FAQ
Index:
Questions
and Answers: Q. What is the encryption that our router support
in IPSec VPN ? A. We support
IPSEC 3DES and AES in all our routers. Back to Top Q.
Does any body or organisation endorsed on ImageStream router wire-speed performance
? A. We warrant the performance
based on the specific application and it has been tested by outside agencies as
well. One example: http://www.nwfusion.com/reviews/2003/0714rev.html
Back to Top
Q.
Does our router exposed to vulnerability of being hack by hackers as it uses a
Linux kernel for its Enterprise Linux. For eg. Since Enterprise Linux itself is
using the Linux Kernel, if one hacker managed to hack in to a server that runs
on Linux kernel and would she be able to do the same thing on our router as we
are using a Linux Kernel also? A.
No. Open source is more secure than closed source because everyone knows when
vulnerability occurs, and you can patch it immediately. That said, our core kernel
has never been exploited. The security issues that we've seen were related to
applications running on the router, such as SSH. Everyone running these applications
is vulnerable. We respond with a patch within 24-48 hours of the exploit notification.
Moreover, most Linux vulnerabilities are related to server applications which
have no effect on our routers. Back to Top
Q.
If a company has only one E1 line and they want to run VRRP. Which router will
be connected to the WAN and how is the connection? A.
Either router can be connected to the WAN, but not both. If they want to
have a truly redundant setup, they will need to have redundant WAN connections
running BGP on the WAN links so the traffic would fail over properly and then
run VRRP internally. For BGP, you would need at least a Rebel router and an E1
connection as a rule. Back to Top
Q. What is the prerequisite to run VRRP ?
A. VRRP only requires 2 routers with Ethernet
ports connected to the same physical network. To run a fully redundant network,
you must ALSO have redundant WAN connections and run BGP on the WAN links.
Back to Top
Q.
If a company has an existing router, is it a must that the existing router must
support VRRP in order to run VRRP with our ImageStream routers ?
A. This is correct. Back to Top
Q.
Which of the leading router in the market that can support VRRP and compatible
with our routers? A. Most new routers
today support VRRP, including Cisco, Nortel, Lucent, Juniper and Riverstone. Our
router is built to compliant with those major brand names in the market.
Back to Top
Q. What is the physical connection between 2 routers
if we are implementing VRRP on the routers? Do we need a cross over cable?
A. You can use a dedicated Ethernet port and
crossover cable for the VRRP connection, but most customers use a common Ethernet
segment (connect both routers to the same switch). Back to Top
Q.
What are the standard reporting modules that are currently available with ImageStream
routers? A. The routers support
reporting via three methods:
1) Real-time statistics on the
router (see the router manual for example output) 2) SNMP statistics using
a MIB-II compliant reader (HP Openview, Sun Manager, MRTG,
RRDTool, etc.). http://www.culinarycafe.com/TrafficStats/
has an example of MRTG. This is a separate program from
the router and runs on another server or machine. 3) NetFlow and sFlow exports
(Cisco, HP Openview, ntop). NetFlow has many examples, but
you can see the free NetFlow server at http://www.ntop.org/.
NetFlow is a separate program from the router that runs on another server or machine.
Back to Top Q.
What type of management modules are available with IS routers?
A. The router can be managed read-only using the
above methods, or read/write via keyboard/monitor (most routers), serial console
(all routers), telnet (all routers) or ssh (all routers). ImageStream routers
support SSHv2, which is encrypted and secure. While some other brand name routers
only support SSHv1, which is not secure. Back to Top
Q.
Does ImageStream support PPP over Ethernet? A.
We do support PPP over Ethernet for our ADSL interface card. Back to Top
Q.
How do I know 0.0.0.0/xx stands for what subnet mask? A.
http://www.telogic.com.sg/Imagestream_Tech_SubnetMask.html
Back to Top
Q.
How to connect 8 ports to a 8 port WAN Card ? Is there a break out box or do I
need to use 8 V.35 cable per port for such 8 ports card ? A.
You can get two 4 port breakout cables per card. You connect the V.35 cables to
the breakout cable.
Back to Top Q.
Can we do fail-over so that all the traffic from ISP A will be routed to ISP B?
A. With BGP can.
You must have at least E1 as a rule. Back to Top
Q. May I know how to select
our WAN or LAN card to run on full duplex or 1/2 duplex?
A. The WAN cards
run full duplex, but the LAN cards will auto negotiate between full and half duplex,
depending on the connected device. However you can force the router's Ethernet
settings using the "speed" and "duplex" commands in the Ethernet
configuration:
speed 10 - sets the speed to 10 Mbps
speed 100 - sets the speed to 100 Mbps speed auto - sets the speed to autonegotiated
(default) duplex full - sets full duplex operation duplex half - sets
half duplex operation duplex auto - sets the duplex operation to autonegotiate
(default) Back to Top Q.
Does ImageStream router supports AppleTalk and SNA? A.
We can bridge Appletalk or SNA, but cannot route these protocols natively.
Back to Top
Q.
May I know how does ImageStream router bridge with AppleTalk, SNA and etc?
A. Bridging is a layer 2 function in the OSI
model. AppleTalk, SNA, IPX, TCP/IP and other protocols operate at layer 3. In
bridging mode, the router operates independently of the networking protocol. It
only determines which side of the bridge traffic should be sent to. Back to Top
Q.
Does ImageStream router has the DHCP capability? A.
Yes, DHCP server and client software can be added to the router. Back to Top
Q.
Can PCI 604-SE WAN Card support the wire-speed of 2.048Mbps E1 as some of V.35
Sync/Async cannot support wire-speed excess 128K or 512K ?
A. The 604-SE supports
speeds up to 10 Mbps per port. Back to Top
Q. iptables -t nat -A POSTROUTING
-s 192.168.3.0/24 -o eth1 -j SNAT -to 192.168.0.11
The
above configuration does not work. I would be glad if you could let me know whether
I have the wrong syntax or some other reasons? A.
Are packets matching the NAT rule? iptables -L -n -v from the command line will
show you the status of the rules. Also, please note that the 192.168.0.11 address
is also a non-routable, private address. If you are trying to use this address
on the Internet, it will not work. Here is the rule that you can use: iptables
-t nat -A POSTROUTING -j SNAT -s 192.168.0.10/24 --to 192.168.0.11 This
command and the previous are the same, it just that this command works for all
interfaces. Back to Top Q.
May I know the PID of iptables so that the NAT can effects instead of rebooting
the router? A. iptables is not
a daemon, and does not have a PID. Use the menu to edit the configuration, or
enter "Reload firewall" at the command prompt for changes to take effect.
Back to Top
Q.
Which port in the E3 WAN card is the Transmit and Receive Links?
A. 
Back to Top
Q.
May I know how to configure my E3 interface in ImageStream router?
A. Here is the sample configuration.
!
interface Serial1 description Connection to E3 link encapsulation hdlc
transport e3 ip address x.x.x.x <subnet mask> ! The
configuration above is assuming that you have a full E3 connection with external
clocking, AMI and HDB3 (the default settings). The transport e3 command is to
let the card knows to use E3 and not DS3. You do not need to tell the router what
type of card is installed, as the router will already know this. Back to Top Q.
May I know how to configure netflow configuration and is there any requirement
prior to start netflow ? A. Follow
the script that we have included on the router. It will ask you the questions
that you need to answer. Unless you have a very high level of traffic in the router,
there is no need for any special configurations. Back to Top
Q.
Can our router do IP Mapping? A.
The router can do IP mapping. This is commonly called "destination NAT"
and there is an example of DNAT on our Web site in the technical support area.
http://www.telogic.com.sg/Imagestream_Tech_IPTables_Firewall.html Please
take note also to include the DNAT address in the Ethernet configuration else
the router will not respond to traffic sent to those addresses. Back to Top Q.
How do I check the MAC address of the WAN Card? A.
You can find the MAC address by logging into the router and running this command
from the command line:
ifconfig SerialX where
"SerialX" is the name of the device in the system. The MAC address
will appear after the word "HWaddr" in the command output.
Back to Top
|