RE: RFC2067

From: Scott Morris (swm@emanon.com)
Date: Thu Jul 21 2005 - 22:17:57 GMT-3

• Next message: Scott Morris: "RE: NET-RED every 60 seconds"
• Previous message: John Matus: "RE: termal server revese telnet config [bcc][faked-from]"
• Maybe in reply to: gladston@br.ibm.com: "RFC2067"
• Next in thread: gladston@br.ibm.com: "RE: RFC2067"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Or just be aware of Cisco's implementation.

From low IP to high IP peers:

Source tcp/11xxx to destination tcp/2065
Source udp/0 to destination udp/2067 will occur bidirectionally.

One of those days in DLSW-land! But the show commands you've looked at
(like show tcp brief) can certainly assist in building that ACL!

Scott
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chris Lewis (chrlewis)
Sent: Thursday, July 21, 2005 4:04 PM
To: gladston@br.ibm.com; ccielab@groupstudy.com
Subject: RE: RFC2067

Gladstone,

RFC2166 (I think it was a typo listing 2067) from which you took the quoted
text is an informational RFC. Quoting from the Status of RFC2166

"This memo provides information for the Internet community. This memo does
not specify an Internet standard of any kind."

For the Cisco implementation of DLSw to occur between two routers, two TCP
connections are necessary, port 2065 is the read port number and
2067 is the write port number.

To get full marks on the exam if you have to identify DLSw in an ACL, you
need to identify TCP 2067 too.

Chris

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
gladston@br.ibm.com
Sent: Thursday, July 21, 2005 12:45 PM
To: ccielab@groupstudy.com
Subject: RFC2067

RFC2067 says:

"DLSws implementing these enhancements will use a TCP destination port
   of 2067 (as opposed to RFC 1795 which uses 2065) for single session
   TCP connections."

Cisco uses tcp 2065 to connect to the peer:

Rack2R4#sh dls pee
Peers: state pkts_rx pkts_tx type drops ckts TCP
uptime
 TCP 148.5.2.1 CONNECT 274 266 prom 0 0 0
02:12:37
 TCP 148.5.1.1 CONNECT 284 292 prom 0 0 0
02:18:54
Total number of connected peers: 2
Total number of connections: 2

Rack2R4#sh tcp brief
TCB Local Address Foreign Address (state)
83258FC8 148.5.4.1.11031 148.5.2.1.2065 ESTAB
83257F3C 148.5.4.1.11027 148.5.1.1.2065 ESTAB

And logging messages shows there is udp port 2067 going on too:

*Mar 1 04:27:21: %SEC-6-IPACCESSLOGP: list Returning-traffic denied udp
148.5.1.1(0) (Serial0/0 ) -> 148.5.4.1(2067), 6 packets

So, it seems to be enough for Cisco DLSW operate fine:

     permit tcp any any eq 2065 (12 matches)
     permit udp any any eq 2067 (15)
     permit tcp any eq 2065 any log-input (568 matches)
     permit udp any eq 2067 any log-input (10)
    deny ip any any log-input

Would you agree?

If some day IOS strictly followns DLSW v2, tcp 2067 will be necessary.

• Next message: Scott Morris: "RE: NET-RED every 60 seconds"
• Previous message: John Matus: "RE: termal server revese telnet config [bcc][faked-from]"
• Maybe in reply to: gladston@br.ibm.com: "RFC2067"
• Next in thread: gladston@br.ibm.com: "RE: RFC2067"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:30 GMT-3