Router Solution
  ------------------------------------------
Overview
Pro Series Router
Industrial Series Router
Pro Series Network Card
Ind Series Network Card
   
  WAN Monitoring
  ------------------------------------------
WAN monitoring card
WAN monitoring tapper
   
  Technical Support
  ------------------------------------------
Manual Downloads
Technology
Case Study
Technical Notes
FAQ
   

 

  

 
ImageStream - Frequently Asked Questions


FAQ Index:

1.What is the encryption that our router support in IPSec VPN ?
2.Does any body or organisation endorsed on ImageStream router wire-speed performance ?
3.Does our router exposed to vulnerability of being hack by hackers as it uses a Linux kernel for its Enterprise Linux. For eg. Since Enterprise Linux itself is using the Linux Kernel, if one hacker managed to hack in to a server that runs on Linux kernel and would he be able to do the same thing on our router as we are using a Linux Kernel also?
4.If a company has only one E1 line and they want to run VRRP. Which router will be connected to the WAN and how is the connection?
5.What is the prerequisite to run VRRP ?
6.If a company has an existing router, is it a must that the existing router must support VRRP in order to run VRRP with our ImageStream routers?
7.Which of the leading router in the market that can support VRRP and compatible with our routers?
8.What is the physical connection between 2 routers if we are implementing VRRP on the routers? Do we need a cross over cable?
9.What are the standard reporting modules that are currently available with ImageStream routers?
10.What type of management modules are available with IS routers?
11.Does ImageStream support PPP over Ethernet?
12.How do I know 0.0.0.0/xx stands for what subnet mask ?
13.How to connect 8 ports to a 8 port WAN Card ? Is there a break out box or do I need to use 8 V.35 cable per port for such 8 ports card?
14.Can we do fail-over so that all the traffic from ISP A will be routed to ISP B?
15.May I know how to select our WAN or LAN card to run on full duplex or 1/2 duplex?
16.Does ImageStream router supports AppleTalk and SNA?
17.May I know how does ImageStream router bridge with AppleTalk, SNA and etc?
18.Does ImageStream router has the DHCP capability?
19. Can PCI 604-SE WAN Card support the wire-speed of 2.048Mbps E1 as some of V.35 Sync/Async cannot support wire-speed excess 128K or 512K?
20.iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o eth1 -j SNAT -to 192.168.0.11
The above configuration does not work. I would be glad if you could let me know whether I have the wrong syntax or some other reasons?
21.May I know the PID of iptables so that the NAT can effects instead of rebooting the router?
22.Which port in the E3 WAN card is the Transmit and Receive Links?
23.May I know how to configure my E3 interface in ImageStream router?
24.May I know how to configure netflow configuration and is there any requirement prior to start netflow ?
25.Can our router do IP Mapping?
26.How do I check the MAC address of the WAN Card?

Questions and Answers: 



Q. What is the encryption that our router support in IPSec VPN ?

A. We support IPSEC 3DES and AES in all our routers.

Back to Top


Q. Does any body or organisation endorsed on ImageStream router wire-speed performance ?

A. We warrant the performance based on the specific application and it has been tested by outside agencies as well. One example:
http://www.nwfusion.com/reviews/2003/0714rev.html

Back to Top


Q. Does our router exposed to vulnerability of being hack by hackers as it uses a Linux kernel for its Enterprise Linux. For eg. Since Enterprise Linux itself is using the Linux Kernel, if one hacker managed to hack in to a server that runs on Linux kernel and would she be able to do the same thing on our router as we are using a Linux Kernel also?

A. No. Open source is more secure than closed source because everyone knows when vulnerability occurs, and you can patch it immediately. That said, our core kernel has never been exploited. The security issues that we've seen were related to applications running on the router, such as SSH. Everyone running these applications is vulnerable. We respond with a patch within 24-48 hours of the exploit notification. Moreover, most Linux vulnerabilities are related to server applications which have no effect on our routers.

Back to Top


Q. If a company has only one E1 line and they want to run VRRP. Which router will be connected to the WAN and how is the connection?

A. Either router can be connected to the WAN, but not both. If they want to have a truly redundant setup, they will need to have redundant WAN connections running BGP on the WAN links so the traffic would fail over properly and then run VRRP internally. For BGP, you would need at least a Rebel router and an E1 connection as a rule.

Back to Top


Q. What is the prerequisite to run VRRP ?

A. VRRP only requires 2 routers with Ethernet ports connected to the same physical
network. To run a fully redundant network, you must ALSO have redundant WAN connections and run BGP on the WAN links.

Back to Top


Q. If a company has an existing router, is it a must that the existing router must support VRRP in order to run VRRP with our ImageStream routers ?

A. This is correct.

Back to Top


Q. Which of the leading router in the market that can support VRRP and compatible with our routers?

A. Most new routers today support VRRP, including Cisco, Nortel, Lucent, Juniper and Riverstone. Our router is built to compliant with those major brand names in the market.

Back to Top


Q. What is the physical connection between 2 routers if we are implementing VRRP on the routers? Do we need a cross over cable?

A. You can use a dedicated Ethernet port and crossover cable for the VRRP connection, but most customers use a common Ethernet segment (connect both routers to the same switch).

Back to Top


Q. What are the standard reporting modules that are currently available with ImageStream routers?

A. The routers support reporting via three methods:

1) Real-time statistics on the router (see the router manual for example output)
2) SNMP statistics using a MIB-II compliant reader (HP Openview, Sun Manager, MRTG,
    RRDTool, etc.). http://www.culinarycafe.com/TrafficStats/ has an example of MRTG.
    This is a separate program from the router and runs on another server or machine.
3) NetFlow and sFlow exports (Cisco, HP Openview, ntop).

NetFlow has many examples, but you can see the free NetFlow server at http://www.ntop.org/. NetFlow is a separate program from the router that runs on another server or machine.

Back to Top


Q. What type of management modules are available with IS routers?

A. The router can be managed read-only using the above methods, or read/write via keyboard/monitor (most routers), serial console (all routers), telnet (all routers) or ssh (all routers). ImageStream routers support SSHv2, which is encrypted and secure. While some other brand name routers only support SSHv1, which is not secure.

Back to Top


Q. Does ImageStream support PPP over Ethernet?

A. We do support PPP over Ethernet for our ADSL interface card.

Back to Top


Q. How do I know 0.0.0.0/xx stands for what subnet mask?

A. http://www.telogic.com.sg/Imagestream_Tech_SubnetMask.html

Back to Top


Q. How to connect 8 ports to a 8 port WAN Card ? Is there a break out box or do I need to use 8 V.35 cable per port for such 8 ports card ?

A. You can get two 4 port breakout cables per card. You connect the V.35 cables to the breakout cable.

Back to Top


Q. Can we do fail-over so that all the traffic from ISP A will be routed to ISP B?

A. With BGP can. You must have at least E1 as a rule.

Back to Top


Q. May I know how to select our WAN or LAN card to run on full duplex or 1/2 duplex?

A. The WAN cards run full duplex, but the LAN cards will auto negotiate between full and half duplex, depending on the connected device. However you can force the router's Ethernet settings using the "speed" and "duplex" commands in the Ethernet configuration:

speed 10 - sets the speed to 10 Mbps
speed 100 - sets the speed to 100 Mbps
speed auto - sets the speed to autonegotiated (default)
duplex full - sets full duplex operation
duplex half - sets half duplex operation
duplex auto - sets the duplex operation to autonegotiate (default)

Back to Top


Q. Does ImageStream router supports AppleTalk and SNA?

A. We can bridge Appletalk or SNA, but cannot route these protocols natively.

Back to Top


Q. May I know how does ImageStream router bridge with AppleTalk, SNA and etc?

A. Bridging is a layer 2 function in the OSI model. AppleTalk, SNA, IPX, TCP/IP and other protocols operate at layer 3. In bridging mode, the router operates independently of the networking protocol. It only determines which side of the bridge traffic should be sent to.

Back to Top


Q. Does ImageStream router has the DHCP capability?

A. Yes, DHCP server and client software can be added to the router.

Back to Top


Q. Can PCI 604-SE WAN Card support the wire-speed of 2.048Mbps E1 as some of V.35 Sync/Async cannot support wire-speed excess 128K or 512K ?

A. The 604-SE supports speeds up to 10 Mbps per port.

Back to Top


Q. iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -o eth1 -j SNAT -to 192.168.0.11

The above configuration does not work. I would be glad if you could let me know whether I have the wrong syntax or some other reasons?

A. Are packets matching the NAT rule? iptables -L -n -v from the command line will show you the status of the rules. Also, please note that the 192.168.0.11 address is also a non-routable, private address. If you are trying to use this address on the Internet, it will not work. Here is the rule that you can use:

iptables -t nat -A POSTROUTING -j SNAT -s 192.168.0.10/24 --to 192.168.0.11

This command and the previous are the same, it just that this command works for all interfaces.

Back to Top


Q. May I know the PID of iptables so that the NAT can effects instead of rebooting the router?

A. iptables is not a daemon, and does not have a PID. Use the menu to edit the configuration, or enter "Reload firewall" at the command prompt for changes to take effect.

Back to Top


Q. Which port in the E3 WAN card is the Transmit and Receive Links?

A.


Back to Top


Q. May I know how to configure my E3 interface in ImageStream router?

A. Here is the sample configuration.

!
interface Serial1
description Connection to E3 link
encapsulation hdlc
transport e3
ip address x.x.x.x <subnet mask>
!

The configuration above is assuming that you have a full E3 connection
with external clocking, AMI and HDB3 (the default settings). The transport e3 command is to let the card knows to use E3 and not DS3. You do not need to tell the router what type of card is installed, as the router will already know this.

Back to Top


Q. May I know how to configure netflow configuration and is there any requirement prior to start netflow ?

A. Follow the script that we have included on the router. It will ask you the questions that you need to answer. Unless you have a very high level of traffic in the router, there is no need for any special configurations.

Back to Top


Q. Can our router do IP Mapping?

A. The router can do IP mapping. This is commonly called "destination NAT" and
there is an example of DNAT on our Web site in the technical support area.

http://www.telogic.com.sg/Imagestream_Tech_IPTables_Firewall.html

Please take note also to include the DNAT address in the Ethernet configuration else the router will not respond to traffic sent to those addresses.

Back to Top


Q. How do I check the MAC address of the WAN Card?

A. You can find the MAC address by logging into the router and running this command from the command line:

ifconfig SerialX

where "SerialX" is the name of the device in the system. The MAC address
will appear after the word "HWaddr" in the command output.

Back to Top

 
COPYRIGHT © 2006 TELOGIC CO. ALL RIGHT RESERVED.