5-1 Source-Route Bridging (SRB)
-
SRB provides the bridging function between two Token Ring networks.
-
A Routing Information Field (RIF) is used to make forwarding decisions in the SRB. The RIF is included in Token Ring frames . It contains a sequential list of ring number, bridge number, ring number, bridge number, and so forth, from the source to the destination. On the return trip, a single bit in the RIF is inverted to signify that the path order is reversed .
-
A RIF is formed when a source node attempts to find a destination node. The source sends a discovery frame in the form of an All-Routes Explorer (ARE) frame. This frame is similar to a broadcast and is forwarded on all available interfaces. Any intermediate bridge appends its own ring and bridge number to the RIF portion of the frame before forwarding. As soon as the destination receives a discovery frame, it inverts the RIF direction bit and returns the frame to the sender.
-
A router performing SRB can participate in the IBM Spanning-Tree Protocol (STP) or can be manually configured for a static STP topology.
Configuration
-
(Optional) Define a virtual ring:
(global) source-bridge ring-group ring-number [ virtual-mac-address ]
To bridge two or more Token Rings, a virtual ring should be created. The virtual ring is a virtual interface identified by its ring-number (1 to 4095). A virtual MAC address can also be given if needed.
-
Define a bridge between two rings:
(interface) source-bridge local-ring bridge-number target-ring
The router acts as bridge number bridge-number (1 to 15), using SRB between the current interface having ring number local-ring (1 to 4095) and another ring numbered target-ring (1 to 4095).
The target ring can be another physical Token Ring interface, requiring that the source-bridge command be defined on that interface also. The target ring can also be a virtual ring so that many Token Rings can be bridged to a single logical ring. This not only simplifies SRB configuration but also provides the function of a multipoint bridge.
NOTE
Ring numbers must be unique across the entire SRB network. However, bridge numbers can be repeated, because the unique ring numbers identify the bridge-ring connections. The exception is when two or more bridges are connected in parallel, with redundant paths between rings. The parallel bridge numbers must be unique, because the ring numbers on either side will be identical.
-
(Optional) Configure spanning-tree operation.
-
Manually configure spanning tree:
(interface) source-bridge spanningThe interface begins forwarding spanning-tree explorer packets.
-
Use the automatic Spanning-Tree Protocol.
-
Enable the IBM STP:
(global) bridge bridge-group protocol ibm
The IBM Spanning-Tree Protocol is used to automatically decide whether to forward or block spanning-tree explorer packets on interfaces. A bridge-group number (1 to 9) is used to group interfaces into a common STP domain. The automatic IBM STP lets a router interact with traditional IBM bridges to form a dynamic spanning-tree topology.
-
Run IBM STP on an interface:
(interface) source-bridge spanning bridge-group
The interface runs the STP in bridge group bridge-group (1 to 9).
NOTE
All-Routes Explorers (AREs) are always forwarded on all SRB interfaces. Spanning-tree explorers, however, are forwarded only on interfaces that are in the STP forwarding state.
-
-
-
(Optional) Use RIF information to bridge routed protocols.
-
Enable RIF gathering and usage:
(interface) multiring { protocol [ all-routes spanning ] all other }
When a routed protocol packet needs to be forwarded across an SRB network, RIF information is added to the packet. Specific protocols can be selected for RIF use: apollo, appletalk, clns, decnet, ip, ipx, vines, and xns. For the protocol, RIF information can be gathered from AREs ( all-routes ), spanning-tree explorers ( spanning ), or both (no option given).
RIF information can be gathered and used on all routed protocols ( all ) or protocols other than the available list of names ( other ).
-
Add a static RIF entry for use:
(global) rif mac-addr rif-string { interface ring-group ring }
A RIF can be manually configured rather than learned from explorer packets. The MAC address of the station ( mac-addr; dotted - triplet notation), the RIF itself ( rif-string; a series of four-digit hex numbers separated by dots), and the origin of the RIF have either an interface or a ring number ( ring; 1 to 4095).
NOTE
The RIF is made up of a Routing Control field (2 bytes) and one or more route descriptors (2 bytes each). The Routing Control field contains information about the routing type, RIF length, largest frame size , and 1 bit to specify the direction that the RIF should be read (forward or reverse order). Each route descriptor contains a 12-bit (three hex digits) ring number and a 4-bit (one hex digit) bridge number.
Knowing this makes it easy to read or write a RIF string. The first group of four hex digits is the routing control, followed by a dot. Each group of four hex digits thereafter forms a route descriptor. The first three hex digits make up the ring number, and the fourth digit is the bridge number. For example, a RIF containing 08b0.0051.0041.0010 would have 08b0 as the routing control, and the path to the destination starts with ring 5 (005), goes through bridge 1, on to ring 4 (004), through another bridge 1, and ends at ring 1 (001).
-
-
(Optional) Use Translational Bridging (SR/TLB).
-
Configure transparent bridging (see Section 4-1 for more information).
-
Enable translational bridging:
(global) source-bridge transparent ring-group pseudo-ring bridge-number tb-group
The SRB network from virtual ring ring-group (1 to 4095; defined with source-bridge ring-group ) is translationally bridged to transparent bridge group tb-group (defined with bridge-group ). The transparent bridging side is given a unique ring number ( pseudo-ring; 1 to 4095) for SRB purposes. The SR/TLB process also has a bridge-number defined.
-
-
(Optional) Use NetBIOS over LLC2.
-
Use NetBIOS name caching.
-
Respond by proxy to explorer packets:
(interface) source-bridge proxy-netbios-only-OR-
(global) source-bridge proxy-explorerThe router responds to a NetBIOS name query broadcast (explorer) as a proxy for the end host. Proxy can be enabled for NetBIOS only per interface or globally to respond to any explorer request.
-
Enable NetBIOS name caching:
(interface) netbios enable-name-cacheThe router begins listening and caching NetBIOS name requests and responses so that it can send proxy replies. Entries are kept for 15 minutes by default.
-
Create a static NetBIOS name entry:
(global) netbios name-cache mac-addr netbios-name { interface ring-group group-number }
A name entry is made for the device with MAC address mac-addr (dotted-triplet format) with NetBIOS name netbios-name (a string of up to 15 characters ). The interface or ring number ( group-number; 1 to 4095) where the device is accessible must be given.
-
-
(Optional) Use NetBIOS filters.
-
Filter using NetBIOS names.
Begin by defining a filter with the following command:
(global) netbios access-list host list-name { permit deny } pattern
The access list is named list-name, and it either permits or denies packets if the NetBIOS name matches the pattern string. The pattern is a station name, and it can include ? (to match a single character) or * (to match any number of characters to the right).
Remember that there is an implicit deny statement at the end of the access list.
Next, apply the filter to an interface using the following command:
(interface) netbios input-access-filter host list-name
-OR-
(interface) netbios output-access-filter host list-name
The access list named list-name is used to allow any incoming ( input-access-filter ) or outgoing ( output-access-filter ) NetBIOS traffic to the permitted names. All other NetBIOS sessions are denied .
-
Filter using a byte offset into a packet.
Begin by defining a filter using the following command:
(global) netbios access-list bytes list-name { permit deny } offset pattern
The access list is named list-name, and it either permits or denies packets if the byte string starting at offset bytes from the beginning of the NetBIOS header matches the pattern string of bytes. The pattern is a string of hex digits (up to 32 in length; even-numbered length). The byte pattern can also include ** as a wildcard pattern for a byte. Remember that there is an implicit deny statement at the end of the access list.
Next, apply the filter to an interface using the following command:
(interface) netbios input-access-filter bytes list-name
-OR-
(interface) netbios output-access-filter bytes list-name
The access list named list-name is used to allow any permitted incoming ( input-access-filter ) or outgoing ( output-access-filter ) NetBIOS traffic. All other NetBIOS sessions are denied.
-
-
-
(Optional) Use Token Ring filters.
-
Filter by protocol type.
-
Define the filter:
(global) access-list acc-list-number { permit deny } type-code type-mask
The list is numbered acc-list-number (200 to 299), and it contains statements that permit or deny packets with a specific 16-bit LSAP or SNAP type-code (four-digit hex with leading 0x). The type-mask is a wildcard mask (four-digit hex; a 1 ignores and a 0 matches).
NOTE
For DSAP/SSAP pairs, always use a mask of 0x0101. The least-significant bit in each SAP field is typically used as the command/response bit.
-
Apply the filter to an interface.
To filter IEEE 802 encapsulated packets, enter
(interface) source-bridge input-lsap-list acc-list-number
-OR-
(interface) source-bridge output-lsap-list acc-list-number
IEEE 802 packets with type codes permitted by the access list acc-list-number are allowed in ( input-lsap-list ) or out ( output-lsap-list ).
To filter SNAP encapsulated packets, enter
(interface) source-bridge input-type-list acc-list-number
-OR-
(interface) source-bridge output-type-list acc-list-number
SNAP packets with type codes permitted by the access list acc-list-number are allowed in ( input-type-list ) or out ( output-type-list ).
-
Filter by MAC address.
First, define a filter with the following command:
(global) access-list acc-list-number { permit deny } address mask
The list numbered acc-list-number (700 to 799) permits or denies packets with a matching MAC address. The address is given as a 48-bit Token Ring MAC address (dotted-triplet format) and the mask as a 48-bit mask (dotted-triplet format; a 1 ignores and a 0 matches).
Next, apply the filter to an interface with the following command:
(interface) source-bridge input-address-list acc-list-number
-OR-
(interface) source-bridge output-address-list acc-list-number
Access list number acc-list-number is used to allow or deny packets coming in ( input-address-list; matches against source MAC address) or going out ( output-address-list; matches the destination MAC address) on the interface.
-
Use an access expression to combine filters:
(interface) access-expression { in out } expression
Access lists that match type codes, MAC addresses, and NetBIOS fields can be combined as a single filter for packets going in or out of an interface. The expression is a string of Boolean operators and access list numbers. Access list expressions are lsap(2 xx ) (LSAP type code list 200 to 299), type(2 xx ) (SNAP list 200 to 299), smac(7 xx ) (source MAC address list 700 to 799), dmac(7 xx ) (destination MAC address list 700 to 799), netbios-host( list ) (NetBIOS name access list list ), and netbios-bytes( list ) (NetBIOS byte access list list ). Operators are ~ (not or negative), & (and), and (or).
-
-
-
(Optional) Tune explorer frame processing.
-
Size the explorer queue on an interface:
(interface) source-bridge explorerq-depth packets
By default, an interface queues up to 30 explorer packets for processing before explorers are dropped. The size of the queue can be set to packets (1 to 500) for more efficient processing.
-
Filter duplicate explorer packets:
(global) source-bridge explorer-dup-ARE-filterDuplicate all-routes explorer packets are not forwarded after the first occurrence. This can be useful in redundant topologies, where ARE packets can be duplicated regardless of the spanning-tree topology.
-
Control the rate of explorer forwarding:
(global) source-bridge explorer-maxrate rate
Explorers are forwarded at a maximum of rate bytes per second (100 to 1 billion; the default is 38400).
-
Example
Source-route bridging is configured between two Token Ring interfaces on a router. A virtual ring number 100 is created, and each interface is bridged to the virtual ring by bridge number 1. The IBM Spanning-Tree Protocol (bridge group 10) is used on both interfaces to automatically configure spanning-tree explorer forwarding.
Source-route translational bridging is also configured between Ethernet interface 6/0 and the virtual ring. The Ethernet bridge group 1 is given a pseudo-ring number of 99 for SR/TLB purposes.
Finally, only inbound traffic destined for MAC address 8000.0001.3745 is permitted on interface Tokenring 0/1. This is done by using MAC address filter 701.
Figure 5-2 shows a network diagram. The top portion of the figure shows a functional view of source-route bridging, as rings and bridges. The bottom portion shows the corresponding physical topology.
Figure 5-2. Network Diagram for the Example
bridge 1 protocol ieee bridge 10 protocol ibm source-bridge ring-group 100 interface tokenring 0/1 source-bridge 5 1 100 ring-speed 16 source-bridge spanning 10 multiring all source-bridge input-address-list 701 interface tokenring 1/2 source-bridge 7 1 100 ring-speed 16 source-bridge spanning 10 multiring all interface ethernet 6/0 bridge-group 1 source-bridge transparent 100 99 1 1 access-list 701 permit 8000.0001.3745
![Cisco Field Manual[c] Router Configuration](/icons/blank_book.jpg "Cisco Field Manual[c] Router Configuration"){kind=icon}
EAN: N/A
Pages: 185