QoS Provisioning in Clusters An Investigation of Router and NIC Design

QoS Provisioning in Clusters An Investigation of Router and NIC Design
QoS Provisioning in Clusters An Investigation of Router and NIC Design

QoS Provisioning in Clusters:An Investigation of Router and NIC Design Ki Hwan Yum Eun Jung Kim Chita R.Das

Department of Computer Science and Engineering

The Pennsylvania State University

University Park,PA16802

E-mail:yum,ejkim,das@https://www.360docs.net/doc/c010937649.html,

Abstract

Design of high performance cluster networks(routers)

with Quality-of-Service(QoS)guarantees is becoming in-

creasingly important to support a variety of multimedia ap-

plications,many of which have real-time constraints.Most

commercial routers,which are based on the wormhole-

switching paradigm,can deliver high performance,but lack

QoS provisioning.In this paper,we present a pipelined

wormhole router architecture that can provide high and pre-

dictable performance for integrated traf?c in clusters.We

consider two different implementations—a non-preemptive

model and a more aggressive preemptive model.We also

present the design of a network interface card(NIC)based

on the Virtual Interface Architecture(VIA)design paradigm

to support QoS in the NIC.The QoS capable router and NIC

designs are evaluated with a mixed workload consisting of

best-effort traf?c,multimedia streams,and control traf?c.

Simulation results of an8-port router and a()mesh

network indicate that the preemptive router can provide bet-

ter performance than the non-preemptive router for dynami-

cally changing workloads.Co-evaluation of the QoS-aware

NIC with the proposed router models shows signi?cant per-

formance improvement compared to that with a traditional

NIC without any QoS support.

Index Terms:Cluster Network,Network Interface,Pre-

emption Mechanism,Quality-of-Service,Router Architec-

ture,VirtualClock,Wormhole Router.

1Introduction

Cluster systems are becoming increasingly more attrac-

tive for designing scalable servers with switched network

architectures that offer much higher bandwidth than the

broadcast-based networks.Quality-of-Service(QoS)pro-

visioning in such clusters is becoming a critical issue with

the widespread use of these systems in diverse commercial

applications[5].The traditional best-effort service model

is not adequate to support many cluster applications with

varying consumer expectations.For example,many web

the MediaWorm router design[30].The MediaWorm uses the VirtualClock algorithm for scheduling of virtual chan-nels(VCs)1to share the link bandwidth.The VCs are di-vided statically into two groups,one for best-effort traf?c and the other for real-time traf?c.It was shown that by using a rate-based scheduling mechanism,it is possible to provide soft guarantee for media streams in wormhole routers.

The MediaWorm router design has several limitations. First,?xed allocation of VCs to best-effort and real-time traf?c may not be the best choice for changing workloads. Second,it does not have any preemption capability that is necessary to transfer a higher priority message without be-ing blocked by a lower priority message.Third,the router has not been tested exhaustively with realistic and dynam-ically changing workloads.Next,the performance evalua-tion was limited to only the router design.It is known that the network interface(NI)plays a crucial role in reducing the communication overhead.The role of the NI may be-come even more important to satisfy the QoS requirements. Several user-level communication mechanisms have been proposed recently,where an application can directly com-municate with an intelligent NI with minimal kernel sup-port[1].The virtual interface architecture(VIA)[11,28] framework is becoming a standard to design user-level com-munication protocols in NICs.However,it is not clear how QoS provisioning should be provided in the context of a VIA design.In addition,co-evaluation of the clus-ter router/interconnect with a VIA-style NIC is essential to understand the interplay of different designs on the overall performance of the communication architecture.

To our knowledge,none of the prior work has consid-ered the above research issues in the design and evalua-tion of QoS capable cluster interconnects.In particular,co-evaluation of the interconnect and the NI to handle QoS sen-sitive traf?c has not been undertaken.This paper presents the design and evaluation of a QoS-aware wormhole router and a compatible VIA-style NIC to handle mixed traf?c in clusters.The main contributions of the paper are the fol-lowing:

We analyze two design alternatives for a pipelined, wormhole-switched router.These are called the non-preemptive and the preemptive models.Unlike the non-preemptive model,the preemptive model can dy-namically allocate any virtual channel to any traf?c class.This brings in the necessity that a higher prior-ity message should be able to preempt a lower priority message.Hence,the router core includes a?it-level(or block-level)preemption mechanism.In addition,we propose an acceleration mechanism for faster preemp-tion of lower class traf?c to boost performance further.

We consider two types of rate-based scheduling schemes,known as Fair Queuing[9]and Virtual-Clock[31],to schedule the VCs for satisfying QoS re-quirements.Design and performance implications of

their limitations are summarized in[5].ServerNet II[14]is the only commercial router that uses a link arbitration pol-icy(called ALU-biasing)for implementing bandwidth and delay control.But this simple mechanism is not suf?cient to support media streams.The In?niBand Architecture(IBA) initiative,aimed at SAN/cluster systems,is currently ex-ploring QoS provisioning issues[21].Kim and Chien[16] proposed a scheduling discipline,called rotating and com-bined queue(RCQ),to handle integrated traf?c in a packet-switched network.The Switcherland router[12],designed for multimedia applications on a network of workstations, uses a packet-switched mechanism similar to ATM,while avoiding some of the overheads associated with the ATM. The router architecture proposed in[22]uses a hybrid ap-proach,wherein wormhole switching is used for best-effort traf?c and packet switching is used for time-constrained traf?c.

The multimedia router architecture,proposed in[10,4], also uses a hybrid approach.It uses pipelined circuit switch-ing(PCS)for multimedia traf?c and virtual-cut-through (VCT)for best-effort traf?c.The authors have designed a()router to support both PCS and VCT schemes.

A connection-oriented scheme like PCS needs one VC per connection,and therefore,may not be practical to provide a large number of VCs per physical channel(PC).

A handful of research efforts have examined the possibil-ity of using wormhole-switched routers/networks for real-time traf?c[18,7,15].While[18,15]investigated hardware support required in a router to facilitate real-time message transfer,the work in[7]considered a software oriented syn-chronization mechanism in the Myrinet switch.The hard-ware mechanisms are not suf?cient(and may not even be necessary)for providing required performance support for integrated traf?c.The software approach in[7]may not be scalable.As stated in the introduction,the MediaWorm router[30]proposed recently uses a rate-based scheduling algorithm,known as VirtualClock[31],to assign propor-tionate bandwidth based on the application demands.

Message preemption in wormhole routers have been ad-dressed in[23,17].In[17],lower priority messages that block higher priority messages are discarded to allow faster delivery of higher priority messages.This approach has the advantage that it does not require extra resources to store routing information of the preempted messages.But pre-empted messages are lost and thus may not be a viable op-tion for many applications.With additional hardware and ?ow control,it is possible to recover the lower priority mes-sages.Song et al.[23],on the other hand,preempt a lower priority message in favor of a higher priority messages us-ing additional buffers.In their scheme,the router has

extra input buffers,where is the number of priority levels it supports.By providing these additional input buffers,the router can always establish a free path for higher priority messages.This scheme requires a history stack for stor-ing the header information of the preempted messages in ascending order of their priorities for each output channel. Unlike our pipelined router model,the authors use a lumped router design.Hence,many architectural details that are re-quired to support?it-level preemption are not addressed in their work.Provisioning for preemption in different stages of the pipeline is much more complex than a single stage (lumped)router model.

Also,to our knowledge,there is no related work on QoS capable NICs and on co-evaluation of QoS-aware routers and NICs.In particular,our design includes a VIA-style NIC that is QoS capable.

3Router Architecture

Most routers now use a pipelined design to minimize the network cycle time.Accordingly,we use a pipelined, wormhole-switched router similar to the SGI SPIDER and MediaWorm[30]in this paper.Figure1shows the?ve-stage pipelined router with ports.The?rst stage of the pipeline represents the functional units which synchronize the incoming?its,demultiplex a?it so that it can go to one of the virtual channels(VCs)to be subsequently decoded. If the?it is a header?it,routing decision and arbitration for the correct crossbar output is performed in the next two stages(stage2and stage3),while middle?its and the tail ?it of a message bypass stages2and3,and directly move to stage4.Flits get routed to the correct crossbar output ports in stage4.As shown in the?gure,the router has a scheduler(multiplexer),residing at the input port of the crossbar.In the best-effort router model,the scheduler can select one of the VCs using the FCFS or round robin(RR) principle.For QoS provisioning,we replace this scheduler with a rate-based scheme as described next.Finally,the last stage of the router performs buffering of?its?owing out of the crossbar,multiplexes the physical channel bandwidth amongst the VCs,and carries out synchronization with input buffers of other routers or the network interface for the subsequent transfer of?its.

n-1

Figure1.A?ve-stage pipelined router model

3.1Rate-based Scheduling for QoS Support

For this study we consider two different work conserv-ing,rate-based schedulers:Fair Queueing[9],and Virtu-alClock[31].(Many variations of these two schemes and other rate-based algorithms like the Weighted Round Robin have been proposed for QoS support in packet-switched net-works.All these schemes provide almost similar perfor-mance.The motivation of this paper is to show that QoS

in clusters can be provided by using a simple rate-based

scheduling algorithm.)It has been shown that the Virtu-

alClock algorithm cannot handle bursty traf?c effectively

without any input regulation[24].In this study,although

real-time traf?c can exhibit burstiness,the NI regulates it by

injecting one frame every33.3msec into the router.There-

fore,traf?c burstiness is avoided to affect the VirtualClock

performance.

We have implemented both these schemes at the crossbar

input of stage4.In order to select one scheme for the rest

of the design,we simulated both these schemes in a router

and injected media traf?c and best-effort traf?c.We mea-

sured the inter-frame delivery time and standard deviation

(SD)of delivery time for the media streams.The results

with different input loads are quite similar in both cases as

depicted in Table1.However,since implementation of the

Fair Queueing is more complex for maintaining the round

robin number,we use the VirtualClock algorithm in the rest

of our design.

Load Inter-frame time(msec)/SD

VirtualClock

60%33.12/0.63

70%32.74/1.25

80%32.28/1.38

2At best there could be3?its.A header?it and a middle?it of m1at

two different stages and a tail?it of another message at the crossbar input.

Decoder

Flit Output Routing Table

Lookup

Arbitration

Switch Core

Decoder

Flit Output Routing Table

Lookup

Arbitration

Switch Core

(a)(b)

Figure 2.Preemption and acceleration mechanisms in the router.(a)A higher priority message (m3)is blocked and needs to preempt a lower priority message (m1)in the input buffer using extra buffer.(b)When the header ?it of m3tries to reserve the output VC in the arbitration stage,the output VC is already occupied by another lower priority message (m2).Acceleration ?ag for m2is set so that the remaining ?its of m2are sent faster to the output VC before m3can start.This is required to avoid interleaving of m2and m3?its in the output buffer.VC,it could be already occupied by another lower prior-ity message like m2in Figure 2(b).In both cases,the ?its of lower priority messages (m1,m2)will slow down the progress of m3,until these ?its are pushed to the output buffer.

Therefore,we use a ?it acceleration mechanism that helps expedite the delivery of ?its of such lower priority messages (like m1and m2)by assigning a speci?c low vir-tual clock value to them.This value guarantees that these messages will be selected ?rst at the next cycle of the sched-uler unless there are other preempted messages at other VCs.(Then we can select them in a RR fashion.)For this purpose,a ?ag,called Accelerate ,is associated with each input VC.The Accelerate ?ag is set until the tail ?it of the preempted message (m1)or expedited message (m2)passes through the crossbar.

The other option to handle blocking at other stages is to use the preemption mechanism.The acceleration mecha-nism is much simpler and easier to control than providing a separate preemptive path at such stages.

3.3NIC Architecture

The network interface (NI)has a crucial role in the over-all communication performance since it is responsible for initiating and responding to communications,for handling data movement,and for providing application isolation.Since improving the performance of the router/interconnect alone will shift the communication bottleneck to the NI,de-sign of faster NIs has become a major research thrust re-cently.Consequently,a few user-level messaging layers such as Active Messages [27],U-Net [26]and FM [20]have been proposed to minimize the role of the operating system involvement in communication.A generic communication layer,called Virtual Interface Architecture (VIA),has been introduced as a standard communication paradigm for Sys-tem Area Networks (or SANs)or clusters [3,6].The design

focus of the VIA is to provide an ef?cient communication protocol between a user process and the network interface (NI).

VIA is a connection oriented paradigm consisting of Vir-tual Interfaces (VIs).A VI is the mechanism by which ap-plications talk to the NIC hardware,and establish a con-nection between the two processes.A VI consists of two queues:a send queue and a receive queue .For sending a message,an application posts a descriptor in the send queue,and informs the NI of the pending request by ring-ing a send doorbell ,which is a memory mapped region on the NI.On receiving the doorbell,the NI transfers the de-scriptor and the data from the user memory to the NI buffers using two DMAs.The NI transfers the message to the wire using another DMA,and updates the status ?eld of the send descriptor or that of a completion queue .The actions on the receive are very similar to that of a send.The appli-cation creates an empty buffer,posts a descriptor in the re-ceive queue and rings the receive doorbell in the NIC buffer.When a message arrives for a VI,the NI transfers the mes-sage to the buffer allocated by the application and updates the status ?eld of the receive descriptor.The message is subsequently consumed by the receiving process.

However,the original VIA framework does not have any QoS design speci?cation.Here,we propose an extension of the VIA design to support different priority classes in the NIC.

3.3.1A QoS-aware NIC Design

We propose three design modi?cations in the original VIA framework as described below.These are a prioritized door-bell structure to support different traf?c classes,a virtual channel aware buffer management in the NIC,and a hard-ware supported VirtualClock scheduler to transfer ?its to the router.Figure 3shows the different stages in the ?ow of data from an applications to the NIC.Each application

such as a video source or a a best-effort process has a VI with the corresponding send and receive queues.The send and receive queues reside in the user memory.To support integrated traf?c,we implemented prioritized doorbells in the NIC,where there is a doorbell queue for each class. The NIC?rmware picks up the doorbells in FCFS order based on their priority and programs the host DMA engine to transfer the descriptor followed by the message.Head of blocking in the doorbell queues can be avoided by several methods.As an example,if the NIC buffer(virtual chan-nel)corresponding to a doorbell is full,the scheduler can pick up the next doorbell in the

queue.

Figure3.A VIA-style NIC with QoS support To make the NIC design compatible to the QoS-aware router of the previous section,we implemented an equal number of VCs()to enable virtual channel?ow control in the NIC.Note that this is a logical separation of the NIC local memory.As messages are transferred into the NIC by the host DMA,they are broken into?its by the NIC proces-sor.The NIC buffer behaves as FCFS queues for the dif-ferent VCs.In the original VIA implementation,the send DMA engine of the NI(for example in the Myrinet network card)is used to transfer a complete message into the net-work at the rate of one?it per cycle.On the other hand,the router model discussed in this paper(and also in most prior designs)employs a?it-level multiplexing.(We will see in the performance section that?it-level multiplexing is a bet-ter choice for QoS support.)Thus,we experimented with two design alternatives for transferring data from the NIC to the wire.

In the?rst case,in accordance with the router design, we considered a?it-level multiplexing and data transfer to the network.This design will considerably slow down the rate at which the NIC can push data to the network when the DMA overhead is taken into consideration.To avoid the DMA overhead,transfer of the?its to the network needs to be implemented in hardware.We,therefore,considered a hardware-implemented VirtualClock algorithm for trans-ferring?its from different VCs in the NIC buffer.Thus,the ?it-level multiplexing has no DMA overhead.In the second case,we adhered to the traditional message-level granular-ity.However,the messages are selected using the Virtual-Clock algorithm.This implementation includes the DMA overhead for each message transfer.These two design al-ternatives were used in analyzing the overall performance implications.4Experimental Platform

4.1Simulation Testbed

For evaluating the architectural concepts,we have devel-oped?it-level simulation models for the traditional router (TR)with FCFS scheduling,the non-preemptive router (NP),the preemptive router(P),and the VIA-style NIC us-ing CSIM.The simulation models are?exible in that one can specify the number of physical channels(PCs),number of VCs per PC,link bandwidth,VBR rates and variation of VBR rate,?it size,message size,and many other architec-tural and workload parameters.It is also possible to con-?gure any network topology using these routers.The NIC simulator and the router simulator are written with common interface for ease of integration.

For our experiment,we have simulated an8-port router and a2-D mesh network using5-port routers.We used16 VCs per PC.(It is possible to use less number of VCs per PC,but the performance of real-time traf?c degrades if the number of VCs is very small.)The?it size is128bits,and each message consists of40?its except for the control mes-sages,which are20-?it long.Physical link bandwidth is 1.6Gbps,and?it buffers are40-?it deep.

The simulation of the NIC is based on a Baseline NI that is similar to Myricom’s M3M-PCI64B64bit,66MHz SAN/PCI Interface Myrinet network card[19].The pro-grammable nature of the Lanai-based network card facili-tated to emulate the VIA features.

4.2Workload

Our workload includes messages from real-time VBR traf?c,best-effort traf?c,and control traf?c.The VBR traf-?c is generated as a stream of messages between a pair of communicating(source-destination)processors.The traf-?c in each stream is generated from seven real MPEG-2 video traces with different bandwidth requirements[4,29]. Each stream generates30frames/sec,and each frame is fragmented into40-?it size messages(except possibly the last message of a frame),with each message carrying the bandwidth requirements(Vtick information for the Virtual-Clock algorithm),and the routing information in its header ?it.

Once the input VC for a connection is determined,the destination processor is picked randomly using a uniform distribution of all nodes,and the destination VC is also as-signed from among the available VCs using a uniform dis-tribution.

The best-effort traf?c is generated with a given injection rate,and follows the Poisson distribution3.Best-effort messages are assumed40-?it long,and a message destina-tion is assumed to follow a uniform distribution.The input and output VCs for a message are assigning using a uniform distribution of the available VCs for this traf?c class.

Control traf?c is typically used for network con?gura-tion,congestion control,and transfer of other control infor-mation.This traf?c has the highest priority in our model.

Therefore,control traf?c can preempt both best-effort traf-?c and real-time traf?c.The generation rate of control traf-?c is assumed to be low(one message per33.3msec),and only one virtual channel is assigned for this kind of traf-?c.For the non-preemptive router,this VC should be deter-mined when the router is con?gured,while the preemptive router can use any one of its VC for this traf?c,and can even change to another VC later.In our study,we assigned VC0for both the models for simplicity.We also assume a uniform destination distribution for the control traf?c.

An important parameter that is varied in our experiments is the input load.This is expressed as a fraction of the phys-ical link bandwidth.For a speci?ed input load,we vary the ratio of the two classes(,where is the fraction of the load for the VBR component and

is the fraction of the load for the best-effort component)to generate mixed-mode traf?c.

For the traditional(TR)and the non-preemptive(NP) routers,we divide the VCs into two disjoint groups.(The traditional router uses the same number of VCs as the non-preemptive router for each class,but uses the FCFS sched-uler.)When the simulation starts,the ratio()de-termines the number of VCs assigned to each class.We changed the load in5different phases during a simula-tion run to simulate dynamic workload.In the beginning of the simulation,the real-time to best-effort traf?c ratio is 20:80.The VCs are assigned using this https://www.360docs.net/doc/c010937649.html,ter the ratio changes to30:70,50:50,70:30,and?nally80:20.The VC con?guration for the TR and NP routers does not change during all these phases.

For the preemptive router,any type of traf?c can use any VC due to the preemption capability.In the beginning of the simulation,the con?guration is the same as the NP router. But as the ratio changes,the real-time traf?c can use more VCs by preempting the best-effort messages.

It should be noted that we are considering a?it-level sim-ulation in each stage of the router pipeline,and simulating several simultaneous streams per node.We gather simula-tion results over a few million messages for avoiding tran-sient behavior.In addition,the integration of the NIC makes the entire simulation quite complex and resource intensive. Therefore,we were able to collect results for single routers and a small2-D mesh network.

The important output parameters measured in our exper-iment are deadline missing probability of delivered MPEG-2frames,average missing time of deadline missing frames, and average network latency for best-effort traf?c and con-trol traf?c.Deadline missing probability is the ratio of the number of frames that missed their deadlines to the total number of delivered frames.The deadline for each frame is determined by adding33.3msec to the previous deadline, since the frame rate is30frames/sec for MPEG-2video streams.However,if a previous frame missed its deadline, a new deadline is set by adding33.3msec to the arrival time of the previous frame.Whenever a frame misses its deadline,we measure the deadline missing time and then calculate the average deadline missing time.Average net-work latency is the averaged time between the injection of the?rst?it(header?it)of a messages into the network(or a router)and the ejection of the last?it(tail?it)from the network.By including the queueing time with the network latency,we measure the average message latency.

5Performance Results

In this section,we analyze the performance results for an8-port router and a()mesh network with integrated traf?c.Then,we present co-evaluation of a single router and the NIC designs.

Our design spectrum consists of three types of stand alone routers(TR,NP and P models)and two types of NIC architecture(traditional NIC without the VirtualClock algo-rithm and the QoS-aware NIC with the VirtualClock algo-rithm).Integration of the NIC and router designs gives6 combinations.In addition,we also consider the impact of block or message level multiplexing in the router and NIC. Hence,it is impossible to discuss all the results in this paper due to space limitation.We present a subset of the results to highlight the main results.All the results are reported for?it-level multiplexing,unless block/message-level mul-tiplexing is speci?ed.

5.1Comparison of the Three Router Models

Proportion of Real?time to Best?effort Traffic(x:y)

0.00

0.20

0.40

0.60

0.80

D

e

a

d

l

i

n

e

M

i

s

s

i

n

g

P

r

o

b

a

b

i

l

i

t

y

Proportion of Real?time to Best?effort Traffic(x:y)

D

e

a

d

l

i

n

e

M

i

s

s

i

n

g

T

i

m

e

(

m

i

c

r

o

s

e

c

)

(a)(b)

Figure4.Deadline missing probability and deadline

missing time in a single router under dynamic load

variation.The input load is speci?ed in the graphs.

T

R

,

2

:

8

N

P

,

2

:

8

P

,

2

:

8

T

R

,

3

:

7

N

P

,

3

:

7

P

,

3

:

7

T

R

,

5

:

5

N

P

,

5

:

5

P

,

5

:

5

0.0

5.0

10.0

15.0

20.0

C

o

n

t

r

o

l

T

r

a

f

f

i

c

L

a

t

e

n

c

y

(

m

i

c

r

o

s

e

c

)

T

R

,

2

:

8

N

P

,

2

:

8

P

,

2

:

8

T

R

,

3

:

7

N

P

,

3

:

7

P

,

3

:

7

T

R

,

5

:

5

N

P

,

5

:

5

P

,

5

:

5

B

e

s

t

?

e

f

f

o

r

t

T

r

a

f

f

i

c

L

a

t

e

n

c

y

(

m

i

c

r

o

s

e

c

)

(a)Control traf?c(b)Best-effort traf?c

https://www.360docs.net/doc/c010937649.html,ponents of message latency of control

traf?c and best-effort traf?c in a single router under

dynamic load variation.The input load is0.80.

We begin by examining the performance results of a tra-ditional router,a non-preemptive router,and a preemptive

Proportion of Real?time to Best?effort Traffic(x:y)D e a d l i n e M i s s i n g P r o b a b i l i t y

Proportion of Real?time to Best?effort Traffic(x:y)

B e s t ?e f f o r t T r a f f i c L a t e n c y (m i c r o s e c

)

Figure 6.Effect of block-level multiplexing in a sin-gle preemptive router under dynamic load variation.

Proportion of Real?time to Best?effort Traffic(x:y)

D e a d l i n e M i s s

i n g P r o b a b i l i t y

Proportion of Real?time to Best?effort Traffic(x:y)

B e s t ?e f f o r t T r a f f i c L a t e n c y (m i c r o s e c )

Figure https://www.360docs.net/doc/c010937649.html,parison of (preemption+acceleration)and only preemption in a single router under dynamic load variation.(Some results for the best-effort traf?c at higher load are not included due to saturation.)router under dynamic workloads.Figure 4shows the dead-line missing probability and the average deadline missing time for each model.Some of the data points of the tra-ditional router were dropped due to saturation.It is seen that the preemptive router can service real-time traf?c with almost constant deadline missing probability (0.02?0.03),while for the non-preemptive router,the number of frames missing their deadlines increases as the ratio of real-time traf?c increases.The deadline missing time in Figure 4(b)is the minimum for the preemptive router.The tradi-tional router,without a rate-based scheduler,experiences saturation even under light load,and is the worst performer.Since the preemptive router can assign VCs dynamically ac-cording to the real-time traf?c load,it can provide the best performance among the three architectures.(Moreover,al-though not shown in the graphs due to space limitations,the advantage of the preemptive model becomes more striking for small number of VCs.)

Another important performance parameter is the average latency.Figure 5(a)shows the control traf?c latency in each router.Here,queueing time represents the time spent out-side the router before the message is injected into the router.In the traditional router,control traf?c is treated as any other types of traf?c,and hence its latency is much higher than those of the other two routers.The preemptive router pro-vides the best performance with almost zero queueing time followed by the non-preemptive router.Figure 5(b)com-pares the best-effort traf?c latency in the three routers.The non-preemptive and the preemptive routers can provide bet-ter service for real-time traf?c at the expense of best-effort

traf?c.Therefore,as expected,the TR provides the best performance for best-effort traf?c.

Next,we examined the impact of block-level multiplex-ing in a single preemptive router.Figure 6depicts the re-sults for block size of 1,5,and 10?its,respectively.As the block size increases,the performance degrades signif-icantly.Thus,?it-level multiplexing seems to be the most ideal choice for QoS assurance.However,in an actual im-plementation,we may have to use block-level multiplexing to amortize the scheduling overhead.

In order to estimate the contribution of the acceleration scheme explained in Section 3for the preemptive router,we tested the router without the acceleration scheme and with the acceleration scheme.Figure 7demonstrates the role of the acceleration scheme in the preemptive router.The re-sults indicate that by accelerating the ?its of the lower prior-ity messages,performance of both real-time and best-effort traf?c improves considerably.

5.2A (

)Mesh Network Results

In this subsection,we examine the performance implica-tions of using the preemptive and non-preemptive routers in a

()mesh network.Figure 8(a)shows the deadline missing probability for real-time traf?c and Figure 8(b)de-picts the average network latency for best-effort traf?c.Like the single router results,the preemptive model again ex-hibits better performance compared to the non-preemptive model.The deadline missing probability increases with an increase of the real-time load.Also as expected,the aver-age network latency of the best-effort traf?c in Figure 8(b)gradually increases with the real-time traf?c.

Proportion of Real?time to Best?effort Traffic(x:y)

0.010

0.020

0.030

0.040D e a d l i n e M i s s i n g P

r o b a b i l i t y

Proportion of Real?time to Best?effort Traffic(x:y)

B e s t ?e f f o r t T r a f f i c L a t e n c y (m i c r o s e c )

(a)(b)

Figure 8.Deadline missing probability and average latency of best-effort traf?c in a ()mesh network under dynamic load variation.

5.3Router and NIC Co-evaluation

Next,we present the co-evaluation of the NIC and a sin-gle router.An ()router is integrated with the NICs at both ends.The three different router models (TR,NP,and P)and the two NIC models (traditional and QoS-aware)are combined to examine six possible designs.Figure 9shows the comparison of the six combinations in terms of the dead-line missing probability.Figure 9(a)is plotted for a ?xed input load of 60%since the traditional NIC cannot support higher load.In this ?gure,all the three routers with the

QoS-aware NIC outperform the traditional NIC combina-tions (The dip for the 70:30ratio is a suspect.)suggesting that QoS provisioning in the NIC is rather more important to see any performance bene?ts in the router design.Not only that a traditional NIC cannot support higher input load,but even with 40-60%input load,the deadline missing proba-bility is quite high.In Figure 9(b),we compare the pre-emptive and non-preemptive router models along with the QoS-aware NIC for higher load.The results are again in favor of the preemptive router.In both these graphs,the preemptive router and the QoS-aware NIC combination has the best results.

Finally,we conducted an experiment by using message-level multiplexing in the QoS-aware NIC.In this case,un-like the ?it-level multiplexing,the VirtualClock scheduler selects and injects one message at a time to the QoS-aware router.We increased the input buffer of the router to avoid buffer over?ow.The simulation model includes the DMA overhead for injecting the messages.The (QoS NIC +P/msg)graph in Figure 9(b)shows that message-level mul-tiplexing in the NIC results in worse performance compared to the ?it-level multiplexing.This trend is similar to the block-level multiplexing results in the router as shown in Figure 6.Moreover,with message-level multiplexing,the system cannot handle higher load (0.6in the graph).Over-all,these results suggest that not only QoS provisioning in the NIC is critical,but also we need hardware mech-anism for ?it-level multiplexing to maximize the perfor-mance bene?ts.

Real?time to Best Effort Traffic (x:y)

D e a d l i n e M i s s i n g P r o b a b i l i t y

Real?time to Best Effort Traffic (x:y)

D e a d l i n e M i s s i n g P r o b a b i l i t y

(a)(b)

Figure 9.Co-evaluation of a single router and NICs.The deadline missing probability is shown for dynam-ically changing workload.

6Concluding Remarks

This paper addresses QoS support mechanisms in clus-ter interconnects.We propose a pipelined wormhole router architecture that can handle multiple traf?c types effec-tively.Two different router implementations,known as non-preemptive and preemptive models,are studied with a mixed workload of best-effort and real-time traf?c.An-other uniqueness of this work is that it integrates the NIC with the router design to examine the end-to-end QoS issue.We have developed a VIA-style NIC to support integrated traf?c in clusters.The important conclusions of this work are the following.

First,it is possible to support integrated traf?c in clus-ters by augmenting the conventional wormhole routers with a rate-based scheduling mechanism.The preemptive and non-preemptive models are feasible choices,and can be im-plemented in the realm of current VLSI technology.While both the implementations provide similar performance for static workloads,the preemptive model turns out to be a better choice for dynamic workloads,and for routers with small number of VCs.Second,preemption in a pipelined model is more complex than in a non-pipelined (lumped)model since a lower priority message can block a higher priority message at several stages of the pipeline.Instead of providing preemption at these stages,preemption in the in-put buffers followed by an acceleration mechanism at other stages seems a viable design.Next,it is shown that a QoS capable router alone is not adequate to provide end-to-end QoS support.A NIC with QoS provisioning that uses schemes like prioritized doorbells and a rate-based al-gorithm is necessary to ensure deadline oriented delivery of real-time traf?c.Finally,in all prior studies,the focus was only on the design of routers to provide QoS guarantees.Our study reveals that performance predictability in the NIC is rather more important to translate the performance ben-e?ts to the application level.Thus,design of QoS-aware NICs should be undertaken seriously.In this context,design compatibility between the router and the NIC offers several design trade-offs.For example,routers have usually used ?it-level multiplexing,while the NIC to network transfer is at a message-level granularity.Therefore,proper hardware support for ?it-level multiplexing in the NIC,as used in this paper,is ideal for maximizing the performance.Otherwise,a detailed analysis of block/message-level multiplexing in the router as well as in the NIC is required to arrive at an optimal design.

We are currently examining a number of possible exten-sions to this work.First,we are exploring other design al-ternatives in the VIA paradigm to improve the QoS support in the NIC.Second,we were unable to analyze the designs using larger networks primarily due to high time complex-ity of the simulations.Thus,optimization of the simulation model and possible parallelization should reduce the execu-tion time.Finally,we would like to implement the router as well as the NIC in hardware (prototyping in FPGA followed by the VLSI implementation)to examine the practicality of our models.We have already written a VHDL simulator of the router for this purpose.

7Acknowledgments

Many thanks to Vithal Shirodkar,Srinivas Hanabe,Giridhar Viswanathan,and Nishant Choudhary for devel-oping and testing the NIC simulators.We also would like to thank the anonymous referees for their comments and sug-gestions that improved the quality of the paper.

References

[1]S.Araki,A.Bilas,C.Dubnicki,J.Edler,K.Konishi,and

https://www.360docs.net/doc/c010937649.html,er-Space Communication:A Quantitative

Study.In Proc.of Supercomputing Conf.(SC’98),Novem-ber1998.

[2]N.J.Boden,D.Cohen,R.E.Felderman,A.E.Kulawik,

C.L.Seitz,J.N.Seizovic,and W.-K.Su.Myrinet:A

Gigabit-per-second Local Area Network.IEEE Micro, 15(1):29–36,February1995.

[3]P.Buonadonna,A.Geweke,and D.E.Culler.An Implemen-

tation and Analysis of the Virtual Interface Architecture.In Proc.of Supercomputing Conf.(SC’98),November1998.

[4]M.B.Caminero,J.J.Quiles,J.Duato,D.S.Love,and

S.Yalamanchili.Performance Evaluation of the Multimedia Router with MPEG-2Video Traf?c.In Proc.of Intl.Work-shop on Communication,Architecture and Applications on Network Based Parallel Computing(CANPC’99),pages62–76,January1999.

[5] A.A.Chien and J.H.Kim.Approaches to Quality of Ser-

vice in High-Performance Networks.In Proc.of Parallel Computer Routing and Communications Workshop.Lecture Notes in Computer Science,Springer-Verlag,July1997. [6]Compaq Corp.,Intel Corp.,and Microsoft Corp.Virtual In-

terface Architecture Speci?cation,Version1.0,1997.Avail-able at https://www.360docs.net/doc/c010937649.html,.

[7]K.Connelly and A.A.Chien.FM-QoS:Real-Time Com-

munication Using Self-Synchronizing Schedules.In Proc.

of Supercomputing Conf.(SC’97),November1997.

[8]W.J.Dally.Virtual-Channel Flow Control.IEEE Trans.

on Parallel and Distributed Systems,3(2):194–205,March 1992.

[9] A.Demers,S.Keshav,and S.Shenker.Analysis and Simula-

tion of a Fair Queueing Algorithm.Journal of Internetwork-ing Research and Experience,pages3–26,October1990.

[10]J.Duato,S.Yalamanchili,M.B.Caminero,D.Love,and

F.J.Quiles.MMR:A High-Performance Multimedia

Router-Architecture and Design-Tradeoffs.In Proc.of Intl.

Symp.High https://www.360docs.net/doc/c010937649.html,p.Arch.(HPCA-5),pages300–309, January1999.

[11] D.Dunning,G.Regnier,G.McAlpine,D.Cameron,B.Shu-

bert,F.Berry,A.M.Merritt,E.Gronke,and C.Dodd.The Virtual Interface Architecture.IEEE Micro,18(2):66–76, March/April1998.

[12]H.Eberle and E.Oertli.Switcherland:A QoS Communica-

tion Architecture for Workstation Clusters.In Proc.of Intl.

https://www.360docs.net/doc/c010937649.html,p.Arch.,pages98–108,June1998.

[13]M.Galles.Scalable Pipelined Interconnect for Distributed

Endpoint Routing:The SGI SPIDER Chip.In Proc.of Symp.High Perf.Interconnects(Hot Interconnects4),pages 141–146,August1996.

[14] D.Garcia and W.Watson.Servernet II.In Proc.of Par-

allel Computing,Routing,and Communication Workshop (PCRCW’97),June1997.

[15]M.Gerla, B.Kannan, B.Kwan,P.Palnati,S.Walton,

E.Leonardi,and

F.Neri.Quality of Service Support in

High-Speed Wormhole Routing Networks.In Proc.of Intl.

https://www.360docs.net/doc/c010937649.html,work Protocols,pages40–47,October1996. [16]J.H.Kim and A.A.Chien.Rotating Combined Queue-

ing(RCQ):Bandwidth and Latency Gurantees in Low-Cost, High-Performance Networks.In Proc.of https://www.360docs.net/doc/c010937649.html,p.

Arch.,pages226–236,May1996.[17]K.Knauber and B.Chen.Supporting Preemption in Worm-

hole Networks.In Proc.of https://www.360docs.net/doc/c010937649.html,p.Software and Ap-plications Conf.(COMPSAC’99),pages232–238,October 1999.

[18]J.-P.Li and M.Mutka.Priority Based Real-Time Communi-

cation for Large Scale Wormhole Networks.In Proc.of Intl.

Parallel Processing Symp.,pages433–438,May1994. [19]Myricom Inc.M3M-PCI64B Network Interface Card.

Available at https://www.360docs.net/doc/c010937649.html,/myrinet/ PCI64/m3m-pci64b.html.

[20]S.Pakin,https://www.360docs.net/doc/c010937649.html,uria,and A.A.Chien.High Performance

Messaging on Workstations:Illinois Fast Messages(FM) for Myrinet.In Proc.of Supercomputing Conf.(SC’95),De-cember1995.

[21]J.Pelissier.Providing Quality of Service over In?niBand

Architecture Fabric.In Proc.of Symp.High Perf.Intercon-nects(Hot Interconnects8),August2000.

[22]J.Rexford,J.Hall,and K.G.Shin.A Router Architec-

ture for Real-Time Point-toPoint Networks.In Proc.of Intl.

https://www.360docs.net/doc/c010937649.html,p.Arch.,pages237–246,May1996.

[23]H.Song,B.Kwon,and H.Yoon.Throttle and Preempt:

A New Flow Control for Real-Time Communications in

Wormhole Networks.In Proc.of Intl.Conf.Parallel Pro-cessing,pages198–202,August1997.

[24] D.Stiliadis and https://www.360docs.net/doc/c010937649.html,tency-Rate Servers:A

General Model for Analysis of Traf?c Scheduling Algo-rithms.IEEE/ACM Trans.on Networking,6(2):611–623, April1998.

[25] C.B.Stunkel,D.G.Shea,B.Abali,M.G.Atkins,C.A.

Bender,D.G.Grice,P.Hochschild,D.J.Joseph,B.J.

Nathanson,R.A.Swetz,R.F.Stucke,M.Tsao,and P.R.

Varker.The SP2High-Performance Switch.IBM Systems Journal,34(2):185–204,1995.

[26]T.von Eicken,A.Basu,V.Buch,and W.V ogels.U-Net:

A User-Level Network Interface for Parallel and Distributed

Computing.In Proc.of ACM Symp.Operating Systems Prin-ciples,pages40–53,December1995.

[27]T.von Eicken,D.E.Culler,S.C.Goldstein,and K.E.

Schauser.Active Messages:A Mechanism for Integrated Commnication and Computation.In Proc.of Intl.Symp.

Comp.Arch.,pages256–266,May1992.

[28]T.von Eicken and W.V ogels.Evolution of the Virtual Inter-

face Architecture.IEEE Computer,31(11):61–68,Novem-ber1998.

[29]K.H.Yum,E.J.Kim,V.Shirodkar,S.Hanabe,and C.R.

Das.Design and Analysis of a Versatile Router for Support-ing Integrated Traf?c in Clusters.Technical Report CSE-00-021,Pennsylvania State University,University Park,PA, October2000.

[30]K.H.Yum,A.S.Vaidya,C.R.Das,and A.Sivasubra-

maniam.Investigating QoS Support for Traf?c Mixes with the MediaWorm Router.In Proc.of Intl.Symp.High-Perf.

Comp.Arch.(HPCA-6),pages97–106,January2000. [31]L.Zhang.VirtualClock:A New Traf?c Control Algorithm

for Packet-Switched Networks.ACM Trans.on Computer Systems,9(2):101–124,May1991.

神码网络设备防ARP

齐头并进堵源治本高校校园网ARP攻击防御解决方案 DIGTIAL CHINA DIGITAL CAMPUS 神州数码网络有限公司 2008-07

前言 自2006年以来,基于病毒的arp攻击愈演愈烈,几乎所有的校园网都有遭遇过。地址转换协议ARP(Address Resolution Protocol)是个链路层协议,它工作在OSI参考模型的第二层即数据链路层,与下层物理层之间通过硬件接口进行联系,同时为上层网络层提供服务。ARP攻击原理虽然简单,易于分析,但是网络攻击往往是越简单越易于散布,造成的危害越大。对于网络协议,可以说只要没有验证机制,那么就可以存在欺骗攻击,可以被非法利用。下面我们介绍几种常见ARP攻击典型的症状: ?上网的时候经常会弹出一些广告,有弹出窗口形式的,也有嵌入网页形式的。下载的软件不是原本要下载的,而是其它非法程序。 ?网关设备ARP表项存在大量虚假信息,上网时断时续;网页打开速度让使用者无法接受。 ?终端不断弹出“本机的XXX段硬件地址与网络中的XXX段地址冲突”的对话框。 对于ARP攻击,可以简单分为两类: 一、ARP欺骗攻击,又分为ARP仿冒网关攻击和ARP仿冒主机攻击。 二、ARP泛洪(Flood)攻击,也可以称为ARP扫描攻击。 对于这两类攻击,攻击程序都是通过构造非法的ARP报文,修改报文中的源IP地址与(或)源MAC地址,不同之处在于前者用自己的MAC地址进行欺骗,后者则大量发送虚假的ARP报文,拥塞网络。 图一 ARP仿冒网关攻击示例

神州数码网络秉承“IT服务随需而动”的理念,对于困扰高教各位老师已久的ARP 攻击问题,结合各个学校网络现状,推出业内最全、适用面最广、最彻底的ARP整体解决方案。 神州数码网络公司从客户端程序、接入交换机、汇聚交换机,最后到网关设备,都研发了ARP攻击防护功能,高校老师可以通过根据自己学校的网络特点,选取相关的网络设备和方案进行实施。

H3C S5600系列交换机典型配置举例

S5600系列交换机典型配置举例 2.1.1 静态路由典型配置 1. 组网需求 (1)需求分析 某小型公司办公网络需要任意两个节点之间能够互通,网络结构简单、稳定, 用户希望最大限度利用现有设备。用户现在拥有的设备不支持动态路由协议。 根据用户需求及用户网络环境,选择静态路由实现用户网络之间互通。 (2)网络规划 根据用户需求,设计如图2-1所示网络拓扑图。 图2-1 静态路由配置举例组网图 2. 配置步骤 交换机上的配置步骤: # 设置以太网交换机Switch A的静态路由。 system-view [SwitchA] ip route-static 1.1.3.0 255.255.255.0 1.1.2.2 [SwitchA] ip route-static 1.1.4.0 255.255.255.0 1.1.2.2 [SwitchA] ip route-static 1.1.5.0 255.255.255.0 1.1.2.2 # 设置以太网交换机Switch B的静态路由。 system-view [SwitchB] ip route-static 1.1.2.0 255.255.255.0 1.1.3.1 [SwitchB] ip route-static 1.1.5.0 255.255.255.0 1.1.3.1

[SwitchB] ip route-static 1.1.1.0 255.255.255.0 1.1.3.1 # 设置以太网交换机Switch C的静态路由。 system-view [SwitchC] ip route-static 1.1.1.0 255.255.255.0 1.1.2.1 [SwitchC] ip route-static 1.1.4.0 255.255.255.0 1.1.3.2 主机上的配置步骤: # 在主机A上配缺省网关为1.1.5.1,具体配置略。 # 在主机B上配缺省网关为1.1.4.1,具体配置略。 # 在主机C上配缺省网关为1.1.1.1,具体配置略。 至此图中所有主机或以太网交换机之间均能两两互通。 2.1.2 RIP典型配置 1. 组网需求 (1)需求分析 某小型公司办公网络需要任意两个节点之间能够互通,网络规模比较小。需要 设备自动适应网络拓扑变化,降低人工维护工作量。 根据用户需求及用户网络环境,选择RIP路由协议实现用户网络之间互通。(2)网络规划 根据用户需求,设计如图2-2所示网络拓扑图。 设备接口IP地址设备接口IP地址 Switch A Vlan-int1110.11.2.1/24Switch B Vlan-int1110.11.2.2/24 Vlan-int2155.10.1.1/24Vlan-int3196.38.165.1/24 Switch C Vlan-int1110.11.2.3/24 Vlan-int4117.102.0.1/16 图2-2 RIP典型配置组网图 2. 配置步骤

神州数码交换机路由器命令汇总(最简输入版)

神州数码交换机路由器命令汇总(部分) 2016年3月23日星期三修改_________________________________________________________________________ 注:本文档命令为最简命令,如不懂请在机器上实验 注:交换机版本信息: DCRS-5650-28(R4) Device, Compiled on Aug 12 10:58:26 2013 sysLocation China CPU Mac 00:03:0f:24:a2:a7 Vlan MAC 00:03:0f:24:a2:a6 SoftWare Version 7.0.3.1(B0043.0003) BootRom Version 7.1.103 HardWare Version 2.0.1 CPLD Version N/A Serial No.:1 Copyright (C) 2001-2013 by Digital China Networks Limited. All rights reserved Last reboot is warm reset. Uptime is 0 weeks, 0 days, 1 hours, 42 minutes 路由器版本信息: Digital China Networks Limited Internetwork Operating System Software DCR-2659 Series Software, Version 1.3.3H (MIDDLE), RELEASE SOFTWARE Copyright 2012 by Digital China Networks(BeiJing) Limited Compiled: 2012-06-07 11:58:07 by system, Image text-base: 0x6004 ROM: System Bootstrap, Version 0.4.2 Serial num:8IRTJ610CA15000001, ID num:201404 System image file is "DCR-2659_1.3.3H.bin" Digital China-DCR-2659 (PowerPC) Processor 65536K bytes of memory,16384K bytes of flash Router uptime is 0:00:44:44, The current time: 2002-01-01 00:44:44 Slot 0: SCC Slot Port 0: 10/100Mbps full-duplex Ethernet Port 1: 2M full-duplex Serial Port 2: 2M full-duplex Serial Port 3: 1000Mbps full-duplex Ethernet Port 4: 1000Mbps full-duplex Ethernet Port 5: 1000Mbps full-duplex Ethernet Port 6: 1000Mbps full-duplex Ethernet

H3C路由器配置实例

通过在外网口配置nat基本就OK了,以下配置假设Ethernet0/0为局域网接口,Ethernet0/1为外网口。 1、配置内网接口(E t h e r n e t0/0):[M S R20-20]i n t e r f a c e E t h e r n e t0/0 [M S R20-20 2、使用动态分配地址的方式为局域网中的P C分配地址[M S R20-20]d h c p s e r v e r i p-p o o l 1 [M S R20-20-d h c p-p o o l-1]n e t w o r k2 4 [M S R20-20 [M S R20-20 3、配置n a t [M S R20-20]n a t a d d r e s s-g r o u p1公网I P公网I P [MSR20-20]acl number 3000 [MSR20-20-acl-adv-3000]rule 0 permit ip 4、配置外网接口(Ethernet0/1) [MSR20-20] interface Ethernet0/1 [MSR20-20- Ethernet0/1]ip add 公网IP [MSR20-20- Ethernet0/1] nat outbound 3000 address-group 1 5.加默缺省路由 [MSR20-20]route-stac 0.0.0外网网关 总结: 在2020路由器下面, 配置外网口, 配置内网口, 配置acl 作nat, 一条默认路由指向电信网关. ok! Console登陆认证功能的配置 关键词:MSR;console; 一、组网需求: 要求用户从console登录时输入已配置的用户名h3c和对应的口令h3c,用户名和口令正确才能登录成功。 二、组网图: 三、配置步骤:

神州数码配置命令总结 (已更新)

第一部分交换机配置 一、基础配置 1、模式进入 Switch> Switch>en Switch#config Switch(Config)#interface ethernet 0/2 2、配置交换机主机名 命令:hostname <主机名> 3、配置交换机IP地址 Switch(Config)#interface vlan 1 Switch(Config-If-Vlan1)#ip address 10.1.128.251 255.255.255.0 Switch(Config-If-Vlan1)#no shut 4、为交换机设置Telnet授权用户和口令: 登录到Telnet的配置界面,需要输入正确的用户名和口令,否则交换机将拒绝该Telnet用户的访问。该项措施是为了保护交换机免受非授权用户的非法操作。若交换机没有设置授权Telnet用户,则任何用户都无法进入交换机的Telnet配置界面。因此在允许Telnet方式配置管理交换机时,必须在Console的全局配置模式下使用命令username privilege [password (0 | 7) ]为交换机设置Telnet授权用户和口令并使用命令authentication line vty login local打开本地验证方式,其中privilege选项必须存在且为15。 例:Switch>enable Switch#config Switch(config)#username test privilege 15 password 0 test Switch(config)#authentication line vty login local Switch(Config)#telnet-user test password 0 test Switch (Config)#telnet-server enable://启动远程服务功能 5、配置允许Telnet管理交换机的地址限制(单独IP或IP地址段) (1)限制单个IP允许Telnet登录交换机 switch(config)#authentication security ip 192.168.1.2 (2)限制允许IP地址段Telnet登录交换机 switch(config)#access-list 1 permit 192.168.1.0 0.0.0.255 switch(config)#authentication ip access-class 1 in 5、为交换机设置Web授权用户和口令:web-user <用户名>password {0|7} <密码> 例:Switch(Config)#web-user admin password 0 digital 6、设置系统日期和时钟:clock set 7、设置退出特权用户配置模式超时时间 exec timeout //单位为分钟,取值范围为0~300 8、保存配置:write 9、显示系统当前的时钟:Switch#show clock 10、指定登录用户的身份是管理级还是访问级 Enable [level {visitor|admin} [<密码>]] 11、指定登录配置模式的密码:Enable password level {visitor|admin}

神州数码模拟试题

1.下列应用使用TCP连接的有(本题3项正确) A.Telnet B.BGP C.FTP D.TFTP 2.TCP和UDP协议的相似之处是 A.传输层协议 B.面向连接的协议 C.面向非连接的协议 D.其它三项均不对 3.下列应用使用UDP连接的有(本题3项正确) A.TFTP B.Syslog C.SNMP D.HTTP 4.第一个八位组以二进1110开头的IP地址是()地址 A.Class A B.Class B C.Class C D.Class D 5.下面哪些不是ICMP提供的信息 A.目的地不可达 B.目标重定向 C.回声应答 D.源逆制 6.C类地址最大可能子网位数是 A.6 B.8 C.12 D.14 7.()协议是一种基于广播的协议,主机通过它可以动态的发现对应于一个IP地址的MAC地址 A.ARP B.DNS C.ICMP D.RARP 8.IP地址为子网掩码为的地址,可以划分多少个子网位,多少个主机位 A.2,32 B.4,30 C.254,254 D.2,30 9.关于IPX的描述正确的是(本题3项正确) A.IPX地址总长度为80位,其中网络地址占48位,节点地址占32位 B.IPX地址总长度为80位,其中网络地址占32位,节点地址占48位

C.IPX是一个对应于OSI参考模型的第三层的可路由的协议 D.NCP属于应用层的协议,主要在工作站和服务器间建立连接,并在服务器和客户 机间传送请求和响应 10.在无盘工作站向服务器申请IP地址时,使用的是()协议 A.ARP B.RARP C.BOOTP D.ICMP 11.以太网交换机的数据转发方式可以被设置为(本题2项正确) A.自动协商方式 B.存储转发方式 C.迂回方式 D.直通方式 12.当交换机检测到一个数据包携带的目的地址与源地址属于同一个端口时,交换机会怎样处理? A.把数据转发到网络上的其他端口 B.不再把数据转发到其他端口 C.在两个端口间传送数据 D.在工作在不同协议的网络间传送数据 13.下面哪个标准描述了生成树协议 A. B. C. D. 14.下列有关端口隔离的描述正确的是:(本题2项正确) A.DCS-3726B出厂时即是端口隔离状态,所有端口都可以与第一个端口通信,但之 间不可以互通 B.DCS-3726S可以通过配置实现与3726B一样的端口隔离功能,但出厂默认不时隔 离状态 C.可以通过配置私有VLAN功能实现端口隔离 D.可以通过配置公用端口实现端口隔离 15.下列关于静态配置链路聚合和动态配置链路聚合的理解正确的是: A.静态配置链路聚合需要在聚合组的每个聚合端口中进行配置 B.动态配置链路聚合只需要在主端口中配置一次,在全局模式中配置启用lacp协 议即可 C.静态配置链路聚合不能进行负载均衡 D.动态配置链路聚合不需要配置聚合组号,交换机会根据目前聚合组的情况自动 指定 16.网络接口卡(NIC)可以做什么? A.建立、管理、终止应用之间的会话,管理表示层实体之间的数据交换 B.在计算机之间建立网络通信机制 C.为应用进程提供服务 D.提供建立、维护、终止应用之间的会话,管理表示层实体之间的数据交换17.以下关于以太网交换机的说法哪些是正确的?

H3C IPv6 静态路由配置

操作手册 IP路由分册 IPv6 静态路由目录 目录 第1章 IPv6静态路由配置......................................................................................................1-1 1.1 IPv6静态路由简介.............................................................................................................1-1 1.1.1 IPv6静态路由属性及功能........................................................................................1-1 1.1.2 IPv6缺省路由..........................................................................................................1-1 1.2 配置IPv6静态路由.............................................................................................................1-2 1.2.1 配置准备..................................................................................................................1-2 1.2.2 配置IPv6静态路由...................................................................................................1-2 1.3 IPv6静态路由显示和维护..................................................................................................1-2 1.4 IPv6静态路由典型配置举例(路由应用).........................................................................1-3 1.5 IPv6静态路由典型配置举例(交换应用).........................................................................1-5

神州数码路由交换配置命令(全)

路由 ssh aaa authentication login ssh local aaa authentication enable default enable enable password 0 123456 username admin password 0 123456 ip sshd enable ip sshd auth-method ssh ip sshd auth-retries 5 ip sshd timeout 60 TELNET R1_config#aaa authentication login default local R1_config#aaa authentication enable default enable R1_config#enable password 0 ruijie R1_config#line vty 0 4 R1_config_line#login authentication default R1_config_line#password 0 cisco 方法2,不需要经过3A认证 R1_config#aaa authentication login default none R1_config#aaa authentication enable default enable R1_config#enable password 0 cisco R1_config#line vty 0 4 R1_config_line#login authentication default CHAP认证单向认证,密码可以不一致 R2_config#aaa authentication ppp test local R2_config#username R2 password 0 123456 R2_config_s0/2#enc ppp R2_config_s0/2#ppp authentication chap test R2_config_s0/2#ppp chap hostname R1 R1_config#aaa authentication ppp test local R1_config#username R1 password 0 123456 R1_config_s0/1#enc ppp R1_config_s0/1#ppp authentication chap test R1_config_s0/1#ppp chap hostname R2

DCN配置命令

1. 基本配置: 开启SSH服务:debug ssh-server 设置特权模式密码:enable password [8] 注释:8为加密的密码 设置退出特权模式超时时间::exec-timeout [] Switch(config)#exec-timeout 5 30(退出时间为5分30秒) 更改主机名:hostname 主机名 设置主机名与IP地址的映射关系:Switch(config)#ip host beijing 200.121.1.1(beijing为主机) 开启web配置服务:Switch(config)#ip http serve 显示帮户信息的语言类型:language {chinese|english} 使用密码验证:login 使用本地用户密码验证:Switch(config)#login local 设置用户在 console上进入一般用户配置模式时的口令:Switch(config)#password 8 test 热启动交换机:reload 加密系统密码:service password-encryption 恢复交换机出厂配置:set default 保存当前配置:write 配置交换机作为 Telnet 服务器允许登录的 Telnet 客户端的安全 IP 地址: Switch(config)#telnet-server securityip 192.168.1.21 设置Telnet 客户端的用户名及口令:Switch(config)#telnet-user Antony password 0 switch 打开交换机的 SSH服务器功能:Switch(config)#ssh-server enable 设置SSH客户端的用户名及口令:Switch(config)#ssh-user switch password 0 switch 通过DHCP 方式获取 IP 地址。 Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip dhcp-client enable Switch(Config-if-Vlan1)#exit 交换机 Switch1 端口 1 同交换机 Switch2 端口 1 用线相连,将该两个端口设置为强制100Mbit/s 速率,半双工模式。 Switch1(config)#interface ethernet1/1 Switch1(Config-If-Ethernet1/1)#speed-duplex force100-half Switch2(config)#interface ethernet1/1 Switch2(Config-If-Ethernet1/1)#speed-duplex force100-half 配置名称为 test的隔离组。 Switch>enable Switch#config Switch(config)#isolate-port group test 打开LACP调试开关。 Switch#debug lacp 新建一个 port group,并且采用默认的流量分担方式。

神州数码路由器实训手册

10级网络设备常规实训【router】文档 -2011-2012学年第一学期- 实训老师:沈广东刘海涛 编辑:蒋立彪沈广东 目录 一、路由器基本配置-------------------------------------------03 二、使用访问控制列表(ACL)过滤网络数据包-------06 三、路由器的NAT功能--------------------------------------08 四、路由器DHCP 配置--------------------------------------10 五、本地局域网互联(路由协议配置)------------------14 六、使用DCVG-204实现VOIP ---------------------------19 七、跨路由使用DCVG-204---------------------------------22

一、路由器基本配置 一、试验目的: 1.掌握路由器本地设置的方法。 2.掌握路由器设置命令。(设置端口IP) 3.掌握路由器远程设置的方法。(telnet 服务) 二、试验设备 1.DCR-1700路由器1台 2.Console 线、直通双绞线 3.DCRS-3926S交换机1台 三、试验拓扑结构 :192.168.1.2/24 192.168.1.254 线 //思考1:如果路由器要直接和PC连接,是用直通线?还是交叉线? 三、实验任务及步骤 1.Console 口连接 2.任务模式:enable 特权配置模式 Config 全局配置模式 3.测试计算机与路由器的连通性 PC机配置: Route 配置: Router#delete this file will be erased,are you sure?(y/n)y no such file Router#reboot Do you want to reboot the router(y/n)? //恢复出厂设置并重启 Router_config#hostname RouterA RouterA _config# //修改主机名 RouterA _config#interface fastEthernet 0/0 (//进入100M端口,) //思考2:若想进入10M口如何? // RouterA _config#interface ethernet 0/1 进入10M口

ict企业网关h3c路由器配置实例

ICT企业网关H3C路由器配置实例 以下是拱墅检查院企业网关的配置实例。路由器是选H3C MRS20-10(ICG2000),具体配置的内容是: PPP+DHCP+NAT+WLAN [H3C-Ethernet0/2] # version 5.20, Beta 1605 # sysname H3C # domain default enable system # dialer-rule 1 ip permit # vlan 1 # domain system access-limit disable state active idle-cut disable self-service-url disable

# dhcp server ip-pool 1 network 192.168.1.0 mask 255.255.255.0 gateway-list 192.168.1.1 dns-list 202.101.172.35 202.101.172.46 # acl number 2001 rule 1 permit source 192.168.1.0 0.0.0.255 # wlan service-template 1 crypto ssid h3c-gsjcy authentication-method open-system cipher-suite wep40 wep default-key 1 wep40 pass-phrase 23456 service-template enable # wlan rrm 11a mandatory-rate 6 12 24 11a supported-rate 9 18 36 48 54 11b mandatory-rate 1 2 11b supported-rate 5.5 11 11g mandatory-rate 1 2 5.5 11

h3c路由器典型配置案例

version 5.20, Release 2104P02, Basic # sysname H3C # nat address-group 27 122.100.84.202 122.100.84.202 # # domain default enable system # dns resolve dns proxy enable # telnet server enable # dar p2p signature-file cfa0:/p2p_default.mtd # port-security enable # # vlan 1 # domain system access-limit disable state active idle-cut disable self-service-url disable # dhcp server ip-pool 1 network 192.168.201.0 mask 255.255.255.0 gateway-list 192.168.201.1 dns-list 202.106.0.20 202.106.46.151 # # user-group system # local-user admin password cipher .]@USE=*8 authorization-attribute level 3 service-type telnet # interface Aux0 async mode flow link-protocol ppp

interface Cellular0/0 async mode protocol link-protocol ppp # interface Ethernet0/0 port link-mode route nat outbound address-group 27 ip address 122.100.84.202 255.255.255.202 # interface Ethernet0/1 port link-mode route ip address 192.168.201.1 255.255.255.0 # interface NULL0 # # ip route-static 0.0.0.0 0.0.0.0 122.100.84.201 # dhcp enable # load xml-configuration # user-interface con 0 user-interface tty 13 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme user privilege level 3 set authentication password simple###¥¥¥# return [H3C]

神州数码交换机基本配置

神州数码交换机基本配置 恢复交换机的出厂设置 命令:set default 功能:恢复交换机的出厂设置。 命令模式:特权用户配置模式。 使用指南:恢复交换机的出厂设置,即用户对交换机做的所有配置都消失,用户重新启动交换机后,出现的提示与交换机首次上电一样。 注意:配置本命令后,必须执行write 命令,进行配置保留后重启交换机即可使交换机恢复到出厂设置。 举例: Switch#set default Are you sure? [Y/N] = y Switch#write Switch#reload 进入交换机的Setup配置模式 命令:setup 功能:进入交换机的Setup配置模式。 命令模式:特权用户配置模式。 使用指南:在Setup配置模式下用户可进行IP地址、Web 服务等的配置。 举例: Switch#setup Setup Configuration ---System Configuration Dialog--- At any point you may enter Ctrl+C to exit. Default settings are in square brackets [ ]. If you don't want to change the default settings, you can input enter. Continue with configuration dialog? [y/n]:y Please select language [0]:English [1]:中文 Selection(0|1) [0]:0 Configure menu [0]:Config hostname [1]:Config interface-Vlan1 [2]:Config telnet-server [3]:Config web-server [4]:Config SNMP [5]:Exit setup configuration without saving [6]:Exit setup configuration after saving

山石网科SG神州数码DCFW-1800系列安全网关至中神通UTMWALL的功能迁移手册

山石网科SG/神州数码DCFW-1800系列安全网关至中神通UTMWALL的功能迁移手册 更多产品迁移说明: 山石网科安全网关是Hillstone针对中小企业及分支机构用户的安全现状和需求推出的全新高性能多核安全网关。产品采用业界领先的多核Plus G2安全架构和64位实时安全操作系统StoneOS?,提供全方位的安全防护、易用的可视化管理和卓越的性能,为中小企业和分支机构用户提供高性价比的全面安全解决方案。山石网科下一代智能防火墙采用创新的主动检测技术和智能多维处理架构,通过全网健康指数帮助用户实时掌握安全状况;基于先进的应用识别和用户识别技术,为用户提供高性能应用层安全防护及增强的智能流量管理功能。 神州数码DCFW-1800系列防火墙是神州数码网络有限公司自主开发、拥有知识产权的新一代高性能纯硬件网络安全产品,能够为大中型企业、政府机关、教育机构等的网络安全问题提供安全高速的解决方案。DCFW-1800系列防火墙拥有集成的网络安全硬件平台,采用专有的实时操作系统,可以灵活的划分安全域,并且可以自定义其它安全级别的域,防火墙的安全策略规则会对信息流进行检查和处理,从而保证网络的安全。 武汉中神通信息技术有限公司历经15年的开发和用户使用形成了中神通UTMWALL?系列产品,有硬件整机、OS软件、虚拟化云网关等三种产品形式,OS 由50多个不断增长的功能APP、32种内置日志和5种特征库组成,每个APP都有配套的在线帮助、任务向导、视频演示和状态统计,可以担当安全网关、防火墙、UTM、NGFW等角色,胜任局域网接入、服务器接入、远程VPN接入、流控审计、行为管理、安全防护等重任,具备稳定、易用、全面、节能、自主性高、扩展性好、性价比优的特点,是云计算时代的网络安全产品。 以下是两者之间的功能对比迁移表: 山石网科SG v5.0功能项页码中神通UTMWALL v1.8功能项页码第1章产品概述 1 A功能简介8 第2章搭建配置环境 6 B快速安装指南9 第3章命令行接口(CLI)10 B快速安装指南9 第4章系统管理15 2系统管理47

神州数码交换机配置

神州数码交换机配置基本命令 交换机基本状态: hostname> ;用户模式 hostname# ;特权模式 hostname(config)# ;全局配置模式 hostname(config-if)# ;接口状态 交换机口令设置: switch>enable ;进入特权模式 switch#config terminal ;进入全局配置模式 switch(config)#hostname ;设置交换机的主机名 switch(config)#enable secret xxx ;设置特权加密口令 switch(config)#enable password xxa ;设置特权非密口令 switch(config)#line console 0 ;进入控制台口 switch(config-line)#line vty 0 4 ;进入虚拟终端 switch(config-line)#login ;允许登录 switch(config-line)#password xx ;设置登录口令xx switch#exit ;返回命令 交换机VLAN设置: switch#vlan database ;进入VLAN设置 switch(vlan)#vlan 2 ;建VLAN 2 switch(vlan)#no vlan 2 ;删vlan 2 switch(config)#int f0/1 ;进入端口1 switch(config-if)#switchport access vlan 2 ;当前端口加入vlan 2 switch(config-if)#switchport mode trunk ;设置为干线 switch(config-if)#switchport trunk allowed vlan 1,2 ;设置允许的vlan switch(config-if)#switchport trunk encap dot1q ;设置vlan 中继switch(config)#vtp domain ;设置发vtp域名 switch(config)#vtp password ;设置发vtp密码 switch(config)#vtp mode server ;设置发vtp模式 switch(config)#vtp mode client ;设置发vtp模式 交换机设置IP地址: switch(config)#interface vlan 1 ;进入vlan 1 switch(config-if)#ip address ;设置IP地址 switch(config)#ip default-gateway ;设置默认网关 switch#dir Flash: ;查看闪存 交换机显示命令: switch#write ;保存配置信息 switch#show vtp ;查看vtp配置信息 switch#show run ;查看当前配置信息 switch#show vlan ;查看vlan配置信息 switch#show interface ;查看端口信息 switch#show int f0/0 ;查看指定端口信息 完了最最要的一步。要记得保存设置俄,

神州数码路由器配置相关命令

一、路由器工作模式: 用户模式:Router> 特权模式:Router # 全局配置模式:Router (config)# 接口配置模式:Router (config-if)# 路由配置模式:Router(config-router)# Line配置模式:Router(config-line)# 二、路由器口令设置: Router>enable;进入特权模式 Router#configterminal;进入全局配置模式 Router(config)#hostname xxx;设置路由器的主机名 Router(config)#enable secret level 15 0 xxx ;设置特权明文加密口令xxx Router (config)#enable password xxx;设置特权非密口令 Router(config)#line console 0;进入控制台口 Router(config-line)#line vty 0 4;进入虚拟终端 Router(config-line)#login;允许登录 Router(config-line)#password xx ;设置登录口令xx Router#exit;返回命令 三、路由器VLAN设置: 配置WAN接口 选择接口:Router(config)#i nterface s0/0/0 配置IP地址Router(config-if)#ip address 192.168.10.1 255.255.255.0 设置时钟频率:Router(config-if)#clock rate 64000(另一端无需配置)启用端口:Router(config-if)#no shutdown 四、路由协议设置: 静态路由:Router(config)#ip route network 目标网络网络掩码下一跳IP Router(config)#ip route 192.168.1.0 255.255.255.0 10.1.1.1 默认路由:Router(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.1

防火墙解决方案

大型企业网络防火墙解决方案 神州数码大型企业网络防火墙整体解决方案,在大型企业网络中心采用神州数码 DCFW-1800E防火墙以满足网络中心对防火墙高性能、高流量、高安全性的需求,在各分支机构和分公司采用神州数码DCFW-1800S防火墙在满足需要的基础上为用户节约投资成本。另一方面,神州数码DCFW-1800系列防火墙还内置了VPN功能,可以实现利用Internet构建企业的虚拟专用网络。 防火墙VPN解决方案 作为增值模块,神州数码DCFW-1800防火墙内置了VPN模块支持,既可以利用因特网(Internet)IPSEC通道为用户提供具有保密性,安全性,低成本,配置简单等特性的虚拟专网服务,也可以为移动的用户提供一个安全访问公司内部资源的途径,通过对PPTP协议的支持,用户可以从外部虚拟拨号,从而进入公司内部网络。神州数码DCFW-1800系列防火墙的虚拟专网具备以下特性: 标准的IPSEC,IKE与PPTP协议

支持Gateway-to-Gateway网关至网关模式虚拟专网 支持VPN的星形(star)连接方式 VPN隧道的NAT穿越 支持IP与非IP协议通过VPN 支持手工密钥,预共享密钥与X.509 V3数字证书,PKI体系支持IPSEC安全策略的灵活启用:管理员可以根据自己的实际需要,手工禁止和启用单条IPSEC安全策略,也为用户提供了更大的方便。 支持密钥生存周期可定制 支持完美前项保密 支持多种加密与认证算法: 加密算法:DES, 3DES,AES,CAST,BLF,PAP,CHAP 认证算法:SHA, MD5, Rmd160 支持Client-to-Gateway移动用户模式虚拟专网 支持PPTP定制:管理员可以根据自己的实际需要,手工禁止和启用PPTP。

相关文档
最新文档