Release Notes
for OpenROUTE 5.1

These release notes are for OpenROUTE 5.1 software. They cover the following topics:

New Software Features

Known Deficiencies, Limitations, and/or Clarifications

New Software Features

This section introduces the following new software features in OpenROUTE 5.1.

Cycling Power to 3000 Series Using a Software Command

You can cycle power to the 3000 Series using a software command. This command performs the same function as shutting off power to the router and turning power back on. When you use this command from a remote terminal, it closes any remote sessions.

The power-cycle command causes the 3000 Series to do the following:

You enter this command at the * prompt.

Syntax: power-cycle

Example: power-cycle

Power cycling the gateway will force diagnostics to be run
and will reload the gateway.
Are you sure you want to power cycle the gateway? (Yes or [No]):

New Analog Voice Module & Software

 You have the option of ordering a 3000 Series with two or four analog ports for sending voice traffic over IP (VoIP). The voice ports offer the following features.

New SDSL Module & Software

 3000 Series Gateway Routers and GTX 1500 routers support a Symmetric Digital Subscriber Line (SDSL) module. This module is designed to work with Copper Mountain Networks, Inc. Digital Subscriber Loop Access Multiplexor (DSLAM) equipment.

New Web Server Commands

3000 Series Gateway Routers and GTX 1500 routers have a built in Web Server that lets you do the following:

Previously, commands to configure, enable, and disable the Web server were located at the Auth Config> and Auth> prompts. These commands are now located at the Http Config> prompt. There is also a new HTTP monitoring prompt that lets you display the settings of your Web server.

Displaying the HTTP Prompts

To display the Http Config> prompt, 

*config
Config>http
Http Config>
To display the Http> prompt, 

*monitor
+>http
Http>

Enable [C]

 Enables the router's Web server. On routers that contain QuickWeb software, the router's HTTP Web server is enabled by default. On all other routers, the HTTP Web server is disabled by default.

Syntax: enable

Example: enable

Disable [C]

Disables the router's Web server.

Syntax: disable

Example: disable

List [C] [M]

Displays the settings for the router's HTTP server.

Syntax: list

Example: list

HTTP Server Configuration
  Enabled
  Port = 80, Max Sessions = 25, Timeout = 60

Set [C]

Sets parameters for the router's HTTP server. These parameters apply to both QuickWeb and authentication HTTP sessions.

Syntax: set

port
sessions
timeout

port port#

 Sets the TCP port number that the router's HTTP server answers. The default is 80.

Example: set port = 81

sessions

Sets the number of simultaneous TCP sessions that the router's HTTP server processes. The default is 25. The range is 5 to 2000.

Example: set sessions = 25

timeout

Sets a timeout for multiple form interactions between the user and the router's HTTP server. The default is 60 seconds. The range is 30 seconds to 300 seconds (5 minutes).

Example: set timeout = 90

Known Deficiencies, Limitations, and/or Clarifications

This section describes known deficiencies in OpenROUTE 5.1 and indicates limitations with the software.

General

GT 60 Series, GT 70 Series, and GT 100 routers do not have a time of day clock chip with battery backup. For time to be meaningful, you have to get the time from a nearby host or manually set the time whenever you restart the router. The time commands at the Config> prompt allow for these operations. Enter time set at restarts or set up the time configuration to poll a nearby host.

3000 Series Secure Gateway Router

In OpenROUTE 5.1, the 3000 Series supports data routing, as well as an optional analog voice module that provides up to four analog voice lines. Future releases will support digital voice modules.

CAUTION:
The voice ports on the analog voice module have
RJ-45 (8-pin) interfaces.
Inserting an RJ-11 (4-pin) connector into an RJ-45 port can damage the pins in the port.

Using an RJ-11 connector in the voice ports voids the warranty of the analog voice module.

Analog Voice

Accessing the Remote Database

When an IP SFTM Trunk is established between a Local and Remote 3000 Series, you may not be able to view the Remote node's database using an NxNMS workstation on the Local network.

To get around this, you need to force the management traffic to pass as another priority over the SFTM trunks, forcing them to fragment as required.

Use a Local NxNMS at each end to set up the following on each 3000 voice module

With NetrixView 2000 in Create mode, Create a Virtual SFTM Trunk. This creates two icons, one labelled SFTM, and another labelled Tunnel. Place each icon as desired and then switch to Monitor mode.

To configure the Virtual SFTM

1. Get Info on the SFTM icon. In the popup that appears, Select the Packet Stream component, and then set the data priority to Data Priority 1.

2. Get Info on the SFTM icon. In the popup that appears, Select the X.25 Level 2 component, and then set one node for DTE and SABM, the other to DCE and disc poll.

3. Get Info on the SFTM icon. In the popup that appears, Select the Virt Frame Drive component, and then set the CIR to 0 and set the burst to the line speed of the IP SFTM trunk (not the newly created SFTM/Tunnel Trunk).

4. To update the database and implement the configuration changes, Popdown to the Top Level SFTM Trunk Info popup and Select the Update & Config button.

To configure the Tunnel

1. Get Info on the Tunnel icon. In the popup that appears, Select the Network Interface component and then Select Addresses. In the addresses popup, do the following:

2. Get Info on the Tunnel icon. In the popup that appears, Select the Tunnel component and then set the data priority to Data Priority 1. In the Address to Call field, enter the address of the corresponding remote unit.

3. To update the database and implement the configuration changes, Popdown to the Top Level Tunnel Info popup and Select the Update & Config button.

You should now see your tunnels turn green as they launch calls through the IP SFTM trunk.

Now you need to disallow management/packet data from going over the IP/SFTM trunk

On each end of the trunk:

1. Get Info on the IP SFTM Trunk icon (not the newly created SFTM/Tunnel Trunk). In the popup that appears, Select the Network Routing component.

2. In the Class of Service field, select Privileged. Then, pull the slider on the bottom of the window to the far right. The new value is displayed in the list as -1.

3. In the Class of Service field, select Packet Switched. (You may have to scroll down to see the Packet Switched entry.) Then, pull the slider on the bottom of the window to the far right. The new value is displayed in the list as -1.

4. To update the database and implement the configuration changes, Popdown to the Top Level IP SFTM Trunk Info popup and Select the Update & Config button.

Now when you View into the remote node, the packets go over the Virtual SFTM trunk, which has a data privilege of 1, and tunnels through the IP/SFTM trunk. This traffic then gets fragmented depending on the MTU set on the IP/SFTM trunk itself.

Any voice calls, however, now go through the IP/SFTM trunk, and not through the Virtual trunk.

Interoperability Issues and Comments

H.323 Interoperability

 H.323 is a fairly loose standard and from time to time different vendors implement different features in such a fashion as to cause minor interoperability issues. When such issues occur, Nx Networks will put forth reasonable effort to resolve these issues. Below is a list of known H.323 interoperability issues.

G.711 Sample Rates

 The 3000 Series transmits 15ms G.711 packets. Some codecs make the incorrect assumption that G.711 transmits packets that are multiples of 10 ms, resulting in degraded voice quality. You can resolve this problem in one of two ways:

Using NAT With Voice

 To run voice traffic and NAT over the Internet, you must assign a public IP address for the voice module, and that address must be visible to the Internet. You cannot hide the address behind a firewall.

To do this, you set up a fixed address mapping for the voice module so that NAT does not translate the voice IP address. You need to assign the same address as the public outside address and the private inside address. This address must also be on the same subnet as the Internet connection.

The following example shows how to set up a fixed address mapping, where 128.185.2.2 is the IP address of the voice module. 

*config
Config>PROTOCOL ip
Internet protocol user configuration
IP config>nat
Network Address Translation Configuration
NAT Config>add FIXED-IP-MAPPINGS
Interface number [1]? 3
Public outside address [0.0.0.0]? 128.185.2.2
Mask [255.255.255.255]?
Private inside address [0.0.0.0]? 128.185.2.2
The IP address of the voice module must also be different from the NAT global IP address for this no-translation to work. If they are the same, explicitly configure the NAT global IP address to be the public IP address of the Internet interface, and do not let the router automatically choose the NAT global IP address.

To check the global IP address that NAT is using, enter list nat at the NAT monitoring prompt. 

*monitor
+PROTOCOL IP
IP>nat
Network Address Translation Console         
NAT>LIST NAT-INTERFACE
Interface number [1]?
NAT Enabled on interface 1
  Address is:     128.185.2.1       Service Table Used:  Global
  Current # entries: 0
  Maximum # entries: 500            Global ageout:       1800 secs
  TCP ageout (secs): 9000           TCP closed ageout:   30 secs
To explicitly set the global IP address of the NAT interface, use the following command. 

NAT Config>SET NAT-INTERFACE IP-ADDRESS
Interface number [1]?
NAT IP address (0.0.0.0 = use automatic default) [0.0.0.0]? 128.185.2.1
Note: You cannot use unnumbered IP on a NAT interface.

IPSec

Interoperability With Cisco 2524 Routers

 When running IPSec over ISDN to a Cisco 2524 router, you need to use just one B-channel.

Also, if you are using manual keys to run IPSec to a Cisco 2524 router, the Cisco console displays "hung task" and "trace" error messages. These errors do not affect operation of IPSec.

Using IPSec Delete Commands

The IPSec software does not let you delete a peer, profile, SA proposal, or IKE transform that is used elsewhere in the configuration. For example, you cannot delete an IKE transform that is included in a peer definition.

If you attempt to use the delete command on an item, the prompt lists items that are eligible to be deleted, along with a message indicating that items in use are not displayed.

However, if no definitions are eligible for deletion, the software does not display anything to indicate that the definitions do exist and are not being displayed.

Blowfish and IPCOMP Algorithms

The OpenROUTE 5.1 and 5.0 implementations of the IPSec algorithms Blowfish and IPCOMP are not interoperable with OpenROUTE 4.0 versions of OpenROUTE IPSec software. To run the Blowfish and IPCOMP algorithms in OpenROUTE 5.1, you need to upgrade your routers from OpenROUTE 4.0 to release 5.0 or higher.

DHCP Client

GTX Series

Before you install a new module in your GTX Series router, be sure that you have the appropriate router software. Router software OpenROUTE 5.1 supports the GTX1500 and GTX1000T platforms and the following modules:

X.21 Cable

The GTX Series does not support an X.21 cable with a DCE connector because the GTX Series does not provide clocking for X.21. The GTX Series does support an X.21 cable with a DTE connector.

Online Library

Version 4.0 of the OpenROUTE software online library CD has incorrect links in the file certmgmt.htm, which is in the following directories.

software_documentation\openroute_40\ipsec\certmgmt.htm

software_documentation\openroute_40\cert\certmgmt.htm

You can get a replacement file on the OpenROUTE Web site in the following location:

www2.openroute.com/support/library/software_documentation/openroute_40/ipsec/certmgmt.htm

Quick Config and Unnumbered Ethernet

 In Quick Config, if you assign the Ethernet interface to be unnumbered (dynamic), you cannot assign the unnumbered Ethernet interface as the default route.

When you get to the end of the IP configuration, Quick Config asks if you want to specify a default route. If you answer yes, Quick Config asks if you want to use an unnumbered or dynamic interface. If you answer yes and select a non-PPP interface, Quick Config tells you that you must use an unnumbered PPP interface, and gives the example of Interface #0 (the Ethernet) as an unnumbered PPP interface.

To work around this problem, answer no when Quick Config asks if you want to specify a default route. When you finish running Quick Config, go to the IP Config> prompt and use the add route command to set up the default route.

SDSL Module

At slower SDSL line speeds (160Kbps and 208Kbps), it can take several minutes for the SDSL module to come up and be available for data traffic. SDSL DSLAMs can take several minutes to begin the speed training process with the SDSL module. Once the speed training is complete, the activation process can take an additional two minutes before the interface is declared as Up. This is an inherent characteristic of the SDSL technology being deployed.

Because of the length of activation time, if the cable to the SDSL module is pulled during the activation process, it can take up to two minutes for the router to detect the pulled cable and drop out of the activation. If the DSLAM reissues its activation sequence before the SDSL module has dropped out, the SDSL module misses the activation sequence, and must wait for the DSLAM to issue its next activation sequence.


Copyright © 2000, Nx Networks. All rights reserved.