RE: Access-list for DLSW port numbers.

From: Michael Snyder (msnyder@revolutioncomputer.com)
Date: Mon Feb 16 2004 - 00:04:48 GMT-3

Thanks for the Email.

`The dlsw, rsrb, and stun keywords refer only to direct encapsulation.`

Any idea about FST?

Fast Sequenced Transport. Connectionless, sequenced transport protocol
that runs on top of the IP protocol. SRB traffic is encapsulated inside
of IP datagrams and is passed over an FST connection between two network
devices (such as routers). Speeds up data delivery, reduces overhead,
and improves the response time of SRB traffic.

I checked google and Groupstudy archives.

Can't find an fst protocol number nor a port.

I might have break out my sniffer. It might be tcp 2065 and they just
highjacked the frames for fst's use. I have no idea.

     0 HOPOPT IPv6 Hop-by-Hop Option [RFC1883]
     1 ICMP Internet Control Message [RFC792]
     2 IGMP Internet Group Management [RFC1112]
     3 GGP Gateway-to-Gateway [RFC823]
     4 IP IP in IP (encapsulation) [RFC2003]
     5 ST Stream [RFC1190,RFC1819]
     6 TCP Transmission Control [RFC793]
     7 CBT CBT [Ballardie]
     8 EGP Exterior Gateway Protocol [RFC888,DLM1]
     9 IGP any private interior gateway [IANA]
                       (used by Cisco for their IGRP)
    10 BBN-RCC-MON BBN RCC Monitoring [SGC]
    11 NVP-II Network Voice Protocol [RFC741,SC3]
    12 PUP PUP [PUP,XEROX]
    13 ARGUS ARGUS [RWS4]
    14 EMCON EMCON [BN7]
    15 XNET Cross Net Debugger [IEN158,JFH2]
    16 CHAOS Chaos [NC3]
    17 UDP User Datagram [RFC768,JBP]
    18 MUX Multiplexing [IEN90,JBP]
    19 DCN-MEAS DCN Measurement Subsystems [DLM1]
    20 HMP Host Monitoring [RFC869,RH6]
    21 PRM Packet Radio Measurement [ZSU]
    22 XNS-IDP XEROX NS IDP [ETHERNET,XEROX]
    23 TRUNK-1 Trunk-1 [BWB6]
    24 TRUNK-2 Trunk-2 [BWB6]
    25 LEAF-1 Leaf-1 [BWB6]
    26 LEAF-2 Leaf-2 [BWB6]
    27 RDP Reliable Data Protocol [RFC908,RH6]
    28 IRTP Internet Reliable Transaction [RFC938,TXM]
    29 ISO-TP4 ISO Transport Protocol Class 4 [RFC905,RC77]
    30 NETBLT Bulk Data Transfer Protocol [RFC969,DDC1]
    31 MFE-NSP MFE Network Services Protocol [MFENET,BCH2]
    32 MERIT-INP MERIT Internodal Protocol [HWB]
    33 SEP Sequential Exchange Protocol [JC120]
    34 3PC Third Party Connect Protocol [SAF3]
    35 IDPR Inter-Domain Policy Routing Protocol [MXS1]
    36 XTP XTP [GXC]
    37 DDP Datagram Delivery Protocol [WXC]
    38 IDPR-CMTP IDPR Control Message Transport Proto [MXS1]
    39 TP++ TP++ Transport Protocol [DXF]
    40 IL IL Transport Protocol [Presotto]
    41 IPv6 Ipv6 [Deering]
    42 SDRP Source Demand Routing Protocol [DXE1]
    43 IPv6-Route Routing Header for IPv6 [Deering]
    44 IPv6-Frag Fragment Header for IPv6 [Deering]
    45 IDRP Inter-Domain Routing Protocol [Sue Hares]
    46 RSVP Reservation Protocol [Bob Braden]
    47 GRE General Routing Encapsulation [Tony Li]
    48 MHRP Mobile Host Routing Protocol[David Johnson]
    49 BNA BNA [Gary Salamon]
    50 ESP Encap Security Payload for IPv6 [RFC2406]
    51 AH Authentication Header for IPv6 [RFC2402]
    52 I-NLSP Integrated Net Layer Security TUBA [GLENN]
    53 SWIPE IP with Encryption [JI6]
    54 NARP NBMA Address Resolution Protocol [RFC1735]
    55 MOBILE IP Mobility [Perkins]
    56 TLSP Transport Layer Security Protocol [Oberg]
                       using Kryptonet key management
    57 SKIP SKIP [Markson]
    58 IPv6-ICMP ICMP for IPv6 [RFC1883]
    59 IPv6-NoNxt No Next Header for IPv6 [RFC1883]
    60 IPv6-Opts Destination Options for IPv6 [RFC1883]
    61 any host internal protocol [IANA]
    62 CFTP CFTP [CFTP,HCF2]
    63 any local network [IANA]
    64 SAT-EXPAK SATNET and Backroom EXPAK [SHB]
    65 KRYPTOLAN Kryptolan [PXL1]
    66 RVD MIT Remote Virtual Disk Protocol [MBG]
    67 IPPC Internet Pluribus Packet Core [SHB]
    68 any distributed file system [IANA]
    69 SAT-MON SATNET Monitoring [SHB]
    70 VISA VISA Protocol [GXT1]
    71 IPCV Internet Packet Core Utility [SHB]
    72 CPNX Computer Protocol Network Executive [DXM2]
    73 CPHB Computer Protocol Heart Beat [DXM2]
    74 WSN Wang Span Network [VXD]
    75 PVP Packet Video Protocol [SC3]
    76 BR-SAT-MON Backroom SATNET Monitoring [SHB]
    77 SUN-ND SUN ND PROTOCOL-Temporary [WM3]
    78 WB-MON WIDEBAND Monitoring [SHB]
    79 WB-EXPAK WIDEBAND EXPAK [SHB]
    80 ISO-IP ISO Internet Protocol [MTR]
    81 VMTP VMTP [DRC3]
    82 SECURE-VMTP SECURE-VMTP [DRC3]
    83 VINES VINES [BXH]
    84 TTP TTP [JXS]
    85 NSFNET-IGP NSFNET-IGP [HWB]
    86 DGP Dissimilar Gateway Protocol [DGP,ML109]
    87 TCF TCF [GAL5]
    88 EIGRP EIGRP [CISCO,GXS]
    89 OSPFIGP OSPFIGP [RFC1583,JTM4]
    90 Sprite-RPC Sprite RPC Protocol [SPRITE,BXW]
    91 LARP Locus Address Resolution Protocol [BXH]
    92 MTP Multicast Transport Protocol [SXA]
    93 AX.25 AX.25 Frames [BK29]

    94 IPIP IP-within-IP Encapsulation Protocol [JI6]
    95 MICP Mobile Internetworking Control Pro. [JI6]
    96 SCC-SP Semaphore Communications Sec. Pro. [HXH]
    97 ETHERIP Ethernet-within-IP Encapsulation [RFC3378]
    98 ENCAP Encapsulation Header [RFC1241,RXB3]
    99 any private encryption scheme [IANA]
   100 GMTP GMTP [RXB5]
   101 IFMP Ipsilon Flow Management Protocol [Hinden]
   102 PNNI PNNI over IP [Callon]
   103 PIM Protocol Independent Multicast [Farinacci]
   104 ARIS ARIS [Feldman]
   105 SCPS SCPS [Durst]
   106 QNX QNX [Hunter]
   107 A/N Active Networks [Braden]
   108 IPComp IP Payload Compression Protocol [RFC2393]
   109 SNP Sitara Networks Protocol [Sridhar]
   110 Compaq-Peer Compaq Peer Protocol [Volpe]
   111 IPX-in-IP IPX in IP [Lee]
   112 VRRP Virtual Router Redundancy Protocol [Hinden]
   113 PGM PGM Reliable Transport Protocol [Speakman]
   114 any 0-hop protocol [IANA]
   115 L2TP Layer Two Tunneling Protocol [Aboba]
   116 DDX D-II Data Exchange (DDX) [Worley]
   117 IATP Interactive Agent Transfer Protocol [Murphy]
   118 STP Schedule Transfer Protocol [JMP]
   119 SRP SpectraLink Radio Protocol [Hamilton]
   120 UTI UTI [Lothberg]
   121 SMP Simple Message Protocol [Ekblad]
   122 SM SM [Crowcroft]
   123 PTP Performance Transparency Protocol [Welzl]
   124 ISIS over IPv4 [Przygienda]
   125 FIRE [Partridge]
   126 CRTP Combat Radio Transport Protocol [Sautter]
   127 CRUDP Combat Radio User Datagram [Sautter]
   128 SSCOPMCE [Waber]
   129 IPLT [Hollbach]
   130 SPS Secure Packet Shield [McIntosh]
   131 PIPE Private IP Encapsulation within IP [Petri]
   132 SCTP Stream Control Transmission Protocol [Stewart]
   133 FC Fibre Channel [Rajagopal]
   134 RSVP-E2E-IGNORE [RFC3175]
   135 Mobility Header
[RFC-ietf-mobileip-ipv6-24.txt]
   136-252 Unassigned [IANA]
   253 Use for experimentation and testing [RFC3692]
   254 Use for experimentation and testing [RFC3692]
   255 Reserved [IANA]

-----Original Message-----
From: asadovnikov [mailto:asadovnikov@comcast.net]
Sent: Sunday, February 15, 2004 8:03 PM
To: 'Scott Morris'; 'Michael Snyder'; ccielab@groupstudy.com
Subject: RE: Access-list for DLSW port numbers.

I think it refers to direct encapsulation, not to FST encapsulation (see
a
note at the very end of the example section under
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/
fqos
_r/qrfcmd6.htm#1036440).

Otherwise I agree with Scott, it is a common mistake and will do no good
for
TCP encapsulation.

Best regards,
Alexei

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Scott Morris
Sent: Sunday, February 15, 2004 11:11 AM
To: 'Michael Snyder'; ccielab@groupstudy.com
Subject: RE: Access-list for DLSW port numbers.

That's a common mistake... This use of "dlsw" as a protocol refers to
FST
encapsulation. Doesn't do anything for TCP encapsulation.

FST isn't really tied to UDP or TCP, it's kind of it's own little IP
sub-protocol.

The nomenclature could be a little more useful, and that would avoid
plenty
of confusion... But I guess that would also take all the fun out of it!
:)

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
CISSP,
JNCIS, et al. IPExpert CCIE Program Manager IPExpert Sr. Technical
Instructor swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Michael Snyder
Sent: Sunday, February 15, 2004 11:00 AM
To: ccielab@groupstudy.com
Cc: 'Scott Morris'
Subject: RE: Access-list for DLSW port numbers.

Hi Scott, thank you for your response.

What's up with this? The requirement was to use a priority-list for
dlsw
transit traffic between peers.

I did.

priority-list 1 protocol ip high tcp 2065

The solution shows

priority-list 1 protocol dlsw high

Ok, what port(s) does this command cover? I have a very hard time
believing
it is doing some level 4 check, which means just has to be doing some
ports.

TCP 2065, 1981-1983, what about fst? I'm guessing that fst is an udp
rtp
protocol. In fact I don't think I've ever seen a reference to fst being
a
protocol or udp port.

It bugs me because dlsw isn't a protocol like ipx or appletalk, it
shouldn't
be listed this way. It could be the local dlsw layer 2 stuff on the lan
interface, but that wouldn't apply to transit remote peer traffic.

Thanks in advance,

Michael

------------------------------------------------------------------------

R7(config)#priority-list 1 protocol ?
  aarp AppleTalk ARP
  apollo Apollo Domain
  appletalk AppleTalk
  arp IP ARP
  bridge Bridging
  bstun Block Serial Tunnel
  cdp Cisco Discovery Protocol
  clns ISO CLNS
  clns_es ISO CLNS End System
  clns_is ISO CLNS Intermediate System
  cmns ISO CMNS
  compressedtcp Compressed TCP
  decnet DECnet
  decnet_node DECnet Node
  decnet_router-l1 DECnet Router L1
  decnet_router-l2 DECnet Router L2
  dlsw Data Link Switching
  ip IP
  ipx Novell IPX
  llc2 llc2
  pad PAD links
  pppoe PPP over Ethernet
  qllc qllc protocol
  rsrb Remote Source-Route Bridging
  snapshot Snapshot routing support
  stun Serial Tunnel
  vines Banyan VINES
  xns Xerox Network Services

R7(config)#priority-list 1 protocol dlsw h R7(config)#priority-list 1
protocol dlsw ?
  high
  medium
  normal
  low

R7(config)#priority-list 1 protocol dlsw high

-----Original Message-----
From: Scott Morris [mailto:swm@emanon.com]
Sent: Sunday, February 15, 2004 8:53 AM
To: 'Michael Snyder'; ccielab@groupstudy.com
Subject: RE: Access-list for DLSW port numbers.

The ports 1981, 1982 and 1983 are ONLY involved when you are using the
"priority" feature. Otherwise, in a standard configuration, 2065 is the
only one used. You'll just have to figure out which direction your
connection is going! :)

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
CISSP,
JNCIS, et al. IPExpert CCIE Program Manager IPExpert Sr. Technical
Instructor swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Michael Snyder
Sent: Sunday, February 15, 2004 1:08 AM
To: ccielab@groupstudy.com
Subject: Access-list for DLSW port numbers.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_feature_
guide09186a0080080ed8.html

I'm trying to figure out which port numbers I need just for normal tcp
dlsw
traffic.

Is it safe to say that 2065 and 1982 is the only ones needed for normal
dlsw
configs?

priority
(Optional) Enables prioritization features for this remote peer. Valid
TCP
port numbers are the following: . High-2065 . Medium-1981 . Normal-1982
.
Low-1983

This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:50 GMT-3