background image

Introduction

14

To set up a Bandwidth on Demand installation, you must choose the throughput level that will be required for activating the
stand-by link.  The throughput level is measured in percentage of use of the primary link.  This percentage level is defined by
the Up Threshold parameter in the Secondary Activation Menu and may be set to any value from 50% to 100%.

A timer must be defined to determine the length of time to wait before bringing up the stand-by link.  The Up Stability Timer
parameter in the Secondary Activation Menu is used to define how long in minutes (from 1 to 60) the main link must exceed
the threshold before the stand-by link is started.

Once the activation-throughput threshold has been determined and set, you must decide what the throughput threshold will
have to be to drop the second link and operate on the main link only.

The Down Threshold level is set in the Secondary Activation Menu and defaults to 10% lower than the Up Threshold level.
Remember that the down threshold looks at the total throughput (both links together) to determine if the second link will be
brought down.  The Down Threshold is defined as the percentage of the main links bandwidth the current total throughput
represents.  When the total throughput drops below the Down Threshold, the second link will be dropped.

A timer must also be defined to determine the length of time to wait before dropping the stand-by link.  The Down Stability
Timer parameter in the Secondary Activation Menu is used to define how long in minutes (from 1 to 60) the combined links’
throughput must remain below the down threshold level before the stand-by link is stopped.

Time of Day Connect Application

In addition to the Bandwidth on Demand feature, the P840 router has the ability to establish link connections based
on a specific time-of-day schedule.  Either one or two links may be controlled using the Time of Day feature.  The
Time of Day feature may also be used in conjunction with the Bandwidth on Demand feature.  It may be used in
both Multipoint and Multilink configurations.

Operating Software Upgrades

The P840 router includes flash memory, that allows new system code to be downloaded using the Trivial File Transfer
Protocol (TFTP).  This allows software updates to be performed quickly and painlessly from a host server (with TFTP
capabilities) on the network.

The P840 router also allows the downloading of software updates by using a direct management port connection and the
ZMODEM transfer protocol.

Summary of Contents for P840

Page 1: ...Perle P840 Bridge Router with VPN Reference Manual All Software Versions Part number 5500063 12 copyright 2002 by Perle Systems Ltd ...

Page 2: ... detect LAN and Link problems determine utilization patterns and plan for future expansion that will optimize your existing data communication resources The P840 router can be thought of as a group of discrete functions combined in a single box The first functional module is the LAN interface which receives all LAN traffic and then decides where individual frames should be sent to the IP router to...

Page 3: ...quest is a MAC broadcast every device on the LAN will see the frame The device that has the IP address 170 22 10 4 will respond with a frame to the originating station The ARP reply frame will include the MAC address of the destination device Now when the two devices wish to send data across the LAN to each other they will both use the MAC and IP address of the other device Each device on the LAN ...

Page 4: ...f the destination router Remember that the local router does not alter the destination IP address so the destination IP address will still be the IP address of the destination station Destination router will receive the data frame and strip off the MAC portion The resulting IP frame will be examined to determine the destination IP address Destination router will look in its routing table to find t...

Page 5: ...hecksum The header checksum is used to verify the data in the IP header The IP header checksum is recalculated each time a frame is passed through a router The recalculation is necessary because the time to live field is changed Fragmentation Fragmentation occurs when an IP frame must be split up into smaller IP frames When the originating device generates the IP frame the device is not aware of a...

Page 6: ...rd the time at which the IP frame passed through each router on its way to the destination station ICMP Messages Internet Control Message Protocol ICMP messages are used to perform station and router protocol participation ICMP messages are passed between routers or between routers and stations There are several different messages as discussed below Unreachable The unreachable message is sent back...

Page 7: ... frame the router will examine it to determine the destination network address The router will then look in the routing table determine the next router to send the IP frame to and send the frame to that router The selection of the best route path is based solely on the number of hops to the destination network Update Mechanism In order to ensure that the routing tables of all routers in the networ...

Page 8: ...several aspects of your LAN environment These rules define what actions are taken under particular situations One of the more important rules employed by the P840 router is also a very fundamental part of the bridging process This rule dictates how Ethernet Station Addresses are processed by the bridge The process is outlined below Station Address Learning The P840 router performs an important ban...

Page 9: ...w see the previously unknown destination address in the source address field It will now process this source address as it did during the initial learning stage adding the location to the address entry In this fashion looking at source addresses of non local packets the bridge learns about non local stations and their associated arrival ports The bridge then updates the location of each address in...

Page 10: ...ng rule A permanent address is one that is not subject to the aging timer and will remain in the filter table for an indefinite period of time A table is reserved for permanent address entries separate from the table that is used for those non permanent entries that are subject to aging These tables may be displayed and modified with the bridge router options discussed in this manual Access is mad...

Page 11: ... If a bridge router does not have an IP address Telnet connections cannot be initiated or received If a Telnet connected bridge router receives a second connection attempt from another bridge router the connection attempt will be ignored Connecting to a bridge router while the remote bridge router menu system is operating with a different terminal setting may cause unexpected screen errors Once th...

Page 12: ...ughput range from 112 128 Kbps when transferring binary files to 364 384 Kbps when transferring graphic files This increased throughput significantly reduces the bandwidth required between the LANs to achieve a given performance level and also allows the use of lower cost transmission facilities 0 50 100 150 200 250 300 350 400 Binary Mixture Graphic File Type Throughput in Kbps Uncompressed Compr...

Page 13: ...P840 routers one on each link is in a Multipoint configuration The Time of Day connect feature may be used in a Multipoint configuration to provide specific hours of access Bandwidth On Demand Each P840 router has the ability to automatically enable or disable a second link based on traffic activity or time of day The Bandwidth on Demand feature allows you to use a second link only when required t...

Page 14: ... the percentage of the main links bandwidth the current total throughput represents When the total throughput drops below the Down Threshold the second link will be dropped A timer must also be defined to determine the length of time to wait before dropping the stand by link The Down Stability Timer parameter in the Secondary Activation Menu is used to define how long in minutes from 1 to 60 the c...

Page 15: ...ions and maintains them while the ISDN call is deactivated When the LAN devices require the connection to exchange more data the ISDN call is reactivated so that the LAN data may be transferred During the periods of ISDN call disconnection suspension each end of the LAN connection must believe that the complete connection still exists The generation of the regular status inquiries and responses no...

Page 16: ...ic WAN configuration that needs to be maintained at all specified times between sites This ISDN connection is made upon initial power up and is maintained during the times defined in the time of day schedule Network B Network A Figure 2 1 Auto Call WAN Topology The semi permanent connection that results from an Auto Call configuration means that the P840 will attempt to maintain a connection to th...

Page 17: ...rently connected partner P840 the local P840 will then look in the Address Connect table to determine which partner P840 to call The Address Connect tables are used by the P840 to determine which remote P840 is called when a specific destination network address is requested from a device on the local LAN The Address Connect tables are configured by the P840 operator 555 1000 555 8000 The ISDN conn...

Page 18: ...3 Auto Call Address Connect WAN Topology Connection Process When a LAN client requests a session with a LAN server the client will initiate the session by sending a session connection request to the server If the server is located on a remote LAN the session connection request must be sent to that remote LAN before the server can process the session connection request and reply to it Any of the ca...

Page 19: ...may only be re established by the P840 initiating the suspension or by the partner P840 that was connected just prior to the call being suspended This prevents other P840s from tying up the ISDN calls and interfering with the suspended calls ISDN calls may be connected and disconnected between the two P840s when required according to the suspension and re activation of the ISDN calls When all of t...

Page 20: ...erver on behalf of the Client while the ISDN call is suspended The Server generates keepalive frames which are to be sent to the Client and acknowledged by the Client The Client receives the keepalive frames and sends an acknowledge back to the Server While the ISDN call is suspended this Router willgenerate keepalive frames and send them to the Client and wait for an acknowledement from the Clien...

Page 21: ...for IP Address Connect use The combination of Auto Call and Address Connect allows part of the WAN environment to be established statically and still allow dynamic connections to other networks depending upon destination IP addresses Suspension of TCP IP Sessions When Connection Management is enabled TCP sessions that are established across the ISDN calls are monitored and maintained in a table Th...

Page 22: ...nal This connection will then provide access to the built in menu system If the console interface is to be connected to a modem or other DCE device a standard RS 232 crossover converter should be used The following table illustrates the console pinouts RJ45 connector on unit DCE DB9 connector on converter DCE RS 232 signal name 2 6 CTS 3 4 DTR 4 5 GND 5 2 RxD 6 3 TxD 7 8 DSR 8 1 CD Figure 3 1 Rear...

Page 23: ...an incoming ISDN call from the specified CallerID has been identified as a request for Callback and has been rejected The request for Callback was rejected because the CallerID was associated with a remote site whose call limit was exceeded CallerID X rejected not resuming Generated when an incoming ISDN call from the specified CallerID has been rejected The call was rejected because all available...

Page 24: ...ociated with the stated remote site profile Once IPCP negotiations are complete IP routing may take place between the two routers Configuration restored Generated during a warm start when a configuration is successfully restored from non volatile RAM Connection attempt to IP address Generated when the bridge router attempts a Telnet connection The IP address of the target bridge router is specifie...

Page 25: ...ess is specified After three incorrect login attempts within ten minutes an alarm is generated see Security alarms Possible intruder and any further attempts from that IP address within the next ten minutes are rejected Invalid Relay Destination for subnetted network Generated when a device attempts to do a network broadcast on a subnetted network LCP X authenticating peer with CHAP Generated when...

Page 26: ...r protocol Generated when the peer remote device rejects one of the Network Control Protocols No NCP s open tearing link down Generated when a PPP link does not have a Network Control Protocol operating This may be due to BCP IPCP and IPXCP being disabled or the NCP connection was not negotiated to completion Password accepted from IP address Generated when a correct password is given for a Telnet...

Page 27: ...tiation with remote site alias Generated when the Bandwidth Allocation Control Protocol negotiation has been initiated with the remote site device associated with the stated remote site profile Starting BCP negotiation with remote site alias Generated when the Bridging Control Protocol negotiation has been initiated with the remote site device associated with the stated remote site profile Startin...

Page 28: ...y not have succeeded in delivering the entire file TFTP IP address finished getting filename The bridge router has sent the final packet of a file filename that a LAN device with IP address displayed was getting from the bridge router TFTP IP address finished putting filename The bridge router has ACK ed the last packet of a file filename that a LAN device with IP address displayed was putting ont...

Page 29: ...IP triggered RIP Generated when the connection to a remote site is being closed due to failure of IP triggered RIP Closing remote site X last session Generated due to the termination of the last session Closing remote site X link disabled Generated due to the link being disabled by the operator Closing remote site X no NCPs open Generated when no Network Control Protocols operating Closing remote ...

Page 30: ...d when the save configuration option has been activated Configuration too large to be saved Generated when the bridge router attempts to save a configuration that does not fit in the reserved area of non volatile RAM Connection to LAN X failed trying Generated when failure of the LAN interface external loopback test is detected Count overflow Reset to history size Generated when the number of even...

Page 31: ...on file that is being downloaded will not fit in the memory of this router E mail server added to firewall The IP address of the E mail server added to the table of services available through the firewall E mail server removed from firewall The IP address of the E mail server removed from the table of services available through the firewall Erasing config block starting Generated as a notification...

Page 32: ... attached to remote site remote site alias Generated when a PPP ISDN call is attached to a remote site Link X attached to remote site remote site alias Generated when Link X has been identified as a connection to the specified remote site Link X busy Generated when a call was attempted on the link while it already had a call in progress This may also occur if the link was not activated at the time...

Page 33: ...8 No user responding 019 020 021 No answer from user Circuit operational Call rejected 022 Number changed 023 024 025 026 027 028 Reverse charging rejected Call suspended Call resumed Non selected user clearing Destination out of order Invalid number format 029 Facility rejected 030 031 Response to STATUS INQUIRY Normal unspecified 033 034 035 036 037 038 039 Circuit out of order No circuit channe...

Page 34: ... exists but this call identity does not Call identity in use No call suspended 086 087 088 Call having the requested call identity has been cleared Destination address not member of CUG Incompatible destination 089 090 091 Non existent abbreviated address entry Destination address missing Invalid transit network selection 092 093 095 096 Invalid facility parameter Mandatory information element is ...

Page 35: ...site is already in use Link not configured for leased line on remote site remote site alias The link that has been assigned to this remote site is not configured for leased line operation Link X Outgoing Data Call to DN Generated when a data call is outgoing to the dialing network Link X Registered Generated when the link has registered with the network This alarm is only applicable for switchtype...

Page 36: ...ite profiles before another entry can be made No saved configuration using default Generated during a cold start when no saved configuration is available No ISDN call configured for remote site remote site alias The remote site selected does not have the ISDN parameters configured properly to make a connection re edit the site profile No ISDN line available for remote site remote site alias All IS...

Page 37: ...e alias already connected Generated when a connection is attempted to a site that is already connected to this router Remote site remote site alias connected Generated when the specified remote site has been connected for connection management Remote site remote site alias resumed Generated when the connection to the specified remote site has been resumed Remote Site remote site alias starting cal...

Page 38: ...ough the firewall TFTP Abort ACK retry exceeded Aborted a TFTP session because the bridge router did not receive a new data packet within the TFTP T1 times N2 interval TFTP Abort ACK timeout Aborted a TFTP session because the bridge router did not receive an ACK for the last data packet it sent within the TFTP T1 times N2 interval TFTP Abort Error received Aborted a TFTP session because of the rec...

Page 39: ... channel causing IP routing to fail Unknown call type on remote site remote site alias The attempted call is not an ISDN or PPP leased line call Possible cause is a remote site profile being deleted while a connection attempt is being made WWW HTTP server removed from firewall The IP address of the WWW HTTP server removed from the table of services available through the firewall WWW HTTP server ad...

Page 40: ...ication failure for user Y Generated when the PAP password sent by this router in reply to the remote site router PAP password request is rejected PAP failed for remote site alias Generated when the remote site router failed a PAP authentication request from this P840 The remote site name is displayed if known PAP X failed to complete Y Generated when the remote site router sent a PAP password req...

Page 41: ...sources by preventing unauthorized user access The P840 router provides three built in functions in addition to defined programmable masks to control the access to resources The first function is Filter if Source the second is Filter if Destination The third function allows you to change the filter operation from positive to negative Positive filter operation causes the specified MAC addresses to ...

Page 42: ...ILTERS MENU where access to the MAC Address filters is obtained 4 From the MAC ADDRESS FILTERS MENU make sure that Filter Operation is currently set to positive This will cause the MAC Address Filters specified to be used for filtering frames with the specified MAC addresses 5 From the MAC ADDRESS FILTERS MENU enter a 1 This will place you at the first EDIT MAC ADDRESS FILTER MENU screen At the pr...

Page 43: ... the CONFIGURATION MENU enter an 8 This will place you at the FILTER SET UP MENU where access to the individual filtering menus is obtained 3 From the FILTER SET UP MENU enter a 1 This will place you at the MAC ADDRESS FILTERS MENU where access to the MAC Address filters is obtained 4 From the MAC ADDRESS FILTERS MENU make sure that the Filter Operation is currently set to positive This will cause...

Page 44: ...ation of its address and filter all other frames If the destination address equals the address that the Forward if Destination function has been applied to the frame is forwarded Example Assume that a host Computer is located on LAN segment 2 located on a partner bridge router with an Ethernet address of 00 00 01 02 03 04 host Ethernet address Since each station on a LAN has a unique Ethernet addr...

Page 45: ...orward if Source Forward if Source is a function that allows you to forward an Ethernet frame if the source address of the frame equals the address that the Forward if Source function has been applied to Example Assume that a Personal Computer is located on segment 1 on the local bridge router This station belongs to the head of Marketing This station requires access to all the services that exist...

Page 46: ...bout the station 7 Enter a 2 to enter the location of the station 8 The bridge router will prompt you for the LAN that the station is located on enter the name of this bridge router s LAN LAN456789 for example Note that the Status of the address is marked as present the location is updated to LAN456789 and the Permanent entry is enabled 9 Enter a 3 to enable the Forward if Source parameter The edi...

Page 47: ...ation starting at the 12th octet equals the 80 of the filter pattern NOT Used in pattern filters to indicate that all packets not matching the defined pattern will be filtered Example 12 80 This filter pattern will match if the packet information starting at the 12th octet does not equal the 80 of the filter pattern brackets Used in pattern filters to separate portions of filter patterns for speci...

Page 48: ...rger networks there may be upwards of 30 or more This of course will depend on the type of equipment and the applications that are being used within the Local Area Network Internet Protocol IP The Internet Protocol IP is the most widely used protocol within an Ethernet environment As a result there may be a need to restrict in one form or another this protocol traffic Filter all IP Packets To prev...

Page 49: ...Filtering 49 In this case whenever a frame is received the frame will be filtered if the protocol type is NOT equal to 0800 IP Only one filter pattern may be used that contains the NOT operator ...

Page 50: ...The location of this field remembering that the start of the Ethernet frame is always the base reference is octet 23 Filter only TCP IP To filter only those packets that are TCP IP the mask would therefore be 12 0800 23 06 The 12 0800 is the IP expression and the 23 06 will represent TCP in an IP frame The is the logical AND operator so the expression requires that the frame be both an IP and TCP ...

Page 51: ...ent this information from being seen across the link on the other LAN segment a filter mask can be used To prevent broadcast information from being passed across the link use the following filter mask 0 FFFFFFFFFFFF This prevents any frame with a destination address field set to the broadcast address from being passed to the second LAN segment across the link Ethernet Multicasting An Ethernet mult...

Page 52: ...ilter IP packets that contain the Internet address of 128 001 002 003 As another example assume that this Internet address should also be filtered if it originates any data In addition to the mask above an OR condition will have to be added to look at the IP source address The new mask would be as follows 12 0800 26 80010203 30 80010203 This would filter any frame that is both an IP packet destine...

Page 53: ...be 6 010203040506 12 0800 23 06 Example To prevent a specific protocol type from accessing a specific Ethernet Address Assume the Ethernet address is 01 02 03 04 05 06 and the protocol type is Appletalk The filter mask would be 0 010203040506 12 809 Example To prevent any Ethernet address with the 10th bit set to a 0 from accessing a LAT host or an IP host with an Internet address of 128 001 001 1...

Page 54: ...y be many different Transport layer protocols that coexist within the IP Network layer TCP UDP and ICMP are just a few of the common protocols in use today Each of these protocols is encapsulated within an IP frame and therefore is subject to the IP routing function If you would like to discriminate against a particular protocol to prevent its usage of the routed LAN facilities the P840 router pro...

Page 55: ...nd Novell frames when bridging and when routing When routing the TCP IP and Novell frames are examined after the Level 2 Ethernet portion of the frame has been stripped from the whole data frame This means that the offset numbers now start from 0 at the beginning of the routed frame and not the bridged frame Some of the common Ethernet type codes are also shown here The Ethernet type codes are loc...

Page 56: ...d 6002 DEC MOP Remote Console 6003 DEC DECNET Phase IV Route 6004 DEC LAT 6005 DEC Diagnostic Protocol 6006 DEC Customer Protocol 6007 DEC LAVC SCA 8035 Reverse ARP 803D DEC Ethernet Encryption 803F DEC LAN Traffic Monitor 809B Appletalk 80D5 IBM SNA Service on Ether 80F3 AppleTalk AARP Kinetics 8137 8138 Novell Inc 814C SNMP 8863 PPPoE Discovery Stage 8864 PPPoE Data Stage ...

Page 57: ...Frame Formats 57 Octet Locations on an IP Routed TCP IP Frame ...

Page 58: ...Frame Formats 58 Octet Locations on a Bridged XNS Frame ...

Reviews: