINK Points to the first byte after the RIF field 4 6 Outbound Traffic Filter Criteria and Actions DL_HEADER_START MAC DATA_LINK it HEADER_END DL_FR_MPE DLCI OX03 po 00 80 00 80 C2 00 07 pafenucnors DSAP SSAP DL_SR_START DL_SR_DATA_LINK 00 00 A2 8101 DSAP SSAP Figure 4 3 Data Link Reference Points in a Source Rou
34. Delete a 1 Select the criterion to delete in the Filter Information scroll Each filter template has only criterion box one criterion 2 Click on Delete Create new templates for 3 To confirm click on Delete in the Delete Criteria window additional criteria Adda 1 Select the criterion in the Filter Information box You can add up to 100 ranges range 2 Click on Add for each filter criterion 3 Use the Range Min and Max boxes to specify low and high Use the prefix 0x to specify a values for the range hexadecimal number Modify a 1 Select the range to modify in the Filter Information box To specity a range ol just pns value specify that value in the rangs 2 Click on Modify Minimum value box Zero is not 3 Use the Range Min and Max boxes to specify new low and 3 s a valid entry for minimum or high values for the range maximum value Delete a 1 Select the range to delete in the Filter Information scroll box You must have at least one range 2 Click on Delete range specified for each 3 To confirm click on Delete in the Delete Range window criterion Add an 1 lf the filter already has an action delete that action With the exception of the Log Action 2 Select Action gt Add in the Edit Filters window then select action each filter template has the action to impose on packets that match any of the only one action You can select template s ranges of filtering criteria Log in combination with any 3 When you are fi
35. For more information about using queue depths to tune protocol prioritization in your network refer to Tuning Protocol Prioritization earlier in this chapter Enter any new integer value for this parameter to clear the existing high water marks for the priority queues 1 3 6 1 4 1 18 3 5 1 4 1 1 19 2 20 Parameter Default Options Function Instructions MIB Object ID Parameter Default Range Function Instructions MIB Object ID Using Circuit level Protocol Prioritization Prioritization Algorithm Type BANDWIDTH ALLOCATION BANDWIDTH ALLOCATION STRICT Selects the dequeuing algorithm that protocol prioritization uses to drain priority queues and transmit traffic With strict dequeuing the router always transmits traffic in the high priority queue before traffic in the other queues With bandwidth allocation dequeuing the router transmits traffic in a queue until the utilization percentage for that queue is reached and then the router transmits traffic in the next lower priority queue You configure the percentages for bandwidth allocation by setting the Hiqh Queue Normal Queue and Low Queue Percent Bandwidth parameters Accept the default of BANDWIDTH ALLOCATION or select STRICT 1 3 6 1 4 1 18 3 5 1 4 1 1 24 High Queue Percent Bandwidth 70 0 to 100 percent If you select the bandwidth allocation dequeuing algorithm this parameter specifies the percentage of the synchronous line s
36. Hop Is Unreachable If you specify 255 255 255 255 as the Next Hop then any frame that matches this filter will be forwarded normally Drop If Next Hop Is Unreachable This action is valid only when Forward to Next Hop is in use Specifies that if the next hop address specified is unreachable the frame is dropped Forward to IP Address Specifies that any frame that matches the filter will be forwarded to a single address in a list of specified IP addresses The destination address of the original packet changes to the specified IP address Forward to Next Hop Interfaces Specifies that any frame that matches the filter will be duplicated and forwarded to a group of next hop interfaces based on a list of IP addresses you specify If none of the next hop interfaces is up any packets matching the filter will be forwarded to the default destination for the packet destination address unless you also specify Drop If Next Hop Is Unreachable 3 8 Inbound Traffic Filter Criteria and Actions e Forward to First Up Next Hop Interface Ensures traffic forwarding by specifying that any frame that matches the filter will be forwarded to a specified next hop router or network connected to the router If the specified hop is not reachable the filter tries all addresses on the next hop interfaces list using ARP Address Resolution Protocol messages If none of the next hop interfaces is reachable any packets matching the filter will be forw
37. Next Ring field HEADER_START Points to the first byte of the Destination MAC address DATA_LINK Points to the first byte of the DATA_LINK reference field Source Routing Actions In addition to the Accept Drop and Log actions common to all protocols Source Routing supports two additional actions e Direct IP Explorers Specifies that any explorer frame that matches the filter will be sent to some number of IP addresses You are required to specify these IP addresses For this action to work IP encapsulation must be configured on the filter s interface If IP encapsulation is not configured and a frame matches the filter the frame will be flooded as if no filter existed e Forward to Circuits Specifies that any frame that matches the filter will be forwarded to certain circuits that you specify 3 6 Inbound Traffic Filter Criteria and Actions Note The circuit names you enter in the Forward to Circuit list are case sensitive For example if the circuit name is E21 but you enter it as e21 the filter will not be saved IP Criteria and Actions You filter inbound IP traffic based on specified bit patterns contained within the IP header or the header of the upper level protocol TCP or UDP for example conveyed within the IP datagram Predefined IP Criteria Table 3 2 lists the predefined filtering fields for IP filters and the reference field offset and length value for each criterion Table 3 4 Prede
38. S inbound traffic filters based on specified bit patterns contained within the XNS header Predefined XNS Criteria Table 3 2 lists the predefined filtering fields for XNS filters and the reference field offset and length value for each criterion Table 3 6 Predefined Criteria for XNS Inbound Traffic Filters Criterion Name Reference Field Offset Length Destination Network XNS_BASE 48 32 Destination Address XNS_BASE 80 48 Destination Socket XNS_BASE 128 16 Source Network XNS_ BASE 144 32 Source Address XNS_ BASE 176 48 Source Socket XNS_BASE 224 16 3 10 Inbound Traffic Filter Criteria and Actions User Defined XNS Criteria In addition to the predefined filter criteria you can create traffic filters with criteria you define by specifying an offset and length to the start of the XNS header XNS_BASE as a reference field for a user defined criterion Reference Field Description XNS_BASE Points to the first byte in the XNS header XNS Actions The XNS filtering actions are Accept Drop and Log OSI Criteria and Actions You can configure OSI inbound traffic filters based on specified bit patterns contained within the CLNP header Predefined OSI Criteria Table 3 2 lists the predefined filtering fields for OSI inbound traffic filters and the reference field offset and length value for each criterion Table 3 7 Predefined Criteria for OSI Inbound Traffic Filt
39. a you can create traffic filters with user defined criteria by specifying an offset and length to these reference fields in the VINES header Reference Field Description VINES_ BASE Points to the first byte in the header VINES Actions The VINES filtering actions are Accept Drop and Log 3 14 Inbound Traffic Filter Criteria and Actions DLSw Criteria and Actions You can filter inbound DLSw traffic based on specified bit patterns contained within the DLSw header as defined in RFC 1434 Predefined DLSw Criteria Table 3 2 lists the predefined filtering fields for DLSw inbound traffic filters and the reference field offset and length value for each criterion Table 3 10 Predefined Criteria for DLSw Inbound Traffic Filters Criterion Name Reference Field Offset Length Destination MAC Address DLS_BASE 192 48 Source MAC Address DLS_BASE 240 48 DSAP DLS_BASE 288 8 SSAP DLS_BASE 296 8 User Defined DLSw Criteria In addition to the predefined DLSw filter criteria you can create inbound traffic filters with user defined criteria by specifying an offset and length to these reference fields in the DLSw header Reference Field Description DLS_CTRL_START Points to the start of the DLSw header DLS_DATA_START Point to start of the DLSw data DLSw Actions The DLSw filtering actions are e Drop Log common to all inbound traffic filters e Forward to Peer specifies
40. amples hints reminders and important notes you could have missed earlier in this guide Sections of this appendix provide e Implementation Notes e Inbound Traffic Filter Examples e Protocol Prioritization Examples Implementation Notes This section contains implementation notes about e Frame Relay e Dial Backup Traffic e Using Drop All Filters Frame Relay When creating outbound filters for Frame Relay traffic keep in mind that Frame Relay packets in the Low priority queue have the Discard Eligible DE bit set by default The DE bit is off by default in Frame Relay packets in the Normal and High priority queues You can change the default status of the DE bit for packets in the Low priority queue and the Normal priority queue in the Edit Protocol Priority Interface window Refer to Editing Protocol Prioritization Parameters in Chapter 2 for instructions A 1 Configuring Traffic Filters and Protocol Prioritization Dial Backup Traffic When configuring outbound filters or protocol prioritization on a synchronous line for which you have configured a backup line keep the following considerations in mind e If the primary line is running PPP and the line fails the router automatically transfers all the priority queues and outbound filters you have configured on the primary line to the backup line e If the primary line is running a wide area protocol other than PPP and the line fails the router does not transfe
41. arded to the default destination for the packet destination address unless you also specify Drop If Next Hop Is Unreachable e Detailed Logging For every packet that matches the filter criteria and ranges the filter adds an entry containing IP header information to the system Events log IPX Criteria and Actions You filter inbound IPX traffic based on specified bit patterns contained within the IPX header Predefined IPX Criteria Table 3 2 lists the predefined filtering fields for IPX filters and the reference field offset and length value for each criterion Table 3 5 Predefined Criteria for IPX Inbound Traffic Filters Criterion Name Reference Field Offset Length Destination Network IPX_BASE 48 32 Destination Address IPX_BASE 80 48 Destination Socket IPX_BASE 128 16 Source Network IPX_BASE 144 32 Source Address IPX_BASE 176 48 Source Socket IPX_BASE 224 16 3 9 Configuring Traffic Filters and Protocol Prioritization User Defined IPX Criteria In addition to the predefined filter criteria you can create traffic filters with criteria you define by specifying an offset and length to the start of the IPX header IPX_BASE as a reference field for a user defined criterion Reference Field Description IPX_BASE Points to the first byte in the IPX header IPX Actions The IPX filtering actions are Accept Drop and Log XNS Criteria and Actions You can configure XN
42. as precedence and the packet will be dropped Try to create filters on the interface in order of precedence However if you can t or if your filtering strategy changes you can use the Priority Outbound Filters window to rearrange the precedence of existing filters 7 21 Configuring Traffic Filters and Protocol Prioritization To change the order of precedence 1 In the Priority Outbound Filters window see Figure 7 14 select the filter for which you wish to change the precedence Click on Reorder The Change Precedence window appears Figure 7 15 Change Precedence INSERT BEFORE INSERT AFTER E S i Wa Figure 7 15 Change Precedence Window 3 Click on either INSERT BEFORE or INSERT AFTER 4 Type a number in the Precedence Number box to indicate which filter you should insert the selected filter before or after For the example shown you place the selected filter 1 after filter number 2 by typing 1 in the Precedence Number box Click on OK You are returned to the Priority Outbound Filters window The filters are now shown in their new order of precedence Figure 7 16 Compare the order of filters in Figure 7 14 with the order in Figure 7 16 7 22 Applying Outbound Traffic Filters Sf _ Priority Dutbound Filters S DL 1 LoQ SR_0aDSAP 543 j Hone DL 2 hiQ SR_01DSAP 543 Apply Template Create Edit Reorder Delete Values Help Filter E
43. ate The Filter Template Management window appears Figure 6 5 6 5 Configuring Traffic Filters and Protocol Prioritization Figure 6 5 Filter Template Management Window 3 Click on Create The Create Template window for your protocol appears Figure 6 6 Note The Create Template window is protocol specific Figure 6 6 shows the Create Bridge Template window but the window for other protocols is similar 6 6 Applying Inbound Traffic Filters Figure 6 6 Create Template Window 4 Enter a name for the new template in the Filter Name box Give descriptive names to your templates For example Drop_Telnet might be appropriate for a template that drops all locally initiated outbound Telnet sessions to remote nodes 6 7 Configuring Traffic Filters and Protocol Prioritization 5 Select Criteria gt Add then select the criterion that you want to use to filter packets Figure 6 7 Each filter template can have only one criterion Create new templates for additional criteria Figure 6 7 Selecting a Filter Criterion The Add Range window appears Figure 6 8 You must specify at least one range for each criterion 6 8 Applying Inbound Traffic Filters Name drop0ito03 Criteria BRIDGE MAC_SOURCE Minimum value Ox0000a20001 veo Ox0000a20007 Figure 6 8 Add Range Window 6 Specify the low and high values for the range you want to apply to the selected criterion In th
44. ate Template Window c cccececeeeeeeeeeeeeeeeeeeeeeeeeeeeaaeseeeeeeessaeeneeneees 6 7 Selecting a Filter Criterion eee eeceeeeeeeeceeeeeeeeeaeeeeeeeeeeeaeeeeeeeeesaeeeeeneees 6 8 Add Range nee EE 6 9 Create Template Window with Criteria and Range Added 0sse0nn 6 10 Actions List with New Action 0 eececceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeaeeeeeeeeaaees 6 11 xi xii Figure 6 11 Figure 6 12 Figure 6 13 Figure 6 14 Figure 6 15 Figure 6 16 Figure 6 17 Figure 6 18 Figure 6 19 Figure 6 20 Figure 7 1 Figure 7 2 Figure 7 3 Figure 7 4 Figure 7 5 Figure 7 6 Figure 7 7 Figure 7 8 Figure 7 9 Figure 7 10 Figure 7 11 Figure 7 12 Figure 7 13 Figure 7 14 Figure 7 15 Figure 7 16 Copy Filter Template Window cccccccccceecssceeeesseteeeeeessneeeeeeesseeeeees 6 12 Create Filter Window 0 ccccecceececeeeeeeeeeeeeeeaeeeeeeeeesaaeeeseaeeeseaeeeeeeeeeeaes 6 15 New Filter Listed in the Filters Window Scroll BOX c cccceeeeeeeees 6 16 Edit Filters WINGO setaria Aan Lia aidan tia 6 18 Add User Defined Field Window AA 6 20 User Defined Criteria 0 0 ccceccccceeseeeeeeeeececeeseeeeeeeeeaeseeaaeeeeeeeeeeaaeeneneeees 6 21 Traffic Filters List in Order Created 6 22 Change Precedence Window ssssesssssssiessiressrnssrrrsnnsrtntrnnnsrrnssrressrns 6 23 Traffic Filters List Reordered Precedence AA 6 24 Traffic Filters WindOW uranian EEA 6 25 Selecting the P
45. ave the template file you can apply that template to as many interfaces as you want The template remains for future use unless you explicitly delete it For a detailed step by step example of creating a filter template from scratch follow the procedure in Chapter 6 for inbound filters or Chapter 7 for outbound filters Chapter 2 Using Circuit level Protocol Prioritization This chapter describes circuit level priority queuing on interfaces that support outbound traffic filters Site Manager supports protocol prioritization for the following WAN protocols e PPP Point to Point Protocol e Standard Bay Networks Standard PPP e Frame Relay Note Outbound LAN traffic filters do not support protocol prioritization For instructions on using the Configuration Manager to create outbound traffic filters for protocol priority queues refer to Chapter 7 The following section provides an overview of protocol prioritization Later sections describe how to use the Configuration Manager to enable protocol prioritization and edit protocol priority parameters About Priority Queues Depending on how you configure circuit level protocol priority the router queues packets and holds them in one of three queues e High priority queue e Normal priority queue e Low priority queue 2 1 Configuring Traffic Filters and Protocol Prioritization The router automatically queues frames that do not match a traffic filter to the Normal qu
46. ay NLPID Values 5 5 Table 5 5 PPP Protocol ID Values 2 4i avi e ethene 5 5 Table 5 6 Source and Destination TCP Port Values cccccsscccecesssteeeeeesssteeeeeeeees 5 6 Table 5 7 Source and Destination UDP Port Values cccceccceesesteeeeeeessteeeeeeeees 5 6 Table 5 8 Ethernet Type CodeS rra ch aae a ae bac peaa a dedbevedhestedicernatiied 5 7 Table 5 9 S Klee KE ee 5 10 Table 6 1 Using the Edit Filter Template Window sssssssesssessssenssesrrnssesrnssrerrnssses 6 14 Table 6 2 Using the Edit Filters Window 6 19 Table 7 1 Using the Edit Priority Outbound Filter Template Window 7 15 xiii xiv Table 7 2 Table A 1 Table A 2 Table A 3 Using the Edit Priority Outbound Filters Window 7 20 Predefined Criteria Ranges and Actions for Example Inbound Traffic Filters 0 ccccecceccecseeeeeeeeeeceeeeeeeeeseeeeeeeeeeed A 5 User defined Criteria Ranges and Actions for Example Inbound Traffic Filters 0 0 cccceccsececeeeeeeeeeeeeeeeeeeeeeeseeeeseeeeeed A 7 Example Criteria Ranges and Actions for Protocol Prioritization A 9 Audience About This Guide Read this guide to learn how to customize Bay Networks router software to filter and prioritize inbound and outbound traffic Configuring Traffic Filters and Protocol Prioritization offers An overview of traffic filters Chapter 1 An description of circuit level protocol prioritization and instructions
47. ay the Inbound Filters window for your selected circuit and protocol as described in the first section of this chapter Working with Inbound Traffic Filters Figure 6 14 shows the Bridge Filters window 2 Click on Create Filter The Create Filter window appears Figure 6 12 oT Create Filter O O O O Led Figure 6 12 Create Filter Window 3 Verify the name of the selected interface 4 Select the appropriate template in the Templates scroll box 5 In the Filter Name field enter a meaningful name for the new filter It can be helpful to includes the circuit name For example Drop_Telnet_E21 6 15 Configuring Traffic Filters and Protocol Prioritization Note The name of the filter can be the same name as the template 6 Click on OK You are returned to the Traffic Filters window Figure 6 13 Ej Bridge Filters 1 bridge drop01ito03 Hane Apply Template Create Edit Reorder Delete Values Help Filter Enable ENABLED Filter Name bridge drop01ito03 Figure 6 13 New Filter Listed in the Filters Window Scroll Box In Figure 6 13 the filter named bridge dropO to03 consists of the template selected in Figure 6 12 applied to interface S42 6 16 Applying Inbound Traffic Filters Editing an Inbound Filter After you apply a filter to an interface you can edit its criteria ranges and actions If you used a template edited to su
48. bandwidth allocated to traffic that has been sent to the high priority queue When you set this parameter to a value less than 100 each time the percentage of bandwidth used by high priority traffic reaches this limit the router transmits traffic in the normal and low priority queues up to the configured percentages for those priority queues Specify the percentage of the line s bandwidth allocated for high priority traffic The High Queue Percent Bandwidth Normal Queue Percent Bandwidth and Low Queue Percent Bandwidth values must total 100 1 3 6 1 4 1 18 3 5 1 4 1 1 25 2 21 Configuring Traffic Filters and Protocol Prioritization Parameter Default Range Function Instructions MIB Object ID Parameter Default Range Function Instructions MIB Object ID Parameter Default Options Function Instructions MIB Object ID Normal Queue Percent Bandwidth 20 0 to 100 percent If you select the bandwidth allocation dequeuing algorithm this parameter specifies the percentage of the synchronous line s bandwidth that normal priority traffic can use Specify the percentage of the line s bandwidth allocated to normal traffic The High Queue Percent Bandwidth Normal Queue Percent Bandwidth and Low Queue Percent Bandwidth values must total 100 1 3 6 1 4 1 18 3 5 1 4 1 1 26 Low Queue Percent Bandwidth 10 percent 0 to 100 percent If you select the bandwidth allocation dequeuing al
49. bit length type is LENGTH lt 1519 next 16 bits are all ones part of IPX header Figure 3 1 Headers of Encapsulation Methods Supported by Transparent Bridge Filters Predefined Transparent Bridge Criteria Table 3 2 lists the predefined filtering criteria for each encapsulation method including the header reference field offset and length value for each predefined criterion Table 3 2 Predefined Criteria for Transparent Bridge Encapsulations Encapsulation Reference Offset Length Method Criterion Name Field bits bits All MAC Source Address MAG 0 48 MAC Destination Address MAC 48 48 Ethernet Ethernet Type MAC 96 16 continued 3 3 Configuring Traffic Filters and Protocol Prioritization Table 3 2 Predefined Criteria for Transparent Bridge Encapsulations Encapsulation Reference Offset Length Method Criterion Name Field bits bits 802 2 LLC Length MAG 96 16 Ethernet 802 3 and PPP only SSAP DATA_LINK 0 8 DSAP DATA_LINK 8 8 Control DATA_LINK 16 8 802 2 LLC Length MAG 96 16 WISN Organization code Protocol ID DATA_LINK 24 24 Ethernet Type DATA_LINK 48 16 Novell Novell MAC 112 16 User Defined Transparent Bridge Criteria You can create bridge traffic filters with user defined criteria by specifying an offset and length to these reference fields Reference Field Description MAC DATA_LINK Points to the first byte
50. bound traffic filters Refer to Configuring DLSw Services for information about DLSw outbound filters Predefined Data Link Criteria You can configure outbound filters based on the predefined Data Link header criteria listed in Table 4 1 Table 4 1 Predefined Data Link Outbound Filter Criteria Packet Type or Component Predefined Criteria Data Link Type MAC Source Address MAC Destination Address Ethernet Type Novell 802 2 Length 802 2 DSAP 802 2 SSAP 802 2 Control 802 2 SNAP Length 802 2 SNAP Protocol ID 802 2 SNAP Ethernet Type Ethertype Source Routing DSAP SSAP PPP Frame Relay Protocol ID 2 byte DLCI 3 byte DLCI 4 byte DLC NLPID Ethernet Type Ethertype Figure 4 1 shows the Configuration Manager menu path for specifying these criteria See Chapter 7 for detailed instructions on creating outbound filters 4 2 Outbound Traffic Filter Criteria and Actions Figure 4 1 Predefined Data Link Outbound Filter Criteria 4 3 Configuring Traffic Filters and Protocol Prioritization Predefined IP Criteria You configure outbound filters for IP traffic based on the predefined criteria listed in Table 4 2 Table 4 2 Predefined IP Outbound Filter Criteria Packet Type or Component Predefined Criteria IP Header Type of Service IP Source Address IP Destination Address UDP Source Por UDP Destination Port TCP Source Port TCP Desti
51. break down any packet into at least three components e The Data Link Control DLC header Examples of DLC header types are Token Ring 802 5 Ethernet V 2 and IEEE 802 3 FDDI PPP and Bay Networks Standard Frame Relay Configuring Traffic Filters and Protocol Prioritization e The upper level protocol header Examples of protocol header types include IP and TCP Source route bridge DLSw e User data Each criterion is defined by a byte length and an offset from a known reference point within the protocol s DLC and protocol headers Predefined and User Defined Criteria The Configuration Manager provides a selection of default predefined filter criteria for each supported protocol Or you can define a filter criterion based on specific bit patterns contained in a packet s header user defined criteria One filter can employ multiple criteria including a combination of predefined and user defined criterion to fit a site s traffic patterns All traffic filter criteria are based on common bit patterns in the packet headers of supported protocols reference points Every traffic filter criterion includes the length of the filtered pattern and an offset from a known reference point The traffic filter uses this information to locate the part of the packet to examine Predefined filters use predefined offsets and lengths You specify the criteria length and offset from a known reference point
52. c Filters and Protocol Prioritization If there is no traffic in the normal priority queue the algorithm proceeds to Step 5 The router empties all packets from the normal priority queue up to the bandwidth percentage you have configured into the transmit queue and transmits them The default bandwidth percentage for the normal priority queue is 20 percent If the actual bandwidth use is less than the limit the router empties the normal priority queue and proceeds to the next queue The transmit queue scans the low priority queue If there is no traffic in the low priority queue the algorithm starts again at Step 1 The router empties all packets from the low priority queue up to the bandwidth percentage you have configured into the transmit queue and transmits them The default bandwidth percentage for the low priority queue is 10 percent If the actual bandwidth use is less than the limit the router empties the low priority queue 7 The algorithm starts again at Step 1 Figure 2 2 illustrates the algorithm for bandwidth allocation dequeuing 2 4 Using Circuit level Protocol Prioritization Scan high priority queue Transmit all there packets packets up to in the high priority the bandwidth queue utilization percentage Scan normal priority queue Transmit all packets up to the bandwidth utilization percentage there packets in the normal priority queue Scan low
53. can edit it to apply the filters you want 1 2 3 Display the Filter Template Management window Figure 6 5 Select the template you want to edit from the scroll box Click on Edit The Edit Filter Template window appears As in the Create Filter Template window see Figure 6 9 you can add or delete filter criteria ranges and actions as described in Table 6 1 Click on OK when you are finished editing the template You return to the Filter Template Management window You can continue to create edit or delete templates using this window Click on Done to return to the Inbound Traffic Filters window refer to Figure 6 4 6 13 Configuring Traffic Filters and Protocol Prioritization Table 6 1 Using the Edit Filter Template Window Task Site Manager Instructions Notes Adda 1 Select CriteriaAdd then select the criterion to use to filter For any criterion you choose criterion packets you must specify at least one 2 Add a range in the Add Range window range Each template can have only one criterion Delete a 1 Select the criterion to delete in the Filter Information scroll Each filter template has only criterion box one criterion 2 Click on Delete Create new templates for 3 To confirm click on Delete in the Delete Criteria window additional criteria Adda 1 Select the criterion in the Filter Information box Ranges are listed beneath a range 2 Click on Add criteria in the Filter
54. ce addresses 0x0000A2000001 to 0x0000A2000003 5 Select Criteria gt Add then select either Datalink or IP Figure 7 5 7 6 Applying Outbound Traffic Filters Figure 7 5 Selecting Outbound Traffic Filter Criteria 6 Select the protocol specific criterion you want to add Each filter template can have only one criterion Create new templates for additional criteria Refer to Chapter 4 for information about the outbound traffic filter criteria for your selected interface The Add Range window appears Figure 7 6 You must specify at least one range value for each criterion 7 7 Configuring Traffic Filters and Protocol Prioritization Name Criteria PRIORITY_IP IP_TYPE_OF_SERVICE Maximum value R E Figure 7 6 Add Range Window Specify the low and high values for the range you want to apply to the selected criterion If the range you want consists of just one value specify that value in both boxes Zero is not a valid entry for Minimum or Maximum value Note When you enter values for the Minimum and Maximum value paramters the Configuration Manager assumes the value is a decimal number To enter a hexadecimal number use the prefix Ox 8 10 11 Click on OK The Create Priority Outbound Template window reappears refer to Figure 7 5 The new criterion and range appear in the Filter Information scroll box Add additional ranges if you want You can add up to 100 ranges for each filte
55. cedence over all other traffic of OxBAD VINES Destination Network field or 48 48 16 16 16 8 8 network number of 1234 hex as the range value On a DLSw circuit filter on NetBIOS Names DLS_DATA_START 376 Destination NetBIOS Names 504 Source NetBIOS Names The offset of 376 only applies if you want to filter the beginning of the NetBIOS name field If you want to find a particular section of the NetBIOS name the offset will increase by X 8 where X is the number of bytes into the name that you want to filter NetBIOS names are up to 16 bytes long How they are oriented in the field right justified or left justified may be dependent on application and should be checked with an analyzer before creating filter criteria To enter NetBIOS Name ranges use the ASCII equivalent of the first 15 characters in the name For names with less than 15 characters use 0x20 to pad characters Configuring Traffic Filters and Protocol Prioritization Protocol Prioritization Examples This section provides summary examples for configuring protocol priority queues for the following traffic s LAT e ICMP Internet Control Message Protocol e SNA es DLSw e RIP e OSPF and OSPF BGP e Spanning Tree e Sync Pass through e FTP e Source Routing If this section does not include an example for a protocol you want to configure use these examples as guidelines f
56. col Prioritization Filtering Strategies This section suggests some ways you might use traffic filters in a network Refer to Appendix A for specific examples Drop or Accept Certain Traffic To accept only specified traffic and drop other packets configure accept filters To accept most traffic and drop only specified packets configure filters only for the traffic you want to drop Note Drop filters usually perform more efficiently than accept filters For example to prevent all NetBIOS traffic from entering a particular LAN segment you can create an inbound traffic filter to drop all packets with a Destination or Source SAP code of FO Build a Firewall If your filtering strategy involves blocking most traffic and accepting only specified packets a firewall begin with a drop all filter on the interface That means you choose a filter criterion that appears in every packet of the protocol you are filtering for example a MAC address Then add more specific higher precedence Accept and Drop filters to achieve the desired result on that interface Refer to Using Drop All Filters in Appendix A for more information Direct Certain Traffic You can create traffic filters that affect only a particular protocol s traffic For example you can forward all IP traffic to a next hop address You can also create bridge traffic filters that affect certain locations on the network For example if you want all traffic from a node
57. cs indicate that the High priority queue does not have enough EI buffers consider reducing the amount of high priority traffic You should be selective in assigning high priority status Too many traffic types with high priority status could defeat the purpose of protocol prioritization With the strict dequeuing algorithm too much high priority traffic could result in clipping of normal and low priority traffic How you tune protocol prioritization depends on whether the bandwidth allocation or strict dequeuing algorithm is active To tune priority queueing with the bandwidth allocation algorithm active consider modifying e Percent of Bandwidth e Queue Depth To improve strict dequeuing results for your protocol prioritization configuration you can adjust e Queue Depth e Latency Percent of Bandwidth You can tune bandwidth allocation protocol prioritization by changing the default allocation of bandwidth for each of the three priority queues For example if Statistics indicate that one interface requires more than 70 of bandwidth to properly transmit high priority traffic you can increase the High Queue Size parameter and decrease the Normal or Low Queue Size Remember that the percent of bandwidth for the High Queue Normal Queue and Low Queue must total 100 percent Queued traffic with large packets often require more than the default bandwidth allocation Queue Depth Queue depth or queue size is the configurable numb
58. cuit List Window 3 Select the circuit to which you want to add a traffic filter 4 Click on Edit The Circuit Definition window appears with the circuit you selected highlighted Figure 6 2 5 Select Protocols gt Edit lt protoco gt gt Traffic Filters The menu path to the Traffic Filters window is protocol specific Figure 6 2 shows the menu paths for a circuit configured with the Bridge protocol 6 2 Applying Inbound Traffic Filters Slot Lines I XCVR4 I XCVR3 I XCYR2 IT XCVR1 M COM1 C COM2 M COM3 M COM4 7 CONSOLE Figure 6 2 Selecting the Inbound Traffic Filters Menu Bridge Example The Filters window for the selected circuit and protocol appears Figure 6 4 Go to Preparing Filter Templates Displaying the DLSw Inbound Traffic Filters Window To display the DLS Traffic Filters window 1 Display the Configuration Manager window 2 Select Protocols gt DLSw Traffic Filters Inbound Figure 6 3 6 3 Configuring Traffic Filters and Protocol Prioritization Configuration Modet SNMP Agent LOCAL FILE File Name usr21 techpub Model Access Stack N MIB Version x9 00 Slot Module Description 4 4 emon oo e en EO r EE ll gg EC d 3 2 Empty Module Empty Module l Empty Module Figure 6 3 Selecting the DLSw Inbound Traffic Filters Window The DLS Filters window appears Although the Traffic Filters window is protocol specific you use the window the same way fo
59. d action 3 4 Forward action 3 8 Forward to Circuit List action 3 4 3 6 Forward to First Up Next Hop Interface action 3 9 Forward to IP Address action 3 8 Forward to Next Hop Interfaces action 3 8 Forward to Peer action 3 15 Frame Relay Normal Queue size 2 19 specifying Ethernet Type code 5 4 5 7 FTP traffic prioritizing A 11 G getting help from a Bay Networks Technical Response Center xviil through CompuServe xvii through InfoFACTS service xviii through World Wide Web xviii Greater Than Queue parameter 7 11 H High Queue action 1 12 High Queue Percent Bandwidth parameter 2 21 High Water Packets Clear parameter 2 20 HiWater Packets Mark 2 8 Index 3 ICMP traffic example A 9 InfoFACTS service xviii IP actions 3 8 criteria 3 7 to 3 8 outbound traffic filters 4 4 IP header outbound traffic filters 4 8 reference points 4 8 IPX actions 3 10 criteria 3 9 to 3 10 specifying Ethernet Type code 5 9 L LAN Network Manager LNM 3 16 5 4 LAT filter example A 9 latency 2 12 Length action 1 12 Less Than or Equal Queue parameter 7 11 line delay 2 12 LLC2 actions 3 16 criteria 3 16 Low Queue Percent Bandwidth parameter 2 22 Low Queue Size parameter 2 19 Max High Queue Latency parameter 2 20 modifying ranges inbound traffic filter 6 14 6 19 outbound traffic filter 7 15 7 18 7 20 N naming templates inbound traffic filter 6 7 outbound
60. dge Encapsulations 06 3 3 Table 3 3 Predefined Criteria for Source Routing Bridge cccsseeeeeeeseeeeeeees 3 5 Table 3 4 Predefined Criteria for IP Inbound Traffic Filters cccccceeesseseeeeeeeeees 3 7 Table 3 5 Predefined Criteria for IPX Inbound Traffic Filters ccceceesessseceeeeeees 3 9 Table 3 6 Predefined Criteria for XNS Inbound Traffic Filters ccccesseeceeeeeees 3 10 Table 3 7 Predefined Criteria for OSI Inbound Traffic Filters cccscesseeeeeeeeees 3 11 Table 3 8 Predefined Criteria for DECnet Inbound Traffic Filters ccccceeees 3 12 Table 3 9 Predefined Criteria for VINES Inbound Traffic Filters cc ccccceeeees 3 13 Table 3 10 Predefined Criteria for D Gw Inbound Traffic Filters ccccseeeeeee 3 15 Table 3 11 Predefined Criteria for LLC2 Inbound Traffic Filters cecseeeeeeee 3 16 Table 4 1 Predefined Data Link Outbound Filter Criteria 2 0 0 0 cccccceessssseceeeeeees 4 2 Table 4 2 Predefined IP Outbound Filter Criteria ccccccsscccceccceccesseesssseaeeeeeeeeees 4 4 Table 4 3 Data Link Reference Points 4 6 Table 4 4 IPReferencePoints 2 20 307 c a eA AS eae a 4 8 Table 5 1 Format for Specifying Source Routing MAC Addresses nasssnnnaaeeeee 5 2 Table 5 2 Functional MAC Addresses ccccccccccscceceecseseaaeeesceeeesceseseesesteaaeaeeeeeens 5 3 Table 5 3 e 5 4 Table 5 4 Frame Rel
61. dia The following formula illustrates how line speed bits queued and latency value are related Bits Queued Latency Line Speed bits per second The default value for latency is 250 milliseconds ms This value usually allows good throughput while preserving rapid terminal response rapid echoing of keystrokes and timely response to commands over most media types You can change the default latency value Keep in mind however that if you configure a higher latency value thus allowing more room on the transmit queue the throughput becomes greater but you sacrifice terminal response We recommend accepting the default value of 250 ms 2 12 Using Circuit level Protocol Prioritization Enabling Protocol Prioritization You use the Configuration Manager to configure the high normal and low priority queues for circuit level protocol prioritization To configure protocol prioritization for a particular interface you e Enable protocol prioritization on the circuit described in this section e Customize the protocol prioritization parameters for the protocol described in Editing Protocol Prioritization Parameters later in this chapter e Apply an outbound traffic filter to the circuit described in Chapter 7 To enable protocol prioritization 1 In the Configuration Manager window click on the circuit interface connector on which you want to configure Protocol Prioritization 2 Click on Edit
62. ds Institute Data Link Control data link switching Destination Service Access Point Internet Protocol Internet Packet Exchange Media Access Control Open Systems Interconnection Open Shortest Path First Interior Gateway Protocol Open Shortest Path First Border Gateway Protocol Point to Point Protocol Routing Information Protocol Service Access Point Synchronous Data Link Control Switched Multimegabit Data Services Systems Network Architecture IBM Subnetwork Access Protocol Simple Network Management Protocol source routing bridge Source Service Access Point Transmission Control Protocol Transmission Control Protocol Internet Protocol Trivial File Transfer Protocol User Datagram Protocol Virtual Networking System Banyan Translation Bridge Xerox Network System XX Chapter 1 Using Traffic Filters To help you understand and plan for traffic filter configurations on Bay Networks routers this chapter describes e Types of traffic filters e Uses for traffic filters e Strategies for filtering e Components of traffic filters e Filter templates What Are Traffic Filters Traffic filters are configuration files that enable an interface to selectively handle specified network traffic packets frames or datagrams Using traffic filters you can instruct a router to block forward log or prioritize certain traffic You determine which packets receive special handling based on information fields within
63. e For example Token Ring packets 1 The Source MAC address to be filtered is 0x40000037450440 2 Add the First Bit Set MAC Address 0x800000000000 3 Enter the filter criteria range as 0xC00037450440 Bit O the 0x80 bit of Byte 0 the leftmost byte is the Routing Information Indicator bit which indicates the presence of the Routing Information Field RIF This bit is set to 1 if the RIF field is present and to 0 if there is no RIF field Keep this in mind if you use a sniffer to analyze packets for their Source MAC address For example a sniffer would decode LAA with the first byte of 40 as 0x400031740001 If the RIF bit is set the hexadecimal value of the packet is 0xC00031740001 5 2 Specifying Common Criterion Ranges Source Routing Bridge Functional MAC Addresses Functional MAC addresses are Destination MAC addresses that always conform to the following rules e Byte 0 0xC0 e Byte 1 0x00 e The first half of byte 2 0x0 to 0x7 Table 5 2 lists some common functional MAC addresses Table 5 2 Functional MAC Addresses Function Name MAC Address MSB Identifying Bit Ethernet Address Active Monitor 0xC000 0000 0001 Byte 5 bit 7 0x030000000080 Ring Parameter 0xC000 0000 0002 Byte 5 bit 6 0x030000000040 Server Ring Error 0xC000 0000 0008 Byte 5 bit 4 0x030000000010 Monitor Configuration 0xC000 0000 0010 Byte 5 bit 3 0x030000000008 Report Server NetBIOS 0xC000 0000
64. e Latency High Water Packets Clear A Prioritization Algorithm Type BANDWIDTH ALLOCATION High Queue Percent Bandwidth 70 Normal Queue Percent Bandwidth 20 Low Queue Percent Bandwidth 10 Discard Eligible Bit Low ENABLE Discard Eligible Bit Normal DISABLE Figure 2 10 Edit Protocol Priority Interface Window Scrolled Screen This window displays parameter values for any interface to which protocol prioritization has been added whether or not there are any outbound filters currently active on the interface 2 Edit the parameters you want to change using the descriptions following this procedure as guidelines 3 Click on OK when you are finished editing interface specific parameters 2 17 Configuring Traffic Filters and Protocol Prioritization Priority Interface Parameter Descriptions Use the following descriptions as guidelines when you edit parameters in the Edit Protocol Priority Interface window Parameter Default Options Function Instructions MIB Object ID Parameter Default Options Function Instructions MIB Object ID Enable Enable Enable Disable Toggles protocol prioritization on and off on this interface If you set this parameter to Disable all outbound filters will be disabled on this interface Setting this parameter to Disable is useful if you want to temporarily disable all outbound filters rather than delete them Set to Disable if you want to temporarily disabl
65. e Points cccccccceeceeeeeeceneeeecee cee eeeeeteeeeeaaaaeaeceeeeeeeeeeedeeececaeeeeeeeeeeeeeees 4 8 Chapter 5 Specifying Common Criterion Ranges Specifying MAC Address Ranges 5 2 Source Routing Bridge Source MAC Addresses ccccecceesseeeeeeeeneeeeeesstaeeeeeeeaas 5 2 Source Routing Bridge Functional MAC Addresses ccccccecceeeeeeeneeeeeteeeeeeeeees 5 3 Specifying Source and Destination SAP Code Ranges cceccceeeeeeeeeeeeeettaeeneneeees 5 4 Specifying Frame Relay NLPID Range Values cceeeeeeeeeeeeeeeeeeeeeaeeeeeeeeeeaeeteeeee 5 5 Specifying PPP Protocol ID Range Values 0 cccccceeeeeeeeeeeeeeeeeeeeeeeeaaeeeeeeeeeaaeeneneee 5 5 Specifying TCP and UDP Port Range Values cccceeeeeeeeeeeeeeeeeeeeeeaeeeeeeeeetaaeeteneeees 5 6 Specifying Ethernet Type Range Values cc ccceceececseeeeeeeeeeeeaeeeeeeeeeseaeseeeeeeessaeeeeeneees 5 7 Specifying IP Protocol Range Values c ccccceceeeseeeceeeeeeeeeeeeeeeeesaeeseneeeessaeeeneneeeeaas 5 10 Chapter 6 Applying Inbound Traffic Filters Working with Inbound Traffic Filters AAA 6 1 Displaying the Inbound Traffic Filters WINGOW cc ceeeesseeeeeeeeneeeeeeeetaeeeeeeenaeeeeeee 6 2 Displaying the DLSw Inbound Traffic Filters Window ccceeceeeseeeeeteeeeeteeeeees 6 3 Preparing Filter Templates seirinin ian Eeen EE ERTER PEERAA ae E EAEE NAKAT KUSER 6 4 Creating a New Template AAA 6 5 Customizing
66. e all protocol prioritization activity on this interface Set to Enable if you previously disabled protocol prioritization on this interface and now want to re enable it 1 3 6 1 4 1 18 3 5 1 4 1 1 2 High Queue Size 20 Any integer value Specifies the maximum number of packets in the high priority queue at any one time regardless of packet size For information about using queue depth for tuning protocol prioritization in your network refer to Tuning Protocol Prioritization earlier in this chapter Accept the default of 20 packets or enter a new value 1 3 6 1 4 1 18 3 5 1 4 1 1 4 2 18 Parameter Default Options Function Instructions MIB Object ID Parameter Default Options Function Instructions MIB Object ID Using Circuit level Protocol Prioritization Normal Queue Size 20 200 for Frame Relay Any integer value Specifies the maximum number of packets in the normal priority queue at any one time regardless of packet size For more information about using queue depth for tuning protocol prioritization in your network refer to Tuning Protocol Prioritization earlier in this chapter For Frame Relay interfaces a value less than 200 might cause a broadcast message to be clipped Accept the default or enter a new value 1 3 6 1 4 1 18 3 5 1 4 1 1 5 Low Queue Size 20 Any integer value Specifies the maximum number of packets in the low priority queue at any one time rega
67. e filters f1 f2 f3 select filter f2 and specify INSERT AFTER Precedence Number f2 4 Click on OK You are returned to the Filters window The filters now appear in their new order of precedence Figure 6 19 6 23 Configuring Traffic Filters and Protocol Prioritization Sp ridge Filters 1 forwardtoS41 l Done 2 bridge drop0ito03 Apply 3 bridge drop_all Template Create Edit Reorder Delete Values Help Filter Enable ENABLED Filter Name forwardtoS41 Figure 6 19 Traffic Filters List Reordered Precedence Enabling or Disabling an Inbound Filter Instead of deleting a filter from a circuit you may want to turn off the filter temporarily You can do this by disabling the filter on a circuit Later you can re enable the filter To disable or re enable a filter 1 Display the Traffic Filters window for your protocol Figure 6 20 6 24 Applying Inbound Traffic Filters pp Bridge Filters 1 bridge drop01t003 Done Apply Template Create Edit Reorder Delete Values Help Filter Enable ENABLED Filter Name bridge drop01to003 Figure 6 20 Traffic Filters Window 2 Select the filter that you want to disable or re enable in the filter scroll box 3 Click on Values The Values Selection window appears 4 Todisable a filter change the value in the Filter Enable box from Enabled to Disabled To re enable the
68. e new templates for 3 To confirm click on Delete in the Delete Criteria window additional criteria Adda 1 Select the criterion in the Filter Information box Ranges are listed beneath a range 2 Click on Add criteria in the Filter information 3 Use the Range Min and Max boxes to specify low and high scroll box values for the range You can add up to 100 ranges for each filter criterion Modify a 1 Select the range to modify in the Filter Information box When entering range values range 2 Click on Modify you must use the prefix Ox to 3 Use the Range Min and Max boxes to specify new low and specify a hexadecimal number high values for the range Delete a 1 Select the range to delete in the Filter Information scroll box You must have at least one range 2 Click on Delete range specified for each 3 To confirm click on Delete in the Delete Range window criterion Ac an 1 Select Action Add in the Edit Filters window then select With the exception of the Log Action the action to impose on packets that match any of the action each filter template has template s ranges of filtering criteria only one action You can select 2 When you are finished adding actions to your template click Log in combination with any on OK other action Create new templates for additional actions Delete 1 In the Filter Information scroll box select the action to There must be one at least an Action remove action speci
69. eessaees 3 6 Source Routing Actions cccceesceceeeeceeeeeeeeeeeeeeeaaeseeneeecaaaeseeaeeeseaaeeseaaeeeseaeeseaaaeeees 3 6 IP Criteria And ACtiONS cccccccccceccceccecsecsesecaeceeceeeceseseseeseuaeceeseeeeaseeseseeeesaeceeeeeeeeeees 3 7 Predefined IP Criteria deier 3 7 User Defined IP Criteria 00 0 ccccccccccccccccsessesseeseceeeeeeeeccecsessesseaaeseseseeeseessseseesssaaeaeeess 3 7 IPZAGUIONS ee seed ete EE hee ey Ra ee eee a 3 8 IPX Criteria and Le e E 3 9 Predefined IPX Criteria ccccccccccssessseecceceeeeescescsesesseaesseeeeeeesensceeseeaeaeceeseeeeesenss 3 9 User Defined IPX Criteria deg ita eher a Mate ee eles 3 10 ID ee EE EE oA 3 10 XNS Criteria ANd Actions cccccccccccssesessseaeceeeeeecesesesseseeaaeaeseeeeescesseeseesaeaaeseeeeeeessesenes 3 10 Predefined XNS Criteria wiecci ack a ae a a aa aE ara aaa er e e ar taane aaa 3 10 User Defined XNS Criteria cccccccesseceececceeeceeceesseseesaeaeeeeeeesceseeeseesteaaeaeeeeeess 3 11 XNS ACION EE 3 11 OSI Griteria and ACU ONS e a a lel i Mt eaea eaa aea ee A 3 11 Predefined OSI Criteria oo cccccccccsesseceeceeceeeceececseeseaaeaaeceeeeseesseseseeseesaaeseeeeeess 3 11 User Defined Cl Clees e e dee e We ee Ae 3 12 Let TAE E E EE 3 12 DECnet Phase IV Criteria and Actions c cccccccccccsccccsessesseaeeeeeeeceesceeseeseesteaaeaeeeeeess 3 12 Predefined DECnet Criteria nnneanoennennenennnnnnssanseninnnnnrinnsnnssnnrenirnnnnnnnss
70. ensrnnnnenn 3 12 User Defined DECnet Criteria nnnnanseansennnnnnnnnnnrnnsenrinninnnnnnnnssnnsrrinrnrnnnnnsnsssnne 3 13 BIS ene le EE 3 13 VINES Criteria and Actions 3 13 Predefined VINES Criteria 3 13 Specifying VINES Address Ranges ccccccseeceececeeeeeeeeececaeeeeeeeeseeaeeeeeaeeteeas 3 14 User Defined VINES Criteria ccccccccsssseceeceeecesceesseseeaseaeceeeeesceseeeseeseaaeaeeeeeess 3 14 VINES ACION S e a EE ee e 3 14 D Gw Criteria ANd ACTIONS 3 15 Predefined DI Gw Criteria ooo icccccecscsscseceseecececcecseeeesesaeceeeeeeeeseseseseeseaaeseeeeeess 3 15 User Defined DLSW Criteria ccccccccecssceceecececescsesseseeaaeeececeeeseessnsseesaeeaeeeeeeeees 3 15 vii WU ee 3 15 LLO2 Criteria and ACtionS 3 16 Predefined LLC2 Criteria oo eeccccccccceesenceceeeeeeeeseeeceeeeeeeeaeeseeeeeseaaeesseneeseeaeeeseaeeesias 3 16 User Defined LLC2 Criteria ssiri a a N aa aaaea a aaa aa ii 3 16 Be 3 16 Chapter 4 Outbound Traffic Filter Criteria and Actions Predefined Criteria ET 4 1 Predefined Data Link Criteria cecccceeeeeeeceeeeeeeeeeeeeeecaeeeeeaeeeceaeeeesaaeeseeeeeetiaeeseenes 4 2 Predefined IPF Criteria Ate ee d ENEE a deele 4 4 Specifying Criteria Common to IP and Data Link Headers cecesceecteeeeeneeeeees 4 5 Reference Points for User Defined Criteria cccccccseeeeeeeeeeceeeeeeeeeecaeeeeeeeseeeeeeaeeeeee 4 6 Data Link Reference Points AAA 4 6 IP Referenc
71. er Defined DECnet Criteria In addition to the predefined DECnet filter criteria you can create traffic filters with user defined criteria by specifying an offset and length to these reference fields in the DECnet Phase IV header Reference Field Description DEC4_BASE Points to the first byte in the header DECnet Actions The DECnet Phase IN filtering actions are Accept Drop and Log VINES Criteria and Actions You can configure VINES inbound traffic filters based on specified bit patterns contained within the VINES IP header Predefined VINES Criteria Table 3 2 lists the predefined filtering fields for VINES inbound traffic filters and the reference field offset and length value for each criterion Table 3 9 Predefined Criteria for VINES Inbound Traffic Filters Criterion Name Reference Field Offset Length Protocol Type VINES_ BASE 40 8 Destination Address VINES BASE 48 48 Source Address VINES BASE 96 48 3 13 Configuring Traffic Filters and Protocol Prioritization Specifying VINES Address Ranges You can obtain a VINES server address from a sniffer trace or by converting the wfVinesIfEnry wfVinesIfAdr entry determined using the Technician Interface from the decimal value to hexadecimal Example If the address of a VINES server is a2482c 0001 enter the filter range as 0xa2482c0001 User Defined VINES Criteria In addition to the predefined VINES filter criteri
72. er of packets that each priority queue can hold The default value for bandwidth allocation is 20 packets regardless of packet size 2 9 Configuring Traffic Filters and Protocol Prioritization When you set the queue size you assign buffers which hold the packets to each queue A queue is full when it exceeds buffer size The router discards clips traffic sent to a full queue Note The buffer size for priority queues is not configurable when using the strict dequeuing algorithm Queue Depth Example Suppose that you use the default queue depth 20 packets for all three priority queues You then see from the statistics that the high priority queue s Clipped Packets Count is 226 and its High Water Packets Mark is 20 These statistics indicate that the high priority queue has been full at least once and that the router has discarded 226 packets From this information you can conclude that you have not assigned enough buffers to the high priority queue for the amount of high priority traffic on this interface To prevent further high priority traffic from being discarded you can reconfigure the depth of the queues or re evaluate the amount of traffic assigned to the high priority queue Reconfiguring Queue Depth Suppose that you now look at the statistics of the normal and low priority queues and find that the low priority queue has a Clipped Packets Count of zero and a High Water Packets Mark of 06 Figure 2 4 Thus t
73. erion You specify its location within the packet header in terms of three parameters e Reference point Specifies a predefined known bit position within the packet header e Offset Specifies the beginning position of the filtered bit pattern in relation to the reference point measured in bits e Length Specifies the total bit length of the filtered pattern For each traffic filter criterion you also specify the valid range a series of target values appropriate to the criterion For most criteria you specify an address range There must be at least one target value per criterion The range can be just one value or it can be a set of values You enter a minimum and a maximum value to specify the range For a range of only one value you enter only the minimum value the Configuration Manager automatically uses that value for both the minimum and maximum For example if the filter criteria is MAC Source Address you must specify which addresses you want the filter to examine If you specify OxO000A2000001 as the minimum range value and 0x0000A2000003 as the maximum range value the router checks for packets with a MAC source address between 0x0000A 2000001 and 0x0000A2000003 inclusive Note Chapter 5 lists valid range values for common traffic filter criteria and explains how to specify some common address ranges Configuring Traffic Filters and Protocol Prioritization Actions Filtering Actions The filter action determ
74. ers Criterion Name Reference Field Offset Length Destination Area OS DEST 0 16 Destination System ID OSI_DEST 16 48 Source Area OSI_SRC 0 16 Source System ID OSI_SRC 16 48 Configuring Traffic Filters and Protocol Prioritization User Defined OSI Criteria In addition to the predefined OSI filter criteria you can create traffic filters with user defined criteria by specifying an offset and length to these reference fields in the OSI header Reference Field Description OSI_BASE Points to the first byte of the CLNP header OSI_DEST Points to the last two bytes of the Destination Address field OSI_SRC Points to the last two bytes of the Source Address field OSI Actions The OSI filtering actions are Accept Drop and Log DECnet Phase IV Criteria and Actions You can filter inbound DECnet Phase IV traffic based on specified bit patterns contained within the DECnet header Predefined DECnet Criteria Table 3 2 lists the predefined filtering fields for DECnet IV inbound traffic filters and the reference field offset and length value for each criterion Table 3 8 Predefined Criteria for DECnet Inbound Traffic Filters Criterion Name Reference Field Offset Length Destination Area DEC4 BASE 0 6 Destination Node DEC4 BASE 6 10 Source Area DEC4 BASE 16 6 Source Node DEC4_BASE 22 10 3 12 Inbound Traffic Filter Criteria and Actions Us
75. eseeeeeeeaeeseneeeesiaeeesenes 1 5 Prioritize Important Treffe 1 5 Reduce koss of Critical Data w iccciisshekete etan eean ae aiaia paa aaraa aeara aaea 1 5 Enhance Securty ee arean aaaea raaa amai aa ha Tapii AA aaa AAEE ENEA TAERAA EE 1 5 Filtering Strategies sicie aai iava aie kiaia i iaa tani a date 1 6 Drop or Accept Certain Traffic oo erneieren neien deos raent esaa eieaa aaah 1 6 Bulda Frewall Sase rkr araa E AANT EEO EAR E E E ATE 1 6 Direct Certain Traffic peisum iain ianiai iea a aade 1 6 Gombine Fiter irrt ee ae eat tt GAT a a a dE E aa 1 7 Components of Traffic Filters ccccecceceeceneeeeeneeeeeceeeeeaaeeseeeeeeaaeeseeeeecaaeeseeneeessaeeeseneees 1 7 EE anec ones Aen i ai hae a cee ew ee EN 1 7 Predefined and User Defined Criteria 1 8 Predefined Criteria AAA 1 8 User Defined Criteria AAA 1 11 FRANCS EE 1 11 ACUONS ee ee ee i et eed ec ey 1 12 Fiternng let ET 1 12 NN Eatale BA Let EE 1 12 Using leet le 1 13 Creating a Template ccccccccceeseeececeeeeeeeececeeeeeeaeeeecaeeeeaaeeseeeeesaaeseeeeeesiaeeneneeess 1 13 Chapter 2 Using Circuit level Protocol Prioritization About Giele Ae TEE 2 1 The Dequeuing Process orreina e A EE EN AR 2 2 Bandwidth Allocation Algorithm seesssssssssssssssrrrssssirrsssirrrsssinnsnstinnnnntennnnntnnnnant 2 3 Strict Dequeuing Algorithm sssessssssessssssresssrrtesrresissrissrnessrnssstnssrnnssrnnstnnnsen nent 2 6 Tuning Protocol PrioritiZation sessen i
76. est version of Site Manager and router software For instructions refer to one of the following guides e Upgrading Routers from Version 7 9 xx to Version 10 00 e Upgrading Routers from Version 5 to Version 10 00 Bay Networks Customer Support Bay Networks provides live telephone technical support to our distributors resellers and service contracted customers from two U S and three international support centers If you have purchased your Bay Networks product from a distributor or authorized reseller contact the technical support staff of that distributor or reseller for assistance with installation configuration troubleshooting or integration issues Customers also have the option of purchasing direct support from Bay Networks through a variety of service programs The programs include priority access telephone support on site engineering assistance software subscription hardware replacement and other programs designed to protect your investment xvi About This Guide To purchase any of these support programs including PhonePlus for 24 hour telephone technical support call 1 800 2LANWAN Outside the U S and Canada call 408 764 1000 You can also receive information on support programs from your local Bay Networks field sales office or purchase Bay Networks support directly from your reseller Bay Networks provides several methods of receiving support and information on a nonpriority basis through the following au
77. eue After queuing packets the router then drains the priority queues and sends the traffic to the transmit queue Generally the router transmits higher priority traffic first Other configured values in the protocol prioritization scheme also affect the transmission of traffic Two configurable values are queue depth and line delay or latency described in Tuning Protocol Prioritization The Dequeuing Process Circuit level protocol prioritization uses one of two dequeuing algorithms to send traffic to the transmit queue the bandwidth allocation algorithm or the strict dequeuing algorithm Figure 2 1 illustrates the dequeuing process with default configuration values High Normal priority queue Low priority queue priority queue 70 of bandwidth 20 of bandwidth Ske 10 of bandwidth Dequeuing Algorithm Default algorithm Bandwidth Allocation Transmit queue Default Latency 250 ms Physical J interface Figure 2 1 Protocol Prioritization Dequeuing Using Circuit level Protocol Prioritization By default protocol prioritization uses the bandwidth allocation algorithm to send traffic to the transmit queue This is because if the router uses the strict dequeuing algorithm and there is a great deal of high priority traffic on the network the normal and low priority traffic may never get transmitted You specify the active dequeuing algorithm as described in the section
78. ever either explicitly or implicitly except by acceptance of an order for either Software or for a Bay Networks product Equipment that is packaged with Software Each such license is subject to the following restrictions 1 Upon delivery of the Software Bay Networks grants to licensee a personal nontransferable nonexclusive license to use the Software with the Equipment with which or for which it was originally acquired including use at any of licensee s facilities to which the Equipment may be transferred for the useful life of the Equipment unless earlier terminated by default or cancellation Use of the Software shall be limited to such Equipment and to such facility Software which is licensed for use on hardware not offered by Bay Networks is not subject to restricted use on any Equipment however unless otherwise specified on the Documentation each licensed copy of such Software may only be installed on one hardware item at any time Licensee may use the Software with backup Equipment only if the Equipment with which or for which it was acquired is inoperative Licensee may make a single copy of the Software but not firmware for safekeeping archives or backup purposes Licensee may modify Software but not firmware or combine it with other software subject to the provision that those portions of the resulting software which incorporate Software are subject to the restrictions of this license Licensee shall not make
79. f the range e The minimum value of the range A 2 Configuration Examples and Implementation Notes With a drop all filter specified higher precedence accept filters create exceptions or holes in the drop all range For example to configure a circuit that only accepts IP traffic addressed for destination address 192 32 28 55 apply a drop all filter and one accept filter as follows Filter Action Rule Nunber Start of Range End of Range Accept 1 highest precedence 192 32 28 55 192 32 28 55 Drop 2 lower precedence 0 0 0 0 0 255 255 255 255 Note Try to create the filters on each interface in order of precedence The first filter you create has the highest precedence and a rule number of 1 Subsequent filters created on the interface have decreasing precedence Refer to the section Changing Filter Precedence in Chapter 6 inbound filters or Chapter 7 outbound filters A 3 Configuring Traffic Filters and Protocol Prioritization Inbound Traffic Filter Examples The first part of this section provides examples for creating predefined criteria to e Drop Telnet traffic e Screen Telnet and FTP clients e Customize BOOTP server operation A separate section describes how to create user defined criteria to e Drop or accept VINES traffic bridged over an Ethernet interface e Drop or accept DLSw traffic based on NetBIOS names If this section does not include an example for a protoco
80. fied for a filter 2 Click on Delete template 3 To confirm click on Delete in the Delete Action window 6 19 Configuring Traffic Filters and Protocol Prioritization Specifying User Defined Criteria In addition to predefined criteria the Edit Filters and Create Filter Template windows provide a User Defined criterion choice for most protocols The User Defined option allows you to set up filtering criteria based on bit patterns within a packet s header that are not supported in predefined criteria Setting up user defined criteria is similar to using up predefined criteria except you must specify the criterion s location within the packet With predefined criteria the locations are established Refer to Chapter 3 for the supported protocol header reference points you can use to specify user defined traffic filter criteria To specify user defined criteria 1 In the Edit Filters or Create Filter Template window select the User Defined option from the Criteria menu The Add User Defined Field window appears Figure 6 15 In this window you specify the criterion s location Name UD_bridge BRIDGE USER_DEFINED REF MAC OFFSET LENGTH N Minimum value Maximum value Figure 6 15 Add User Defined Field Window 6 20 Applying Inbound Traffic Filters 2 Select the protocol specific reference field In this example the choices are the MAC or Data Link header
81. fined Criteria for IP Inbound Traffic Filters Criterion Name Reference Field Offset Length Type of Service HEADER_START 8 8 Protocol HEADER_START 72 8 IP Source Address HEADER_START 96 32 IP Destination Address HEADER_START 128 32 UDP TCP Source Port HEADER_END 0 16 UDP TCP Destination Port HEADER_END 16 16 User Defined IP Criteria In addition to the predefined filter criteria you can create IP traffic filters with user defined criteria by specifying an offset and length to these reference fields in the IP header Reference Field Description HEADER_START Points to the first byte of the Type of Service HEADER_END Points to the last byte of the IP Destination Address 3 7 Configuring Traffic Filters and Protocol Prioritization Note When specifying IP user defined criteria use 8 bit lengths whenever possible User defined IP traffic filters one bit long work only when aligned on a byte word boundary Lengths from 2 to 7 bits do not work IP Actions In addition to the Accept Drop and Log actions common to all the protocols IP supports the following actions Forward to Next Hop Specifies that any frame that matches the filter will be forwarded to the next hop router You must specify the IP address of the next hop router If the next hop router is not reachable any packets matching the filter will be forwarded normally unless you also specify Drop If Next
82. for customizing protocol prioritization parameters using Site Manager Chapter 2 Protocol specific reference information on inbound traffic filter criteria and actions Chapter 3 Protocol specific reference information on outbound traffic filter criteria and actions Chapter 4 Information on specifying criteria ranges Chapter 5 Instructions on using the Configuration Manager to set up inbound traffic filters Chapter 6 Instructions on using the Configuration Manager to set up outbound traffic filters Chapter 7 Configuration examples and implementation notes Appendix A This guide is intended for experienced system and network managers It assumes A basic technical understanding of data communications technology Experience with Site Manager software Knowledge of your site s traffic patterns and familiarity with the packet structure of protocols to be filtered XV Configuring Traffic Filters and Protocol Prioritization Before You Begin Before using this guide you must complete the following procedures 1 Install the router hardware For instructions refer to the installation guide for your hardware model Connect the router to a network and create a custom configuration file For instructions refer to one of the following guides e Quick Starting Routers and BNX Platforms e Connecting ASN Routers to a Network e Connecting BayStack AN and ANH Systems to a Network Make sure you are running the lat
83. garding its use reproduction and disclosure are as set forth in the Commercial Computer Software Restricted Rights clause at FAR 52 227 19 Trademarks of Bay Networks Inc ACE AFN BCN BLN BN CN FRE LN Optivity SynOptics SynOptics Communications Wellfleet and the Wellfleet logo are registered trademarks and AN ANH ASN BaySIS BayStack BCNX BLNX BNX EZ Internetwork EZ LAN FN PathMan PhonePlus PPX Quick2Config RouterMan SPEX Bay Networks Bay Networks Press the Bay Networks logo and the SynOptics logo are trademarks of Bay Networks Inc Third Party Trademarks All other trademarks and registered trademarks are the property of their respective owners Statement of Conditions In the interest of improving internal design operational function and or reliability Bay Networks Inc reserves the right to make changes to the products described in this document without notice Bay Networks Inc does not assume any liability that may occur due to the use or application of the product s or circuit layout s described herein Portions of the code in this software product are Copyright 1988 Regents of the University of California All rights reserved Redistribution and use in source and binary forms of such portions are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation advertising materials and other materials related to such distributio
84. gement 807D 8080 Xyplex 8088 808A Kinetics Ether talk 809B Spider 809F continued 5 8 Table 5 8 Ethernet Type Codes continued Specifying Common Criterion Ranges Description Ethertype 0x Nixdorf 80A3 Siemens 80A4 80B3 Pacer Software 80C6 Applitek 80C7 Intergraph 80C8 80CC Harris 3M 80CD 80CE IBM SNA 80D5 Retix Bridge Management 80F2 AARP 80F3 Shiva 80F4 HP Apollo 80F7 Symbolics 8107 8109 Waterloo Software 8130 IPX over Frame Relay 8137 Novell 8137 8138 DEC MOP 9000 XNS Bridge Comm Management 9001 3Com 9002 9003 5 9 Configuring Traffic Filters and Protocol Prioritization Specifying IP Protocol Range Values Table 5 9 lists some IP Protocol Type codes to use when specifying IP protocol criteria ranges Refer to RFC 1700 for a complete list Table 5 9 IP Protocol Codes Description Protocol Code decimal ICMP Internet Control Message Packets 1 IGP 9 RSVP Reservation Protocol 46 VINES 83 OSPF 89 5 10 Chapter 6 Applying Inbound Traffic Filters This chapter shows how to use the Configuration Manager to configure inbound traffic filters To apply outbound traffic filters refer to Chapter 7 Note To complete the steps in this chapter you must first be familiar with protocol specific filtering criteria and actions Refer to Chapter 3 for this information Working with Inbound T
85. gorithm this parameter specifies the percentage of the synchronous line s bandwidth that low priority traffic can use Specify the percentage of the line s bandwidth allocated to low priority traffic The High Queue Percent Bandwidth Normal Queue Percent Bandwidth and Low Queue Percent Bandwidth values must total 100 1 3 6 1 4 1 18 3 5 1 4 1 1 27 Discard Eligible Bit Low ENABLE ENABLE DISABLE Sets the Frame Relay Discard Eligible DE bit for packets sent to the Low priority queue By default Frame Relay packets in the Low priority queue have the Discard Eligible DE bit set Select DISABLE if you do not want the DE bit to be set for all Frame Relay packets in the Low priority queue 1 3 6 1 4 1 18 3 5 1 4 1 1 37 2 22 Parameter Default Options Function Instructions MIB Object ID Using Circuit level Protocol Prioritization Discard Eligible Bit Normal DISABLE ENABLE DISABLE Sets the Frame Relay Discard Eligible DE bit for packets sent to the Normal priority queue By default Frame Relay packets in the Normal priority queue do not have the Discard Eligible DE bit set Select ENABLE to set the DE bit for all Frame Relay packets in the Normal priority queue 1 3 6 1 4 1 18 3 5 1 4 1 1 38 2 23 Chapter 3 Inbound Traffic Filter Criteria and Actions You create inbound traffic filters from templates that consist of protocol specific filter criteria ranges and actions No
86. here have never been more than six packets in the low priority queue and the router has not discarded any low priority packets 2 10 Using Circuit level Protocol Prioritization Queue Depth 20 Queue Depth 20 Queue Depth 20 Clip Count 226 Clip Count 0 Clip Count 0 HiWater Mark 20 HiWater Mark 10 HiWater Mark 06 20 20 20 10 10 10 0 miea 0 0 Bes High Normal Low Figure 2 4 Priority Queue Statistics for the Queue Depth Example In this case you may choose to reconfigure the low priority queue depth to 10 and increase the high priority queue depth to 30 Figure 2 5 Queue Depth 30 Clip Count 0 HiWater Mark 20 30 Queue Depth 20 Clip Count 0 SS HiWater Mark 10 20 20 Queue Depth 10 Clip Count 0 HiWater Mark 06 10 10 10 High Normal Low Figure 2 5 Reconfigured Priority Queue Statistics for the Queue Depth Example To see whether this reallocation solves the problem reset the Clipped Packets Count and High Water Packets Mark counters using the Statistics Manager and check them again later Configuring Traffic Filters and Protocol Prioritization Latency Latency or line delay specifies how many normal or low priority bits the router can allocate to the transmit queue at any one time Latency determines therefore the greatest time delay that a high priority packet can experience Latency is based on the line speed of the attached me
87. ilter 2 Click on Delete template 3 To confirm click on Delete in the Delete Action window 4 Click on OK when you are finished editing the template You return to the Filter Template Management window You can continue to create edit or delete templates using this window 5 Click on Done to return to the Priority Outbound Traffic Filters window 7 15 Configuring Traffic Filters and Protocol Prioritization Creating an Outbound Filter To create a new filter you apply a filter template to an interface as follows 1 Display the Priority Outbound Filters window Figure 7 11 Priority Outbound Filters IT vane Apply Template Create Edit Reorder Delete Values Help Filter Enable Filter Name Figure 7 11 Priority Outbound Filters Window 2 Click on Create The Create Filter window appears Figure 7 12 7 16 Applying Outbound Traffic Filters Figure 7 12 Create Filter Window 3 If the correct interface is not already highlighted select the interface 4 Select the template you want to use for the new filter Complete the steps in Preparing Filter Templates if the Templates box is empty 5 Type a name for the new filter in the Filter Name box 6 Click on OK The Priority Outbound Filters window reappears with the new filter displayed in the scroll box 7 17 Configuring Traffic Filters and Protocol Prioritization Editing an
88. ines what happens to packets that match a filter criterion s ranges Traffic filter actions are mutually exclusive except the Log action In addition to the common traffic filter actions described in this section there are protocol specific actions described in Chapter 3 You can apply the following actions to any traffic filter Accept The router processes any packet that matches the filter criteria and ranges Drop The router does not route any packet that matches the filter criteria and ranges Log For every packet that matches the filter criteria and ranges the router sends an entry to the system Events log You can specify the Log action in combination with other actions Note Specify the Log action only to record abnormal events otherwise the Events log will fill up with filtering messages leaving no room for critical log messages Prioritizing Actions Outbound traffic filters for WAN protocols also include the following actions for directing matching traffic into circuit based protocol priority queues High Packets that match the filter criteria and ranges are processed in the high queue Low Packets that match the filter criteria and ranges are processed in the low queue Length For packets that match the filter criteria the packet length determines the priority queue into which it is placed Note Site Manager does not support protocol prioritization on outbound LAN traffic filters
89. ion for DLSw traffic What Do Traffic Filters Do You use inbound traffic filters primarily for security to deflect certain traffic from destination nodes in your network You use outbound filters primarily to ensure timely delivery of critical data Ensure Consistent Service When a router treats all packets equally there is no way to ensure consistent network services to users who are working interactively Bulk transfer applications use too much of the available bandwidth and slow down interactive response times These problems are especially visible on low speed WAN links Reduce Network Congestion Both inbound and outbound traffic filters reduce network congestion by minimizing the flow of unnecessary traffic over LAN and WAN segments Prioritize Important Traffic You can use protocol prioritization to expedite traffic coming from a particular source or going to a certain destination Reduce Loss of Critical Data You can improve application response time and eliminate session timeouts by implementing protocol prioritization Enhance Security Inbound and outbound traffic filters are an integral part of a comprehensive network security strategy You can control access to individual stations networks and network resources through predefined or user defined filter criteria You can use outbound filters to drop completely clip any traffic you do not want leaving the local network Configuring Traffic Filters and Proto
90. ircuit Click on Template The Filter Template Management window appears Click on Create The protocol specific Create Filter Template window appears Enter a descriptive name in the Filter Name box Select Criteria gt Add gt User Defined The Add User Defined Field window appears In this window you specify the criterion s e Reference Field e Offset e Length e Minimum Range e Maximum Range Select the protocol specific reference field Refer to Table A 2 for specific examples Specify an offset and length from the reference field Refer to Table A 2 Specify a range Click on OK 10 Select an Action A 6 11 Click on OK Configuration Examples and Implementation Notes You are returned to the Filter Template Management window 12 Click on Done You are returned to the protocol specific Traffic Filter window 13 14 15 16 Click on OK Click on Create In the Create Filter window enter a name for the filter The filter is now applied to the selected interface Select the template file you just created in the Templates scroll box Table A 2 User defined Criteria Ranges and Actions for Example Inbound Traffic Filters ZE Reference Field Length to Filtering Goal to Specity Offset to Specify Specify Notes Give certain Specify an 160 bits sum of all 32 bits Specify a VINES traffic Ethernet Type field criteria that precede the destination bridged over Ethernet pre
91. is example refer to Figure 6 8 the range for the MAC source address criterion is from 0x0000A20001 the minimum value to 0x0000A 200003 the maximum value Each incoming packet will be checked to see whether its MAC source address falls into this range of addresses If the range you want to add consists of just one value specify that value in both boxes Note When you enter values for the Minimum and Maximum value EI paramters the Configuration Manager assumes that the value is a decimal number To enter a hexadecimal number use the prefix Ox 7 Click on OK You return to the Create Filter Template window The new criterion and range appear in the Filter Information scroll box Figure 6 9 6 9 Configuring Traffic Filters and Protocol Prioritization Figure 6 9 Create Template Window with Criteria and Range Added 8 Add additional ranges if you want You can add up to 100 ranges for each filter criterion 9 Select Action gt Add then select the action you want to impose on packets that match any of the template s ranges of filtering criteria The action is now associated with the new criterion and range which appear in the Filter Information scroll box Figure 6 10 6 10 Applying Inbound Traffic Filters Figure 6 10 Actions List with New Action 10 When you are finished adding actions to your template click on OK You return to the Filter Template Management window refer to Figure 6 5
92. it level Protocol Prioritization Editing Protocol Prioritization Parameters Any circuit to which you have added protocol prioritization uses default values that determine how outbound filters work on the interface You can edit these parameters according to your network traffic needs To do so complete the steps in this section 1 In the Circuit Definition window select Protocols gt Edit Protocol Priority Interface Figure 2 8 Conf Protocols Slot Lines IT XCVR4 I XCYR3 IT XCVR2 IT XCYR1 M COM1 IT COM2 C COM3 M COM4 F CONSOLE Figure 2 8 Selecting the Edit Protocol Priority Interface Window The Edit Protocol Priority Interface window appears Figure 2 9 2 15 Configuring Traffic Filters and Protocol Prioritization Edit Protocol Priority Interface 543 Enable High Queue Size Normal Queue Size Low Queue Size Max High Queue Latency High Water Packets Clear Prioritization Algorithm Type High Queue Percent Bandwidth Normal Queue Percent Bandwidth Low Queue Percent Bandwidth Cancel OK Values Help ENABLE BANDWIDTH ALLOCATION 70 20 10 Figure 2 9 Edit Protocol Priority Interface Window First Screen To see additional parameters use the scroll bar on the right of the window Figure 2 10 2 16 Using Circuit level Protocol Prioritization Edit Protocol Priority Interface S22 Cancel OK Values Help Low Queue Size 20 Max High Queu
93. it your needs you probably don t need to make further edits To customize a specific filter you have the following options e Add or delete filtering criteria e Add modify or delete criteria ranges e Add or delete actions To customize an inbound filter 1 Display the Filters window for the circuit you are editing Figure 6 13 2 In the scroll box click on the name of the filter you want to edit 3 Click on Edit The Edit Filters window for your protocol appears Figure 6 14 shows the Edit Bridge Filters window Note The Edit Filters window is protocol specific Figure 6 14 shows the Edit Bridge Filters window the window for other protocols is similar 4 Use the Edit Filters window to add change or delete filter criteria ranges and actions as described in Table 6 2 6 17 Configuring Traffic Filters and Protocol Prioritization Figure 6 14 Edit Filters Window 6 18 Applying Inbound Traffic Filters Table 6 2 Using the Edit Filters Window Task Site Manager Instructions Notes Adda 1 Select CriteriaAdd then select the criterion to use to filter For any criterion you choose criterion packets you must specify at least one 2 Add a range in the Add Range window range Each template can have only one criterion Delete a 1 Select the criterion to delete in the Filter Information scroll Each filter template has only criterion box one criterion 2 Click on Delete Creat
94. ition window appears Figure 7 1 If Protocol Priority appears in the Protocols scroll box go to Step 7 Note On circuits configured with Frame Relay or PPP protocol prioritization is enabled by default Otherwise you must enable Protocol Priority the first time you configure outbound traffic filters A Select Protocols gt Add Delete The Select Protocols window appears Select Protocol Priority from the list of protocols The Protocol Priority option is located near the end of the list Click on OK The Circuit Definition window reappears Select Protocols gt Edit Protocol Priority gt Priority Outbound Filters Figure 7 1 7 2 Applying Outbound Traffic Filters Conf Protocols Slot Lines T XCVR4 IT XCVR3 XCVR2 IT XCVR1 M COM1 ele Com M COM M CONSOLE Figure 7 1 Selecting the Priority Outbound Filters Window The Priority Outbound Filters window appears Figure 7 2 7 3 Configuring Traffic Filters and Protocol Prioritization Sf _ Priority Dutbound Eltere IT Ve Apply Template Create Edit Reorder Delete Values Help Filter Enable Filter Name Figure 7 2 Priority Outbound Filters Window Preparing Filter Templates This section describes how to add a filter template to an interface by e Creating a new filter template or using an existing template e Adding filtering criteria ranges and actions to a template e Modifying and deleti
95. l Prioritization Parameters later in this chapter for instructions Monitoring Statistics To monitor and manage the impact of protocol prioritization use the Statistics Manager to view Statistics in the MIB object group wfApplication wfDatalink wfProtocolPriorityGroup For information on using the Statistics Manager to view MIB objects and create custom screen reports refer to Managing Routers and BNX Platforms To determine whether there are enough buffers in each priority queue for the traffic flow on your network use the Statistics Manager to examine the following protocol prioritization statistics e High Water Packets Mark The greatest number of packets that have been in each queue e Clipped Packets Count The number of packets that have been discarded from each queue The router discards packets from full priority queues Note To determine whether statistics reflect a transient event you may want to reset the statistics and check again later before changing the configuration of priority queuing You can reset the High Water Mark in Site Manager s Edit Protocol Priority Interface window You can reset both the Clipped Packets Count and High Water Packets Mark using the Statistics Manager Generally if a queue s Clipped Packets Count is high and the High Water Packets Mark is close to its queue size that queue does not have enough buffers 2 8 Using Circuit level Protocol Prioritization Note f statisti
96. l you want to configure use these examples as guidelines for implementing inbound traffic filters for other traffic types Examples with Predefined Criteria The following summarizes your steps for creating an inbound traffic filter using a predefined criterion Chapter 6 provides detailed information 1 Display the Traffic Filters window for your selected circuit 2 Click on Template 3 In the Filter Template Management window click on Create The protocol specific Create Filter Template window appears 4 Enter a descriptive name in the Filter Name box 5 Select a criterion Refer to Table A 1 for specific examples 6 Enter one or more ranges Refer to Table A 1 7 Select an action Refer to Table A 1 8 Click on OK You are returned to the Filter Template Management window A 4 10 11 12 Click on Done Configuration Examples and Implementation Notes You are returned to the protocol specific Traffic Filter window 13 Click on OK Click on Create The filter is now applied to the selected interface In the Create Filter window enter a name for the filter Select the template file you just created in the Templates scroll box Table A 1 Predefined Criteria Ranges and Actions for Example Inbound Traffic Filters Filtering Goal Criterion to Specify Ranges to Specify Action to Specify Notes Drop Telnet traffic CriteriaaAdd gt IP gt 23 Action gt Add Drop This filter will not
97. n and use acknowledge that such portions of the software were developed by the University of California Berkeley The name of the University may not be used to endorse or promote products derived from such portions of the software without specific prior written permission SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE In addition the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure that may incorporate by reference certain limitations and notices imposed by third parties Bay Networks Software License Note This is Bay Networks basic license document In the absence of a software license agreement specifying varying terms this license or the license included with the particular product shall govern licensee s use of Bay Networks software This Software License shall govern the licensing of all software provided to licensee by Bay Networks Software Bay Networks will provide licensee with Software in machine readable form and related documentation Documentation The Software provided under this license is proprietary to Bay Networks and to third parties from whom Bay Networks has acquired license rights Bay Networks will not grant any Software license whatso
98. nable Filter Name c Figure 7 16 Example of Outbound Filter Order Change Enabling or Disabling an Outbound Filter You can disable and re enable outbound filters on individual interfaces When you do only the filter on that interface is affected To disable or re enable a filter 1 2 z Bye oS Display the Priority Outbound Filters window refer to Figure 7 16 Select a filter from the scroll box to disable or re enable The current status of the selected filter appears in the Filter Enable and Filter Name boxes at the bottom of the window Click on Values The Values window appears Select ENABLED or DISABLED Click on OK Repeat the steps for each filter you want to disable or re enable Click on Done when you are finished 7 23 Configuring Traffic Filters and Protocol Prioritization Deleting an Outbound Filter To delete a priority or outbound filter from an interface 1 Display the Priority Outbound Filters window refer to Figure 7 16 2 Select the outbound filter to delete 3 Click on Delete The system deletes the filter from the interface and the filter no longer appears in the outbound filters scroll box in the Priority Outbound Filters window Caution Do not click on Delete unless you are sure you want to delete the selected filter There is no opportunity to confirm the deletion 7 24 Appendix A Configuration Examples and Implementation Notes This appendix contains ex
99. nation Port Protocol Source Routing MAC Destination Address MAC Source Address SSAP DSAP PPP Frame Relay Protocol ID 2 byte DLCI 3 byte DLC 4 byte DLC NLPID Figure 4 2 shows the Configuration Manager menu path for specifying these criteria See Chapter 7 for detailed instructions on using Configuration Manager to create outbound filters 4 4 Outbound Traffic Filter Criteria and Actions Figure 4 2 Predefined IP Outbound Filter Criteria Specifying Criteria Common to IP and Data Link Headers To configure outbound filters for criteria that are common to both IP and Data Link headers DSAP SSAP Protocol ID DLCI NLPID create two filters one for IP and the other for the Data Link type For example if you want a filter rule with a priority of High for all Frame Relay traffic with DLCI 400 create filters for both IP and Data Link using the DLCI criterion and a range of 400 to 400 To configure a filter to apply to either the IP or Data Link header only create only one filter To configure filters for P routed packets only always select IP instead of Data Link If you create a filter under Data Link to identify an IP routed packet for example using the Ethertype field and a value of 0x0800 the rule is never triggered because the router code recognizes the IP packet and uses IP filter rules 4 5 Configuring Traffic Filters and Protocol Prioritization Reference Points for User
100. ng templates Note Changing a template does not affect interfaces to which the template has already been applied The section Creating an Outbound Filter later in this chapter describes how to create a filter by applying saving a filter template to an interface 7 4 Applying Outbound Traffic Filters Creating a New Template To add a filter to an interface you do not always need to create a new template Often you can begin with an existing template If there is already a filter template for the circuit you are configuring that includes filter information you might use go to Customizing Templates or Creating an Outbound Filter If there is no existing template to match your needs you must first create a new template for the circuit To create a new template from scratch 1 Display the Priority Outbound Filters window refer to Figure 7 2 2 Click on Template The Filter Template Management window appears Figure 7 3 Filter Template Management Figure 7 3 Filter Template Management Window 3 Click on Create The Create Priority Outbound Template window appears 7 5 Configuring Traffic Filters and Protocol Prioritization Figure 7 4 Create Priority Outbound Template Window 4 Enter a descriptive name for the template in the Filter Name box For instance the name BridgeO1to03 might be appropriate for a template that contains information for filtering bridge frames from MAC sour
101. nished adding actions to your template click other action on OK Create new templates for additional actions Delete 1 In the Filter Information scroll box select the action you There must be one at least an Action want to remove action specified for a filter 2 Click on Delete template 3 To confirm click on Delete in the Delete Action window 7 20 Applying Outbound Traffic Filters Changing Filter Precedence You can assign as many as 31 outbound traffic filters per protocol to each router interface As you add filters to an interface the Configuration Manager numbers them chronologically rule 1 rule 2 rule 3 and so on The rule number determines the filter precedence lower rule numbers have higher precedence Figure 7 14 shows a sample listing of filters on an interface Sj _Priority Dutbound Filters 0 Done DL 1 hiQ_SR_O1DSAP 543 DL 2 LoQ_SR_OaDSAP 543 Apply Template Create Edit Reorder Delete Values Help Filter Enable Filter Name Figure 7 14 Sample List of Outbound Filters The first filter has the highest precedence and a rule number of 1 Subsequent filters created on the interface have decreasing precedence If a packet matches two filters the filter with the highest precedence lowest number applies For example if the first filter on the interface rule 1 drops a packet and the second filter rule 2 accepts the same packet rule 1 h
102. of the Destination MAC address Points to the first byte of the DATA_LINK reference field Transparent Bridge Actions In addition to the Accept Drop and Log actions that are common to all the protocols there are two Bridge specific actions e Flood Specifies that any frame that matches the filter will be forwarded onto all Bridge circuits except for the circuit from which it was received e Forward to Circuit List Specifies that any frame that matches the filter will be forwarded to certain circuits that you specify 3 4 Inbound Traffic Filter Criteria and Actions Note Circuit names you enter in the Forward to Circuit List window are case sensitive For example if the circuit name is E21 but you enter it as e21 the filter will not work You can combine the Log action with any of the other actions However you should use Log only to record abnormal events otherwise the event log will fill up with filtering messages and thus become useless Source Routing Bridge Criteria and Actions You filter inbound Source Routing traffic based on specified bit patterns contained within the native source routing bridge SRB frame header P encapsulated SRB traffic filters are not supported Note Source Routing filters affect both explorer and routed frames However filters that include Next Ring as a criterion affect only routed frames because the Next Ring reference field does not appear in explorer frames
103. or implementing protocol prioritization for other traffic types The following summarizes your steps for creating an outbound traffic filter with a queue action 1 Display the Priority Outbound Filter window 2 Click on Template The Filter Template Management window appears The Templates scroll box includes any existing filter templates 3 Click on Create The Create Priority Outbound Template window appears 4 Enter a descriptive name for the new template in the Filter Name box 5 Select a criterion Refer to Table A 3 for specific examples 6 Enter a range Refer to Table A 3 A 8 Configuration Examples and Implementation Notes 7 Select a queue action Refer to Table A 3 8 Click on Done The Priority Outbound Filters window reappears 9 Click on Create The Create Filter window appears 10 Select an interface 11 Select the template file 12 13 Click on OK The filter is now applied to the selected interface Enter a descriptive name for the filter Table A 3 Example Criteria Ranges and Actions for Protocol Prioritization Filtering Goal Criterion to Specify Ranges to Specify Action to Specify Notes Place LAT traffic CriteriaaAdd gt Data 6004 Action gt Datalink gt Table 5 8 in in the high link gt Datalink Add High Queue Chapter 5 includes priority queue type gt Ethernet type a list of common since LAT isa Ethernet type time sensitive NOTE If this is a codes pro
104. ound traffic filters Chapter 6 explains how to use the Configuration Manager to apply inbound filters 1 2 Using Traffic Filters Outbound Traffic Filters Outbound traffic filters act on packets that the router sends out a specific interface to a local or wide area network When you configure outbound filters you specify a set of conditions that apply to a particular protocol Supported Circuits You can create filters for outbound traffic on the following interface types Synchronous HSSI MCTI1 Ethernet 10Base T and 100Base T FDDI Token Ring Supported Protocols The Configuration Manager supports outbound traffic filters for the following LAN and WAN routing protocols Frame Relay PPP Point to Point Protocol Bay Networks Standard PPP IP DECnet Phase IN IPX OSI VINES XNS LLC2 DLSw refer to Configuring DLSw Services for information Configuring Traffic Filters and Protocol Prioritization Chapter 4 lists protocol specific outbound filter criteria and actions Chapter 7 explains how to use the Configuration Manager to apply outbound filters What Is Protocol Prioritization As a router operates network traffic from a variety of sources converges at each interface Without protocol prioritization the router transmits packets in a first in first out FIFO order By implementing protocol prioritization you instruct the router to use a different transmit order for specified ranges of packet
105. ply Template Create Edit Reorder Delete l Values Help Filter Enable ENABLED Filter Name forwardtoS41 Figure 6 17 Traffic Filters List in Order Created Try to create filters on an interface in order of precedence However if you can t or if your filtering strategy changes you can use the Traffic Filters window to rearrange the precedence of existing filters 6 22 Applying Inbound Traffic Filters To change the order of precedence 1 In the Traffic Filters window select the filter whose precedence you want to change Click on Reorder The Change Precedence window appears Figure 6 18 Change Precedence INSERT BEFORE INSERT AFTER Cancer OK Figure 6 18 Change Precedence Window Click on either INSERT BEFORE or INSERT AFTER then type a filter rule number in the Precedence Number box The selected filter will now have a rule number either one higher if you chose INSERT BEFORE or one lower if you chose INSERT AFTER the rule number you entered For the example shown if you wish to place the selected filter before filter 1 click on INSERT BEFORE and type 1 in the Precedence Number box Note When reversing the order of the second to lowest and lowest precedence filters the filter you select with the Reorder button and the filter number you specify in the Precedence Number box are the same For example to put f2 at the bottom of a list of thre
106. priority queue Transmit all there packets packets up to in the low priority the bandwidth queue utilization percentage Figure 2 2 Bandwidth Allocation Dequeuing Algorithm 2 5 Configuring Traffic Filters and Protocol Prioritization Strict Dequeuing Algorithm Protocol prioritization can also use the strict dequeuing algorithm to send traffic to the transmit queue This algorithm works as follows 1 9 The transmit queue scans the high priority queue If there is no traffic in the high priority queue the algorithm proceeds to Step 4 The router empties all packets from the high priority queue into the transmit queue up to the latency value or the maximum transmit queue size and then transmits them The transmit queue size is the maximum number of packets in the transmit queue at one time You cannot configure this number using Site Manager If the latency value is reached the transmit queue starts again scanning and emptying traffic from the high priority queue If neither latency nor the maximum transmit queue size is reached the algorithm proceeds to Step 4 The transmit queue scans the normal priority queue If there is no traffic in the normal priority queue the algorithm proceeds to Step 7 The router empties all packets from the normal priority queue up to the latency value into the transmit queue and then transmits them If latency is reached the transmit queue starts again at Step
107. r Data Link protocol prioritization or outbound filters to the backup line You must manually configure new Data Link outbound filters on the backup line after that line is activated The router does transfer IP outbound filters to the backup line no matter what protocol was running on the primary line Be careful when configuring outbound filters on the backup line As soon as the primary line is reactivated it uses the priority queues and filters you configured for the backup line These priorities and filters may be completely inappropriate for the protocol running on the primary line Using Drop All Filters If your filtering strategy involves forwarding most traffic and dropping only specified packets configure filters only for the specific traffic you want to drop If your strategy involves blocking most traffic and accepting only specified packets a firewall begin by defining specific higher precedence filters to accept specified packets Then add a filter on the interface to drop all other packets a drop all filter The highest precedence filter in a given address range determines the result of combined filtering within that range A drop all filter describes the broadest range of packets you want to block from an interface To ensure that all unwanted traffic gets dropped configure the drop all filter to contain e Criteria that appears in every packet of the protocol you want to filter e The maximum possible value o
108. r all protocols The examples in this chapter show the Bridge Filters window Figure 6 4 Preparing Filter Templates This section describes how to add a filter template to an interface by e Creating a new filter template or using an existing template e Adding filtering criteria ranges and actions to a template e Modifying and deleting templates The section Creating an Inbound Filter later in this chapter describes how to create a filter by applying saving a filter template to an interface 6 4 Applying Inbound Traffic Filters Creating a New Template To add a filter to an interface you do not always need to create a new template Often you can begin with an existing template If there is already a filter template for the circuit you are configuring that includes filter information you might use go to Customizing Templates If there is no existing template to match your needs you must first create a new template for your circuit To create a new template from scratch 1 Display the Filters window for your selected circuit Figure 6 4 shows the Bridge Filters window Spo Bridge Filters S S Ul oo D deg Apply Template Create Edit Reorder Delete Values Help Filter Enable Filter Name b Figure 6 4 Inbound Traffic Filters Window Note Although the Traffic Filters menu is protocol specific you use the window the same way for all protocols 2 Click on Templ
109. r criterion Select Action and either IP or Datalink Select Add Action then select the action you want to impose on packets that match any of this template s ranges of filtering criteria 7 8 Applying Outbound Traffic Filters If you selected the Length action go to Specifying Prioritization Length For other actions the Create Priority Outbound Template window appears showing the newly selected criteria range and action in the Filter Information scroll box Figure 7 7 Figure 7 7 Create Priority Outbound Template Window with Criteria and Actions 12 When you are finished adding actions to your template click on OK You return to the Filter Template Management window refer to Figure 7 3 7 9 Configuring Traffic Filters and Protocol Prioritization Specifying Prioritization Length If you select the Length action in the Create Priority Outbound Template window the Prioritization Length window Figure 7 8 appears The Length action directs the router to place packets into a priority queue based on a specified byte length The packet length determines which queue PRIORITIZATION LENGTH Cancel OK Values Help Less Than or Equal Queue NORMAL Greater Than Queue LOW Figure 7 8 Prioritization Length Window L In the Prioritization Length window edit the length parameters using the following parameter descriptions as guidelines Parameter Packet Length Default None Range
110. raffic Filters To apply traffic filters to a particular interface you first use the Configuration Manager to display the Traffic Filters window for the configured protocol For all protocols except DLSw you display the Traffic Filters window as described in the next section Displaying the Inbound Traffic Filters Window For circuits configured with DLSw go to the section Displaying the DLSw Inbound Traffic Filters Window Once you display the protocol specific Traffic Filters window you can e Create copy or edit a filter template described in Preparing Filter Templates e Apply a template to an interface described in Creating an Inbound Filter e Change an existing filter described in Editing an Inbound Filter e Change the filtering order described in Changing Filter Precedence e Temporarily disable or enable a filter described in Enabling or Disabling an Inbound Filter e Remove a filter from an interface described in Deleting an Inbound Filter 6 1 Configuring Traffic Filters and Protocol Prioritization Displaying the Inbound Traffic Filters Window To display the inbound Traffic Filters window for all protocols except DLSw 1 Display the Configuration Manager window 2 Select Circuits gt Edit Circuits The Circuit List window appears Figure 6 1 EBE treatin Configuration Mode Local SNMP Agent LOCAL FILE Circuits Delete Figure 6 1 Cir
111. rdless of packet size For more information about using queue depth for tuning protocol prioritization in your network refer to Tuning Protocol Prioritization earlier in this chapter Accept the default of 20 packets or enter a new value 1 3 6 1 4 1 18 3 5 1 4 1 1 6 2 19 Configuring Traffic Filters and Protocol Prioritization Parameter Default Range Function Instructions MIB Object ID Parameter Default Options Function Instructions MIB Object ID Max High Queue Latency 250 milliseconds ms 100 to 5000 ms Specifies the greatest delay that a high priority packet can experience and consequently how many normal priority or low priority bits can be in the transmit queue at any one time For more information about using latency to tune strict dequeuing protocol prioritization in your network refer to Latency earlier in this chapter Accept the default latency of 250 ms or enter a new latency value We recommend accepting the default latency value of 250 ms 1 3 6 1 4 1 18 3 5 1 4 1 1 8 High Water Packets Clear 0 Any integer value Toggles the High Water Packets Clear bit When you change queue depth by changing the value of the High Queue Size Normal Queue Size or Low Queue Size parameter you can also reset the high water mark by changing the value of this parameter When you change the value of this parameter you reset the high water mark for all three queues to zero
112. riority Outbound Filters Window cccsccecesssteeeeeees 7 3 Priority Outbound Filters Window 7 4 Filter Template Management Wmmdow sssssssssssssssssssrrrsssrrrssrrirnssrrrrnsssrnns 7 5 Create Priority Outbound Template Window c cceeseeeeteeeetteeeeeeeeees 7 6 Selecting Outbound Traffic Filter Criteria 2 2 eetceeeeeeeeseeeeeeeeeeeeteeeteneeees 7 7 Add Range Wmdow 7 8 Create Priority Outbound Template Window with Criteria and Actions 7 9 Prioritization Length Window 7 10 Copy Filter Template Window ssssesseeeeeeeeesenesrnssrrrsenrsnrrnnnsrrnssreessrns 7 13 Edit Priority Outbound Template Window ccccceseeeeereeeesteeeeeneeees 7 14 Priority Outbound Filters WindOW 7 16 Create Filter Window 0 cccceececceceeeeeeeeeeeeeeaeeeeeeeeeceaeeeseaeeeseaeeeeeaaeessaees 7 17 Edit Priority Outbound Filters Window 7 19 Sample List of Outbound Filters ccccecceeeeeeeeeeeeeeeeeeeeeseeeeeeeeeeeaees 7 21 Change Precedence Window sssessesssesesiressrnssrrrsrnrsrnnrrnnnsrrnssrressrns 7 22 Example of Outbound Filter Order Change ccceeeeeeeeeeesteeeeeeeees 7 23 Tables Table 1 1 Summary of Predefined Inbound Traffic Filter Criteria eee 1 9 Table 1 2 Summary of Predefined Outbound Traffic Filter Criteria 0 eee 1 10 Table 3 1 Bridge Encapsulation Support for Physical Media Types eseeseeeeeee 3 2 Table 3 2 Predefined Criteria for Transparent Bri
113. riteria and Actions You create outbound traffic filters from templates that consist of protocol specific filter criteria ranges and actions This chapter lists the specific criteria and actions that Site Manager supports for outbound traffic filters Note Refer to Chapter 1 for an overview of traffic filters filter templates and their criterion range and action components For instructions on using Site Manager to create outbound filters see Chapter 7 For information about DLSw outbound filters refer to Configuring DLSw Services As described in Chapter 1 you create protocol specific filter templates using either predefined criteria or criteria you define user defined criteria Sections in this chapter list both the predefined criteria that the Configuration Manager provides and the supported reference points for user defined criteria Predefined Criteria Outbound traffic filter criteria are based on the Data Link IP or DLSw protocol headers e For bridge traffic all predefined criteria are part of the Data Link header e For WAN protocols predefined outbound filter criteria are based on either the Data Link header or an upper level IP protocol header e For NetBIOS SNA and other DLSw encapsulated traffic predefined criteria for outbound filters are based on the DLSw protocol header 4 1 Configuring Traffic Filters and Protocol Prioritization This section lists the predefined Data Link and IP criteria for out
114. rnet traffic in the high priority queue Prioritize FTP Telnet and other large packet data traffic by placing smaller packets in the low priority queue CriteriaaAdd gt IP gt Source Address Client addresses Action gt IP gt Add gt Length In the Prioritization Length window specify Packet Length 500 bytes Less Than or Equal Queue Low Greater Than Queue High A accept filters 1 6 A 2 actions traffic filter See traffic filter actions adding actions inbound 6 14 6 19 outbound 7 15 7 18 7 20 criteria inbound 6 14 6 19 outbound 7 15 7 18 7 20 ranges 5 1 to 5 10 applying templates inbound traffic filter 6 15 outbound traffic filter 7 16 APPN 3 16 bandwidth allocation dequeuing algorithm 2 3 Bay Networks CompuServe forum xvii customer support xvi Home Page on World Wide Web xviii InfoFACTS service xviii publications ordering xix Technical Response Center xviii blocking filters 1 6 A 2 Bridge actions 3 4 criteria 3 2 to 3 4 Index C Clipped Packets Count 2 8 clock speed 2 3 CompuServe Bay Networks forum on xvii configuring inbound traffic filters 6 1 outbound traffic filters 7 1 criteria inbound traffic filter 802 2 Control 3 4 DSAP 3 4 Length 3 4 SSAP 3 4 adding 6 14 6 19 Bridge 802 2 3 4 Ethernet type 3 3 MAC Destination Address 3 3 MAC Source Address 3 3 Novell 3 4 SNAP 3 4 DECnet Phase IV Des
115. rtype 0x Bay Networks Synchronous Pass Through 80FF Bay Networks Source Route Traffic non Token Ring media 8101 Bay Networks Breath of Life Packet BOFL 8102 Bay Networks Transparent Bridge Traffic on Token Ring 8103 Bridged Ethernet over RFC 1490 Frame Relay 0007 Bridged Token Ring over RFC 1490 Frame Relay 0009 Bridged FDDI over RFC 1490 Frame Relay 000A Bridged PDUs over RFC 1490 Frame Relay 000B 802 3 Length Field 0000 05EE 802 5 Length Field 0000 05FF Xerox PUP 0101 01FF 0200 0201 Nixdorf 0400 XNS IDP 0600 XNS Address Translation 0601 IP 0800 X 25 0801 CHAOSnet 0804 X 25 Level 3 0805 ARP 0806 XNS 0807 Symbolix 081C Xyplex 0888 088A UB Debugger 0900 XNS Address Translation 0A00 0A01 Banyan VINES OBAD continued 5 7 Configuring Traffic Filters and Protocol Prioritization Table 5 8 Ethernet Type Codes continued Description Ethertype 0x DEC 6000 6009 DEC MOP 6001 6002 DRP 6003 DEC LAT 6004 LAVC 6007 3COM 6010 6014 UB Download 7000 UB NUI 7001 UB Boot Broadcast 7002 Proteon 7030 Cabletron 7034 Cronous 8003 8004 HP Probe 8005 Nestar 8006 Excelan 8010 Silicon Graphics 8013 8014 8015 HP Apollo Native Ethernet 8019 RARP 8035 DEC BPDU 8038 DEC 8039 8042 DEC Encryption 803D DEC LAN Traffic Monitor 803F DEC NetBIOS Emulator 8040 AT amp T 8046 8047 Compugraphic 8069 Vitalink Mana
116. s With protocol prioritization enabled the router sorts WAN traffic on an individual interface into three delivery queues of varying precedence called priority queues The router then uses a dequeuing allocation algorithm to drain the priority queues and transmit traffic Note Outbound LAN traffic filters do not support protocol prioritization Protocol prioritization is considered an outbound filter mechanism because e Priority queues affect the sequence in which data leaves an interface they do not affect traffic as it enters the router e You use outbound traffic filters to specify whether and how traffic gets sorted into queues e Protocol prioritization supports only WAN protocols Outbound filters that include a priority queue action are sometimes called priority filters Two Types of Site Manager Protocol Prioritization There are two separate implementations of protocol priority queuing For WAN protocols supported by outbound traffic filters Site Manager supports a high normal and low priority queue at the circuit interface level The router automatically queues frames that do not match a traffic filter to the normal queue Refer to Chapter 2 to learn more about this basic circuit based priority queuing and dequeuing 1 4 Using Traffic Filters Site Manager also supports one to ten priority queues at the TCP level for DLSw traffic Refer to Configuring DLSw Services to learn about TCP based protocol prioritizat
117. st be familiar with protocol specific filtering criteria and actions Refer to Chapter 4 for this information Working with Outbound Traffic Filters To configure outbound traffic filters you first display the Configuration Manager Priority Outbound Filters window as described in the next section From the Priority Outbound Filters window you can e Create copy or edit a filter template described in Preparing Filter Templates e Apply a filter template to an interface described in Creating an Outbound Filter e Change an existing filter described in Editing an Outbound Filter e Change the filtering order described in Changing Filter Precedence 7 1 Configuring Traffic Filters and Protocol Prioritization Temporarily disable or enable a filter described in Enabling or Disabling an Outbound Filter Remove a filter from an interface described in Deleting an Outbound Filter Displaying the Priority Outbound Filters Window To configure outbound traffic filters for a particular interface you must first display the Priority Outbound Filters window for the circuit s protocol Complete the following steps to display the Priority Outbound Filters window for an interface enabling protocol priority if necessary 1 In the Configuration Manager window select Circuits gt Edit Circuits The Circuit List window appears Select a circuit interface Click on Edit The Circuit Defin
118. tbound traffic filter copying 7 12 creating 7 5 deleting actions 7 18 deleting criteria 7 15 7 18 7 20 deleting ranges 7 15 7 20 editing 7 12 naming 7 6 renaming 7 13 traffic filter actions Accept 1 12 defined 1 12 Drop 1 12 High Queue 1 12 inbound adding 6 14 6 19 Bridge 3 4 DECnet Phase IV 3 13 deleting 6 14 6 19 DLSw 3 15 IP 3 8 IPX 3 10 LLC2 3 16 OSI 3 12 source routing 3 6 VINES 3 14 XNS 3 11 Length 1 12 Log 1 12 Low Queue 1 12 outbound adding 7 15 7 18 7 20 deleting 7 15 7 20 deleting from a template 7 18 traffic filters about 1 1 actions 1 12 adding to an interface 1 13 blocking strategy A 2 components of 1 7 criteria 1 7 drop all A 2 dropping strategy A 2 forwarding strategy A 2 inbound adding to an interface 6 15 creating 6 15 creating templates 6 4 defined 1 1 deleting from an interface 6 26 DLSw 6 3 enabling 6 24 media and protocols supported 1 2 precedence 6 22 outbound 7 1 adding to an interface 7 16 creating templates 7 4 defined 1 1 deleting 7 24 disabling 7 23 editing 7 18 enabling 7 23 High Queue action 1 12 Length action 1 12 Low Queue action 1 12 media and protocols supported 1 3 precedence 6 22 7 21 reordering 7 21 precedence 1 7 A 2 purpose of 1 5 ranges 1 11 strategies 1 6 templates 1 13 to 1 14 Index 6 Transparent Bridge See Bridge U UDP Port Criteria 5 6 user defined criteria
119. te Refer to Chapter I for an overview of traffic filters filter templates and their criterion range and action components For instructions on using Site Manager to create inbound filters see Chapter 6 To define an inbound traffic filter template you need to know the specific criteria and actions that Site Manager supports for the applicable protocol This chapter lists the inbound traffic filter criteria and actions for all supported protocols Predefined and User Defined Criteria As described in Chapter 1 you create protocol specific filter templates using either predefined criteria or criteria you define user defined criteria The criteria in traffic filters determine which part of a packet the filter examines Each criterion is defined by a byte length and an offset from a known reference field within the protocol s header Sections in this chapter include both the predefined criteria that the Configuration Manager provides and the reference fields that the Configuration Manager supports for user defined criteria 3 1 Configuring Traffic Filters and Protocol Prioritization Transparent Bridge Criteria and Actions Bridge filters are the most complex because they support multiple encapsulation methods and media types Table 3 1 shows the encapsulation methods supported on physical media types Table 3 1 Bridge Encapsulation Support for Physical Media Types Bridge Encapsulation Method Supported
120. ted each aan a enara a aran dar Aa aaraa dan 7 16 Editing an Outbound Eiter 7 18 Changing Filter Precedence cecccceeseeeseeceeeeeeeeeneeecaeeeeeaaeeeeeeeeeeaaeeeseneeeeaeeseeaeeeeaas 7 21 Enabling or Disabling an Outbound Filter sssessessessssresirsssrrssrrsnrrsnnssrnnsrnnnsrinssreessrns 7 23 Deleting an Outbound Eiter 7 24 Appendix A Configuration Examples and Implementation Notes Implementation Notes AA A 1 NEW A 1 Dial Backup Tratt A 2 Using Drop All UC A 2 Inbound Traffic Filter Examples ss crearte reesen renn e EAR E Ee RE e TET EEEE A 4 Examples with Predefined Criteria cccceccccesseeceeeeeeseeeeeeeeeeseaeeeseaeeeseueeesenaeeesaes A 4 Examples with User defined Criteria ccccccecseceeeeeeeeceeeeeeeeeeseaeeeeeaeeeseeeeeetnaeessaes A 6 Protocol Prioritization Examples AA A 8 Index Figure 2 1 Figure 2 2 Figure 2 3 Figure 2 4 Figure 2 5 Figure 2 6 Figure 2 7 Figure 2 8 Figure 2 9 Figure 2 10 Figure 3 1 Figure 4 1 Figure 4 2 Figure 4 3 Figure 4 4 Figure 4 5 Figure 6 1 Figure 6 2 Figure 6 3 Figure 6 4 Figure 6 5 Figure 6 6 Figure 6 7 Figure 6 8 Figure 6 9 Figure 6 10 Figures Protocol Prioritization Dequeuing ee eeeeeeeeeeeeeeeeeeeeeeeeeeeeeteneaeeeeeeeenaees 2 2 Bandwidth Allocation Dequeuing Algorithm eee eeeeneeeeeeeenteeeeeeeaee 2 5 Strict Dequeuing Algorithm cece eeeceeceeeeeeeeeeeeceeeeseeaeeeeeeeeesaeeeeeneees 2
121. the resulting software available for use by any third party Neither title nor ownership to Software passes to licensee Licensee shall not provide or otherwise make available any Software in whole or in part in any form to any third party Third parties do not include consultants subcontractors or agents of licensee who have licensee s permission to use the Software at licensee s facility and who have agreed in writing to use the Software only in accordance with the restrictions of this license Third party owners from whom Bay Networks has acquired license rights to software that is incorporated into Bay Networks products shall have the right to enforce the provisions of this license against licensee Licensee shall not remove or obscure any copyright patent trademark trade secret or similar intellectual property or restricted rights notice within or affixed to any Software and shall reproduce and affix such notice on any backup copy of Software or copies of software resulting from modification or combination performed by licensee as permitted by this license Bay Networks Inc 4401 Great America Parkway Santa Clara CA 95054 8 Federal Street Billerica MA 01821 Bay Networks Software License continued 10 11 12 Licensee shall not reverse assemble reverse compile or in any way reverse engineer the Software Note For licensees in the European Community the Software Directive dated 14 May 1991 as may be
122. tination DECnet Phase IV Area Source or Destination Node Source or Destination VINES Protocol Type VINES Address Source or Destination DLSw MAC Address Source or Destination DSAP SSAP LLC2 APPN and LNM MAC Address Source or Destination DSAP SSAP 1 9 Configuring Traffic Filters and Protocol Prioritization Table 1 2 Summary of Predefined Outbound Traffic Filter Criteria Header Protocol Predefined Outbound Filter Criteria Data Link Control Header Source Routing SSAP DSAP PPP Protocol ID Frame Relay 2 byte DLC 3 byte DLC 4 byte DLC NLPID Ethernet Type Bridge MAC Address Source or Destination Ethernet Type Novell 802 2 Length 802 2 DSAP 802 2 SSAP 802 2 Control 802 2 SNAP Length 802 2 SNAP Protocol ID 802 2 SNAP Ethernet Type IP Header Source Routing SSAP DSAP PPP Protocol ID Frame Relay 2 byte DLC 3 byte DLC 4 byte DLC NLPID IP Type of Service Protocol Type IP Address Source or Destination UDP port Source or Destination TCP port Source or Destination Note See Configuring DLSw Services for information about criteria for outbound traffic filters based on the DLSw header Using Traffic Filters User Defined Criteria Ranges To apply customized criteria that use fields that are not represented in a protocol s predefined criteria you can define a user defined crit
123. tination Area 3 12 Destination Node 3 12 Source Area 3 12 Source Node 3 12 defined 1 7 3 1 deleting 6 14 6 19 DLSw Destination MAC Address 3 15 DSAP 3 15 Source MAC Address 3 15 SSAP 3 15 Index 1 IP IP Destination Address 3 7 IP Source Address 3 7 Protocol 3 7 TCP Destination Port 3 7 TCP Source Port 3 7 Type of Service 3 7 UDP Destination Port 3 7 UDP Source Port 3 7 IPX Destination Address 3 9 Destination Network 3 9 Destination Socket 3 9 Source Address 3 9 Source Socket 3 9 LLC2 Destination MAC Address 3 16 DSAP 3 16 Source MAC Address 3 16 SSAP 3 16 OSI Destination Area 3 11 Destination System ID 3 11 Source Area 3 11 Source System ID 3 11 SNAP Ethertype 3 4 Length 3 4 Protocol ID Organization Code 3 4 Source Routing Destination MAC Address 3 5 Destination NetBIOS Name 3 5 DSAP 3 5 Next Ring 3 5 Source MAC Address 3 5 Source NetBIOS Name 3 5 SSAP 3 5 user defined 6 20 to 6 21 VINES Destination Address 3 13 Protocol Type 3 13 Source Address 3 13 XNS Destination Address 3 10 Destination Network 3 10 Destination Socket 3 10 Source Address 3 10 Source Socket 3 10 criteria outbound traffic filter adding 7 15 7 18 7 20 common headers 4 5 Data Link header 4 2 reference points 4 6 defined 1 7 4 1 deleting 7 15 7 20 IP header 4 4 user defined 4 6 to 4 8 customer support See getting help D Data Link header outbound
124. ting Packet Bridged over Bay Networks Proprietary Frame Relay MAC DATA_LINK MAG DA MAG SA LENGTH DSAP SSAP conTROL TYPE Figure 4 4 Data Link Reference Points in an IEEE 802 2 LLC Header Configuring Traffic Filters and Protocol Prioritization IP Reference Points Table 4 4 defines the IP reference points and Figure 4 5 shows an example of where those reference points are located in a packet Table 4 4 IP Reference Points Reference Point Definition HEADER_START Points to the first byte in the IP header HEADER_END IP_WAN_HEADER_START Points to the first byte after the IP header Points to the beginning of the header beginning of the packet for PPP and Frame Relay IP_WAN_HEADER_END IP_SR_START Points to the first byte after DLCI in Frame Relay and the first byte after the Protocol ID in PPP Points to the beginning of the source routing packet which is the high order byte of the destination address IP_SR_DATA_LINK WAN_HEADER_START IP ina HEADER END HEADER_START Points to the first byte after the RIF field IP 8 START Ip Sp DATA LINK HEADER END Figure 4 5 IP Reference Points ina PPP Packet with IP Encapsulated Source Routing Chapter 5 Specifying Common Criterion Ranges For every inbound or outbound traffic filter criterion you must specify a valid range a series of target values appropriate to the criterion For many criteria yo
125. tocol Frame Relay interface specify SNAP instead of Ethernet type Place ICMP CriteriaaAdd gt IPSIP 1 Action gt IP3Add gt Table 5 9 in traffic in the low Protocol Low Queue Chapter 5 includes priority queue a list of some ICMP is not a common IP time sensitive Protocol codes protocol continued A 9 Configuring Traffic Filters and Protocol Prioritization Table A 3 Example Criteria Ranges and Actions for Protocol Prioritization Filtering Goal Criterion to Specify Ranges to Specify Action to Specify Notes Place SNA traffic in the high priority queue Criteria gt Add gt Data link gt Source Routing gt DSAP NOTE To prioritize IP encapsulated SNA traffic select CriteriaaAdd gt IP gt Source Routing gt DSAP DSAP values 0x00 to 0x04 See Chapter 5 for information about specifying MAC address or SAP criteria ranges Action gt Datalink gt Add High Queue NOTE To prioritize IP encapsulated SNA traffic select Action gt IP gt Add gt High Queue You can also select SSAP Destination MAC address or Source MAC address as the criteria Place all DLSw traffic leaving particular a synchronous interface in the high priority queue CriteriaaAdd gt IP IP gt TCP Destination Port 2065 to 2067 Refer to Table 5 6 in Chapter 5 for a list of common TCP destination port codes Action gt IP gt Add gt High Queue This example shows ho
126. tomated systems CompuServe Bay Networks maintains an active forum on CompuServe All you need to join us online is a computer a modem and a CompuServe account We also recommend using the CompuServe Information Manager software available from CompuServe The Bay Networks forum contains libraries of technical and product documents designed to help you manage and troubleshoot your Bay Networks products Software agents and patches are available and the message boards are monitored by technical staff and can be a source for problem solving and shared experiences Customers and resellers holding Bay Networks service contracts can visit the special libraries to acquire advanced levels of support documentation and software To open an account and receive a local dial up number call CompuServe at 1 800 524 3388 and ask for Representative No 591 e Inthe United Kingdom call Freephone 0800 289378 e In Germany call 0130 37 32 e In Europe except for the United Kingdom and Germany call 44 272 760681 e Outside the U S Canada and Europe call 614 529 1349 and ask for Representative No 591 or consult your listings for an office near you Once you are online you can reach our forum by typing the command GO BAYNETWORKS at any prompt xvii Configuring Traffic Filters and Protocol Prioritization InfoFACTS InfoFACTS is the Bay Networks free 24 hour fax on demand service This automated system contains libraries of
127. traffic filter 7 6 NetBIOS filter example A 7 NetBIOS Name specifying range 3 6 Normal Queue Percent Bandwidth parameter 2 22 Normal Queue Size parameter 2 19 O OSI actions 3 12 criteria 3 11 to 3 12 OSPF traffic prioritizing A 10 OSPF BGP traffic prioritizing A 10 P Packet Length parameter 7 10 parameters Protocol Prioritization Discard Eligible Bit Low 2 22 Discard Eligible Bit Normal 2 23 Enable 2 18 Greater Than Queue 7 11 High Queue Percent Bandwidth 2 21 High Queue Size 2 18 High Water Packets Clear 2 20 Less Than or Equal Queue 7 11 Low Queue Percent Bandwidth 2 22 Low Queue Size 2 19 Max High Queue Latency 2 20 Normal Queue Percent Bandwidth 2 22 Normal Queue Size 2 19 Packet Length 7 10 Prioritization Algorithm Type 2 21 performance 1 6 Index 4 precedence outbound traffic filters 6 22 7 21 traffic filters A 2 predefined criteria about 1 8 Prioritization Algorithm Type parameter 2 21 protocol prioritization clipped packets 2 8 defined 1 4 dequeuing algorithms bandwidth allocation 2 3 strict dequeuing 2 6 Discard Eligible Bit Low parameter 2 22 Discard Eligible Bit Normal parameter 2 23 DLSw Inbound Traffic Filters window 6 3 editing interface parameters 2 15 Enable parameter 2 18 enabling 2 13 examples A 9 Frame Relay 2 19 Greater Than Queue parameter 7 11 High Queue Percent Bandwidth parameter 2 21 High Queue Size parameter 2 18
128. traffic filter criteria 4 2 reference points 4 6 DECnet actions 3 13 criteria 3 12 to 3 13 deleting actions inbound traffic filter 6 14 6 19 outbound traffic filter 7 15 7 20 criteria inbound traffic filter 6 14 6 19 outbound traffic filter 7 15 7 20 inbound traffic filters 6 26 outbound traffic filters 7 24 ranges inbound traffic filter 6 14 6 19 outbound traffic filter 7 15 7 20 dequeuing algorithms bandwidth allocation 2 3 strict dequeuing 2 6 Detailed Logging action 3 9 dial backup line filters on A 2 Direct IP Explorers action 3 6 Index 2 disabling inbound traffic filters 6 24 outbound traffic filters 7 23 Discard Eligible Bit Low parameter 2 22 Discard Eligible Bit Normal parameter 2 23 DLSw actions 3 15 criteria 3 15 example A 10 Drop if Next Hop is Unreachable action 3 8 drop traffic strategy 1 6 A 2 drop all filters 1 6 A 2 E editing inbound traffic filters 6 17 outbound traffic filters 7 18 enabling inbound traffic filters 6 24 outbound traffic filters 7 23 Ethernet Type ranges Frame Relay traffic 5 4 5 7 IPX over Frame Relay traffic 5 9 examples DLSw A 10 FTP A 11 ICMP traffic A 9 LAT A 9 NetBIOS names A 7 OSPF A 10 OSPF traffic A 10 protocol prioritization A 1 RIP traffic A 10 SNA A 10 Spanning Tree A 11 synchronous pass through A 11 Telnet A 11 F filter templates See templates firewall strategy 1 6 A 2 Floo
129. u specify an address range This chapter lists valid range values for common traffic filter criteria and explains how to specify common address ranges in the following sections e Specifying MAC Address Ranges e Specifying Source and Destination SAP Code Ranges e Specifying Frame Relay NLPID Range Values e Specifying PPP Protocol ID Range Values e Specifying TCP and UDP Port Range Values e Specifying Ethernet Type Range Values e Specifying IP Protocol Range Values Note Refer to Chapter 1 for an overview of traffic filters filter templates and their criterion range and action components 5 1 Configuring Traffic Filters and Protocol Prioritization Specifying MAC Address Ranges When you create a filter that includes a Source or Destination MAC Address criterion you specify the MAC address range in either most significant bit MSB or canonical format Table 5 1 lists the address formats to use Table 5 1 Format for Specifying Source Routing MAC Addresses Address Type Address Format PPP MSB Bay Networks Standard Frame Relay Canonical Bay Networks Proprietary PPP Canonical Token Ring MSB Ethernet Canonical When defining outbound traffic filters you can specify a MAC address in either MSB or canonical format but the default is canonical Source Routing Bridge Source MAC Addresses When specifying Source MAC addresses for SRB traffic filters set the most significant bit MSB to on
130. w to prioritize DLSw traffic before other protocols on the interface To affect the priority of specific types of DLSw traffic at the TCP level use DLSw protocol prioritization as described in Configuring DLSw Services Place RIP traffic in the low priority queue CriteriaaAdd gt IP IP 520 gt UDP Destination Port Action gt IP gt Add gt Low Queue Refer to Table 5 7 in Chapter 5 for a list of common UDP destination port codes Place OSPF traffic in the high priority queue CriteriaaAdd gt IP IP 89 Protocol Type Action gt IP3Add gt High Queue Refer to Table 5 9 in Chapter 5 for a list of common IP Protocol codes Place OSPF BGP traffic in the high priority queue CriteriaaAdd gt IP IP O0xed Type of Service Action gt P3Add gt High Queue continued Configuration Examples and Implementation Notes Table A 3 Example Criteria Ranges and Actions for Protocol Prioritization Filtering Goal Criterion to Specify Ranges to Specify Action to Specify Notes Place Spanning Criteria gt Add gt Data 0x42 DSAP or Action gt Datalink gt Refer to Table 5 3 in Tree traffic in the link gt Source SSAP Add High Queue Chapter 5 for a list high priority Routing gt DSAP of SAP codes queue SSAP Control 0x03 Control code Place CriteriaaAdd gt Data Ox80FF Action gt Datalink gt synchronous link gt 802 2 SNAP Add High Queue pass through Ethe
131. with a particular MAC address perhaps an application server to take precedence over other traffic you can use protocol prioritization to assign a high priority to any traffic with that source address 1 6 Using Traffic Filters Combine Filters You can apply as many as 31 inbound and 31 outbound traffic filters on each router interface As you add filters to an interface the Configuration Manager numbers them chronologically rule 1 rule 2 rule 3 and so on The filter rule number determines the filter s precedence Lower rule numbers have higher precedence Filter 1 has the highest precedence If a packet matches 2 filters the filter with the highest precedence lowest number applies You can reorder filters after creating them to determine the precedence of individual filters Components of Traffic Filters Criteria Site Manager creates both inbound and outbound traffic filters from template files that contain filtering information These templates consist of three components e Criteria The part of each incoming packet frame or datagram header to be examined e Ranges Numeric values usually addresses to be compared with the contents of examined packets e Actions What happens to packets that match the criteria and ranges specified in a filter Each filter is associated with a particular router circuit A filter criterion is the part of a packet frame or datagram header to be examined You can logically
Download Pdf Manuals
Related Search