3Com provides a CD-ROM that includes all Enterprise OS software version 11.4
software manuals plus version 11.4 new installation and upgrade manuals. To
obtain a hardcopy version of the 11.4 documentation, order part number
C36460T.
You can order the documentation CD-ROM using part number 3C6461T.
Additionally, all documentation for Enterprise OS software version 11.4 is
3Com Corporation reserves the right to revise this documentation and to make changes in content from
time to time without obligation on the part of 3Com Corporation to provide notification of such revision or
change.
3Com Corporation provides this documentation without warranty of any kind, either implied or expressed,
including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose.
3Com may make improvements or changes in the product(s) and/or the program(s) described in this
documentation at any time.
UNITED STATES GOVERNMENT LEGENDS:
If you are a United States government agency, then this documentation and the software described herein
are provided to you subject to the following restricted rights:
For units of the Department of Defense:
Restricted Rights Legend: Use, duplication, or disclosure by the Government is subject to restrictions as set
forth in subparagraph (c) (1) (ii) for Restricted Rights in Technical Data and Computer Software Clause at 48
C.F.R. 52.227-7013. 3Com Corporation, 5400 Bayfront Plaza, Santa Clara, California 95052-8145.
For civilian agencies:
Restricted Rights Legend: Use, reproduction, or disclosure is subject to restrictions set forth in subparagraph
(a) through (d) of the Commercial Computer Software – Restricted Rights Clause at 48 C.F.R. 52.227-19 and
the limitations set forth in 3Com Corporation’s standard commercial agreement for the software.
Unpublished rights reserved under the copyright laws of the United States.
If there is any software on removable media described in this documentation, it is furnished under a license
agreement included with the product as a separate document, in the hard copy documentation, or on the
removable media in a directory file named LICENSE.TXT. If you are unable to locate a copy, please contact
3Com and a copy will be provided to you.
The software you have received may contain strong data encryption code that cannot be
exported outside of the U.S. or Canada. You agree that you will not export/reexport, either
physically or electronically, the encryption software or accompanying documentation (or copies
thereof) or any products utilizing the encryption software or such documentation without
obtaining written authorization from the U.S. Department of Commerce.
Unless otherwise indicated, 3Com registered trademarks are register ed in the United States and may or may
not be registered in other countries.
3Com, AccessBuilder, Boundary Routing, NETBuilder, NETBuilder II, OfficeConnect, SuperStack, and
Transcend are registered trademarks and Edge Server, PathBuilder, and Total Control are trademarks of
3Com Corporation.
IBM, AS/400, SNA, and LAN Net Manager are registered trademarks of International Business Machines
Corporation. Advanced Peer-to-Peer Networking and APPN are trademarks of International Business
Machines Corporation. DECnet is a registered trademark of Digital Equipment Corporation. AppleTalk is a
registered trademark of Apple Computer, Inc. NetWare is a registered trademark of Novell, Inc. RealPlayer is
a trademark of Real Networks. UNIX is a registered trademark in the United States and other countries,
licensed exclusively through X/Open Company, Ltd. VINES is a registered trademark of Banyan Systems.
SunOS is a trademark of Sun Microsystems, Inc. XNS is a trademark of Xerox Corporation.
Other brand and product names may be registered trademarks or trademarks of their respective holders.
Upgrade Link and Netscape Browser Scroll Bars 46
Upgrade Link Window Resizing 47
IBM Protocols and Services Notes 47
APPN 47
APPN Connections to 3174 through Token Ring 47
APPN CP-CP Sessions and SNA Boundary Routing 47
APPN CP-CP Sessions on Parallel TGs 47
APPN DLUr Connections to 3174 Systems 47
BSC and Leased Lines 47
Boundary Routing and NetView Service Point 48
Configuring BSC and NCPs 48
DLSw Circuit Balancing 48
DLSw and CONNectUsage Parameter Default Change 48
DLSw Prioritization 48
DLSw and IBM Boundary Routing in Large Networks 48
Front-End Processor/Frame Relay Access for LLC2 Traffic 49
HPR and ISR Configurations 49
IBM Boundary Routing Topology Disaster Recovery 49
IBM-Related Services in Token Ring 50
LAN Network Manager with NETBuilder II Systems 51
LLC2 Frames and PPP 52
Maximum BSC Line Speed 52
SHDLC Half-Duplex Mode 52
SDLC 52
SDLC Adjacent Link Stations for APPN 52
Source Route Transparent Bridging Gateway (SRTG) Interoperability 52
SDLC Ports and NetView Service Point 52
UI Response Time With Large SDLC configuration 52
VTAM Program Temporary Fixes 52
ATM Services Notes 53
ATM Emulated LANs 53
ATM LAN Emulation Clients and Large 802.3 Frames 53
ATM Connection Table 53
Deleting ATM Neighbors 53
Source-Route Transparent Gateway 53
WAN Protocols and Services Notes 53
ACCM Not Configurable 53
Asynch Tunnelling on Serial Ports 53
Automatic Line Detection 53
Auto Start-up Does Not Include Async 54
Bandwidth-on-
Demand Timer Precedence 54
Baud Rates for WAN Ports in DCE Mode 54
BSC Cabling and Clocking 54
Changing the Transfer Mode Parameter Default Value 54
Compression Requirements 54
Dial Idle Timer 55
Disaster Recovery on Ports Without Leased Lines 55
DTR Modems 55
Dynamic Paths 55
Frame Relay Congestion Control 55
History-Based Compression Negotiation Failure 55
History Compression Not Allowed With Async PPP 55
Multilink PPP Configurations 55
SPID Wizard Detection Errors 56
STP AutoMode Does Not Select the Right Mode 56
Supported Modems 56
Routing Protocols and Services Notes 56
BGP Configuration Files 56
CPU Utilization with XNS Protocol 57
IPX to Non-IPX Configuration Error 57
IPX Routing, Route Receive and Route Advertisement Policies 57
Managing IP Address Assignment 57
NAT Service - Many to One Outbound Translation 57
NAT Service - TCP/UDP Port Mappings 57
OSPF Route Advertisement 57
PIM-Sparse Mode 57
PIM-SM Enterprise OS/Cisco Incompatibility 57
PIM-SM Register Checksum Formats 57
PM-SM Not Supported Over NBMA Media 58
RouteDiscovery 58
VRRP Configuration 58
Network Management System and Services Notes 58
ASCII Boot 58
Boot Cycle Continuous Loop 58
BootP Server and Autostartup 58
Bootptab File 58
Capturing Commands to boot.cfg File 59
Change Configuration and Diagnostic Menu 59
CPU Utilization Statistic 59
File System Error 59
Firmware Configuration 59
Firmware Update 59
IP Quality of Service Bandwidth 59
IP Quality of Service Configuration 59
Multiple Paths to BootP Server 59
Remote Access Default Change 60
Scheduler RunOnBootFail Completion 60
V.25bis Modem Setup 60
Web Link Documentation Path 60
Web Link Login Support 60
Zmodem Time Out 60
VPN Protocols and Services Notes 60
ACE Security Server 60
Total Control Security and Accounting Server Availability 60
Microsoft MPPE Patches and Updates 61
PKI: Entrust CA Installation Notes 61
PPTP Tunnel Security Validation 62
RSA Signature for Phase 1 Authentication 62
Windows NT MS-CHAP Authentication 62
Platform Notes 63
OfficeConnect NETBuilder and SuperStack II NETBuilder SI Additional Memory
Requirements 63
Approved DRAM SIMMs 63
Supported PC Flash Memory Cards 64
Line Error Reporting on PathBuilder S5xx Series Switch Statistics Display 64
T3 Bandwidth Limitation 64
MBRI Ownership During Board Swapping 64
Multiport MBRI Module SNMP Management 64
Token Ring+ Modules 64
Token Ring Auto Start-up 64
E
NTERPRISE
11.4 R
These release notes provide information on the following topics for Enterprise OS
software version 11.4:
Encryption Packages Notice
■
■
Supported Platforms
■
Platforms Not Supported
New Features and Feature Enhancements
ATM Services Notes
WAN Protocols and Services Notes
■
■
Routing Protocols and Services Notes
■
Network Management System and Services Notes
VPN Protocols and Services Notes
■
■
Platform Notes
ELEASE
OS S
OTES
N
OFTWARE
V
ERSION
Encryption
Packages
Notice
Part No. 86-0621-000
Published January 2000
If you have questions about the software, the guides, or these release notes,
contact 3Com or your network supplier.
For information on the command syntax used in these release notes, see “About
This Guide” in
The Enterprise OS software version 11.4 may contain strong data
encryption that cannot be exported outside the United States or Canada.
It is unlawful to export/re-export or transfer, either physically or
electronically, the encryption software or accompanying documentation
(or copies thereof) or any product(s) utilizing the encryption software or
such documentation without obtaining written authorization from the US
Department of Commerce.
Do not place Enterprise OS version 11.4 packages with encryption on
networks or servers that are accessible to users outside of the U.S. and
Canada.
Software packages with encryption include the following:
■
PathBuilder™ S5xx series switch
Using Enterprise OS Software .
NTERPRISE
E
OS S
OFTWARE
8
V
ERSION
11.4 R
ELEASE
N
OTES
Multiprotocol Router with 40-bit Encryption (PL)
Multiprotocol Router with 56-bit Encryption (PE)
Multiprotocol Router with 128-bit Encryption with 3DES (PS)
■
PathBuilder S400 switch
Multiprotocol Router with 40-bit Encryption (ML)
Multiprotocol Router with 56-bit Encryption (ME)
Multiprotocol Router with 128-bit Encryption with 3DES (MS)
IP/IPX/AT Router with 40- and 56-bit Encryption (XE)
IP/IPX/AT Router with 128-bit Encryption with 3DES (XS)
■
NETBuilder II
®
Multiprotocol Router with 40-bit Encryption (DL)
Multiprotocol Router with 56-bit Encryption (DE)
Multiprotocol Router with 128-bit Encryption with 3DES (DS)
SuperStack
■
®
II NETBuilder
®
SI
IP/IPX/AT Router with 40- and 56-bit Encryption (NE) (SI model)
IP/IPX/AT Router with 128-bit Encryption with 3DES (NS) (SI model)
Multiprotocol Router with 40-bit Encryption (CL) (SI model)
Multiprotocol Router with 56-bit Encryption (CE) (SI model)
Multiprotocol Router with 128-bit Encryption with 3DES (CS) (SI model)
Supported Platforms
■
SuperStack II NETBuilder
Multiprotocol Router with 56-bit Encryption (TE) (Token Ring
models 327 and 527)
■
OfficeConnect
®
NETBuilder
IP/IPX Router (JW)
IP/IPX Router with 56-bit Encryption (JE)
IP/IPX Router with 128-bit Encryption with 3DES (JS)
IP/IPX/AT Router with 40- and 56-bit Encryption (NE)
IP/IPX/AT Router with 128-bit Encryption with 3DES (NS)
Multiprotocol Router with 56-bit Encryption (OE)
Multiprotocol Router with 128-bit Encryption with 3DES (OS)
■
OfficeConnect 10 NETBuilder
Router (RW)
Router with 56-bit Encryption (RE)
Router with 128-bit Encryption with 3DES (RS)
Enterprise OS software version 11.4 is available for the following platforms:
■
NETBuilder II
■
SuperStack II NETBuilder models 327 and 527
SuperStack II NETBuilder SI models 43x, 44x, 45x, 46x, 53x, 54x, 55x, and 56x
■
■
OfficeConnect NETBuilder models 11x, 12x (K and T variants),13x,
14x (U and ST variants) and 10/ST
Platforms Not Supported 9
■
PathBuilder S5xx series switch models S500, S580, S593, S594, S598 and S599
PathBuilder S400
■
OfficeConnect
NETBuilder and
SuperStack II
NETBuilder SI Release
Platforms Not
Supported
New Features and
Feature
Enhancements
Due to increased memory requirements, the OfficeConnect NETBuilder and
SuperStack II NETBuilder SI will be released after the general release of Enterprise
OS Software version 11.4. The general release will include support for the
following platforms: NETBuilder II, SuperStack II NETBuilder Token Ring,
PathBuilder S50x, S58x, S59x, and PathBuilder S400 devices. Watch for special
release announcements for the OfficeConnect NETBuilder and SuperStack II
NETBuilder SI devices.
See “OfficeConnect NETBuilder and SuperStack II NETBuilder SI Additional
Memory Requirements” on page 63 for details about memory requirements for
the OfficeConnect NETBuilder and SuperStack II NETBuilder SI devices.
The Enterprise OS software version 11.4 does not support the following
bridge/routers:
■
Model 227 SuperStack II NETBuilder Router (Ethernet)
Model 427 SuperStack II NETBuilder Router (Ethernet, ISDN)
■
■
Model 120 OfficeConnect NETBuilder (FRAD)
Model S574 and S578 PathBuilder Switch
■
Enterprise OS is the system software that operates within the NETBuilder and
PathBuilder WAN products. Enterprise OS devices supported by this r elease include
the NETBuilder II, SuperStack II NETBuilder, OfficeConnect NETBuilder
bridge/router, PathBuilder S5xx tunnel switch (models S500, S580, S593, S590,
S594, S598, S599), and the PathBuilder S400 WAN convergence switch.
JAVA Runtime
Environment
VPN and Security
Features
This section highlights the new features and enhancements contained within
Enterprise OS software version 11.4.
With 3Com Enterprise OS software version 11.4, in the /tools/jre subdirectory is
the MS Windows 95/98/NT version of JRE (Java Runtime Environment) written by
Sun Microsystems. This JRE archive file is a self-extracting executable that contains
the Java virtual machine, runtime class libraries, and Java application launcher that
are necessary to run programs written in the Java programming language. The JRE
is needed to run the following Enterprise OS applications:
Voice Wizard in Web Link (embedded web interface) on the PathBuilder S400
■
devices
PKI Manager (part of the Transcend VPN Application Suite)
■
For more information or to download the UNIX version, see Sun's website:
http://java.sun.com/products/jdk/1.2/runtime.html
VPN and Security features provide Public-Key Infrastructure, Non-Broadcast,
Multi-Access (NHRP) for VPN Tunnels, IP Payload Compression Protocol (IPComp),
and Tunnel Switching Between Different Tunnel Types.
NTERPRISE
E
OS S
OFTWARE
10
V
ERSION
11.4 R
ELEASE
N
OTES
Public-Key Infrastructure (PKI) Implementation
Applications like IP Security (IPsec) and Internet Key Exchange (IKE) employ
public-key technology for such security purposes as identifying oneself to remote
entities, verifying a remote entity's identity, or initiating secure communications
with remote peers. Such applications require a public-key infrastructure (PKI) to
securely manage public keys for widely-distributed users or systems. The
implementation of PKI is based on the X.509 standard.
New also is PKI Manager , a graphical management application to aid Enterprise OS
devices in obtaining PKI certificates and Certificate Revocation Lists (CRLs) from
various Certificate Authorities (CAs). PKI Manager works as a proxy between the
device and the CA. It is responsible for collecting the certificate requests from the
devices and generating the CA-specific certificate request syntax (CRS), which in
turn is sent to the CA. After the CA issues the certificate, PKI Manager retrieves it
from the CA and send it to the Enterprise OS device. The CAs that are supported
with this first release are Verisign and Entrust. The application is currently
supported only on Windows NT. See the “Transcend VPN Application Suite”
section of this release note for more information.
Non-Broadcast, Multi-Access (NHRP) for VPN Tunnels
With the Non-Broadcast, Multi-Access (NBMA) characteristics of a
Point-To-Multi-Point (P2MP) VPN tunnel (also called IP-Over-IP tunnel), an IP packet
must be forwarded via a routed tunnel path. These tunnel paths must be
configured statically between each pair of neighbors. All VPN traffic is allowed to
flow only through the configured neighboring paths. This makes routing
inefficient since data forwarding may not always be using the best route with the
shortest hops. To solve this, the user would have to go to the trouble of
configuring a fully-meshed VPN so packets could be forwarded with one hop.
With the Next Hop Resolution Protocol (NHRP) implemented in 11.4, tunnels are
now established dynamically . NHRP enhances the Point-To-Multi-Point (P2MP) VPN
tunnel by eliminating the need to statically configure each and every end-point
virtual port on the device. NHRP resolves the next hop when forwarding data
through tunnels. The Enterprise OS device will “automatically” discover its short
cut path for routing, without having to manually configure every neighboring
path.
IP Payload Compression Protocol (IPComp or IPPCP)
Enterprise OS software supports data compression to ease bandwidth problems.
However, in previous software releases the compression mechanism was not
effective when a data stream was encrypted at layer 3. With 11.4, by using IP
Payload Compression Protocol (IPComp), RFC 2393, to first reduce the size of the
IP datagram by compressing the data, then performing encryption, the size of IP
datagrams has been reduced. This is extremely useful when IPsec encryption is
applied to IP datagrams, since compression of outbound IP datagrams is done
before any IP security processing, and the decompression of inbound IP datagrams
is applied after the completion of all IP security processing. Only dynamic
negotiations of the IPComp Association (IPCA) via IKE and one compression
algorithm (LZS) is supported for 11.4. Any negotiation of IPComp is always
combined with a negotiation of ESP, AH, or both.
New Features and Feature Enhancements 11
Tunnel Switching Between Different Tunnel Types
So that tunnel switching between two sessions of different tunnel types can be
easily implemented and maintained, Enterprise OS software version 11.4 has been
re-structured to support tunnel switching from PPP over Ethernet (PPPoE) to PPTP,
and from PPPoE to L2TP. Users can now dial-in through a PPPoE tunnel and
“switch out” through a PPTP or L2TP tunnel. This enables the Enterprise OS device
to have the flexibility of switching between tunnels of different tunnel types.
Routing Support
Features
Routing support features include OSPF External Route Aggregation, Protocol
Independent Multicast-Sparse Mode (PIM-SM), Multicast Border Router (MBR),
IGMPv2 Enhancements, PPP over Ethernet (PPPoE), Virtual Router Redundancy
Protocol (VRRP) for ATM Ethernet LAN Emulation, Virtual Router Redundancy
Protocol (VRRP) for Virtual LAN (VLAN), Many-to-One NA T Enhancement, BGP-4 &
IPv6 added to multiprotocol packages for OfficeConnect NETBuilder and
SuperStack II NETBuilder SI, PathBuilder S400 devices, and RSVP and RSVP Proxy
added to software packages for OfficeConnect NETBuilder and SuperStack II
NETBuilder SI and PathBuilder S400 devices.
OSPF External Route Aggregation
With OSPF, the user can import routes from external routing sources (for example,
BGP, RIP, static routes, and directly connected networks). These imported routes
become OSPF external routes. In some networks, the number of external routes to
be advertised can cause traffic congestion on the backbone and subsequently to
all areas.
Because version 11.4 aggregates the type5 external routes, the user can define
external route ranges. With user-defined external route ranges, if the external
route is within the defined range, only then will the network be advertised. This
reduces the number of external routes advertised in the backbone and regular
areas.
The periodic broadcasting of information by DVMRP and MOSPF to identify the
location of interested receivers for a specific multicast session is only useful in
networks where bandwidth is plentiful or when there is a large number of senders
and receivers for a multicast session. When senders and receivers to multicast
sessions are distributed sparsely across a wide area such schemes ar e not ef ficient.
They waste bandwidth on expensive WAN links and require the maintenance of
“routing-state” on routers that are not on the forwarding tree for the multicast
session. Protocol Independent Multicast-Sparse Mode
11.4, is an intra-domain multicast routing protocol designed to resolve some of
the inadequacies with these other multicast protocols.
(
PIM-SM), implemented in
PIM-SM is “protocol independent” in that it can work with any unicast routing
protocol. It builds a per-group (or per multicast session) shared multicast
distribution tree centered at a rendezvous point, and r equires r eceivers to explicitly
join to this shared distribution tree prior to receiving data traffic. Since a
“shared-tree” mechanism could result in suboptimal paths for data traffic from a
source to the receivers of a multicast session, PIM-SM also supports the ability to
switch to a source specific distribution tree if the data traffic warrants it. The
implementation of PIM-SM supports IPv4 in this release (IPv6 is not supported in
this release).
NTERPRISE
E
OS S
OFTWARE
V
ERSION
11.4 R
ELEASE
N
OTES
Multicast Border Router (MBR)
To allow sources and receivers inside multiple autonomous multicast routing
domains (each running a different multicast routing pr otocol -- DVMRP, MOSPF, or
PIM-SM) to communicate, the regions must be connected by multicast border
routers (MBRs). The primary role of the MBR is to pull down the traffic from one
domain to the another domain. This MBR functionality is implemented in the
Enterprise OS device to allow the efficient interoperation among independent
multicast routing protocols. A common forwarding cache to forwar d the multicast
data packets has been implemented. MBR makes it easier to have a unified
forwarding table for multicast data traffic. The multicast routing protocols will
maintain protocol specific routing states and create forwarding entries in the
unified forwarding table for multicast traffic.
IGMPv2 Enhancements
Adding to the IGMPv1 support, 11.4 will be adding support for IGMPv2 (RFC
2236). Feature enhancements include the following:
■ Allowing a host to inform a multicast router when it no longer wants to receive
traffic for a given multicast group.
12
■ Defines a new procedure for electing the multicast querier on a LAN; the
multicast router with the lowest IP address is always chosen as the querier.
■ Defines a new type of Query message, called the Group-Specific Query. This
type of message allows a router to transmit a query to a specific multicast
group rather than all groups that reside on a directly attached subnet.
PPP over Ethernet (PPPoE)
With 11.4, PPP over Ethernet (PPPoE) is available to offer a seamless integration of
broadband access technology into the existing infrastructure and operational
model of remote access. As specified in the informational RFC 2516,PPPoE
encapsulates PPP packets over Ethernet. It is intended for use by a host PC to
interact with a broadband modem (e.g. xDSL, cable, and wireless access devices)
to achieve access to high-speed data networks. The PPPoE offering is targeted at
Carriers, ISPs, and NSPs with an ATM backbone for use in a VPN environment for
broadband access.
Ethernet is the most proven, familiar , and cost ef fective LAN technology that exists
today. PPP is the most popular dial-up transport, created to define negotiating
connectivity parameters, authenticate users, dynamically assign IP addresses, and
support multiprotocol environments. In a remote dial-up envir onment, besides the
traditional analog and ISDN modems, there are server other high-speed,
broadband CPEs being rapidly deployed (for example, xDSL, cable, and wireless
access devices). All high-speed, broadband access equipment requires end users to
be knowledgeable in their technologies, connectivity, and configuration
characteristics. With PPPoE, much of the complexity of these broadband devices is
hidden from the user. In addition to ease of configuration and use for the end
user, PPPoE also simplifies provisioning, installation, and management for the
service provider.
Advantages of PPPoE:
■ Supports multiple hosts and users across a dedicated broadband connection
and a single ATM or Frame Relay PVC with the same Ethernet infrastructure.
New Features and Feature Enhancements13
■ Provides end users with ease of installation and configuration; no special
configuration of the PC or modem is needed.
■ Provides services providers with ease of provisioning, services, and
management.
■ Operates independent of access device (that is, works for xDSL, cable, or
wireless devices) which shields end users from the need to learn complicated
technologies (for example, ATM).
■ Preserves the applications that have been built around Microsoft Windows
Dial-Up Networking (DUN). A simple PPPoE client driver is used with an
interface and functionality familiar to the user.
Virtual Router Redundancy Protocol (VRRP) for ATM Ethernet LAN
Emulation
In addition to supporting Virtual Router Redundancy Protocol (VRRP) on Enterprise
OS platforms with Ethernet, Fiber Distributed Data Interface (FDDI), and Token
Ring interfaces, 11.4 now supports ATM Ethernet LAN Emulation (ATM LANE).
LANE operates by maintaining a set of mappings from MAC addresses to ATM
addresses. When running VRRP on a LANE network, the LANE protocol must be
notified when a new master router is elected so that it can update the MAC
address to ATM address mapping within the ELAN for the virtual router's MAC
address. In essence, while running VRRP over LANE, a virtual MAC address may
change location from one LEC to another.
For more information regarding VRRP, consult the Internet Drafts for VRRP
(draft-ietf-vrrp-spec-v2-03.txt) and VRRP Operation over ATM LAN Emulation
(draft-ietf-vrrp-lane-01.txt).
Virtual Router Redundancy Protocol (VRRP) for Virtual LAN (VLAN)
In addition to supporting Virtual Router Redundancy Protocol (VRRP) over a
physical LAN, with 11.4 comes support for VRRP for the Virtual LAN (VLAN).
A VLAN can be seen as a group of end-stations, perhaps on multiple physical LAN
segments that are not constrained by their physical location and can communicate
as if they were on a common LAN. With VRRP for VLAN, network operation is
ensured since dynamic responsibility for a virtual router is transmitted to one of
the VRRP routers on a VLAN.
When VRRP is used over a physical LAN, an owner of the Virtual Router ID (VRID)
may change the MAC address to the Virtual MAC (VMAC) address without
transitioning to promiscuous mode. For the VLAN implementation, when a VRRP
router becomes the master (the router that is forwarding the virtual IP packets),
the VLAN interface will always be in promiscuous mode.
Many-to-One NAT Enhancement
When executing large file transfers with a block size that is greater than the
underlying media can handle, IP will fragment the UDP packet. Since only the first
fragment contains the UDP header (which indicates the source and destination
port required by NAT to map to a NAT IP address), the subsequent fragmented
packets do not contain the UDP header. This results in NAT not having the UDP
ports to map to the NAT IP address. In previous releases, this condition would
14ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES
occur during, for example, TFTP file transfers using Large Blocksize Negotiation
(RFC 1783).
Each fragmented packet contains an IP Identification (ID) number that is used for
re-assembly. When the first fragment arrives, the ID is stored in the NAT session
that has already been setup for the TFTP file transfer, so when subsequent
fragment’s arrive with no UDP header, a search is made for the session by ID and
the relevant IP address. After the session is found, the destination and source ports
are known and NAT can translate.
BGP-4 & IPv6 added to Multiprotocol Packages for OfficeConnect
NETBuilder & SuperStack II NETBuilder SI & PathBuilder S400 devices
Previously, BGP-4 & IPv6 was available only on the NETBuilder II and PathBuilder
S5xx devices. Starting with 11.4, BGP-4 and IPv6 are supported on the
OfficeConnect NETBuilder and SuperStack II NETBuilder SI (Ethernet only)
bridge/routers, as well as on the PathBuilder S400 WAN convergence switch.
BGP-4 and IPv6 will be available only on the multiprotocol packages for these
platforms.
RSVP & RSVP Proxy added to Software Packages for OfficeConnect
NETBuilder & SuperStack II NETBuilder SI & PathBuilder S400 devices
Previously, RSVP was available only on the NETBuilder II and PathBuilder S5xx
devices. Starting with 11.4, RSVP and RSVP Proxy are supported on the
OfficeConnect NETBuilder and SuperStack II NETBuilder SI (Ethernet only)
bridge/routers, as well as on the PathBuilder S400 wAN convergence Switch.
Traffic Shaping & QoS
Features
Traffic shaping and Quality of Service (QoS) features include Bandwidth on
Demand with Incoming Traffic, and IP Quality of Service (IPQoS).
Bandwidth on Demand with Incoming Traffic
Bandwidth on Demand is a facility that provides supplementary bandwidth above
the normal bandwidth levels specified by the user whenever traffic congestion is
detected. In previous releases, only the transmitted traffic load was used to contr ol
this feature; with the 11.4 release, incoming traffic is also monitor ed. The need to
monitor incoming traffic for Bandwidth on Demand appears in such situations as
when a router that is connected to an ISP downloads a web-page. The incoming
traffic bandwidth consumption would be high; it would be desirable at this point
to add more bandwidth to accommodate the desired burst in traffic.
IP Quality of Service (IPQoS)
With the enormous growth in network traffic, robust QoS is required to ensure
mission-critical and real-time application traffic will get adequate network
resources to traverse the network regardless of the competing demands for
bandwidth by other applications.
Policy-based QoS management will enable network managers to control
bandwidth allocation and service levels on IP traffic flows. Traffic flows can be
metered and policed on a per policy base to ensure its bandwidth consumption
does not exceed the defined rate limits. When multiple flows are aggregated into
a service class, rate limiting protects conforming flows from the aggressive flows
hogging network resources that may lead to a denial of service. Flows can also be
policed to ensure correct marking of the IP/TOS-byte in the IP header as per policy.
New Features and Feature Enhancements15
Given the scalability problems associated with RSVP, the emerging IETF standard
for scalable end-to-end QoS–IP Differentiated Service is supported. Incoming
traffic flows can be classified into service classes for each defined QoS policy with
the routers providing the service level that corresponds to the Differentiated
Services Code Point (DSCP), bits 0-5 in the TOS-byte, via the Class-Based Queue
(CBQ) packet scheduler and Random Early Detection (RED) congestion avoidance
mechanisms. These queue management policies will only be supported over the
slower FR and PPP WAN links.
Brief descriptions of additional QoS features are listed below. For further
information on IPQoS, consult RFC 2474 (Definition of Differentiated Service Field
in IP Headers) and RFC 2309 (Recommendations on Queue Management &
Congestion Avoidance in the Internet).
■ Policy-based QoS Management
Flexible QoS control is configured via the IPQoS Service as port specific policies.
QoS policies can be applied to the inbound traffic at the ingress port and/or the
outbound traffic at the egress port. QoS policies are associated with flows.
Policies are stored in the user-defined precedence order in the QoS policy
database. The policy action associated with the first matching policy found for
the packet will be applied. Flow can be defined as either an aggregated flow or
a specific application flow between two end systems. Flows are classified via
the generic packet classification service provided by IP.
A network manager can define the following types of QoS policy:
■ Bandwidth control - If rate limiting is specified in a QoS policy, the associated
traffic flow will be metered and policed. Rate limiting can be applied to traffic
transmitted or received on an interface. User may also define actions, such as
forward/discard/remark TOS-byte, to handle traf fic that conforms to or exceeds
the rate limit.
■TOS control - TOS can be set to a specified TOS value. This allows incoming
packets to be classified into a small number of DSCP-based classes.
TOS-byte can also be remarked for forwarding to another administration
domain with a different IP/TOS convention.
■Service class control - A specific service class can be assigned to a flow
independent of the DSCP value in the TOS byte. By default, the 6-bit DSCP
value is mapped into a CBQ service class at the outgoing WAN port.
■Traffic redirect - traffic can be redirected at the ingress port.
■ IEEE 802.1P Prioritization
When the ingress port is connected to a VLAN-aware switch that does the
layer-2 packet classification and 802.1P user priority support is enabled on the
ingress VLAN port, the 802.1P user priority of the incoming IP packet will
determine the IP/TOS value based on the default or user-configured mapping.
When the egress port is connected to a layer-2 VLAN-aware switch that does not support packet classification and 802.1P support is enabled on the egress
VLAN port, the IP/TOS value will determine the 802.1P priority of the outgoing
packet based on the default or user-configured mapping
IP traffic can also be classified via a QoS policy to be tagged with a specific
802.1P priority.
16ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES
■ Class-Based Queuing (CBQ) Management
Class-Based Queuing (CBQ) is a link-sharing packet scheduler which is an
enhanced version of the existing Protocol Reservation queuing policy. It
performs priority scheduling and supports specific traffic class characteristics,
such as the average transfer rate. It supports a hierarchy of service classes, each
associated with a set of QoS attributes (such as, average rate, priority, and max
delay) and a packet queue to hold packets marked for the service class.
CBQ provides weighted (based on the allocated bandwidth) round robin
scheduling when the class is not congested, but switches to the link sharing
mode during periods of congestion. It regulates each class queue to its
allocated bandwidth, but allows a congested class to borrow bandwidth from
its under-utilized parent class.
When a class queue builds up due to packet arriving at higher rate than the
class’s allocated bandwidth, CBQ employs a packet drop policy to manage the
queue length/latency. By default, the simple “tail drop” is invoked to discard
the most recently arrived packet for the congested queue/class. The more
effective RED dropper can also be optionally enabled on a CBQ class queue.
CBQ also supports traffic prioritization. Higher priority classes are serviced first,
classes with the same priority are then serviced based on weighted round
robin. Borrowing is allowed only if a class is configured to allow borrowing
from its parents.
The network manager may define any number of CBQ classes. Policies can be
defined that map the DSCP in the TOS-byte to a specific service class to provide
the desired QoS. Initial RSVP support will restrict RSVP flows to the well-known
“RSVP” service class.
Given the significant per packet overhead, CBQ does not scale well with
multi-level class hierarchies and would perform best with a small number of
classes in a shallow tree structure on lower speed WAN links.
CBQ will be supported on PPP/FR ports only.
■ RED Congestion Avoidance
Random Early Discard (RED) actively manages the queue size by dropping
arriving packets using probability as follows. The probability of packet drops
increases as the estimated average queue size grows. The average queue size is
computed using a simple exponentially weighted moving average estimator.
RED starts dropping arriving packets when the queue size exceeds the defined
minimum threshold in number of packets), and the drop probability increases
linearly with the queue size until the defined maximum threshold (in number of
packets) is reached - at which point all arriving packets are dropped.
Weighted Random Early Discard (WRED) implements an additional
drop-precedence based preferential discard mechanism. The drop-precedence
value is used to determine the minimum and maximum thresholds–such that
packets tagged with a higher drop-precedence value has a higher drop
probability. The drop-precedence value is determined by the amount of traffic
in excess of the rate limit.
RED congestion avoidance scheme actively manages the queue length to
efficiently reduce both packet drops and queue latency, resulting in lower delay
and better service. The random packet drop also effectively breaks up the
traffic synchronization due to TCP’s “slow start than speed up” behavior, which
New Features and Feature Enhancements17
may cause some flows to be locked out of bandwidth if a simple tail drop is
employed when the queue becomes full. However, RED works well only with
compliant TCP implementations that backs off when network congestion is
detected. It has no effect on non-IP or UDP traffic.
RED is supported on CBQ class queues only.
Dial Service FeaturesDial service features include increased asynchronous baud rate for the all
Enterprise OS platforms.
In releases prior to 11.3, the maximum baud rate for asynchronous ports was
57.6 kbps. With the 11.3 release, the maximum baud rate has been increased to
115.2 kbps only for the OfficeConnect NETBuilder platform. With the 11.4
release, this feature is expanded to support all other platforms with FlexWAN
interfaces. This includes the NETBuilder II with the 4-port HSS module, SuperStack
II NETBuilder SI, PathBuilder S5xx, and PathBuilder S400 devices.
Voice & Multiservice
Features
Voice and multiservice features include voice over Frame Relay, and voice over
VPN. These features are currently available on the PathBuilder S400 platform only.
Voice Over Frame Relay (VoFR)
With Frame Relay already providing a flexible and efficient means of transferring
data, Voice Over Frame Relay (VoFR) consolidates voice and voice-band data (for
example, analog modems and fax messages) with data services. VoFR lowers the
cost of calls while increasing the utilization of network resources and maintaining
the reliability of an existing Frame Relay network.
With 11.4, VoFR is available in the PathBuilder S400 WAN convergence switch.
The VoFR capabilities will handle peer-to-peer (end-user to end-user) VoFR voice
call signaling across the network, providing real-time delivery of voice signals
without excessive delay.
Features of the 3Com implementation of VoFR:
■ All voice payloads are encapsulated in the FRF.11 formats. Voice and data share
the same virtual circuit (VC) based on the FRF.11 Annex J (The Use of Reserved
Subchannels) capabilities as authored by 3Com.
■ Fragmentation can consume CPU processing power resulting in degraded
system performance. Unlike other vendors implementation of VoFR, 3Com's
proprietary Fragmentation Control Protocol (FCP) is designed to support
dynamic fragmentation control to turn on-and-off fragmentation at each
communicating endpoint.
■3Com proprietary VoFR signaling based on Q.931allows dynamic call
connection and teardown.
■VoFR recovery is built into VoFR signaling to handle system or network
outage.
■ Voice call establishment is regulated by bandwidth requirements of voice
compression between two communicating DSP peers, as well as by the
available bandwidth (CIR) of the VC at each end.
■Voice calls between remote offices can be switched through central site
VoFR.
18ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES
■Up to 250 calls can be supported within each VC subject to available
bandwidth.
■Support for FXS and FXO voice ports.
■Support for FAX data over the voice call.
Voice Over VPN (VoVPN)
Due to the interaction between VPN (L2TP or PPTP) and VoIP when they are
sharing the same system IP (sysip) address, voice calls do not get tunneled over
L2TP or PPTP. The reason for this is when a VPN tunnel is established with the sysip
address, the endpoint's sysip address is in each endpoints routing table. If an
application subsequently uses the same address that is used by the tunnel, the
routing table would force the packet out on the interface, and not through the
tunnel. The packet would leave the device unencapsulated.
To overcome this, voice calls originating from the system will continue to use the
sysip address as before (in order to utilize the redundancy feature of the sysip). In
addition, the voice call will also have an option to use a different
source-destination pair for those calls that need to be tunneled via VPN. After the
source address is defined, it is linked to the virtual port that represents the VPN
tunnel, allowing the voice call to get tunneled across the VPN.
Network Management
Features
Network management features include Upgrade Utilities and Upgrade Link, Web
Link Enhancements, Autotargeting for SLA Monitoring/Remote Polling, Console
Output in Telnet Sessions, Multiple SYSLOG Server Support, Audit Log Messaging
Enhancements. and Domain Name Use in FTP and TFTP Commands.
Upgrade Utilities & Upgrade Link
With the upgrade utilities, you will be able to perform upgrades of all your
Enterprise OS devices (NETBuilder , PathBuilder S5xx, and PathBuilder S400 devices)
from an older version of software to a newer version. The version you can upgrade
to will match your version of the upgrade utilities (for example, with the Upgrade
Management Utilities version 11.4, you will be able to upgrade a device running
8.x, 9.x, 10.x, 11.0, 11.1, or 11.2 to any version 9.x, 10.x, 11.0, 11.1, 11.2, 11.3
or 11.4). Engineered to be reliable and simple to use, the utilities can be executed
via command line, via the GUI-interface in Transcend
®
Upgrade Manager, or the
GUI-interface in Upgrade Link, or via user-defined scripts.
Enhancements to Upgrades Utilities version 11.4:
■ File Transfers via HTTP
■ Faster installation of Enterprise OS software images into Upgrade Manager for
Windows95
■ Flexibility of installing the upgrade files into a directory besides /usr/3Com
■ Added support for PathBuilder S400 WAN convergence switches
Web Link Enhancements
Web Link is an embedded Web-based interface for management of the
NETBuilder bridge/router (or PathBuilder S5xx tunnel switch starting with 11.1.1).
Web Link is available on all
router platforms running version 11.0 or later. To
access Web Link, use Netscape 4.08 or later, or Internet Explorer 4.x or later.
New Features and Feature Enhancements19
■ Voice Wizard
Starting with 11.2.2 and with enhancements made in 11.4 for the PathBuilder
S400 WAN convergence switch, Web Link provides a new Wizard
configuration tool to aid in the configuration of the voice parameters. The
Voice Wizard eases the task of configuration by cr eating a dial plan that can be
viewed and later edited.
■ Performance Management
Currently available statistics are:
■System Performance
■Interface Performance: physical path statistics and port and virtual port
statistics
■Protocol Performance: Routing protocols
■IP Routing Protocol: Total IP packets and IP packets per interface
■IPX Routing Protocol: Total IPX packets
■ IPX Packets Per Interface
■Frame Relay WAN Protocol
■ New Statistics for 11.4
■VPN Performance: VPN tunnels and total active tunnels
encrypted-authenticated, packets and discarded packets
■Voice Performance
■ Total Successful Calls
■Total Packets
■Total Bytes
Autotargeting for SLA Monitoring/Remote Polling
In 11.2, Remote Polling was introduced which provided a mechanism to
periodically poll a list of up to 100 target devices. By pinging a target list of devices
for connectivity, logs could be generated and statistics gathered to measure
latency between devices and to determine service levels. Statistics could also be
gathered using the 3Com remote polling MIB (3com0019.mib), which can give
the statistical result of each poll. The MIB variables can be used with 3rd party
applications, like InfoVista to provide service level monitoring, analysis, and
reporting. A maximum of 100 target devices can be polled.
In 11.4, the requirement to manually configure up to 100 target devices that the
administrator remotely polls has been eliminated. Four predefined “target groups”
will be used:
■ RAS targets are automatically added when a RAS user session is established
■ VLL targets are automatically added when a virtual leased line is configured
■ Tunnel Peers including PPTP/L2TP/IPIP/DNL are automatically added
■ Static targets can still be manually configured, if desired
20ENTERPRISE OS SOFTWARE VERSION 11.4 RELEASE NOTES
Console Output in Telnet Sessions
With 11.4, all system messages can be displayed to a Telnet session as well as
through a terminal attached to the local console port. Administrators will be able
to view all important status messages from the Telnet session improving
manageability.
Audit Log Messaging Enhancements
Many enhancements are added in the 11.4 release regarding the logging of
events. These include:
■ In previous releases, only one SYSLOG server on the network could be sent the
audit log messages from an Enterprise OS device. With 11.4, the administrator
can configure each Enterprise OS device to send it's audit log messages to up
to six SYSLOG servers.
■ In previous releases, only one SYSLOG server on the network could be sent the
audit log messages from an Enterprise OS device. With 11.4, the administrator
can configure each Enterprise OS device to send it's audit log messages to up
to six SYSLOG servers.
■ Persistent logging of events across reboots now available across all platforms.
Previously this feature was available only for NETBuilder II and PathBuilder S5xx
devices (those devices which could support the partial dump feature). With
11.4, the partial dump feature is extended to the stackable devices
(OfficeConnect NETBuilder, SuperStack II NETBuilder SI, and PathBuilder S400
devices), so reasons for spontaneous failures will be logged both on the device
and within audit log messages sent to the SYSLOG server(s).
■ To provides a clearer understanding of audit log messages, the format of the
messages has been changed. There is a different format for those messages
sent to a SYSLOG server vs those saved on the device's local audit log buffer.
Redundant information was removed and comprehensive definitions are
provided. A field was added to indicate message severity (0-7 indicating
Emergency, Alert, Critical, Error, Warning, Notice, Info, and Debug).
Changes to audit log messages sent to SYSLOG server(s):
■For the SYSLOG messages, a unique message identifier (starting with 100)
has been added. Specific services have been assigned a range of identifying
numbers. For example, 100-199 identifies audit log file access status
messages … dial history messages are 400-499 … IPsec messages are
600-649 … and Web Link messages are 1400-1499.
■A new message format will have identifying labels. The new syntax is as
■ Audit Log Message Filters are now supported. In previous releases, all audit log
messages were sent to the designated SYSLOG server. With 11.4, the
administrator can set a LogFilter, whereby specific messages can be sent to
specific SYSLOG servers. Messages can be filtered based on service, priority,
Loading...
+ 44 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.