OpenROUTE 3.2.2
Release Notes

These release notes are for OpenROUTE 3.2.2 software. They cover the following topics:

New Software Features

Known Deficiencies, Limitations, and/or Clarifications

1.0 New Software Features

This section covers new software features in OpenROUTE 3.2.0 through OpenROUTE 3.2.2.

1.1 BGP4 Enhancements

BGP4 offers additional parameters for BGP neighbors that give you greater control over routing paths. These parameters include:

Number of AS Prepends, which lets you control the routing of traffic to your router.
Local Preference, which lets you control the routing of traffic from your router.

1.2 DHCP Client and Server

OpenROUTE Networks' implementation of Dynamic Host Configuration Protocol (DHCP) allows a router's LAN interface to be either a DHCP client or a DHCP server.

The DHCP client obtains its IP address and subnet mask for its LAN interface from a DHCP server.
The DHCP server provides IP address, subnet mask, default gateway, DNS, and domain name information to DHCP clients.

This version of OpenROUTE software provides an additional option for the DHCP client: a client can now import default route(s) supplied by the DHCP server.

IP config> add address
Which net is this address for [0]?
New address [0.0.0.0]?
Allow dynamic address assignment via DHCP(Yes or [No]):
Accept default routes from DHCP server(Yes or [No]):yes

If your router is not running a routing protocol, you may want to accept the routes that the DHCP server provides and install them as static routes. This new option allows you to do that.

1.2.1 Auto-Configuration

If there is a DHCP server on the local area network (LAN), when you start your router for the first time, it comes up in DHCP client mode on its first LAN interface. If there is no DHCP server on the LAN, the router assigns itself a fixed IP address (192.168.1.1) for the interface.

1.3 IGMP Version 2

The Internet Group Management Protocol (IGMP) is the MOSPF (Multicast Extension to OSPF) or DVMRP extension that lets an IP host participate in IP multicasting. IGMP version 2 (IGMPv2) allows the host receiving multicast traffic to stop the flow of multicast traffic more quickly than version 1 allowed. In IGMPv2, a host can stop multicast traffic in about one second as opposed to taking about one minute in IGMPv1.

In addition, OpenROUTE software now lets you configure IGMP as a separate process apart from OSPF or DVMRP. To display the IGMP prompts, enter IGMP at any of the OSPF or DVMRP prompts.

1.4 IP-Preventing a Denial of Service Attack Called Smurfing

With a denial of service attack called Smurfing, an attacker sends ICMP Echo Request (PING) packets to a broadcast address using a spoofed IP address. A spoofed IP address is an address that appears to come from one network, but in reality it comes from another network. When the device with the broadcast address receives the Echo Requests, it broadcasts the requests to the hosts on its IP network. In return, each host replies to the requests with echo replies and sends the replies to the address that was spoofed.

By sending a large number of request packets, an attacker can cause the spoofed address to receive a large amount of reply packets.

There are two ways to avoid this type of attack.

: 1. Add a filter that blocks any packets coming from outside the protected network that claim to have a source address that matches any network inside the firewall.
: 2. Disable directed broadcasts.

In OpenROUTE 3.2.2, directed broadcasts are disabled by default. Also, you can now turn on or off directed broadcasts for each interface, rather than just for the router as a whole.

To turn on or off directed broadcasts, use the enable/disable directed-broadcast commands. When you enter one of these commands, the software prompts you for an IP address. To enable or disable directed broadcast for a specific interface, enter the IP address of the interface. To enable or disable directed broadcast for all router interfaces, press ENTER.

IP config>enable directed-broadcast
IP address (CR for all)? 192.6.0.34

To see whether directed broadcast is enabled or disabled on your interfaces, enter list interface-attributes at the IP config> prompt.

1.5 Network Address Translation (NAT)

There are three new NAT features.

1. When you enable NAT on an interface, the software allows Point-to-Point Tunneling Protocol (PPTP) client traffic to pass through the NAT interface. You do not have to add a NAT service for PPTP client traffic.

2. You can now add a service table entry to your NAT configuration for PPTP server traffic. Doing so lets you advertise a PPTP server to outside networks.

3. Previously, fixed IP address mappings and service table entries applied to all NAT interfaces in the router. You can now set up mappings or services that apply to all NAT interfaces or to a specific NAT interface. The NAT software now has a global service table. When you add a service to your NAT configuration, you can add the service to the global table or to the service table for a specific interface.

Also, when you add a fixed IP address mapping, the software prompts you for an interface number, so you can apply the mapping to a specific interface.

1.6 New ISDN With POTS Module for GTX 1000

Plain Old Telephone Service (POTS) is an extension of the ISDN functionality that is currently supported in GTX 1000 routers. It allows you to connect analog telephone equipment, such as telephones, FAX machines, and modems, directly to your GTX 1000 router. The telephone equipment contends for the available B-channels of the ISDN link along with traditional Point-to-Point Protocol (PPP) data links. With POTS on the GTX 1000, you can now use your ISDN connection for voice and data connections from a single platform.

1.7 New DDS CSU/DSU Module for GTX 1000

The DDS CSU/DSU module supports the following physical device features:

Integrated Channel Service Unit (CSU) and Data Service Unit (DSU)
56 Kbps DDS (DDS-PRI, 56 Kbps loop speed)
64 Kbps Clear Channel DDS (CC-64K, 72 Kbps loop speed)

1.8 New Fractional T1/E1 Modules for GTX 1000

The Fractional T1 module supports the following features:

Extended Super Frame (ESF) framing using B8ZS signal coding at 1544 Kbps according to AT&T TR62411.
Integrated Channel Service Unit (CSU) and Data Service Unit (DSU).

The Fractional E1 module supports the following features:

CRC-Multiframe framing for E1 using HDB3 signal coding at 2048 Kbps, according to ITU-TG.703, G.704, G.706, and TBR13.
Unstructured E1 using HDB3 coding at 2048 Kbps, according to TBR12.

1.9 OSPF

OpenROUTE software now supports the following in its implementation of the Open Shortest Path First (OSPF) protocol:

MD5 authentication-To configure MD5 authentication on an OSPF interface, set the authentication type for the interface to cryptographic, and then set the OSPF interface's Message Digest Key ID and the MD5 key (password).
The point-to-multipoint option for OSPF interface types-To set an OSPF interface type to point-to-multipoint on any Ethernet, override the default OSPF interface type and then select point-to multipoint as the OSPF interface type override.

Interface Medium Default OSPF Interface Type

LAN (Ethernet)
Broadcast

X.25, Frame Relay
Point-to-Multipoint

PPP
Point-to-Point

Interface Medium	Default OSPF Interface Type
LAN (Ethernet)	Broadcast
X.25, Frame Relay	Point-to-Multipoint
PPP	Point-to-Point

To configure MD5 authentication and point-to-multipoint, do the following:

OSPF Config>set interface
Interface IP address [0.0.0.0]? 1.1.1.4
Attaches to area [0.0.0.0]? 1.1.1.1
Retransmission Interval (in seconds) [5]?
Transmission Delay (in seconds) [1]?
Router Priority [1]?
Hello Interval (in seconds) [10]?
Dead Router Interval (in seconds) [40]?
Type Of Service 0 cost [1]?
Authentication Type (0:NONE, 1:SIMPLE, 2:CRYPTOGRAPHIC) [0]? 2
Message Digest Key ID [0]?
MD5 Key?
Retype MD5 Key?
Override the default OSPF interface-type? [No]: yes
OSPF interface-type override
(1=broadcast, 3=NBMA, 5=point-to-multipoint) [0]? 5
Forward multicast datagrams? [Yes]:
Forward as data-link unicasts? [No]:

1.10 PPP over Frame Relay Virtual Circuit (FRVC)

OpenROUTE 3.2.2 adds the ability to run PPP data over FRVCs. Since you can compress PPP data, this feature gives you a way to compress data sent over Frame Relay networks.

1.11 Static Routes

You can now add multiple static routes for a destination. In this case, the router determines which route to use based on the cost of the route.

When you add a static route, you can set the address mask to 255.255.255.255. This mask causes the router to discard traffic addressed to the destination. This is useful in situations where, if an interface goes down, you want the router to discard traffic rather than send the traffic over a different interface. For example, if an IP Tunnel goes down, you may want the router to discard traffic rather than send the traffic over an interface that isn't set up to encrypt data. The router does not discard traffic if alternate routes of equal or lower cost to the destination are available.

2.0 Known Deficiencies, Limitations, and/or Clarifications

This section describes known deficiencies in OpenROUTE 3.2.2 and indicates limitations with the software.

2.1 General

GT 60 Series, GT 70 Series, and GTS 100 routers do not have a time of day clock chip with battery backup. For time to be meaningful, you have to get the time from a nearby host or manually set the time. The time commands at the Config> prompt allow for these operations. Enter time set at restarts or set up the time configuration to poll a nearby host.

2.2 DDS Module

If you connect a DDS module back-to-back with a DDS module in another router for testing purposes, the ALM (Alarm) LED comes on because no loop current is generated in this configuration. Tests will run normally despite the lack of loop current, so you can ignore the LED in this situation.
The DDS software does not have a separate ELS subsystem. Message 47 in Serial Line (SL) ELS subsystem applies to DDS modules.

2.3 DHCP Client

You cannot set up Frame Relay LAN Emulation (FRLANE) interfaces as DHCP clients.
When a DHCP lease is in the rebind state, the state still displays as the renewal state. This does not affect the operation of DHCP client.

2.4 DHCP Server

If you set a domain name that the DHCP server assigns using the set domain-name command, there is no way to set the domain name back to the default of none. To clear the domain name, you must clear the complete DHCP Server configuration.
When you enter list interface at the DHCP Server> prompt, the software does not always display the correct number of clients bound to the server. To see a list of clients bound to the server, enter list all at the DHCP Server> prompt.

2.5 GT 60 Series

When all of the following conditions occur on a GT 60 Series router, the router hangs when you reload the router software. If this happens, you must cycle the power on the router to get the router running again.

An RS232 DTE cable, X.21 DCE cable, or X.21 DTE cable is plugged into the router's WAN port, but not connected at the other end.
The line discipline in the Serial Line configuration is set to async.
The Serial Interface Dialer (DIAL) is enabled.

2.6 GT 70 Series

The console port on GT 70 Series routers does not support autobaud. The baud rate defaults to 9600, but you can change it using the set baudrate configuration command.
When the GT 70 Series router is booting, the LAN and the OK status lights both blink. Only the OK light should blink.

2.7 GTX 1000

2.8 IP Tunnels

IP Tunnels require a single Maximum Transfer Unit (MTU) size across all remote destinations. This single size must be the smallest MTU required across all remote destinations. The MTU discovery feature dynamically determines the MTU size to use on IP Tunnels. By default, MTU discovery is enabled, and OpenROUTE Networks recommends that you do not disable MTU discovery. If your tunnel is running over a PPP interface and you disable MTU discovery, make sure the Maximum Receive Unit (MRU) size in PPP is at least 100 bytes larger than the MTU of the tunnel. The default MRU size in PPP is 1500 bytes.
To avoid problems due to incorrect MTU/MRU sizes, OpenROUTE Networks recommends that you use the default settings.
The IP Tunnel software lists IP Tunnel interfaces as Up even though they may be Down. To see an accurate list of IP Tunnels that are Up, enter list receive parameters at the SKIP NET-#> prompt. If the tunnel is Down, the algorithm entries display UNKNOWN.

SKIP NET-6>list receive parameters

Received Packet Parameters

Destination Master Bulk Auth Comp Drop
Algorithm Algorithm Algorithm Algorithm Unsigned
misty DES-CBC DES-CBC MD5 STAC-LZS NO

2.9 ISDN and Quick Configuration

The GT 70 Series Quick Config does not ask for directory numbers for the INS64 switch variant because INS64 does not require them. Therefore, if the INS64 switch needs subaddressing, you must enter the ISDN configuration and explicitly set the directory numbers.

Config>network 1
Circuit Configuration
Circuit Config <NET-1> bri
Basic Rate ISDN user configuration
BRI Config <NET-1> set dn0
Enter DN0 (Directory-Number-0) []? :54

Note: Directory number 0 (DN0) only has a subaddress component which, in this example, is 54.