Riverstone Networks RS 2100 manual Layer-4 Switching, Security, Quality of Service

Page 27

RS 2100 Introduction

SoftwareOverview

2.3.4Layer-4 Switching

In addition to layer-2 bridging and layer-3 routing, the RS 2100 performs layer-4 switching. Layer-4 switching is based on applications and flows.

Layer-4 Applications – The RS 2100 understands the application for which an IP or IPX packet contains data and therefore enables you to manage and control traffic on an application basis. For IP traffic, the RS 2100 looks at the packet’s TCP or UDP port number to determine the application. For IPX packets, the RS 2100 looks at the destination socket to determine the application.

Layer-4 Flows – The RS 2100 can store layer-4 flows on each line card. A layer-4 flow consists of the source and destination addresses in the IP or IPX packet combined with the TCP or UDP source and destination port number (for IP) or the source and destination socket (for IPX). You can therefore manage and control individual flows between hosts on an individual application basis.

A single host can have many individual layer-4 entries in the RS 2100. For example, an IP host might have separate layer-4 application entries for email, FTP, HTTP, and so on, or separate layer-4 flow entries for specific email destinations and for specific FTP and Web connections.

2.3.5Security

The bridging, routing, and application (layer-2, layer-3, and layer-4) support described in previous sections enables you to implement security strategies that meet specific needs. For layer-2, a wide range of bridging filters are available. Additionally, all layers can be protected using Access Control Lists (ACLs) filters. You can implement the following types of filters and ACLs to secure traffic on the RS 2100:

Layer-2 source filters (block bridge traffic based on source MAC address)

Layer-2 destination filters (block bridge traffic based on destination MAC address)

Layer-2 flow filters (block bridge traffic based on specific source-destination pairs)

Layer-3 source ACLs (block IP or IPX traffic based on source IP or IPX address)

Layer-3 destination ACLs (block IP or IPX traffic based on destination IP or IPX address)

Layer-3 flow ACLs (block IP or IPX traffic based on specific source-destination address pairs)

Layer-4 flow ACLs (block traffic based on application flows)

Layer-4 application ACLs (block traffic based on UDP or TCP source and destination ports for IP or source and destination sockets for IPX)

In addition to filtering and ACL, the RS also provides login security in the form of TACACS, TACACS+, RADIUS. and Secure Session Shells (SSH) version 1.5.

2.3.6Quality of Service

Although the RS 2100 supplies non-blocking, wire-speed throughput, you can configure the RS 2100 to apply Quality of Service (QoS) policies during peak periods to guarantee service to specific hosts, applications, and flows (source-destination pairs). This is especially useful in networks where the traffic level can exceed the network capacity.

QoS policies can be configured for the following types of traffic:

Layer-2 prioritization (802.1p)

Layer-3 source-destination flows

Layer-4 source-destination flows

Riverstone Networks RS 2100 Switch Router Getting Started Guide 2-5

Page 26 Page 28
Image 27
Page 26 Page 28
Contents Rev B RS 2100 Switch Router Getting Started GuideCopyright Notices EN 61000-3-3 EN 50082-1, AS/NZS 3548 Vcci This product complies with the followingUL 1950 CSA C22.2, No 73/23/EEC EN 60950 IEC FCC Part 15 CSA C108.8 89/336/EEC EN 55022 ENIndustry Canada Compliance Statement Vcci Compliance Statement Equipment Attachment Limitations Notice Page Riverstone NETWORKS, INC Title and Proprietary Rights General Page Riverstone Standard Warranty Page EC Directive 73/23/EEC 89/336/EEC73/23/EEC EC Directive 89/336/EECTable of Contents Troubleshooting Index List of Figures Page List of Tables Page HOW to USE this Guide Related DocumentationFor Information About See Related Documentation Functional Layer Terminology Feature Specification SpecificationsRouting Software OverviewBridging Port and Protocol VLANsIP Routing Layer-4 Switching Quality of ServiceSecurity Statistics Web Hosting FeaturesManagement Platforms LED Label Description Hardware OverviewChassis External ControlsMotherboard Features Input voltage Input current maximum100-125 VAC 200-240 VAC Port type Specification FansGigabit Ports Gigabit ports use the following LEDs LEDsPage Safety Considerations Preventing InjuryPreventing Equipment Damage Verifying Your Shipment Hardware SpecificationsInstalling the Hardware Specification MeasurementInstalling the Chassis Attaching Cables to the Management Ports Connecting the Serial Management CableTXD transmit data RXD receive dataa Unused Signal RS 2100 port Pin Signal management console portRXD receive data TXD transmit data Unused Powering on the RS RS 2100 Initial ConfigurationPress Return to activate console Here is a partial exampleRS 2100 Initial Configuration You are in Boot mode, the command prompt is rs-boot Starting the Command Line InterfaceCLI Access Modes Access Mode DescriptionKey sequence Command Basic Line Editing CommandsConfiguration Changes and Saving the Configuration File Activating the Configuration Commands in the ScratchpadFile Descriptions Copy active to startup Viewing the Current Configuration Here is an example Setting the Basic System InformationSet name rs Copy active to startup Rs# system show active-config Setting UP PasswordsEnter the following line to reboot the RS If You Forget Your PasswordsSetting Up Passwords RS 2100 Initial Configuration Setting the Community string Setting UP SnmpApplying ACLs to Snmp Improving Snmp SecurityLayer System Related Enterprise Supported MIBsEnter the following command to add the DNS server to the RS Setting the DNS Domain Name and AddressRs# system show dns Fatal Setting the Syslog ParametersMessage Type Description Message Type ExampleSetting the Syslog Parameters Page Upgrading System Image Software Managing RS 2100 SoftwareRs# system image list Use the system image list command to verify the changeUpgrading Boot Prom Software Upgrading Boot Prom Software Loading Image Software from a Tftp Server Loading Software from the NetworkEnter the set command to view the changes Here is an example Loading Image Software from a BootP/TFTP Server Loading Software from the Network If you experience this difficulty Try this remedy Appendix a TroubleshootingSettings If you have already performed this procedure, makeDefault domain If you have already performed this procedure, typeAdding new image to internal flash Annotations in configuration filesElectrostatic discharge ESD If you forget your passwordIgmp Syslog Viewing active configuration

RS 2100 specifications

Riverstone Networks RS 2100 is a versatile networking solution tailored for service providers and enterprises. Designed to facilitate seamless data, voice, and video services, the RS 2100 presents a robust platform that integrates both hardware and software capabilities. This device stands out in the realm of advanced routing and switching technologies, offering extensive features that cater to a wide array of connectivity needs.

One of the key features of the RS 2100 is its ability to support high-speed interfaces. With multiple Gigabit Ethernet ports, the device ensures substantial bandwidth to handle growing data traffic demands. This makes it an excellent choice for organizations looking to future-proof their networks. Additionally, the RS 2100 supports aggregation of different types of traffic flows, allowing for efficient resource utilization and enhanced performance.

The RS 2100 also boasts advanced Quality of Service (QoS) capabilities, which are essential for prioritizing different types of traffic. This is particularly important for applications that require consistent performance, such as VoIP calls or video streaming. By enabling service providers to guarantee bandwidth for critical applications, the RS 2100 enhances user experience and customer satisfaction.

Security is another critical aspect of the RS 2100, featuring multiple layers of protection against various cyber threats. With support for robust firewall functionalities and various VPN protocols, the device ensures that sensitive data remains secure, thereby fortifying the network against potential attacks.

In terms of scalability, the RS 2100 is highly adaptable. Organizations can easily expand their network capabilities as demands grow, thanks to its flexible architecture. This scalability ensures that users can comfortably accommodate increasing user counts and traffic levels over time without necessitating significant infrastructure changes.

The RS 2100 also integrates seamlessly with existing IT infrastructures. Utilizing standard protocols and interfaces, it simplifies deployment and management processes, allowing organizations to easily incorporate it into their current systems. Overall, Riverstone Networks RS 2100 is a powerful and efficient networking solution, equipped with the features needed to support modern communication demands, ensuring reliability and performance across diverse applications. As businesses and service providers continue to evolve, the RS 2100 serves as a trusted partner in navigating the complexities of networking and connectivity.
Top Page Image Contents