DLSw+ supports standard DLSw (RFC 1795) and enhanced DLSw+ features.
DLSw+ peers can be organized in a hierarchical fashion, as peer groups. Specific routers within a peer group can become border peers, handling test frames or NetBIOS name queries for the entire peer group.
Peers can be configured with static relationships and connections or as on-demand peers, which dynamically form relationships and end-to-end connections with each other.
Explorer packets are controlled at the WAN boundary. Only a single packet is forwarded, and duplicates are stored and answered locally.
Direct encapsulation, FST, and TCP encapsulations are all supported, as in RSRB.
NOTE
DLSw+ uses TCP ports 2065 (high priority; ToS bit 5 = Critical ECP; the default for all peers without the priority keyword), 1981 (medium priority; ToS bit 4 = Flash Override), 1982 (normal priority; ToS bit 3 = Flash), and 1983 (low priority; ToS bit 2 = Immediate).
Define the local router as the local DLSw+ peer:
(global) dlsw local-peer [ peer-id ip-address ] [ group group ] [ border ] [ cluster cluster-id ] [ cost cost ] [ lf bytes ] [ keepalive seconds ] [ passive ] [ promiscuous ] [ init-pacing-window bytes ] [ max-pacing-window bytes ]
The local peer is identified by an ip-address from a physical or loopback interface. If there is more than one path to the remote side, use a loopback interface, because it is always up and available.
The local peer can accept DLSw+ connections from remote peers without explicitly configuring information about the peers. If this is what you want, use the promiscuous keyword. Otherwise, you need to configure an entry for each remote peer in Step 2. You can configure the router to wait until a remote peer initiates a connection by using the passive keyword.
To make the local router a member of a DLSw+ peer group, use the group keyword with a group number (1 to 255). If this router will act as the border peer for the group, use the border keyword. Furthermore, to make the router part of a cluster of border peers, use the cluster keyword with a cluster-id (1 to 255).
If you have several DLSw+ peers that form multiple paths to a destination host, you can use the cost keyword to assign a cost (1 to 5) to the local peer. When a remote peer establishes a connection, it uses the peer with the lowest cost to the destination.
The lf keyword defines the largest frame size that the peer can send: 516, 1470, 1500, 2052, 4472, 8144, 11407, 11454, or 17800 bytes. The router negotiates this size with remote peers. A lower frame size reduces a packet's serialization time across a slower link, giving more available time for keepalive and other packets.
Peer routers send keepalives to determine if the remote end is still accessible. Use the keepalive keyword to set the keepalive interval (0 to 1200 seconds; the default is 30 seconds, and 0 turns keepalives off).
The init-pacing-window and max-pacing-window keywords set the initial and maximum sizes of the pacing windows (1 to 2000 bytes), per RFC 1795. Use the biu-segment keyword to cause DLSw+ to segment frames that are larger than the lf size of the destination peer. This option should be enabled on both peers.
Define a DLSw+ remote peer.
DLSw+ offers several encapsulation types, each with very similar features and command keywords. The commands are presented in Steps a and b, followed by a description of the various options. DLSw+ commands are fairly simple to use but include quite a few options. For simplicity, the options are described and arranged according to their function.
Use TCP encapsulation:
(global) dlsw remote-peer list-number tcp ip-address [ rif-passthru ring- number ] [ cost cost ] [ cluster cluster ] [ dynamic ] [ inactivity minutes ] [ no-llc x minutes ] [ backup-peer [ ip-address frame-relay interface serial number dlci interface interface ]] [ linger minutes ] [ circuit- weight weight ] [ passive ] [ lf bytes ] [ keepalive seconds ] [ priority ] [ dest-mac mac-addr ] [ host-netbios-out acc-list-name ] [ bytes-netbios-out acc-list-name ] [ dmac-output-list acc-list-number ] [ lsap-output-list acc-list-number ] [ timeout seconds ] [ tcp-queue-max bytes ]
Use FST encapsulation:
(global) dlsw remote-peer list-number fst ip-address [ cost cost ] [ cluster cluster ] [ backup-peer [ ip-address frame-relay interface serial number dlci interface interface ]] [ passive ] [ lf bytes ] [ keepalive seconds ] [ dest-mac mac-addr ] [ host-netbios-out acc-list-name ] [ bytes-netbios-out acc-list-name ] [ dmac-output-list acc-list-number ] [ lsap-output-list acc-list-number ]
Use direct encapsulation:
(global) dlsw remote-peer list-number interface serial number [ pass-thru ] [ cost cost ] [ cluster cluster ] [ backup-peer [ ip-address frame-relay interface serial number dlci interface interface ]] [ passive ] [ lf bytes ] [ keepalive seconds ] [ dest-mac mac-addr ] [ host-netbios-out acc-list-name ] [ bytes-netbios-out acc-list-name ] [ dmac-output-list acc-list-number ] [ lsap-output-list acc-list-number ]
A remote peer must be identified with the local bridged networks that require DLSw+ communication. The list-number parameter specifies the number of a ring group list (from dlsw ring-list ), a port list (from dlsw port-list ), or a bridge group list (from dlsw bgroup-list ). These lists define specific local networks to be included in DLSw+. If the list-number is 0 (the default), all bridged rings or networks are included.
The DLSw+ encapsulation can be given as tcp (TCP), fst (Fast-Sequenced Transport), or interface serial (direct encapsulation). Direct encapsulation can also be used for DLSw Lite, by using frame-relay interface serial number dlci. The remote peer is identified by its IP address for TCP and FST, and by the point-to-point serial interface for direct encapsulation. If the DLSw+ connection involves a front-end processor (FEP) on each end, the rif-passthru or pass-thru keyword can be used to allow RIFs to be transported as-is. For TCP, the ring-number field is the virtual ring number created for Token Ring transport.
If the remote peer is one of several paths to a destination, the cost keyword can be used to assign a cost (1 to 5) for the path through the remote peer. The cost overrides any cost defined on the remote peer; a lower cost denotes a better path. If the remote peer is part of a peer group border cluster, the cluster keyword is used with the cluster number (1 to 255).
A remote peer can be configured as a dynamic peer such that its TCP connection is brought up only when DLSw+ has data to send. The inactivity period can be set to minutes (1 to 300; the default is 5 minutes) so that the TCP connection is closed after a length of idle time. The no-llc timer can also be configured to keep the connection up minutes (1 to 300; the default is 5 minutes) after all LLC2 connections are closed. Dynamic peers are useful where infrequent communication between peers exists.
A remote peer can be configured as a backup-peer for another remote peer, where the DLSw+ connection to the backup peer is brought up only after a router failure in the primary peer. The backup peer is configured with either the ip-address of the primary remote peer or the frame-relay interface serial or interface used to connect to the primary peer. As soon as the primary peer comes back up, the backup peer can be configured to stay active for a linger period of minutes (1 to 300; the default is 5 minutes).
Load balancing between the local peer and multiple remote peers can also be configured. Each remote peer can be given a circuit-weight of weight (1 to 100). New DLSw+ circuits that are added are distributed between the remote peers in accordance with the ratio of the circuit weights.
A remote peer can be declared passive, such that it waits for another peer to initiate a DLSw+ connection. The lf keyword defines the largest frame size that the peer can send: 516, 1470, 1500, 2052, 4472, 8144, 11407, 11454, or 17800 bytes. The router negotiates this size with remote peers. A lower frame size reduces a packet's serialization time across a slower link, resulting in more available time for keepalive and other packets. Peer routers send keepalives to determine if the remote end is still accessible. Use the keepalive keyword to set the keepalive interval (0 to 1200 seconds; the default is 30 seconds, and 0 turns keepalives off).
By default, all DLSw+ traffic is sent over TCP port 2065 with IP precedence "network." DLSw+ traffic can be prioritized by using the priority keyword (TCP only). High-priority traffic (circuit administration, peer keepalives, capabilities exchanges) is sent over TCP port 2065 with "network," medium-priority (no specific traffic type) over TCP port 1981 with "internetwork," normal-priority (information frames) over TCP port 1982 with "critical," and low-priority (broadcasts) over TCP port 1983 with "Flash override."
DLSw+ traffic can also be filtered according to NetBIOS name ( host-netbios-out ), NetBIOS byte offset ( bytes-netbios-out ), destination MAC address ( dmac-output-list ), or IEEE 802.5 LSAP value ( lsap-output-list ). These lists can be defined according to Step 3.
The TCP retransmit time can be given with a timeout of seconds (5 to 1200; the default is 90 seconds). The maximum TCP output queue size can be set with tcp-queue-max of size bytes (10 to 2000).
(Optional) Create DLSw+ traffic filters.
Use a NetBIOS host name filter:
(global) netbios access-list host list-name { permit deny } pattern
The access list is named list-name. It either permits or denies packets if the NetBIOS name matches the pattern string. The pattern is a station name, and it can include ? (to match a single character) or * (to match any number of characters to the right).
Remember that there is an implicit deny statement at the end of the access list.
Use a NetBIOS byte offset filter:
(global) netbios access-list bytes list-name { permit deny } offset pattern
The access list is named list-name. It either permits or denies packets if the byte string starting at offset bytes from the beginning of the NetBIOS header matches the pattern string of bytes. The pattern is a string of hex digits (up to 32 in length; even-numbered length). The byte pattern can also include ** as a wildcard pattern for a byte. Remember that there is an implicit deny statement at the end of the access list.
Use a destination MAC address filter:
(global) access-list acc-list-number { permit deny } address mask
The list numbered acc-list-number (700 to 799) permits or denies packets with a matching MAC address. The address is given as a 48-bit Token Ring MAC address ( dotted - triplet format), and the mask as a 48-bit mask (dotted-triplet format; a 1 ignores and a 0 matches).
Use an LSAP filter:
(global) access-list acc-list-number { permit deny } type-code type-mask
The list is numbered acc-list-number (200 to 299). It contains statements that permit or deny packets with a specific 16-bit LSAP or SNAP type-code (four-digit hex with leading 0x). The type-mask is a wildcard mask (four-digit hex; a 1 ignores and a 0 matches).
NOTE
For DSAP/SSAP pairs, always use a mask of 0x0101. The least-significant bit in each SAP field is used for other purposes.
Map DLSw+ to an originating DLC source.
Token Ring to DLSw+.
Define a virtual ring number:
(global) source-bridge ring-group ring-group [ virtual-mac-addr ]
A virtual Token Ring numbered ring-group (1 to 4095) is created. Physical Token Ring interfaces must first be bridged to this virtual ring via SRB. (This step is identical to Step 1 in Section 5-1.)
Enable spanning tree explorers:
(interface) source-bridge spanning
DLSw+ uses single-route or spanning tree explorers. Therefore, the spanning tree topology must be manually defined on the physical Token Ring interfaces.
Define a ring list to apply specific interfaces to DLSw+ peers:
(global) dlsw ring-list list-number rings ring-numbers
By default, all rings on the local router are made available to DLSw+ peers (from dlsw remote-peer 0 ). DLSw+ traffic can be limited to specific rings, such that only traffic from rings appearing in the ring list are forwarded to the appropriate peers. Traffic coming from remote peers is forwarded to the rings in the ring list. The list-number defines a unique ring list (1 to 255). The ring-numbers parameter is a list of one or more ring numbers (1 to 4095), separated by spaces.
Ethernet to DLSw+.
Define a transparent bridge group and STP:
(global) bridge bridge-group protocol ieee
A transparent bridge group numbered bridge-group (1 to 63) is defined to run the IEEE 802.1 Spanning-Tree Protocol.
NOTE
It is not necessary to configure translational bridging for DLSw+ operation with Ethernet networks. DLSw+ works directly with a transparent bridge group and handles media and MAC address translation automatically.
Assign an Ethernet interface to the bridge group:
(interface) bridge-group bridge-group
Traffic to and from the Ethernet interface is bridged to the bridge-group (1 to 63), where DLSw+ has a logical interface.
Associate the bridge group with DLSw+:
(global) dlsw bridge-group bridge-group
Traffic is bridged between bridge-group (1 to 63) and DLSw+ remote peers.
SDLC on a serial interface to DLSw+.
Use SDLC encapsulation:
(interface) encapsulation sdlc
Specify the SDLC role:
(interface) sdlc role { none primary secondary prim-xid-poll }
The router is set to operate in SDLC role: none (end stations determine whether the router is primary or secondary), primary ( polls secondary nodes), secondary (sends data only when polled by primary), or prim-xid-poll (the router is primary when the end station is a secondary NT2.1).
In general, a FEP is a primary node, and an establishment controller (EC) is a secondary node. The router must play the opposite role of the device it is connected to. For example, a router connected to a controller must act like the FEP (primary), and a router connected to a FEP must act like a controller (secondary). Use the primary role if the end devices are PU 2.0 or a mix of 2.0 and 2.1. Use prim-xid-poll if the end devices are all PU 2.1.
Assign a MAC address to the serial interface:
(interface) sdlc vmac mac-address
A 48-bit mac-address (dotted-triplet format) is assigned to the serial interface. The last byte (two hex digits) must be 00. Secondary nodes receive a virtual MAC address with their 1-byte SDLC addresses in the last byte position.
(Primary role only) Define SDLC addresses of attached secondary stations:
(interface) sdlc address hexbyte [ echo ]
The SDLC address of a secondary station is defined as a 1-byte (two hex digits) hexbyte value (1 to FE).
Define the destination MAC and SDLC addresses:
(interface) sdlc partner mac-address sdlc-address
On each end of the DLSw+ connection, an SDLC address must be associated with a MAC address for each pair of communicating nodes.
(PU 2.0 devices only) Define the XID value for attached stations:
(interface) sdlc xid sdlc-address xid
The SDLC address sdlc-address (two hex digits) is assigned an xid value (4 bytes, eight hex digits) from the IDBLK and IDNUM parameters on the primary host. This XID value is sent by the router when the XIDs are exchanged at the start of a session. If the XID value doesn't match the host configuration, the session will not start.
Associate the SDLC interface with DLSw+:
(interface) sdlc dlsw { sdlc-address default partner mac-address [ inbound outbound ]}
DLSw+ is associated with the SDLC address: sdlc-address (a list of one or more specific two-digit hex values, 1 to FE), default (any SDLC address), or partner (the mac-address of the default partner is given). inbound means the partner initiates a connection, and outbound means the router initiates a connection. Specify SDLC addresses for most configurations. If you have ten or more SDLC devices to attach to DLSw+, use the default keyword instead.
QLLC on an X.25 network.
Use X.25 encapsulation on a serial interface:
(interface) encapsulation x25
The interface operates as a DTE device on the X.25 network.
Set the X.25 subaddress:
(interface) x25 address x121-address
The X.121 address (a variable-length string of digits) assigned to the local router by the X.25 service provider must be configured on the interface.
Map a virtual MAC address to the X.121 address:
(interface) x25 map qllc mac-address x121-address
The MAC address (dotted-triplet hex format) of a remote device is mapped to the X.121 address of the far end of the X.25 circuit.
Associate the X.25 QLLC interface with DLSw+:
(interface) qllc dlsw partner partner-macaddr
The MAC address of the local Token Ring destination device (a FEP, for example) is given as partner-macaddr. When QLLC data destined for that MAC address is received by the router, it is handed off to DLSw+ for media translation and delivery.
(Optional) Use on-demand peers:
(global) dlsw peer-on-demand-defaults [ fst ] [ cost cost ] [ inactivity minutes ] [ keepalive seconds ] [ lf bytes ] [ priority ] [ dest-mac dest-mac-address ] [ dmac-output-list acc-list-number ] [ host-netbios-out acc-list ] [ bytes-netbios-out acc-list ] [ lsap-output-list acc-list ] [ port-list port-list-number ] [ tcp-queue-max ]
Peer connections to the border peer can be configured with default parameters. On-demand peers use TCP by default, unless the fst keyword is given. The cost to reach on-demand peers can be set with the cost keyword (1 to 5; the default is 3). After the peer's circuit count is reduced to 0, the on-demand peer is disconnected after inactivity minutes (0 to 24 minutes; the default is 10 minutes). The keepalive interval is seconds (0 to 1200, the default is 30 seconds). The priority keyword causes data prioritization to be used for the on-demand peer.
Data can be filtered to the peer by matching a destination MAC address ( dest-mac ), a MAC address filter ( dmac-output-list; access list numbers 700 to 799), a NetBIOS host filter ( host-netbios-out; a named host list), a NetBIOS offset filter ( bytes-netbios-out; a named byte offset list), an LSAP output filter ( lsap-output-list; access list 200 to 299), or a port list ( port-list; port list numbers 0 to 4095).
(Optional) Use load balancing:
(global) dlsw load-balance [ round-robin circuit-count circuit-weight ]
Load balancing distributes DLSw+ traffic over multiple paths to a destination MAC address or NetBIOS name. The round-robin keyword causes DLSw+ to build a new circuit on the next peer in line after the last built circuit. Peers are used in a cyclic fashion. The circuit-count keyword causes DLSw+ to use enhanced load balancing, in which new circuits are built according to existing loads. New circuits are added to underloaded paths (those with the lowest or equal costs) until a configured ratio is reached. The circuit-weight (1 to 100; the default is 10) gives a default weight to be used for peers without an explicit circuit weight given in the dlsw remote-peer tcp command.
Each remote peer should be given a circuit weight when it is defined, to specify the desired circuit load. The weights are unitless and are relative to the weights of other peers. DLSw+ computes the ratio of circuit weights between remote peers and assigns new circuits to the peers that are underloaded and that can handle more.
(Optional) Use static path and reachability information.
Define a static path to a MAC address:
(global) dlsw mac-addr mac-addr { ring ring-number remote-peer { interface serial number ip-address ip-address } rif rif group group }
Define a static path to a NetBIOS name:
(global) dlsw netbios-name netbios-name { ring ring-number remote-peer { interface serial number ip-address ip-address } rif rif group group }
A MAC address (Step a) or a NetBIOS name (Step b) can be statically configured so that explorer frames are not sent to find it. The mac-addr or netbios-name is associated with the DLSw+ path to the destination, given as a ring group or number ( ring, 0 to 4095), as a DLSw+ peer ( remote-peer, as a serial interface for direct encapsulation or as an IP address for FST or TCP), as a RIF ( rif ), or as a DLSw+ peer group ( group, 1 to 255).
Define a static locally reachable resource:
(global) dlsw icanreach { mac-exclusive netbios-exclusive [ remote ] mac-address mac-address [ mask mask ] netbios-name name saps }
The router advertises resources it can reach, through the keywords mac-exclusive (only the MAC addresses specifically configured), netbios-exclusive (only the NetBIOS names specifically configured; remote allows all local NetBIOS stations to make outgoing connections), mac-address (the mac-address is reachable; mask presents a hex MAC address mask; 0 matches and 1 is a wildcard bit), netbios-name (the NetBIOS name is reachable), and saps (configured SAP numbers are reachable).
Define a static locally unreachable SAP:
(global) dlsw icannotreach saps sap [ sap ... ]
The list of SAP numbers (two-digit hex numbers: destination SAPs for remote peer devices, source SAPs for locally attached devices) that the local router cannot reach.
The local router is connected to other routers via an intermediate network. Source-route bridging between two Token Ring interfaces and two remote peer routers (172.16.88.3 and 172.16.91.3) is handled by DLSw+. Only traffic from ring 5 (tokenring 0/1) is permitted to cross into the DLSw+ cloud. The local router is configured as a border peer for the peer routers in DLSw+ group 3. The specific remote peers are configured, and promiscuous mode is used to allow the other peer routers in group 3 to establish connections to the border router.
Serial interface 8/1 is used to connect to a multidrop PU2.0 device. SDLC stations C4 and C5 are configured to partner with the 3745 FEP at MAC address 4000.3745.0001. The XID values were obtained from the IDBLK and IDNUM quantities configured in the mainframe. The SDLC connection is identified with DLSw+ so that the SDLC traffic is transported to and from the 3745 at a remote site.
Figure 5-4 shows a network diagram. The top portion of the figure shows a functional view of DLSw+ peers, as rings and bridges. The bottom portion shows the corresponding physical topology.
dlsw local-peer peer-id 192.168.1.1 group 3 border promiscuous dlsw remote-peer 1 tcp 172.16.88.3 dlsw remote-peer 1 tcp 172.16.91.3 dlsw ring-list 1 rings 5 interface loopback 1 ip address 192.168.1.1 255.255.255.0 interface tokenring 0/1 ip address 172.19.3.17 255.255.255.0 source-bridge 5 1 100 ring-speed 16 source-bridge spanning multiring all interface tokenring 1/2 source-bridge 7 1 100 ring-speed 16 source-bridge spanning 10 multiring all interface serial 8/0 description Transit network to remote sites ip address 192.168.14.1 255.255.255.0 interface serial 8/1 description SDLC connection to a controller encapsulation sdlc clock rate 19200 sdlc role primary sdlc vmac 4000.1111.2222 sdlc address C4 sdlc partner 4000.3745.0001 C4 sdlc xid C4 01720004 sdlc address C5 sdlc partner 4000.3745.0001 C5 sdlc xid C5 01720005 sdlc dlsw C4 C5