5-3 Data-Link Switching Plus (DLSw) | Cisco Field Manual[c] Router Configuration

5-3 Data-Link Switching Plus (DLSw+)

DLSw+ supports standard DLSw (RFC 1795) and enhanced DLSw+ features.
DLSw+ peers can be organized in a hierarchical fashion, as peer groups. Specific routers within a peer group can become border peers, handling test frames or NetBIOS name queries for the entire peer group.
Peers can be configured with static relationships and connections or as on-demand peers, which dynamically form relationships and end-to-end connections with each other.
Explorer packets are controlled at the WAN boundary. Only a single packet is forwarded, and duplicates are stored and answered locally.
Direct encapsulation, FST, and TCP encapsulations are all supported, as in RSRB.

NOTE

DLSw+ uses TCP ports 2065 (high priority; ToS bit 5 = Critical ECP; the default for all peers without the priority keyword), 1981 (medium priority; ToS bit 4 = Flash Override), 1982 (normal priority; ToS bit 3 = Flash), and 1983 (low priority; ToS bit 2 = Immediate).

Configuration

Define the local router as the local DLSw+ peer:
```
 (global)  dlsw local-peer  [  peer-id   ip-address  ] [  group   group  ] [  border  ]   [  cluster   cluster-id  ] [  cost   cost  ] [  lf   bytes  ] [  keepalive   seconds  ]   [  passive  ]   [  promiscuous  ] [  init-pacing-window   bytes  ] [  max-pacing-window   bytes  ] 
```
The local peer is identified by an ip-address from a physical or loopback interface. If there is more than one path to the remote side, use a loopback interface, because it is always up and available.

The local peer can accept DLSw+ connections from remote peers without explicitly configuring information about the peers. If this is what you want, use the promiscuous keyword. Otherwise, you need to configure an entry for each remote peer in Step 2. You can configure the router to wait until a remote peer initiates a connection by using the passive keyword.

To make the local router a member of a DLSw+ peer group, use the group keyword with a group number (1 to 255). If this router will act as the border peer for the group, use the border keyword. Furthermore, to make the router part of a cluster of border peers, use the cluster keyword with a cluster-id (1 to 255).

If you have several DLSw+ peers that form multiple paths to a destination host, you can use the cost keyword to assign a cost (1 to 5) to the local peer. When a remote peer establishes a connection, it uses the peer with the lowest cost to the destination.

The lf keyword defines the largest frame size that the peer can send: 516, 1470, 1500, 2052, 4472, 8144, 11407, 11454, or 17800 bytes. The router negotiates this size with remote peers. A lower frame size reduces a packet's serialization time across a slower link, giving more available time for keepalive and other packets.

Peer routers send keepalives to determine if the remote end is still accessible. Use the keepalive keyword to set the keepalive interval (0 to 1200 seconds; the default is 30 seconds, and 0 turns keepalives off).

The init-pacing-window and max-pacing-window keywords set the initial and maximum sizes of the pacing windows (1 to 2000 bytes), per RFC 1795. Use the biu-segment keyword to cause DLSw+ to segment frames that are larger than the lf size of the destination peer. This option should be enabled on both peers.
Define a DLSw+ remote peer.

DLSw+ offers several encapsulation types, each with very similar features and command keywords. The commands are presented in Steps a and b, followed by a description of the various options. DLSw+ commands are fairly simple to use but include quite a few options. For simplicity, the options are described and arranged according to their function.
1. Use TCP encapsulation:
```
 (global)  dlsw remote-peer   list-number   tcp   ip-address  [  rif-passthru   ring-   number  ] [  cost   cost  ] [  cluster   cluster  ] [  dynamic  ] [  inactivity   minutes  ]   [  no-llc  x  minutes  ] [  backup-peer  [  ip-address   frame-relay interface   serial   number dlci   interface   interface  ]] [  linger   minutes  ] [  circuit-   weight   weight  ] [  passive  ] [  lf   bytes  ] [  keepalive   seconds  ] [  priority  ]   [  dest-mac   mac-addr  ] [  host-netbios-out   acc-list-name  ] [  bytes-netbios-out   acc-list-name  ] [  dmac-output-list   acc-list-number  ] [  lsap-output-list   acc-list-number  ] [  timeout   seconds  ] [  tcp-queue-max   bytes  ] 
```
2. Use FST encapsulation:
```
 (global)  dlsw remote-peer   list-number   fst   ip-address  [  cost   cost  ] [  cluster   cluster  ] [  backup-peer  [  ip-address   frame-relay interface serial   number dlci   interface   interface  ]] [  passive  ] [  lf   bytes  ] [  keepalive   seconds  ] [  dest-mac   mac-addr  ] [  host-netbios-out   acc-list-name  ]   [  bytes-netbios-out   acc-list-name  ] [  dmac-output-list   acc-list-number  ]   [  lsap-output-list   acc-list-number  ] 
```
3. Use direct encapsulation:
```
 (global)  dlsw remote-peer   list-number   interface   serial   number  [  pass-thru  ]   [  cost   cost  ] [  cluster   cluster  ] [  backup-peer  [  ip-address   frame-relay interface serial   number dlci   interface   interface  ]]   [  passive  ] [  lf   bytes  ] [  keepalive   seconds  ] [  dest-mac   mac-addr  ]   [  host-netbios-out   acc-list-name  ] [  bytes-netbios-out   acc-list-name  ]   [  dmac-output-list   acc-list-number  ] [  lsap-output-list   acc-list-number  ] 
```
  A remote peer must be identified with the local bridged networks that require DLSw+ communication. The list-number parameter specifies the number of a ring group list (from dlsw ring-list ), a port list (from dlsw port-list ), or a bridge group list (from dlsw bgroup-list ). These lists define specific local networks to be included in DLSw+. If the list-number is 0 (the default), all bridged rings or networks are included.
  
  The DLSw+ encapsulation can be given as tcp (TCP), fst (Fast-Sequenced Transport), or interface serial (direct encapsulation). Direct encapsulation can also be used for DLSw Lite, by using frame-relay interface serial number dlci. The remote peer is identified by its IP address for TCP and FST, and by the point-to-point serial interface for direct encapsulation. If the DLSw+ connection involves a front-end processor (FEP) on each end, the rif-passthru or pass-thru keyword can be used to allow RIFs to be transported as-is. For TCP, the ring-number field is the virtual ring number created for Token Ring transport.
  
  If the remote peer is one of several paths to a destination, the cost keyword can be used to assign a cost (1 to 5) for the path through the remote peer. The cost overrides any cost defined on the remote peer; a lower cost denotes a better path. If the remote peer is part of a peer group border cluster, the cluster keyword is used with the cluster number (1 to 255).
  
  A remote peer can be configured as a dynamic peer such that its TCP connection is brought up only when DLSw+ has data to send. The inactivity period can be set to minutes (1 to 300; the default is 5 minutes) so that the TCP connection is closed after a length of idle time. The no-llc timer can also be configured to keep the connection up minutes (1 to 300; the default is 5 minutes) after all LLC2 connections are closed. Dynamic peers are useful where infrequent communication between peers exists.
  
  A remote peer can be configured as a backup-peer for another remote peer, where the DLSw+ connection to the backup peer is brought up only after a router failure in the primary peer. The backup peer is configured with either the ip-address of the primary remote peer or the frame-relay interface serial or interface used to connect to the primary peer. As soon as the primary peer comes back up, the backup peer can be configured to stay active for a linger period of minutes (1 to 300; the default is 5 minutes).
  
  Load balancing between the local peer and multiple remote peers can also be configured. Each remote peer can be given a circuit-weight of weight (1 to 100). New DLSw+ circuits that are added are distributed between the remote peers in accordance with the ratio of the circuit weights.
  
  A remote peer can be declared passive, such that it waits for another peer to initiate a DLSw+ connection. The lf keyword defines the largest frame size that the peer can send: 516, 1470, 1500, 2052, 4472, 8144, 11407, 11454, or 17800 bytes. The router negotiates this size with remote peers. A lower frame size reduces a packet's serialization time across a slower link, resulting in more available time for keepalive and other packets. Peer routers send keepalives to determine if the remote end is still accessible. Use the keepalive keyword to set the keepalive interval (0 to 1200 seconds; the default is 30 seconds, and 0 turns keepalives off).
  
  By default, all DLSw+ traffic is sent over TCP port 2065 with IP precedence "network." DLSw+ traffic can be prioritized by using the priority keyword (TCP only). High-priority traffic (circuit administration, peer keepalives, capabilities exchanges) is sent over TCP port 2065 with "network," medium-priority (no specific traffic type) over TCP port 1981 with "internetwork," normal-priority (information frames) over TCP port 1982 with "critical," and low-priority (broadcasts) over TCP port 1983 with "Flash override."
  
  DLSw+ traffic can also be filtered according to NetBIOS name ( host-netbios-out ), NetBIOS byte offset ( bytes-netbios-out ), destination MAC address ( dmac-output-list ), or IEEE 802.5 LSAP value ( lsap-output-list ). These lists can be defined according to Step 3.
  
  The TCP retransmit time can be given with a timeout of seconds (5 to 1200; the default is 90 seconds). The maximum TCP output queue size can be set with tcp-queue-max of size bytes (10 to 2000).
(Optional) Create DLSw+ traffic filters.
1. Use a NetBIOS host name filter:
```
 (global)  netbios access-list host   list-name  {  permit   deny  }  pattern  
```
  The access list is named list-name. It either permits or denies packets if the NetBIOS name matches the pattern string. The pattern is a station name, and it can include ? (to match a single character) or * (to match any number of characters to the right).
  
  Remember that there is an implicit deny statement at the end of the access list.
2. Use a NetBIOS byte offset filter:
```
 (global)  netbios access-list bytes   list-name  {  permit   deny  }  offset   pattern  
```
  The access list is named list-name. It either permits or denies packets if the byte string starting at offset bytes from the beginning of the NetBIOS header matches the pattern string of bytes. The pattern is a string of hex digits (up to 32 in length; even-numbered length). The byte pattern can also include ** as a wildcard pattern for a byte. Remember that there is an implicit deny statement at the end of the access list.
3. Use a destination MAC address filter:
```
 (global)  access-list   acc-list-number  {  permit   deny  }  address mask  
```
  The list numbered acc-list-number (700 to 799) permits or denies packets with a matching MAC address. The address is given as a 48-bit Token Ring MAC address ( dotted - triplet format), and the mask as a 48-bit mask (dotted-triplet format; a 1 ignores and a 0 matches).
4. Use an LSAP filter:
```
 (global)  access-list   acc-list-number  {  permit   deny  }  type-code type-mask  
```
  The list is numbered acc-list-number (200 to 299). It contains statements that permit or deny packets with a specific 16-bit LSAP or SNAP type-code (four-digit hex with leading 0x). The type-mask is a wildcard mask (four-digit hex; a 1 ignores and a 0 matches).
  
  NOTE
  
  For DSAP/SSAP pairs, always use a mask of 0x0101. The least-significant bit in each SAP field is used for other purposes.
Map DLSw+ to an originating DLC source.
1. Token Ring to DLSw+.
  - Define a virtual ring number:
```
 (global)  source-bridge ring-group   ring-group  [  virtual-mac-addr  ] 
```
    A virtual Token Ring numbered ring-group (1 to 4095) is created. Physical Token Ring interfaces must first be bridged to this virtual ring via SRB. (This step is identical to Step 1 in Section 5-1.)
  - Enable spanning tree explorers:
```
 (interface)  source-bridge spanning  
```
    DLSw+ uses single-route or spanning tree explorers. Therefore, the spanning tree topology must be manually defined on the physical Token Ring interfaces.
  - Define a ring list to apply specific interfaces to DLSw+ peers:
```
 (global)  dlsw ring-list   list-number   rings   ring-numbers  
```
    By default, all rings on the local router are made available to DLSw+ peers (from dlsw remote-peer 0 ). DLSw+ traffic can be limited to specific rings, such that only traffic from rings appearing in the ring list are forwarded to the appropriate peers. Traffic coming from remote peers is forwarded to the rings in the ring list. The list-number defines a unique ring list (1 to 255). The ring-numbers parameter is a list of one or more ring numbers (1 to 4095), separated by spaces.
2. Ethernet to DLSw+.
  - Define a transparent bridge group and STP:
```
 (global)  bridge   bridge-group   protocol ieee  
```
    A transparent bridge group numbered bridge-group (1 to 63) is defined to run the IEEE 802.1 Spanning-Tree Protocol.
    
    NOTE
    
    It is not necessary to configure translational bridging for DLSw+ operation with Ethernet networks. DLSw+ works directly with a transparent bridge group and handles media and MAC address translation automatically.
  - Assign an Ethernet interface to the bridge group:
```
 (interface)  bridge-group   bridge-group  
```
    Traffic to and from the Ethernet interface is bridged to the bridge-group (1 to 63), where DLSw+ has a logical interface.
  - Associate the bridge group with DLSw+:
```
 (global)  dlsw bridge-group   bridge-group  
```
    Traffic is bridged between bridge-group (1 to 63) and DLSw+ remote peers.
3. SDLC on a serial interface to DLSw+.
  - Use SDLC encapsulation:
```
 (interface)  encapsulation sdlc  
```
  - Specify the SDLC role:
```
 (interface)  sdlc role  {  none   primary   secondary   prim-xid-poll  } 
```
    The router is set to operate in SDLC role: none (end stations determine whether the router is primary or secondary), primary ( polls secondary nodes), secondary (sends data only when polled by primary), or prim-xid-poll (the router is primary when the end station is a secondary NT2.1).
    
    In general, a FEP is a primary node, and an establishment controller (EC) is a secondary node. The router must play the opposite role of the device it is connected to. For example, a router connected to a controller must act like the FEP (primary), and a router connected to a FEP must act like a controller (secondary). Use the primary role if the end devices are PU 2.0 or a mix of 2.0 and 2.1. Use prim-xid-poll if the end devices are all PU 2.1.
  - Assign a MAC address to the serial interface:
```
 (interface)  sdlc vmac   mac-address  
```
    A 48-bit mac-address (dotted-triplet format) is assigned to the serial interface. The last byte (two hex digits) must be 00. Secondary nodes receive a virtual MAC address with their 1-byte SDLC addresses in the last byte position.
  - (Primary role only) Define SDLC addresses of attached secondary stations:
```
 (interface)  sdlc address   hexbyte  [  echo  ] 
```
    The SDLC address of a secondary station is defined as a 1-byte (two hex digits) hexbyte value (1 to FE).
  - Define the destination MAC and SDLC addresses:
```
 (interface)  sdlc partner   mac-address sdlc-address  
```
    On each end of the DLSw+ connection, an SDLC address must be associated with a MAC address for each pair of communicating nodes.
  - (PU 2.0 devices only) Define the XID value for attached stations:
```
 (interface)  sdlc xid   sdlc-address xid  
```
    The SDLC address sdlc-address (two hex digits) is assigned an xid value (4 bytes, eight hex digits) from the IDBLK and IDNUM parameters on the primary host. This XID value is sent by the router when the XIDs are exchanged at the start of a session. If the XID value doesn't match the host configuration, the session will not start.
  - Associate the SDLC interface with DLSw+:
```
 (interface)  sdlc dlsw  {  sdlc-address   default   partner   mac-address  [  inbound   outbound  ]} 
```
    DLSw+ is associated with the SDLC address: sdlc-address (a list of one or more specific two-digit hex values, 1 to FE), default (any SDLC address), or partner (the mac-address of the default partner is given). inbound means the partner initiates a connection, and outbound means the router initiates a connection. Specify SDLC addresses for most configurations. If you have ten or more SDLC devices to attach to DLSw+, use the default keyword instead.
4. QLLC on an X.25 network.
  - Use X.25 encapsulation on a serial interface:
```
 (interface)  encapsulation x25  
```
    The interface operates as a DTE device on the X.25 network.
  - Set the X.25 subaddress:
```
 (interface)  x25 address   x121-address  
```
    The X.121 address (a variable-length string of digits) assigned to the local router by the X.25 service provider must be configured on the interface.
  - Map a virtual MAC address to the X.121 address:
```
 (interface)  x25 map qllc   mac-address x121-address  
```
    The MAC address (dotted-triplet hex format) of a remote device is mapped to the X.121 address of the far end of the X.25 circuit.
  - Associate the X.25 QLLC interface with DLSw+:
```
 (interface)  qllc dlsw partner   partner-macaddr  
```
    The MAC address of the local Token Ring destination device (a FEP, for example) is given as partner-macaddr. When QLLC data destined for that MAC address is received by the router, it is handed off to DLSw+ for media translation and delivery.
(Optional) Use on-demand peers:
```
 (global)  dlsw peer-on-demand-defaults  [  fst  ] [  cost   cost  ] [  inactivity   minutes  ] [  keepalive   seconds  ] [  lf   bytes  ] [  priority  ] [  dest-mac   dest-mac-address  ] [  dmac-output-list   acc-list-number  ] [  host-netbios-out   acc-list  ] [  bytes-netbios-out   acc-list  ] [  lsap-output-list   acc-list  ]   [  port-list   port-list-number  ] [  tcp-queue-max  ] 
```
Peer connections to the border peer can be configured with default parameters. On-demand peers use TCP by default, unless the fst keyword is given. The cost to reach on-demand peers can be set with the cost keyword (1 to 5; the default is 3). After the peer's circuit count is reduced to 0, the on-demand peer is disconnected after inactivity minutes (0 to 24 minutes; the default is 10 minutes). The keepalive interval is seconds (0 to 1200, the default is 30 seconds). The priority keyword causes data prioritization to be used for the on-demand peer.

Data can be filtered to the peer by matching a destination MAC address ( dest-mac ), a MAC address filter ( dmac-output-list; access list numbers 700 to 799), a NetBIOS host filter ( host-netbios-out; a named host list), a NetBIOS offset filter ( bytes-netbios-out; a named byte offset list), an LSAP output filter ( lsap-output-list; access list 200 to 299), or a port list ( port-list; port list numbers 0 to 4095).
(Optional) Use load balancing:
```
 (global)  dlsw load-balance  [  round-robin   circuit-count   circuit-weight  ] 
```
Load balancing distributes DLSw+ traffic over multiple paths to a destination MAC address or NetBIOS name. The round-robin keyword causes DLSw+ to build a new circuit on the next peer in line after the last built circuit. Peers are used in a cyclic fashion. The circuit-count keyword causes DLSw+ to use enhanced load balancing, in which new circuits are built according to existing loads. New circuits are added to underloaded paths (those with the lowest or equal costs) until a configured ratio is reached. The circuit-weight (1 to 100; the default is 10) gives a default weight to be used for peers without an explicit circuit weight given in the dlsw remote-peer tcp command.

Each remote peer should be given a circuit weight when it is defined, to specify the desired circuit load. The weights are unitless and are relative to the weights of other peers. DLSw+ computes the ratio of circuit weights between remote peers and assigns new circuits to the peers that are underloaded and that can handle more.
(Optional) Use static path and reachability information.
1. Define a static path to a MAC address:
```
 (global)  dlsw mac-addr   mac-addr  {  ring   ring-number   remote-peer  {  interface serial   number   ip-address   ip-address  }  rif   rif   group   group  } 
```
2. Define a static path to a NetBIOS name:
```
 (global)  dlsw netbios-name   netbios-name  {  ring   ring-number   remote-peer  {  interface serial   number   ip-address   ip-address  }  rif   rif   group   group  } 
```
  A MAC address (Step a) or a NetBIOS name (Step b) can be statically configured so that explorer frames are not sent to find it. The mac-addr or netbios-name is associated with the DLSw+ path to the destination, given as a ring group or number ( ring, 0 to 4095), as a DLSw+ peer ( remote-peer, as a serial interface for direct encapsulation or as an IP address for FST or TCP), as a RIF ( rif ), or as a DLSw+ peer group ( group, 1 to 255).
3. Define a static locally reachable resource:
```
 (global)  dlsw icanreach  {  mac-exclusive   netbios-exclusive  [  remote  ]  mac-address   mac-address  [  mask   mask  ]  netbios-name   name   saps  } 
```
  The router advertises resources it can reach, through the keywords mac-exclusive (only the MAC addresses specifically configured), netbios-exclusive (only the NetBIOS names specifically configured; remote allows all local NetBIOS stations to make outgoing connections), mac-address (the mac-address is reachable; mask presents a hex MAC address mask; 0 matches and 1 is a wildcard bit), netbios-name (the NetBIOS name is reachable), and saps (configured SAP numbers are reachable).
4. Define a static locally unreachable SAP:
```
 (global)  dlsw icannotreach saps   sap  [  sap ...  ] 
```
  The list of SAP numbers (two-digit hex numbers: destination SAPs for remote peer devices, source SAPs for locally attached devices) that the local router cannot reach.

Example

The local router is connected to other routers via an intermediate network. Source-route bridging between two Token Ring interfaces and two remote peer routers (172.16.88.3 and 172.16.91.3) is handled by DLSw+. Only traffic from ring 5 (tokenring 0/1) is permitted to cross into the DLSw+ cloud. The local router is configured as a border peer for the peer routers in DLSw+ group 3. The specific remote peers are configured, and promiscuous mode is used to allow the other peer routers in group 3 to establish connections to the border router.

Serial interface 8/1 is used to connect to a multidrop PU2.0 device. SDLC stations C4 and C5 are configured to partner with the 3745 FEP at MAC address 4000.3745.0001. The XID values were obtained from the IDBLK and IDNUM quantities configured in the mainframe. The SDLC connection is identified with DLSw+ so that the SDLC traffic is transported to and from the 3745 at a remote site.

Figure 5-4 shows a network diagram. The top portion of the figure shows a functional view of DLSw+ peers, as rings and bridges. The bottom portion shows the corresponding physical topology.

Figure 5-4. Network Diagram for the Example

graphics/05fig04.gif

  dlsw local-peer peer-id 192.168.1.1 group 3 border promiscuous   dlsw remote-peer 1 tcp 172.16.88.3   dlsw remote-peer 1 tcp 172.16.91.3   dlsw ring-list 1 rings 5   interface loopback 1   ip address 192.168.1.1 255.255.255.0   interface tokenring 0/1   ip address 172.19.3.17 255.255.255.0   source-bridge 5 1 100   ring-speed 16   source-bridge spanning   multiring all   interface tokenring 1/2   source-bridge 7 1 100   ring-speed 16   source-bridge spanning 10   multiring all   interface serial 8/0   description Transit network to remote sites   ip address 192.168.14.1 255.255.255.0   interface serial 8/1   description SDLC connection to a controller   encapsulation sdlc   clock rate 19200   sdlc role primary   sdlc vmac 4000.1111.2222   sdlc address C4   sdlc partner 4000.3745.0001 C4   sdlc xid C4 01720004   sdlc address C5   sdlc partner 4000.3745.0001 C5   sdlc xid C5 01720005   sdlc dlsw C4 C5