Bridging and IBM Networking Command Reference
Overview
Download this chapter
OverviewOverview
give_us_feedback

Table Of Contents

Bridging and IBM Overview

Transparent and Source-Route Bridging

Transparent Bridging

Transparent Bridging Features

Source-Route Transparent Bridging

Source-Route Transparent Bridging Features

Remote Source-Route Transparent Bridging and DLSw

Remote Source-Route Bridging

DLSw+

DLSw Standard

DLSw+ Features and Enhancements

Modes of Operation

Improved Scalability

Performance

Enhanced Availability

Serial Tunneling and Block Serial Tunneling

STUN Networks

Serial Tunneling

SDLC and LLC2 Parameters

Features That Use LLC Services

IBM Network Media Translation

SDLLC Media Translation Features

Virtual Token Ring Concept Implementation

Downstream Physical Unit and Native Service Point

SNA Frame Relay Access Support

RFC 1490 Multiprotocol Encapsulation for SNA Data

Frame Relay Access Support

Advanced Peer to Peer Networking

APPN Overview

SNA Terminology

Logical Unit (LU)

Physical Unit (PU)

Control Point (CP)

APPN Node Types

Low Entry Networking (LEN) Node

End Node (EN)

Network Node (NN)

APPN Concepts

APPN Connections

APPN Topology

The APPN Directory and APPN Searches

APPN Route Selection

APPN Intermediate Session Routing

Dependent Logical Unit Requestor/Server

IBM Channel Interface Processor

Common Link Access for Workstations (CLAW) Support

TCP Offload Support

CIP Systems Network Architecture Support

IBM Channel Attach Hardware Requirements

IBM Channel Attach Host Software Requirements


Bridging and IBM Overview

Module 6 of the Cisco IOS Documentation suite discusses the following software componenets:

Transparent and Source-Route Bridging

Remote Source-Route Transparent Bridging and DLSw

Serial Tunneling and Block Serial Tunneling

SDLC and LLC2 Parameters

IBM Network Media Translation

Downstream Physical Unit and Native Service Point

SNA Frame Relay Access Support

Advanced Peer to Peer Networking

IBM Channel Interface Processor

This overview chapter gives a high-level description of each technology. For configuration information, refer to the appropriate chapter in this module.

Transparent and Source-Route Bridging

Cisco IOS software supports transparent and source-route transparent bridging for Ethernet, Fiber Distributed Data Interface (FDDI), and serial media, and supports SRT bridging for Token Ring media. In addition, Cisco supports all of the mandatory Management Information Base (MIB) variables specified for transparent bridging in RFC 1286.

Caution   
Bridging between dissimilar media presents several problems that can prevent communication from occurring. These problems include bit order translation (or usage of MAC addresses as data), maximum transmission unit (MTU) differences, frame status differences, and multicast address usage. Some or all of these problems might be present in a multimedia bridged LAN. Because of differences in the way end nodes implement Token Ring, these problems are most prevalent when bridging between Token Ring and Ethernet or between Ethernet and FDDI LANs.

Problems currently occur with the following protocols when bridged between Token Ring and other media: Novell IPX, DECnet Phase IV, AppleTalk, Banyan VINES, XNS, and IP. Further, problems can occur with the Novell IPX and XNS protocols when bridged between FDDI and other media. We recommend that these protocols be routed whenever possible.

Transparent Bridging

Transparent bridging is....MARY GIVE US A ONE LINER HERE.

Cisco access servers and routers can be configured to serve as both multiprotocol routers and MAC-level bridges, bridging any traffic that cannot otherwise be routed. For example, a router/bridge routing the Internet Protocol (IP) can also bridge Digital's LAT protocol or NetBIOS traffic.

Remote bridging over synchronous serial lines is also supported between our routers and access servers. As with frames received on all other media types, the dynamic learning and any filtering is applied to frames received on serial lines.

Transit bridging of Ethernet frames across FDDI media is also supported. The term transit refers to the fact that the source or destination of the frame cannot be on the FDDI media itself. This allows FDDI to act as a highly efficient backbone for the interconnection of many bridged networks. The configuration of FDDI transit bridging is identical to the configuration of transparent bridging on all other media types.

Transparent Bridging Features

Cisco's transparent bridging software implementation has the following features:

Complies with the IEEE 802.1D standard.

Provides the ability to logically segment a transparently bridged network into virtual local-area networks (LANs).

Provides two spanning-tree protocols—an older bridge protocol data unit (BPDU) format that is compatible with Digital and other LAN bridges for backward compatibility and the IEEE standard bridge protocol data unit (BPDU) format. In addition to features standard with these spanning-tree protocols, Cisco's proprietary software provides for multiple domains for spanning trees. The spanning-tree parameters are configurable.

Allows configuration of filters to filter frames based on Media Access Control (MAC) address, protocol type, or the vendor code. Additionally, the bridging software can be configured to selectively filter Local Area Transport (LAT) multicast service announcements.

Provides deterministic load distribution while maintaining a loop-free spanning tree.

Provides the ability to bridge over Asynchronous Transfer Mode (ATM), FDDI, X.25, Frame Relay, Switched Multimegabit Data Service (SMDS), and Point-to-Point Protocol (PPP) networks.

Provides concurrent routing and bridging, the ability to bridge a given protocol on some interfaces in a router or access server and concurrently route that protocol on other interfaces in the same router or access server.

Provides fast-path transparent bridging for Frame Relay encapsulated serial and High Speed Serial Interface (HSSI) interfaces, according to the format specified in RFC 1490.

Provides fast-switched transparent bridging for the ATM interface on the Cisco 7000, according to the format specified in RFC 1483.

Provides transparent bridging over multiprotocol Link Access Procedure, Balanced (LAPB).

Provides for compression of LAT frames to reduce LAT traffic through the network.

Source-Route Transparent Bridging

Cisco routers and access servers also support transparent bridging on Token Ring interfaces that are capable of supporting SRT bridging. Source-route bridging enables our router/access server/bridge to simultaneously act as a Level 3 router and a Level 2 source-route bridge. Thus, protocols such as Novell's Internetwork Packet Exchange (IPX) or Xerox Network Systems (XNS) can be routed on Token Rings, while other protocols such as Systems Network Architecture (SNA) or NetBIOS are source-route bridged.

Note   Both transparent and SRT bridging are supported on all Token Ring interface cards that can be adjusted by the user for either 4- or 16-MB transmission speeds.

Source-route bridging technology is a combination of bridging and routing functions. A source-route bridge is allowed to make routing decisions based upon the contents of the Media Access Control (MAC) frame header. Keeping the routing function at the MAC, or Level 2, layer allows the higher-layer protocols to execute their tasks more efficiently and allows the local-area network (LAN) to be expanded without the knowledge of the higher-layer protocols.

As designed by IBM and the IEEE 802.5 committee, source-route bridges connect extended Token Ring LANs. A source-route bridge uses the routing information field (RIF) in the IEEE 802.5 MAC header of a datagram (see Figure 0-1) to determine which rings or Token Ring network segments the packet must transit. The source station inserts the RIF into the MAC header immediately following the source address field in every frame, giving this style of bridging its name. The destination station reverses the routing field to reach the originating station.

Figure 0-1 IEEE 802.5 Token Ring Frame Format

The information in a RIF is derived from explorer packets generated by the source node. These explorer packets traverse the entire source-route bridge network, gathering information on the possible paths the source node might use to send packets to the destination.

Unlike transparent spanning-tree bridging, which requires time to recompute topology in the event of failures, source-route bridging allows multiple, active paths through the network, which provides for more timely switches to alternate routes in the event of failure. Most importantly, source-route bridging places the burden of transmitting frames with the end stations by allowing them to determine the routes the frames take.

Source-Route Transparent Bridging Features

Cisco's source-route bridging software implementation has the following features:

Provides configurable fast-switching software for source-route bridging.

Provides for a local source-route bridge that connects two or more Token Ring networks.

Provides ring groups to configure a source-route bridge with more than two network interfaces. A ring group is a collection of Token Ring interfaces in one or more routers or access servers that are collectively treated as a virtual ring.

Provides two types of explorer packets to collect RIF information—an all-routes explorer packet, which follows all possible paths to a destination ring, and a spanning-tree explorer packet, which follows a statically configured limited route (spanning tree) when looking for paths.

Provides a dynamically determined RIF cache based on the protocol; also allows you to add entries manually to the RIF cache.

Provides for filtering by MAC address, link service access point (LSAP) header, and protocol type.

Provides for filtering of NetBIOS frames either by station name or by a packet byte offset.

Provides for translation into transparently bridged frames to allow source-route stations to communicate with nonsource-route stations (typically on Ethernet).

Provides support for the SRB Management Information Base (MIB) variables as described in the IETF draft "Bridge MIB" document, "Definition of Managed Objects for Bridges," by E. Decker, P. Langille, A. Rijsinghani, and K. McCloghrie, June 1991. Only the SRB component of the Bridge MIB is supported.

Provides support for the Token Ring MIB variables as described in RFC 1231, "IEEE 802.5 Token Ring MIB," by K. McCloghrie, R. Fox, and E. Decker, May 1991. Cisco implements the mandatory tables (Interface Table and Statistics Table) but not the optional table (Timer Table) of the Token Ring MIB. The Token Ring MIB has been implemented for the 4/16-Mb Token Ring cards that can be user adjusted for either 4- or 16-Mb transmission speeds (CSC-1R, CSC-2R, CSC-R16M, or CSC-C2CTR).

As with all other media types, all the features that use bridge-group commands can be used on Token Ring interfaces. As with other interface types, the bridge group can be configured to run either the IEEE or Digital spanning-tree protocols. When using the IEEE spanning-tree protocol, the bridge cooperates with other bridges complying to the draft SRT bridging specification and constructs a loop-free topology across the entire extended LAN.

You can run the Digital spanning-tree protocol over Token Ring as well. Use it when you have other non-IEEE bridges on other media and do not have any SRT bridges on Token Ring. Note that in this configuration, all of your Token Ring transparent bridges must be Cisco routers or access servers. This is because the Digital spanning-tree protocol has not been standardized on Token Ring.

As specified by the SRT bridging specification, only packets without a routing information field (RIF) (RII = 0 in the SA field) will be transparently bridged. Packets with a RIF (RII = 1) are passed to the source-route bridging module for handling. Note that an SRT-capable Token Ring interface can have both source-route bridging and transparent bridging enabled at the same time. However, when running SRT bridging, frames that did not have a RIF when they were produced by their generating host will never gain a RIF, and frames that did have a RIF when they were produced will never lose that RIF.

Note   Because bridges running only SRT bridging never add or remove RIFs from frames, they do not really integrate source-route bridging with transparent bridging. Rather, the two are kept separate but equal. A host that sits behind a source-route bridge that expects RIFs can never communicate to a device across a bridge that does not understand RIFs. SRT bridging cannot be used to tie in existing source-route bridges to a transparent bridged network. If you want to tie them in, you must use source-route translational bridging (SR/TLB) instead. SR/TLB is described in the chapter "Configuring Source-Route Bridging."

When bridging between Token Ring and other media, certain packet transformations must occur. In all cases, the MAC addresses are bit-swapped, because the bit ordering on Token Ring is different from that on other media. In addition, Token Ring supports one higher-layer packet format, logical link control (LLC), while Ethernet supports two (LLC and Ethernet). The transformation of LLC frames between media is quite simple; a length field is either created (when going to non-Token Ring) or removed (when going to Token Ring). When an Ethernet format frame must go to Token Ring, it is translated into a LLC-1 "SNAP" packet; the destination service access point (DSAP) value is AA, the source service access point (SSAP) value is AA, with the organizational unique identifier (OUI) value 0000F8. Likewise, when such a packet in LLC-1 format is going to be bridged onto Ethernet media, it is translated back into Ethernet format. You can determine the OUI type used when transporting Ethernet Type II frames over other media.

Remote Source-Route Transparent Bridging and DLSw

Cisco IOS software supports remote source-route transparent bridging for Ethernet, Fiber Distributed Data Interface (FDDI), and serial media, and supports SRT bridging for Token Ring media. Cisco IOS software also supports its own version of DLSw.

Cisco IOS software also supports, DLSw, an alternative to source-route bridging (SRB) which addresses the following limitations of SRB:

SRB hop-count limits (SRB limit is 7)

Broadcast traffic (from SRB explorer frames or NetBIOS name queries)

Unnecessary traffic (acknowledgments)

Data link control timeouts

Lack of flow control and prioritization

Because these limitations occur when SRB is extended across a wide-area network (WAN), DLSw is typically used to transport SNA and NetBIOS across a WAN.

Remote Source-Route Bridging

Cisco's remote source-route bridging software implementation includes the following features:

Provides for multiple router/access server/bridges separated by non-Token Ring segments. Three options are available:

Encapsulate the Token Ring traffic inside Internet Protocol (IP) datagrams passed over a Transmission Control Protocol (TCP) connection between two router/access server/bridges.

Use Fast Sequenced Transport (FST) to transport remote source-route bridging packets to their peers without TCP or User Datagram Protocol (UDP) header or processor overhead.

Use MAC-layer encapsulations over a single serial line, Ethernet, Token Ring, or FDDI ring connected between two routers or access servers attached to Token Ring networks.

Provides for configurable limits to the size of the TCP backup queue.

While source-route bridging involves bridging between Token Ring media only, RSRB involves multiple router/access server/bridges separated by non-Token Ring network segments. shows an RSRB topology. The virtual ring can extend across any non-Token Ring media supported by RSRB, such as serial, Ethernet, FDDI, and WANs. The type of media you select determines the way you set up RSRB.

Figure 0-2 Remote Source-Route Bridged Topology

Note   If you will bridge across Token Ring media, it is recommended that you do not use RSRB. Use SRB instead. Refer to the chapter "Configuring Source-Route Bridging."

DLSw+

DLSw+ is Cisco's implementation of DLSw, an SNA-over-IP routing standard that helps to integrate SNA and local-area network (LAN) internetworks by encapsulating nonroutable SNA and NetBIOS protocols within routable IP protocols. It is a means of transporting SNA and NetBIOS traffic over an Internet Protocol (IP) network.

DLSw Standard

The DLSw standard, documented in RFC 1795, defines the switch-to-switch protocol used between DLSw routers and access servers and defines a mechanism to terminate data link control connections locally and multiplex the traffic from the data link control connections onto a Transmission Control Protocol (TCP) connection. The standard always calls for the transport protocol to be TCP and always requires that data link control connections be locally terminated (the equivalent of our local acknowledgment option). The standard also requires that the SRB route information field (RIF) be terminated at the DLSw router or access server. The standard describes a means for prioritization and flow control and defines error recovery procedures that assure data link control connections are appropriately disabled if any part of their associated circuits breaks.

The DLSw standard does not specify when to establish TCP connections. The capabilities exchange allows compliance to the standard but at different levels of support. The standard does not specify how to cache learned information about MAC addresses, RIFs, or NetBIOS names. It also does not describe how to keep track of both capable or preferred DLSw partners for either backup or load-balancing purposes. It does not provide the specifics of media conversion, but leaves the details up to the implementation. It does not define how to map switch congestion to data link control flow control. Finally, the management information base (MIB) is documented under a separate RFC.

DLSw+ Features and Enhancements

DLSw+ includes the following features:

Full compliance with the DLSw standard RFC 1795.

A choice of transport options, including TCP, Fast-Sequenced Transport (FST), and direct encapsulation in High-Level Data Link Control (HDLC) or Frame Relay

Media conversion between local or remote LANs and Synchronous Data Link Control (SDLC) or Ethernet

Conversion between LAN/SDLC and Qualified Logical Link Control (QLLC) for PU 2.0 and PU 2.1 devices.

Scalability enhancements through peer groups

Scalability enhancements through explorer firewalls and location learning

Configuration reduction through on-demand peers

DLSw+ includes enhancements in the following areas:

Modes of operation—The ability to determine the capabilities of the participating router or access server and to operate according to those capabilities

Scalability—The ability to construct IBM internetworks in a way that reduces the amount of broadcast traffic and therefore enhances their scalability

Performance—The ability to offer higher-performance transport options when the line speeds and traffic conditions do not require local acknowledgment

Availability—The ability to rapidly recover from failures by caching multiple peers that can be used to reach a given destination

Modes of Operation

DLSw+ operates in three modes:

Backward compatibility mode—remote source-route bridging (RSRB) can be used in parallel with DLSw+ to communicate with older releases of Cisco Internetwork Operating System (Cisco IOS) running RSRB and SDLC-to-LLC2 conversion (SDLLC).

Standards compliance mode—DLSw+ can automatically detect (through the DLSw+ capabilities exchange) that the participating router is manufactured by another vendor. DLSw+ then operates in DLSw standard mode.

Enhanced mode—DLSw+ can automatically detect that the participating router is another DLSw+ router or access server. DLSw+ then operates in enhanced mode, providing the additional features of DLSw+ to the SNA and NetBIOS end systems.

Note   DLSw+ does not interoperate with pre-standard implementations such as RFC 1434.

Some enhanced DLSw+ features are also available when a Cisco router or access server is operating in standards compliance mode with another vendor's router. In particular, enhancements that are locally controlled options on a router can be accessed even though the remote router does not have DLSw+. These include location learning (the ability to determine if a destination is on a local LAN before sending "canureach" frames across a WAN), explorer firewalls, and media conversion.

Improved Scalability

One significant factor that limits the size of Token Ring internetworks is the amount of explorer traffic that traverses the WAN. DLSw+ includes the following features to reduce the number of explorers:

Peer groups—The large Token Ring internetworks that Cisco has helped to build over the last several years have all followed a similar structure. That structure is a hierarchical grouping of routers or access servers based upon the usual flow of broadcasts through the network. A cluster of routers or access servers in a region or a division of a company are combined into a peer group.

Border peers—Within a peer group, one or more routers or access servers are designated as border peers. When a DLSw+ router or access server receives a test frame or NetBIOS name query, it sends a single explorer frame to its border peer. The border peer takes complete responsibility for forwarding the explorer on behalf of the peer group member. This arrangement eliminates duplicate explorers on the access links and minimizes the processing required in access routers.

On-demand peers—On-demand peers greatly reduce the number of peers that must be configured. As shows, you can use on-demand peers to establish an end-to-end circuit even though the DLSw+ routers or access servers servicing the end systems have no specific configuration information about the peers. This configuration permits casual, any-to-any connection without the burden of configuring the connection in advance. It also allows any-to-any routing in large internetworks where persistent TCP connections would not otherwise be possible.

Explorer firewalls—An explorer firewall permits only a single explorer for a particular destination MAC address to be sent across the WAN. While an explorer is outstanding and awaiting a response from the destination, subsequent explorers for that MAC address are merely stored. Once the explorer response is received at the originating DLSw+, all explorers receive an immediate local response. This eliminates the start-of-day explorer storm that many networks experience.

Figure 0-3 Scalability with DLSw+

Performance

The transport connection between DLSw+ routers or access servers can vary according to the needs of the network and is not necessarily tied to TCP/IP as the DLSw standard is. We support three different transport protocols between DLSw+ devices:

TCP/IP for transport of SNA and NetBIOS traffic across WANs where bandwidth is limited and termination of data link control sessions is required. This transport option is required when DLSw+ is operating in DLSw+ standards compliance mode.

FST/IP for transport across WANs with an arbitrary topology with sufficient bandwidth to accommodate SNA and NetBIOS.

Direct encapsulation for transport across a point-to-point connection where the benefits of an arbitrary topology are not important.

Enhanced Availability

DLSw+ offers enhanced availability by maintaining a peer table of multiple paths to a given MAC address or NetBIOS name (where a path is either a remote peer or a local port). The Cisco IOS software maintains a preferred path and one or more capable paths to each destination. The preferred peer is either the peer that responds first to an explorer frame or the peer with the least cost. The preferred port is always the port over which the first positive response to an explorer was received. If the preferred peer to a given destination is unavailable, the next available capable peer is promoted to the new preferred peer. No additional broadcasts are required, and recovery through an alternate peer is immediate.

Maintaining multiple paths per destination is especially attractive in SNA networks. A common technique used in the hierarchical SNA environment is assigning the same MAC address to different Token Ring interface couplers (TICs) on the IBM front-end processors (FEPs). DLSw+ ensures that duplicate TIC addresses are found, and if multiple DLSw+ peers can be used to reach the FEPs, they are all cached.

The way that multiple capable peers are handled with DLSw+ can be biased to meet either of the following network needs:

Fault tolerance—To rapidly reconnect if a data-link connection is lost. Whenever a new circuit is established between a pair of end systems and the end-to-end path for the circuit is already known (that is, it is cached), the originating DLSw+ router or access server sends a circuit-establishment message directly to the preferred partner. If the preferred partner is no longer available, a circuit-establishment message is sent to the next capable router in the cache. Maintaining multiple cache entries facilitates a timely reconnection after session outages.

Load balancing—To distribute the network traffic over multiple DLSw+ peers in the network. The Cisco IOS software can be configured to perform load balancing, in which case circuits are established in round-robin fashion using the list of capable routers or access servers. When used for load balancing, this technique improves overall SNA performance.

shows a peer table of preferred (Pref) and capable (Cap) routes.

Figure 0-4 Enhanced Availability and Performance

Serial Tunneling and Block Serial Tunneling

The Cisco IOS software supports serial tunneling (STUN) and block serial tunneling (BSTUN). Our block serial tunnel (BSTUN) implementation enhances Cisco 2500 series, Cisco 4000 series, and Cisco 4500 series routers to support devices that use the Binary Synchronous Communication (BSC) data link protocol.

STUN Networks

STUN operates in two modes: passthrough and local acknowledgment. Figure 0-5 shows the difference between passthrough mode and local acknowledgment mode.

The upper half of shows STUN configured in passthrough mode. In passthrough mode, the routers act as a wire and the SDLC session remains between the end stations. In this mode, STUN provides a straight pass-through of all SDLC traffic, including control frames.

The lower half of shows STUN configured in local acknowledgment mode. In local acknowledgment mode, the routers terminate the SDLC sessions and send only data across the WAN. Control frames no longer travel the WAN backbone networks.

Figure 0-5 Comparison of STUN in Passthrough Mode and Local Acknowledg

ment Mode

Note   To enable STUN local acknowledgment, you first enable the Cisco IOS software for STUN and configure then to appear on the network as primary or secondary SDLC nodes. TCP/IP encapsulation must be enabled. Our STUN local acknowledgment feature also provides priority queuing for TCP-encapsulated frames.

Serial Tunneling

Our STUN implementation provides the following features:

Encapsulates SDLC frames in either the Transmission Control Protocol/Internet Protocol (TCP/IP) or the HDLC protocol.

Allows two devices using SDLC- or HDLC-compliant protocols that are normally connected by a direct serial link to be connected through one or more Cisco routers or access servers, reducing leased-line costs.

When you replace direct serial links with routers or access servers, serial frames can be propagated over arbitrary media and topologies to another router or access server with a STUN link to an appropriate end point. The intervening network is not restricted to STUN traffic, but rather, is multiprotocol. For example, instead of running parallel backbones for DECnet and SNA/SDLC traffic, this traffic now can be integrated into an enterprise backbone network.

Supports local acknowledgment for direct Frame Relay connectivity between routers or access servers, without TCP/IP required.

Allows networks with IBM mainframes and communications controllers to share data using Cisco routers or access servers and existing network links. As an SDLC function, STUN fully supports the IBM Systems Network Architecture (SNA), and allows IBM SDLC frames to be transmitted across the network media and and/or shared serial links. Figure 0-6 illustrates a typical network configuration with and without STUN.

Encapsulates SDLC frame traffic packets and routes them over any of the supported network media—serial, Fiber Distributed Data Interface (FDDI), Ethernet, and Token Ring, X.25, Switched Multimegabit Data Service (SMDS), and T1/T3—using TCP/IP encapsulation. Because TCP/IP encapsulation is used, you can use any of the Cisco routing protocols to route the packets.

Copies frames to destinations based on address. STUN in passthrough mode does not modify the frames in any way or participate in SDLC windowing or retransmission; these functions are left to the communicating hosts. However, STUN in local acknowledgment mode does participate in SDLC windowing and retransmission through local termination of the SDLC session.

Ensures reliable data transmission across serial media having minimal or predictable time delays. With the advent of STUN and wide-area network (WAN) backbones, serial links now can be separated by wide, geographic distances spanning countries and continents. As a result, these serial links have time delays that are longer than SDLC allows for bidirectional communication between hosts. The STUN local acknowledgment feature addresses the problems of unpredictable time delays, multiple retransmissions, or loss of sessions.

Allows for configuration of redundant links to provide transport paths in the event part of the network goes down.

Figure 0-6 IBM Network Configuration with and without STUN

SDLC and LLC2 Parameters

The Logical Link Control, type 2 (LLC2) and Synchronous Data Link Control (SDLC) protocols provide data link-level support for higher-level network protocols and features such as SDLLC and remote source-route bridging (RSRB) with local acknowledgment. The features that are affected by LLC2 parameter settings are listed in the next section, "Cisco's Implementation of LLC2." The features that require SDLC configuration and use SDLC parameters are listed in the section "Cisco's Implementation of SDLC" later in this chapter.

LLC2 and SDLC package data in frames. LLC2 and SDLC stations require acknowledgments from receiving stations after a set amount of frames have been sent before sending further data. The tasks described in this chapter modify default settings regarding the control field of the data frames. By modifying the control field parameters, you can determine the amount of acknowledgments sent for frames received and the level of polling used to determine available stations. In this manner, you can set the amount of resources used for frame checking and optimize the network load.

SDLC is used as the primary Systems Network Architecture (SNA) link-layer protocol for wide-area network (WAN) links. SDLC defines two types of network nodes: primary and secondary. Primary nodes poll secondary nodes in a predetermined order. Secondaries then transmit if they have outgoing data. When configured as primary and secondary nodes, our devices are established as SDLC stations.

You do not need to configure LLC2 because it is already enabled on Token Ring interfaces. You can change the default settings of LLC2 parameters as needed. To support SDLC, you need to configure the Cisco IOS software to act as a primary or secondary SDLC station. You also can change default settings on any of the SDLC parameters listed. Configuration examples for both LLC2 and SDLC are given at the end of the chapter.

Features That Use LLC Services

The following features use LLC services:

Local acknowledgment for RSRB

This feature is used in our implementation of RSRB as described in the chapter "Configuring Source-Route Bridging."

Because local-area networks (LANs) are now connected through RSRB and wide-area network (WAN) backbones, the delays that occur are longer than LLC2 allows for bidirectional communication between hosts. Our local acknowledgment feature addresses the problem of delays, retransmissions, and loss of user sessions.

IBM LAN Network Manager (LNM) support

Routers or access servers using 4- or 16-Mbps Token Ring interfaces configured for SRB support LNM and provide all IBM Bridge Program functions. With LNM, a router or access server appears as an IBM source-route bridge, and can manage or monitor any connected Token Ring interface.

LNM support is described in the chapter "Configuring Source-Route Bridging."

SDLLC media translation

The SDLLC feature provides media translation between the serial lines running SDLC and Token Rings running LLC2. SDLLC consolidates the IBM SNA networks running SDLC into a LAN-based, multiprotocol, multimedia backbone network.

SDLLC is described in the chapter "Configuring SDLLC."

ISO Connection-Mode Network Services (CMNS)

Our CMNS implementation runs X.25 packets over LLC2 so that X.25 can be extended to Ethernet, FDDI, and Token Ring media.

IBM Network Media Translation

The Cisco IOS software includes the following media translation features which enable network communications across heterogeneous media:

SDLLC media translation enables a device on a Token Ring to communicate with a device on a serial link.

QLLC conversion enables an IBM device to communicate with an X.25 network without having to install the X.25 software on local IBM equipment.

SDLLC is a Cisco Systems proprietary software feature that enables a device on a Token Ring to communicate with a device on a serial link by translating between Logical Link Control, Type 2 (LLC2) and Synchronous Data Link Control (SDLC) at the link layer.

Systems Network Architecture (SNA) uses SDLC and LLC2 as link-layer protocols to provide a reliable connection. The translation function between these industry-standard protocols takes place in the proprietary Cisco software.

illustrates how SDLLC provides data link layer support SNA communication.

Figure 0-7 SNA Data Link Layer Support

SDLLC Media Translation Features

The SDLLC software allows a physical unit (PU) 4, PU 2.1, or PU 2 to communicate with a PU 2 SDLC device as follows:

SDLLC with direct connection—A 37x5 FEP on a Token Ring and the 3x74 cluster controller connected to a serial line are each connected to an interface on the same router or access server configured with SDLLC.

SDLLC with Remote Source-Route Bridging (RSRB)—A 37x5 FEP on a Token Ring and a 3x74 cluster controller connected to a serial line are connected to different routers or access servers. Only the device to which the 3x74 is connected is configured with SDLLC. The routers or access servers communicate via RSRB using direct encapsulation, RSRB over a Fast Sequenced Transport (FST) connection, or RSRB over a TCP connection.

SDLLC with RSRB and local acknowledgment—A 37x5 front-end processor (FEP) on a Token Ring and a 3x74 cluster controller connected to a serial line are connected to different routers or access servers. Only the device to which the 3x74 is connected is configured with SDLLC. The routers or access servers communicate via RSRB over a TCP connection that has local acknowledgment enabled.

In all of these topologies, each IBM end node (the FEP and cluster controller) has no indication that its counterpart is connected to a different medium running a different protocol. The 37x5 FEP responds as if the 3x74 cluster controller were communicating over a Token Ring, whereas the 3x74 responds as though the 37x5 FEP were communicating over a serial line. That is, the SDLLC software provides translation between the two media to be transparent to the end nodes.

Virtual Token Ring Concept Implementation

Central to Cisco's SDLLC feature is the concept of a virtual Token Ring device residing on a virtual Token Ring. Because the Token Ring device expects the node with which it is communicating also to be on a Token Ring, each SDLLC device on a serial line must be assigned an SDLLC virtual token ring address (SDLLC VTRA). Like real Token Ring addresses, SDLLC VTRAs must be unique across the network.

In addition to the SDLLC VTRA, an SDLLC virtual ring number (SDLLC VRN) also must be assigned to each SDLLC device on a serial line. (The SDLLC VRN differs from the virtual ring group numbers that are used to configure RSRB and multiport bridging.)

As part of its Virtual Telecommunications Access Method (VTAM) configuration, the IBM node on the Token Ring has knowledge of the SDLLC VTRA of the serial device with which it communicates. The SDLC VTRA and the SDLLC VRN are a part of the SDLLC configuration for the router's or access server's serial interface. When the Token Ring host sends out explorer packets with the SDLLC VTRA as the destination address in the Media Access Control (MAC) headers, the router or access server configured with that SDLLC VTRA intercepts the frame, fills in the SDLLC VRNA and the bridge number in the routing information field (RIF), and then sends the response back to the Token Ring host. A route is then established between the Token Ring host and the router or access server. After the Cisco IOS software performs the appropriate frame conversion, it uses this route to forward frames to this serial device.

Downstream Physical Unit and Native Service Point

DSPU is a software feature that enables the router or access server to function as a physical unit (PU) concentrator for SNA PU type 2 nodes. PU concentration at the device simplifies the task of PU definition at the upstream host while providing additional flexibility and mobility for downstream PU devices.

The DSPU feature allows you to define downstream PU type 2 devices in the Cisco IOS software. DSPU reduces the complexity of host configuration by letting you replace multiple PU definitions that represent each downstream device with one PU definition that represents the router or access server.

Because you define the downstream PUs at the router or access server rather than the host, you isolate the host from changes in the downstream network topology. Therefore you can insert and remove downstream PUs from the network without making any changes on the host.

The concentration of downstream PUs at the router or access server also reduces network traffic on the wide-area network (WAN) by limiting the number of sessions that must be established and maintained with the host. The termination of downstream sessions at the router or access server ensures that idle session traffic does not appear on the WAN.

Our SNA Service Point support in the Cisco IOS software assumes that NetView or an equivalent product is available at the SNA host. The user interacts with the network management feature in both the Router and at the SNA host. In the Cisco IOS software you can configure the host connection, and show the status of this connection. At the SNA host you can use the Netview operator's console to view Alerts, and to send and receive Cisco syntax commands to the Cisco device.

shows a router functioning as a DSPU concentrator.

Figure 0-8 Router Acting as a DSPU Concentrator

Typically, a router or access server establishes one or more upstream connections with one or more hosts and many downstream connections with PU type 2 devices. From an SNA perspective, the router or access server appears as a PU type 2 device to the upstream host and assumes the role of a system services control point (SSCP) appearing as a PU type 5 device to its downstream PUs.

The SSCP sessions established between the router or access server and its upstream host are completely independent of the SSCP sessions established between the router or access server and its downstream PUs. SNA traffic is routed at a logical unit (LU) level using a routing algorithm that maps downstream LUs onto upstream LUs.

illustrates the SNA perspective of DSPU.

Figure 0-9 SNA Perspective of DSPU

SNA Frame Relay Access Support

Because Frame Relay offers cost-effective means of transporting multiple protocols on a wide-area network (WAN), IBM now supports Frame Relay multiprotocol encapsulation functions on a wide range of IBM devices.

Management Service Point Support in FRAS allows the de facto SNA Network Management application NetView to manage Cisco routers and access server over the Frame Relay network as if it were an SNA downstream PU.

FRAS provides Dial Backup over RSRB in case the Frame Relay network is down. While the backup public switched telephone network (PSTN) is being used, the Frame Relay connection is tried periodically. As soon as the Frame Relay network is up, it will be used at once.

The multiprotocol encapsulation specification is described in RFC 1490 and FRF.3 Agreement from the Frame Relay Forum (FRF).

RFC 1490 Multiprotocol Encapsulation for SNA Data

RFC 1490 specifies a standard method of encapsulating multiprotocol traffic with data link (Level 2 of the OSI model) framing.The encapsulation for SNA data is specified in the FRF.3 Agreement.

The Frame Relay encapsulation method is based on the RFC 1490 frame format for "user-defined" protocols using Q.933 NLPID, as illustrated in .

Figure 0-10 Frame Relay Encapsulation Based on RFC 1490

Note   The protocol ID for SNA subarea FID4 is 0x81. The protocol ID for SNA subarea FID2 is 0x82. The protocol ID for APPN FID2 is 0x83.

Frame Relay Access Support

Our Frame Relay Access support consists of a router or access server acting as a Frame Relay Access Device (FRAD) for Synchronous Data Link Control (SDLC), Token Ring, and Ethernet attached devices over a Frame Relay Boundary Network Node (BNN) link. Frame Relay access support allows the router or access server acting as a FRAD to take advantage of the SNA BNN support for Frame Relay provided by ACF/NCP 7.1 and OS/400 V2R3. Downstream PU 2.0 and PU 2.1 devices can be attached to the router or access server through SDLC, Token Ring or Ethernet links. The router or access server acting as a FRAD is connected to the NCP or AS/400 through a public or private Frame Relay network, as illustrated in .

Figure 0-11 SNA BNN Support for Frame Relay

The frame format used to communicate across the Frame Relay BNN link is defined in RFC 1490 for routed SNA traffic. From the perspective of the SNA host (for example an NCP or AS/400), the Frame Relay connection is defined as a switched resource similar to a Token Ring BNN link.

The Cisco IOS software is responsible for terminating the local data link control (DLC) frames (such as SDLC and Token Ring frames) and for modifying the DLCs to 802.2 compliant LLC frames. The LLC logical link is used to provide a reliable connection-oriented link layer transport required by SNA. (For example, 802.2 LLC is used to provide link layer acknowledgment, sequencing and flow control.)

The Cisco IOS software encapsulates these 802.2 LLC frames according to the RFC 1490 format for SNA traffic. The frames are then forwarded to the SNA host on a Frame Relay permanent virtual circuit (PVC). In the reverse direction, the software is responsible for de-encapsulating the data from the Frame Relay PVC, and for generating and transmitting the appropriate local DLC frames to the downstream devices.

Advanced Peer to Peer Networking

APPN is the second generation of SNA. APPN provides support for client/server applications and offers more dynamics than traditional hierarchical SNA, such as dynamic directory and routing services.

Cisco's APPN implementation includes the following features:

Supports a wide variety of media: Token Ring, Ethernet, FDDI, Frame Relay, QLLC over X.25, and SDLC. APPN also enables interoperability with local and remote source route bridging via APPN ports which can connect directly to source route bridge ring groups.

Enables existing APPN products, such as IBM's Communications Manager/2 (CM/2), Application System/400 (AS/400), System/36 (S/36), and Advanced Communication Facility/Virtual Telecommunications Access Method (ACF/VTAM), to connect as network nodes (NNs) or end nodes (ENs) over a network of Cisco routers or access servers.

Implements APPN across the channel. Cisco routers and access servers with Channel Interface Processors (CIPs) can replace front-end processors (FEPs) and other channel-attached controllers, enabling ACF/VTAM definition either as an EN or NN that uses the Cisco network for session routing. Both APPN and the CIP offer the ability to communicate through the source route bridging mechanism in the Cisco router or access server.

Implements the Dependent Logical Unit Requester (DLUR) feature. Enables Dependent Logical Units (DLUs) that support only legacy applications (such as those using 3270 data streams) to traverse the APPN network to access those applications.

Allows prioritization of traffic and bandwidth based on user selected criteria.

Supports SNMP management via APPN MIB (RFC 1593), an informational RCF provided by IBM.

APPN Overview

This section describes some of the components of an APPN network, and reviews some basic SNA terminology. The section identifies and compares node types and compares APPN with subarea SNA.

SNA Terminology

The basic component of an SNA network, subarea or APPN, is the network accessible unit (NAU). A NAU is assigned an 8 character name and an 8 character network identifier which are used to uniquely identify the unit. Examples of NAUs are Logical Units, Physical Units, Control Points and System Services Control Points.

Logical Unit (LU)

An LU is an interface that enables end users to gain access to network resources and communicate with each other. Examples of LUs are printers, terminals, and applications. LUs communicate with each other via LU-LU sessions. The LU-LU session is the basis of meaningful communication in SNA; all end user data traffic communicates through this session type.

A Dependent LU (DLU) requires the services of a VTAM host acting as System Services Control Point (SSCP) to participate in an SNA network. The SSCP must establish connections with each dependent LU before it is able to participate in the network. Dependent LUs, such as 3270 terminals, are only capable of maintaining a single LU-LU session at any one time.

An Independent LU (ILU) does not require the services of an SSCP to participate in an SNA network. In addition, an ILU can establish sessions to more than one partner in the network, and can have multiple parallel sessions with the same partner LU. Applications implementing Advanced Program to Program Communications (APPC) are examples of independent LUs.

Physical Unit (PU)

SNA defines a PU as the representation of the physical device. It is the component that manages and monitors the resources (such as attached links and adjacent link stations) associated with an SNA node.

Physical Unit Type 2 (PU2), the legacy physical unit, can only support dependent LUs and requires the services from a VTAM host to perform network functions.

Physical Unit Type 2.1 (PU2.1), also known as a type 2.1 node, offers peer node capabilities in an SNA environment. A PU2.1 can support both dependent and independent LUs. In addition, a PU2.1 can support a control point, which is central to APPN networking.

APPN extends the PU T2.1 architecture to provide dynamic discovery and definition of resources and routing capabilities for larger, complex networks.

Control Point (CP)

A CP identifies the networking components of a PU Type 2.1 node. In APPN, CPs are able to communicate with logically adjacent CPs by way of CP-CP sessions. Almost all APPN functions, including searches for network resources and discovery of network topology, use CP-CP sessions as the means of communication between nodes.

APPN Node Types

In an APPN network, different node types are used to distinguish different levels of networking capabilities. This section describes APPN node types.

Low Entry Networking (LEN) Node

A LEN node, sometimes called a LEN end node, is a PU 2.1 without APPN enhancements. The following are some of the characteristics of a LEN node:

The CP does not communicate with other nodes. A LEN node does not support CP-CP sessions.

Participates in the APPN network by using the services provided by an adjacent Network Node (NN)

Destination LUs in an attached APPN network must be defined to the LEN node, and destination LUs on the LEN must be defined on the attached Network Node.

A LEN node predates APPN but is able to interoperate with an APPN network. Because there is no CP-CP session between a LEN node and its network node, resources at the LEN node must be defined at the NN, reducing dynamic resource discovery capabilities.

End Node (EN)

An EN is a PU2.1 that includes the APPN support necessary to gain full access to an APPN network. However, an EN is not capable of performing in an intermediate role when routing APPN sessions. The following are the characteristics of an EN:

An EN contains a Control Point to manage its resources.

An EN uses the services of an adjacent NN to access the network.

An EN provides partial network services.

An EN may connect to Multiple NNs.

An EN is always a session end point.

Because an EN lacks full APPN routing capability, it might be thought of as an application host or point of user access. The EN establishes CP-CP sessions with its NN server, so topology and directory information can be exchanged dynamically, eliminating the need to define resources on the NN. The EN may connect to multiple network nodes and LU-LU sessions may be established through any of the connected network nodes, although only one network node may be its network node server at any one time.

Network Node (NN)

An NN implements the APPN extensions to the PU2.1 architecture that allow it to provide intermediate routing services to LEN nodes and ENs.

An NN contains a Control Point to manage:

Its own resources

The ENs in its domain

The LEN nodes in its domain

An NN provides the following network services:

Connectivity

Location of resources in the network

Route selection

Intermediate session routing

Data transport

Network management

An NN may be a session end point or an intermediate system.

A Network Node Server is a network node providing resource location and route selection services for the LEN nodes, ENs and LUs it serves. The nodes served (ENs or LEN nodes) are defined as being in the network node server's domain.

APPN Concepts

This section describes the basic concepts of APPN and how they interact to provide APPN networking functions.

APPN Connections

The Configuration Services (CS) component of an APPN node manages local interfaces and connections to the APPN network. CS controls the ports and link stations on the node. A port defines a connection to a transport media accessible to APPN, while a link station identifies the addressing information and characteristics of a connection with another node.

An APPN Network: Connection Phase

When two APPN nodes connect, the following activities occur:

An APPN port is activated, allowing the node access to a interface and its corresponding transport media.

A link station is activated, initiating a connection oriented link with the partner node.

If the CP is APPN capable, and there is no CP-CP session already between these two nodes over a different link, a pair of CP-CP sessions may be established between adjacent CPs. EN-NN and NN-NN CP-CP sessions can be established. Although EN-EN APPN connections can be defined, an EN will not establish CP-CP sessions wither another EN. LEN nodes are not capable of establishing CP-CP sessions.

The entire connection phase may be configured to occur automatically, or may be triggered manually via EXEC commands.

A link is defined as both the link stations within the 2 nodes it connects and the link connection between the nodes. A link station is the hardware or software within a node that enables the node to attach to, and provide control over, a link connection. A link connection is the physical medium over which data is transmitted. A transmission group, in legacy SNA, may consist of one or more links between 2 nodes. However, in the APPN architecture, transmission groups are limited to a single link. It is therefore common in APPN to use the terms link and transmission groups interchangeably.

Details of Link Activation

The connection phase in APPN begins with link activation which allows initial establishment of communication between nodes. It is dependent of the data link control (DLC) chosen and may not be required for some DLC types. For switched connections, one may think of "dial" and "answer" procedures. In an X.25 network this would be the establishment of a virtual circuit. Once the connect phase has completed, the 2 nodes are able to exchange and establish node characteristics via XID exchanges.

The exchange of XIDs allows a node to determine if the adjacent station is active and to verify the identity of the adjacent node. Node identification fields, including the CP name, will be exchanged. This information exchange allows, for example, a node to correlate an incoming connection with a link station definition on the node.

During XID3 exchange, it is determined which link station shall become primary and which is secondary on the link. The 2 link stations compare the XID3 values for node identifier (block number plus ID number). If the link-stations are defined to negotiable, then the higher node ID becomes primary. If the nodes have the same node ID, each generates a random number and the node with the higher random number becomes primary. The result of the primary-secondary role negotiation determines which node will send the mode-setting command—Set Normal Response Mode (SNRM) for SDLC, Set Asynchronous Balanced mode (SABM) for X.25, and so on.

After the link activation XID exchange has completed successfully, CS creates a new path control instance and instructs the Address Space Manager (ASM) to activate a new address space. Then CS notifies Topology and Routing Services (TRS) that a TG has become active so the APPN topology can be updated. Finally, if a CP-CP session is to be activated, CS notifies SS, who then activates the CP-CP session.

CP - CP Session Activation

After the link is established, the nodes will determine if CP-CP sessions should be established. Between network nodes, CP-CP sessions are normally activated on the first link to become active between the nodes. An EN is responsible for determining which of the network nodes to which it is attached will be used for a CP-CP session. It indicates its choice for network node server by sending BIND to the CP on the adjacent NN. The NN then indicates its acceptance by sending BIND for a second LU6.2 session, completing the CP-CP session pair. Each node uses one session to send CP-CP communication data, while the other is reserved for receiving data from the partner node.

CPSVCMG is the Class of Service (COS) used for CP-CP sessions. It indicates a transmission priority of network, the highest of the 4 transmission priorities in APPN.

When the CP-CP session is established, the CPs exchange capabilities, and in the case of EN to NN CP-CP sessions, registration of the local LUs is performed.

APPN Topology

APPN maintains a structure which represents a map of the APPN network as known to this node. Topology and Routing Service (TRS) is the APPN component responsible for maintaining the topology, which is often called the topology database.

There are two types of information in a topology database, local topology and network topology.

Local topology, found in both end nodes and network nodes, describes the local links attached to this node, and the partner control points to which they connect.

Network topology, found only in network nodes, describes all the network nodes in the network and the links that interconnect them.

An EN uses the information in its local topology database to send local TG information to the network node server on APPN search requests and replies. The TG information is passed to the NN server when a route is requested, so the NN will be able to select the best TG from the EN to one of its adjacent NNs. In a NN, the local topology database includes information about the attached end nodes and TGs.

shows the local topology as it is known to EN A, NN2, and EN B.

Figure 0-12 APPN Local Topology

Network topology contains information on all network nodes in the APPN network as well as the TGs interconnecting them. Every NN maintains a fully replicated copy of the network topology database. illustrates an APPN network topology.

Figure 0-13 Network Topology

The network topology database is built from information about the local NN and its TGs to other NNs, and from Topology Database Updates (TDUs) received from adjacent NNs. TDUs are exchanged whenever NNs establish CP-CP sessions with each other. As updates occur in NNs or TGs between NNs, the owning NN sends a TDU to its adjacent NNs, which in turn propagates the TDU to its adjacent NNs until the network topology database is again replicated.

For each NN, certain properties are specified in the TDB. Each node and TG in a network topology database is assigned a unique resource sequence number (RSN). These are incremented to the next even value whenever the owning network node creates a Topology Database Update (TDU) for that resource. TG database entries include an indicator of whether CP-CP sessions are supported, TG weight, TG status (operative or inoperative), the TG number, partner node information and TG characteristics, such as cost per byte, cost per connect time, security level, etc.

TDUs provide updated information to NNs about the node itself and information about all locally owned TGs to other network nodes. TDUs can be triggered by changes in node or TG characteristics.

TRS broadcasts TDUs containing local node information every five days, to prevent other network nodes from discarding valid information, which occurs after 15 days with no update. This 15-day cleanup of the database is called garbage collection.

In , NN3 adds itself to the network. NN3 forwards information about itself to NN1. NN1 forwards the information to NN2 and NN4. NN2 and NN4 then forward a second TDU to each other. Since it will have the same RSN and information, those TDUs will be discarded.

Figure 0-14 Topology Database Update: Adding a Node

In , TG6 is activated between NN4 and NN3. TDUs are exchanged between the 2 nodes, so each can build a new topology database. New information is propagated to adjacent nodes once NN4 and NN3 have updated topology databases.

Figure 0-15 Topology Database Update: Adding a Transmission Group

TG6 could be active, but with no CP-CP session established. The TG will still be included in the network topology and forwarded, so that path can be used for sessions.

The APPN Directory and APPN Searches

Directory Services(DS) is the APPN component responsible for management of the directory database and searching for network resources throughout the APPN network. The Directory Database should not be confused with the Topology Database. The Directory Database maintains information about resource names and their owners, while the topology database maintains a network map of NNs and TGs. Directory Services is invoked to locate a session partner, and Topology Services is invoked to compute an optimal route to the session partner once it has been located.

Each APPN network resource must, at a minimum, be defined on the node where the resource exists. Once the resource is defined it can be found through network searches. Optionally, the resource location may be defined in other nodes to optimize Directory Services search logic.

Registered directory entries are created dynamically in the local directory of the NN. These represent local LUs of an adjacent EN, for which the NN is providing network node server function.

Cached directory entries are added dynamically, based on the results of previous searches. A cache entry allows the node to attempt a directed search straight to the destination resource. If a cache entry does not exist, or the entry is incorrect, a broadcast search will be issued to query each NN in the network for the destination resource. Each cache entry is verified before use to make sure the resource is still available. If the resource is not found, a broadcast search is attempted.

Some implementations, including Cisco's, support safe store of the directory cache. The cache entries in a network node's directory database are periodically written to a permanent storage medium, permitting faster access (after a network node failure or initial power-on) by eliminating network broadcast searches for safe-stored resources.

APPN Route Selection

Each APPN session is assigned a route on which the data path for this session will travel. APPN Topology and Routing Services is responsible for the computation of a route for an LU-LU session. A route is an ordered sequence of nodes and TGs that represents a path from an origin node to a destination node. TRS uses the topology database and its Class of Service (COS) definitions to obtain the necessary information necessary to perform a route computation.

While multiple routes may be available between an origin and a destination, the best route is selected (see ). Selection is made through use of the COS to identify the least-cost path that provides the desired level of service.

When a session is requested, Directory Services is responsible for locating the target resource, and TRS is responsible for selecting a route.

Figure 0-16 An APPN Network: Selecting the Best Path

When the origin LU requests a session, it specifies or defaults a mode to use for the session. Among other things, the mode is used to assign a COS to this session request. Acceptable COS characteristics are compared to node and TG characteristics as configured to select the best route.

A COS table entry specifies transmission priority, COS name and one or multiple rows of COS characteristics that are acceptable for that COS. Note that traffic on sessions with the same COS can only flow at the same transmission priority. You would need a separately named entry to achieve a different priority on the same route.

TG characteristics include link speed, cost per connect time, cost per byte, security class (7 levels), propagation delay (LAN the least, satellite the most), and 3 user-defined fields that are user assignable.

Node properties include route additional resistance (RAR) and a congestion indicator.

The COS table can contain multiple entries meeting the criteria, some more acceptable than others. The COS table allows the assignment of weight to each entry to differentiate the value of each entry. For each possible route, compare the characteristics of the component nodes and transmission groups to the ranges of acceptable characteristics as defined in the COS table for that COS. For each NN or TG the characteristics are compared to see if they're within the range of tolerance. If so, a weight is assigned to each node and each TG and is added to the total weight for that particular route.

When all routes are weighed, the one with the lowest weight is selected.Ties are broken by random selection.

Route selection is a complex process and, where multiple routes are available, may involve considerable overhead. To reduce this overhead, TRS uses routing trees to store the best route path to each node in the network for a specific COS. You may configure how many routing trees the node will maintain at any one time.

Connection networks

Connection networks provide extensions to the APPN route calculation algorithm to simplify definitions and enhance connectivity on shared transport media. By specifying a node is a member of a connection network, it may establish a direct connection, when needed, between itself and any other member of the connection network. For example, on one Token Ring, there may be 50 end nodes with links and CP-CP session active to the same network node. The end nodes may communicate with each other through the network node, but this data path, which routes data through the network node then back onto the same media to the target end node, is an inefficient use of both the network node and the transmission media. Alternatively, APPN links could be configured between each end node it a mesh fashion, but this would require over 1000 link definitions! Instead, each end node can be configured as a member of the same connection network. This allows APPN route calculation to calculate a route through the connection network between the two end nodes. The resulting data path is a direct connection between end nodes without requiring a corresponding link definition on either node.

APPN Intermediate Session Routing

After a route is selected, a BIND session command flows from the origin LU to the destination LU over the specified route. The BIND includes:

Route Selection Control Vector (RSCV), the route for this session.

Fully Qualified Procedure Correlation ID (FQPCID), which uniquely identifies the session.

Transmission Priority, which indicates the relative priority for frames traveling on this session relative to frames on other sessions. There are 4: network (the highest), high, medium, and low. The transmission priority was assigned to this session based on the session COS. Transmission priority provides the mechanism in SNA for delivering high priority traffic, such as interactive traffic, ahead of lower priority traffic, such as batch jobs and file transfers.

Pacing Indicator. This indicates the maximum window size: the maximum number of messages that can be transmitted prior to receiving a SNA response. It also indicates whether fixed window size or adaptive pacing is supported.

Segmenting indicator. This identifies the capabilities of adjacent nodes to perform segmentation of data frames received on this session.

As the BIND passes through each NN, the NN records the inbound session identifier (local form session identifier or LFSID) carried in the BIND, and assigns a new session identifier to be used on the outbound port. It also builds a "session connector" that connects the inbound session identifier with the outbound session identifier, so that it knows how to forward subsequent packets on this session. The session connector also stores information carried in the BIND, such as segmentation values and transmission priority, so that other components, such as Path Control will be able to utilize the information on session traffic.

No subsequent data packets contain any routing information--they only contain the local form session identifier. Packets are forwarded based on information in session connectors, including port and outbound LFSID. LFSIDs are swapped at each NN since they have local significance only.

Dependent Logical Unit Requestor/Server

A Dependent LU (DLU) is an LU that depends on the System Services Control Point (SSCP) in VTAM to provide services for establishing sessions. Common DLU types are DLU 0, 1, 2, and 3.

Dependent LUs originated in subarea SNA. In early APPN environments, only LU6.2 independent LUs were supported. The PU supporting dependent LUs still required a logical link directly to a subarea network boundary function (VTAM or NCP) in order to operate. Dependent LU Requester provides the extensions to APPN necessary to allow dependent LUs to interoperate in an APPN network and removes the restriction that dependent LUs must have a direct connection to a subarea network boundary function.

Dependent LU Requester is the client half of Dependent LU Requester/Server. The Dependent LU Server (DLUS) is currently implemented in IBM's VTAM version 4.2.

There are three main concepts in DLUS/DLUR:

Control flows to the dependent logical units (DLUs) from VTAM, such as ACTLU and ACTPU, and session requests flow on a pair of LU 6.2 session between the DLUR and the DLUS.

Upon receiving a session request from the LU over control session, the VTAM acting as DLUS notifies the VTAM owning the target application that a session is requested.

The application initiates the session, and its serving network node selects the best route over the APPN network to the DLUR and destination LU.

The DLUR function can reside on an EN or NN that actually owns the dependent LUs. In addition, as in the case for Cisco's implementation, the DLUR can exist in a network node which offers its DLUR services to PU type 2.0 and PU type 2.1 nodes which connect to the DLUR. This arrangement offers consolidation of the LU6.2 control sessions (only one pair is needed for all downstream PUs that the DLUR serves). In addition, it can provide considerable cost savings over upgrading each device that owns dependent LUs to be APPN and DLUR capable.

DLUR function does not have to be active in all APPN nodes—only those with DLUs directly attached. Once encapsulated in the LU6.2 session, the DLUR control traffic (encapsulated SSCP-PU and SSCP-LU control flows) looks like regular APPN traffic.

By providing DLUS support in VTAM, SSCP support is extended to LUs residing on nodes that are nonadjacent to the VTAM or NCP boundary function. Traditional SSCP-PU and SSCP-LU session flows are multiplexed in LU6.2 sessions between the DLUR and DLUS.

The benefits of using the DLUS/DLUR function include:

Ability to use dynamic definition of the dependent LUs in VTAM, providing the served PU supports it, to reduce system definition and allow nodes to be moved in the network. All DLUR attached resources appear as switched resources which are not associated with a particular communications line or port.

The SSCP can own resources that are non-adjacent to a VTAM or NCP.

Dependent LUs are fully visible as VTAM resources for network management purposes.

APPN routing can be used to select an optimal route for the session path, even though the secondary logical unit (SLU) is not APPN-capable. A key advantage of DLUR over SNA gateway functions is the LU-LU session path from the application host to the dependent LU can differ from the path between the DLUR to the DLUS. SNA gateway and PU concentration devices are restricted to having their LU-LU session data paths identical to the path over which the SSCP-PU and SSCP-LU traffic flows.

Because DLUR offers the ability to separate the control functions for dependent LUs from the session traffic, it is possible to interrupt and recover or even change DLUS nodes without interrupting currently active LU-LU sessions to the dependent LUs.

No changes are required to end user systems or applications.

By providing this support in the Cisco IOS software , network consolidation—combining the dependent LU traffic with other multiprotocol traffic—provides cost savings.

IBM Channel Interface Processor

The Cisco 7000 series supports the Cisco IOS software mainframe Channel Interface Processor (CIP) application, which in turn supports the IBM channel attach feature.

IBM (and compatible) mainframe hosts are connected to each other and to communication controllers through high-performance communication subsystems called mainframe channels. Cisco supports IBM channel attachment technologies, including both the fiber-optic Enterprise Systems Connection (ESCON) channel introduced on the ES/9000 mainframe and the parallel bus-and-tag channel supported on System 370 and later mainframes.

The Cisco 7000 series configured with the CIP (and other interface processors) is an ideal connectivity hub for large corporate networks, providing routing services between mainframes and LANs:

A Cisco 7000 series with a CIP can replace an IBM 3172 interconnect controller, enabling mainframe and peripheral access from LAN-based workstations.

Because the number of network devices is reduced, a Cisco 7000 series with a CIP simplifies the network, especially in situations where a router can replace a 3172.

To ensure 100 percent IBM compatibility, the Cisco ESCON Channel Adapter (ECA) adapter card for the CIP uses the IBM ESCON chipset.

Note   Refer to the Cisco 7000 hardware installation guide for more information on installing the CIP processor.

Common Link Access for Workstations (CLAW) Support

Cisco has implemented Common Link Access for Workstations (CLAW) support in the CIP, which is a link-level protocol used by channel-attached RISC System / 6000 series systems and by IBM 3172 devices running Transmission Control Protocol/Internet Protocol (TCP/IP) offload. The CLAW protocol improves efficiency of channel use and allows the CIP to provide the functionality of a 3172 in TCP/IP environments and support direct channel attachment. The output from TCP/IP mainframe processing is a series of IP datagrams that the router can switch without modifications.

TCP Offload Support

Cisco has implemented offload processing support for TCP/IP. Like the offload feature of the IBM 3172 Model 3, the TCP offload feature on the CIP is designed to remove processing cycles from the mainframe by executing the TCP protocol on the CIP card. But while the IBM 3172-3 executes TCP in an OS/2 environment, the CIP utilizes the MIPS processor and high-speed channel software to deliver vastly improved performance and scalability. The TCP/IP protocol suite runs on the CIP board and delivers routable IP frames to the Cisco 7000 series router.

CIP Systems Network Architecture Support

CIP Systems Network Architecture (CSNA) support in a Cisco 7000 router provides mainframe connectivity to SNA network nodes. The CIP supports both ESCON Channel Adapter (ECA) and Parallel Channel Adapter (PCA) connections to an IBM mainframe using SNA network features. The CSNA feature provides an SNA LAN gateway to VTAM using a high-speed channel connection.

The CSNA feature also allows customers to replace currently installed IBM 3172 interconnect controllers with a Cisco 7000 series router equipped with CSNA and experience no loss of functionality, and in fact gain functionality, with minimal or no changes to VTAM or site configuration.

IBM Channel Attach Hardware Requirements

Support for IBM channel attach requires the following hardware:

A Cisco 7000 series router with one available card slot

A CIP with one or two adapter cards (ECA, PCA, or a combination)

All necessary cables for interconnecting the adapter cards to the mainframe or ESCON Director Switch

IBM Channel Attach Host Software Requirements

Your mainframe host software must meet the following minimum requirements:

IBM TCP/IP for VM Version 2 Release 2, with PTF enhancements for RISC System / 6000 series ESCON support

IBM TCP/IP for MVS Version 2 Release 2.1, with PTF enhancements for RISC System / 6000 series ESCON support