3Com 11.1 manual Firewall Enhancements, IP Version 6 Phase, BGP-4 Enhancements

Page 13

14NETBUILDER SOFTWARE VERSION 11.1 RELEASE NOTES

of the queue policies, Priority Queuing, and Protocol Reservation are supported. In addition to the currently supported policies, a metering algorithm has been added. If the queue handler detects that the underlying bandwidth exceeds a certain threshold specified, then the queueing and metering functions are effectively bypassed and packets are transmitted directly without queuing. This optimizes high-speed interfaces in which the customer assumes that everything presented to the interface can be transmitted without going through the prioritization or metering processing and without much fear of packet loss.

Firewall Enhancements

The recent enormous growth in the Internet has increased the security risks to corporate and government networks. The existing Firewall Service has been enhanced to support more predefined filters for popular applications, to allow you to create your own filter definitions, and to combine noncontiguous IP addresses into named groups to which firewall policies may be applied.

Firewall enhancements include:

Predefined service filters for multimedia applications such as Real Networks’ RealPlayer.

The ability to define a service and group of IP addresses.

Support for traceroute.

Additional predefined service filters.

Secure HTTP

BGP-4

Finger

Whois

SOCKS

DNS client-to-server.

IPSEC support for Encapsulated Security Payload (ESP) headers and Authentication Headers (AH).

IP Version 6 (Phase II)

IPv6 Phase II features include the BGP-4 multiprotocol extensions for IPv6 inter-domain routing plus native IPv6 routing over PPP and point-to-point ATM PVCs.

BGP-4 Enhancements

Enhancements have been incorporated that address the scaling issues with the current BGP implementation. The new implementation also includes BGP-4+ features. BGP-4+ is an extension to the existing BGP protocol for handling multiprotocol routing. For example, it enables interdomain routing of IPv4 multicast, IPv6 unicast, and IPv6 multicast network layers. The following network layer reachability information attributes are implemented:

Multiprotocol Reachable NLRI

Multiprotocol Unreachable NLRI

Page 12 Page 14
Image 13
Page 12 Page 14
Contents NETBuilder Family Software Version 11.1 Release Notes Bayfront Plaza 3Com CorporationSanta Clara, California 95052-8145Contents Bcmfdinteg File Conversion Considerations Web Link Documentation Path Zmodem Time Out Known ProblemsCPU Utilization Statistic Deleting ATM Neighbors NAT Proxy ARP RouteDiscovery Sdhlc Half-Duplex Mode Web Link Login SupportDisplaying Configuration Profiles Dynamic Paths Limitations Accm Not ConfigurableCONFiguration Authentication Header AHConfiguring IPsec How IPsec Works PoliciesStatPollInterval Encryption Netbuilder Software Version Release NotesPackages Contact 3Com or your network supplierSupported PC Flash Memory Cards New ProductsLists 3Comapproved vendors of the PC flash memory card Approved 20 MB Flash Memory CardsVPN Features Layer Two Tunneling Protocol New FeaturesApproved Dram SIMMsAdditional RAS Enhancements Extensible Authentication ProtocolDhcp Proxy Encryption StrengthSummary of Encryption Strengths Virtual Circuit PrioritizationEncryption Key Algorithm Package ID LengthFirewall Enhancements IP Version 6 PhaseBGP-4 Enhancements Frame Relay PVC Q.933 Support Ospf Not-So-Stubby-Area NssaData Over Voice B-Channel Isdn Specification Boundary Router Remote LAN DetectionToken Ring in Fast Ethernet Tife Features Ascii Boot56/64K CSU/DSU External Loopback NETBuilder Web Link ImprovementsApplication Notes Upgrade Management Utilities and NETBuilder Upgrade LinkFlash Load Placing a Data OverToggle the respective paths. Type ExampleNew Features Application Notes Software NETBuilder II Software FeaturesVersion 11.1 for the NETBuilder bridge/router platforms NETBuilder II Firmware Requirements Other FeaturesNETBuilder II Firmware Requirements IBM ProtocolsSuperStack II NETBuilder SI Software Features 458 438Models Features Token Ring SuperStack II NETBuilder Ethernet and Token Ring FeaturesMemory Requirements Models Features Token Ring WAN Protocols OfficeConnect NETBuilder Software FeaturesModel and Software Package 112 132 111 145 131112 131 120 132 Additional OfficeConnect NETBuilder Models Software Features 116 117 137136 Memory Requirements Ruuhp111.1 Utilities for the Solaris 2.5 platformsUtilities for the HP-UX 10.x platforms Ruuaix111.1NETBuilder Upgrade Management Utilities Etc/passwd. You must add an entry can be ignored Known IssuesBridge Static Routes PROfile ServiceDLSw SVCsToken Ring a non-source routed frame Dialog boxes will be fully visible without scrollingSupported Asynchronous Modems Ports in DCE ModeSupported Synchronous Modem ModemsHistory, the PPP link does not come up IBM-Related Feature Settings for Token Ring Ports Frame Copy Errors under LAN Net Manager Token Ring Frame Copy Errors3Com Bridge/Routers and Supported Features Known Problems This system Interrupt the boot cycle and enter monitor modeValue SHow !profileID -PROFILE CONFiguration Notation Known Problems ADD !v1 -PPP ARU user, password Limitations Number of TCP Connections Processor/Frame Relay Relay port is Access for LLC2 TrafficFront-End IBM Boundary RoutingMultilink PPP SpeedPort running PPP Snmp ManagementSdlc Adjacent Link Service Point Source-RouteStations for Appn Source RouteSoftware Update Pages Using Netbuilder FamilyProcedures in this section describe how to configure IPsec Configuring IpsecConfiguring IPsec Replace with this chapterOn bridge/router, 2 enter Creating an Encryption PolicyCreating a Security Policy On bridge/router 2, enterManual key information, use For example, to create a new encryption key set, enterConfidentiality and data integrity To disable Ipsec on port 1, enterAssign an IP address to the tunnel virtual port by entering Enable Layer 2 Tunnelling by enteringCreate a route between the two tunnel endpoints by entering Configure an Ipsec policy/security association by enteringHow IPsec Works Enable Layer 2 Tunnelling Pptp by enteringCreate a route between two tunnel endpoints by entering Intercepted and viewedHow IPsec Works Configuring Ipsec Reference for Netbuilder Family CONFiguration Ipsec Service ParametersIpsec Service Parameters and Commands CONTrolKeySet ManualPOLicy ManualKeyInfoPolicyname Name you assign to the policy you are adding Is assigned dynamically using Ipcp or DhcpBe all or ALL Srcipaddr/maskPhase of the encrypt-decrypt-encrypt Encrypt phases, and the second 8 bytes for the decryptSpecifies Cipher Block Chaining mode of the Data 239.255.255.254Ipsec Service Parameters Rsvp Service Parameters REQuest MaxFlowRateRESerVation UDPEndcapAllRoutes SR Service ParametersPlace this page in front of Chapter ROUte ROUte SR Service Parameters SYS Service Parameters SYS Service Parameters StatPollInterval Weblink Service ParametersWeblink Service Parameters
Top Page Image Contents