Clavister cOS Core Administration Guide

Chapter 4: Routing
Implementing BPDU Relaying
The cOS Core BDPU relaying implementation only carries STP messages. These STP messages can
be of three types:
• Normal Spanning Tree Protocol (STP)
• Rapid Spanning Tree Protocol (RSTP)
• Multiple Spanning Tree Protocol (MSTP)
• Cisco proprietary PVST+ Protocol (Per VLAN Spanning Tree Plus)
cOS Core checks the contents of BDPU messages to make sure the content type is supported. If it
is not, the frame is dropped.
Enabling/Disabling BPDU Relaying
BPDU relaying is disabled by default and can be controlled through the advanced setting Relay
Spanning-tree BPDUs. Logging of BPDU messages can also be controlled through this setting.
When enabled, all incoming STP, RSTP and MSTP BPDU messages are relayed to all transparent
interfaces in the same routing table, except the incoming interface.
4.8.5. MPLS Pass Through
Multi-protocol Label Switching (MPLS) is a standard that allows the attaching of labels to IP
packets to provide information about the packet's eventual destination. The router that initially
attached the MPLS label is known as the ingress router.
Network nodes that support MPLS can then use this attached information to route packets
without needing to perform route lookups and therefore increase processing speed. In addition
to overall faster traffic movement, MPLS also makes it easier to manage Quality of Service (QoS).
MPLS is considered to be "multi-protocol" because it works with the Internet Protocol,
Asynchronous Transport Mode (ATM) and frame relay network. When considered in reference to
the OSI network model, MPLS allows packets to be forwarded at the layer two level rather than at
the layer three level and for this reason it is said to operate at the two and a half level.
cOS Core MPLS Support
cOS Core supports MPLS Pass Through. This is relevant in transparent mode scenarios where the
MPLS labelled packets are allowed to traverse the Clavister Security Gateway. cOS Core can
optionally validate the integrity of these MPLS packets and the administrator can change the
advanced setting Relay MPLS to specify the specific action to be taken. The possible values for
this setting are:
• Ignore - Verify packets and allow all verified MPLS labelled packets to pass silently. Packets
that fail verification are logged.
• Log - Verify packets and allow all verified MPLS packets to pass as well as being logged.
Packets that fail verification are also logged.
• Drop - Silently drop all MPLS packets without verification or logging.
• Drop/Log - Drop all MPLS packets without verification and log these drops.
330