AAA (Authentication, Authorization, Accounting) — used to describe the process of granting access and control it.

• Authentication  — comparison of person (request) with existing account in the security system. Implemented by login, password or certificate.
• Authorization (the credentials, verification of access level) — the comparison account in the system (and the person that passed authentication) and access level. In EcoRouter users are provided with several predefined levels of access to system commands.
• Accounting — monitoring the consumption of resources (especially network) by the user. In the accounting is also included the recording of the facts to gain access to the system (access logs).

 ABR (area border router) is an edge router connects one or more zones to the backbone and acts as a gateway for inter-zonal traffic.

Access Control List (ACL) is a set of textual expressions, rules that restrict or allow the passage of any traffic on the network. The access control lists perform filtering based on the ip address of the packet source, the ip destination address of the packet, the type of protocol, and the port numbers. In EcoRouter, access control lists are implemented by the access-list entity.

ARP (Address Resolution Protocol) is a protocol in computer networks designed to determine the MAC address from a known IP address.

AS boundary router (ASBR) exchanges information with routers belonging to other autonomous systems or non-OSPF routers.

Bridge domain is the local broadcast domain of the second OSI model layer, which  exists separate from the concept of VLAN and operates virtual subnets. Bridge domain is created on each device separately and is relevant only for it.

This separation allows you to define different virtual subnets to the one port and to manage individual virtual domains flexibly. Thereby the scalability limit caused by the global VLAN bound to a specific device of the segment is removed.

Bridge domain is constructed from one or more L2 service interfaces, called service-instance.

Command to create bridge domain: bridge <NAME>. Where NAME is an arbitrary name.

Bridge Domain Interface (BDI) is a logical interface that allows you to organize a bi-directional flow of traffic between the networks from the bridge domain to the L3 routing interfaces.

Basic configuration of the interface:

Example:

ecorouter(config)#interface NAME

ecorouter(config-if)#ip address 10.10.10.1 255.255.255.255

ecorouter(config-if)#connect to bridge NAME

BRAS ( Broadband Remote Access Server) sits at the edge of an ISP's core network, and aggregates user sessions from the access network. It is at the BRAS that an ISP can inject policy management and IP Quality of Service (QoS).

CoPP (Control-Plane Policing) is a management level policy.

Dynamic Host Configuration Protocol (DHCP) is a protocol for dynamically configuring the addressing of network hosts, allowing devices within the network to dynamically obtain IP addresses and other parameters for working in the network (TCP-IP) from the server or group of servers configured for this.

DNA (DoNotAge tag, DNA bit) is a sign of the "non-aging" of the LSA packet.

EcoBNGOS - Eco Broadband Network Gateway Operating System

Interface is a logical interface for the L3 address. Interface name is given by the administrator and is case sensitive (for example: intQQ and intqq, - are different interfaces). Only uppercase and lowercase letters, digits and '.' dot are allowed in the interface names.

In EcoRouterOS, there are L3 interfaces which serve to support certain functional (IP Demux, loopback interfaces, etc.) and are called respectively. As the name of ordinary logical interfaces for L3 addressing, you can not use the names of special interfaces (ALL NAMES ARE REGISTER-DEPENDENT):

• demux.<number>,
• loopback.<number>,
• pppoe.<number>,
• Null,
• vlan.

The basic interface configuration going in the configuration mode:

ecorouter(config)#interface NAME

Creating a user interface. Where NAME is arbitrary name.

General view of the command line to configure interface (context mode of interface configuration).

ecorouter(config-if)#

An assignment of IP address with prefix.

ecorouter(config-if)#ip address 10.10.10.1/24    

An assignment of IP address with a subnet mask.

ecorouter(config-if)# ip address 10.10.10.1 255.255.255.0

ecorouter (config-if) # static-mac 1c87.7640.fa02

Start the interface.

ecorouter(config-if)#no shutdown    

Shut down the interface.

ecorouter(config-if)# shutdown    

Intrusion Detection System (IDS) is a software tool designed to detect the facts of unauthorized access to a computer system or network or unauthorized management of them mainly through the Internet. Intrusion detection systems are used to detect some types of malicious activity that could compromise the security of a computer system. Such activities include network attacks against vulnerable services, attacks aimed at increasing privileges, unauthorized access to important files, as well as the actions of malicious software (computer viruses, trojans and worms).

IP Demux Interface is a virtual L3 interface which can be assigned to the IP address from the routed subnet.

Sending packets to the other subnets will be performed by means of binding to a specific port with a set of service instances.

Basic setup of IP demux interface:

Example:

ecorouter(config)#interface demux.0

ecorouter(config-if-demux)#ip address 10.10.10.1/24

LDP (Label Distribution Protocol) is the protocol of distribution of labels. Labels are generated for all routes in the routing table. All local labels are stored in the LIB. The labels spread in the direction from Egress LER to Ingress LER. Depending on the settings, the distribution of labels can occur either in the Downstream Unsolicited mode - distribution of labels to all neighboring routers at once, or Downstream-on-Demand - distribution of labels on request. The correspondence between the label and the network is sent to all LDP neighbors.

Loopback Interface is a virtual loop L3 interface. The name of the loopback interface is defined by the administrator and is case sensitive (for example: Int loopback.QQ and Int loopback.qq, - are different interfaces). The format of the name of the interface: loopback.<NAME> where <NAME> is a number.

In EcoRouterOS, loopback interface numbers must be unique among all created virtual routers. That is, the name loopback.100 can not be used in VR1 and VR2. If one try to use the same name in another virtual device, EcoRouterOS will display an error message explaining that the interface is being used on another device.

Basic setting of the loopback interface:

ecorouter(config)#interface loopback.111

Creating the loopback interface.

ecorouter(config-if-loopback)#ip address 1.1.1.1/32

An assignment of IP address with prefix.

Or:   

ecorouter(config-if-loopback)#ip address 1.1.1.1 255.255.255.255

Assignment of IP address with a subnet mask.

ecorouter(config-if-loopback)#no shutdown

Start the interface.

ecorouter(config-if-loopback)#shutdown

Shut down the interface.

LSA - Link State Advertisment, Link State Announcement.

LSU (Link State Update) - an update packet that can contain multiple LSAs.

MTU (maximum transmission unit) means the maximum useful size of a data block in a packet (payload), which can be transmitted by the protocol without fragmentation. When saying MTU, usually relates to the link layer protocol of the OSI model.

For many network protocols MTU does not exceed 1522 but in EcoRouter it is possible to set the MTU value in the range from 82 to 9728. In this way it becomes possible to use Jumbo frame (ethernet-frame for transmitting the data, greater than 1500 bytes).

MPLS (multiprotocol label switching)  is the mechanism that transfers data from one node of the network to another using tags.

NTP (network time protocol) is the protocol of time synchronization in the network.

Port is a device in the EcoRouter, that works at the data-link level. Physical ports are located on the front panel of the router.

The logic of naming and enumeration are described in the Equipment section.

By default, all ports are enabled on your device.

Below the basic port configuration commands are shown.

The transition to the level of a specific port's configuration. Where te1 is its name:

ecorouter (config) #port te1

Setting mtu values different from the standard in the range of 1504-9728. Optional parameter.

ecorouter (config-port) #mtu 1600

For administrative port shutdown use shutdown command in the port configuration context.

For administrative port turn on use no shutdown command in the port configuration context.

For both of these commands you will see report about link state changing.

If the port is turned off by system you will see in show port command its state like "administratively down".

All interfaces and service instances that are bound to the switched off port will be also switched off.

Example:

ecorouter#show port

Gigabit Ethernet [igb] port ge3 is up
 MTU: 9728
 LACP priority: 32767
 Input packets 12757610, bytes 4507446111, errors 0
 Output packets 41139047, bytes 47165314669, errors 0
 Service instance ge3.olia is up
 ingress encapsulation untagged
 ingress rewrite none
 egress encapsulation untagged
 egress none
 Connect bridge raccoon symmetric
 Input packets 12757610, bytes 4507446111
 Output packets 41139681, bytes 47165195683

Gigabit Ethernet [igb] port ge4 is down
 MTU: 9728
 LACP priority: 32767
 Input packets 1468304, bytes 249589783, errors 0
 Output packets 4598726, bytes 5586328327, errors 0
 Service instance ge4.sergey is down
 ingress encapsulation untagged
 ingress rewrite none
 egress encapsulation untagged
 egress none
 Connect bridge raccoon symmetric
 Input packets 1468303, bytes 249590010
 Output packets 4653951, bytes 5592867728

Gigabit Ethernet [igb] port ge5 is up
 MTU: 9728
 LACP priority: 32767
 Input packets 6878595, bytes 3664083768, errors 0
 Output packets 13210832, bytes 14688926470, errors 0
 Service instance ge5.alexander is up
 ingress encapsulation untagged
 ingress rewrite none
 egress encapsulation untagged
 egress none
 Connect bridge raccoon symmetric
 Input packets 6878604, bytes 3664084308
 Output packets 13212782, bytes 14688868859

Gigabit Ethernet [igb] port ge6 is down
 MTU: 9728
 LACP priority: 32767
 Input packets 3103204, bytes 504476889, errors 0
 Output packets 5093754, bytes 4810094601, errors 0
 Service instance ge6.timurr is down
 ingress encapsulation untagged
 ingress rewrite none
 egress encapsulation untagged
 egress none
 Connect bridge raccoon symmetric
 Input packets 3103202, bytes 504475973
 Output packets 5125510, bytes 4812650924

Gigabit Ethernet [igb] port ge7 is down
 MTU: 9728
 LACP priority: 32767
 Input packets 0, bytes 0, errors 0
 Output packets 0, bytes 0, errors 0

ecorouter(config)#port te0

ecorouter(config-port)#shutdown

ecorouter(config-port)#[Fri Sep  2 08:31:10 2016][INFO] PHYS: LINK is DOWN  on port 'te0(0)'

ecorouter#show port

 10 Gigabit Ethernet [none] port te0 is administratively down

  MTU: 9728

  LACP priority: 32767

   link state DOWN;

  Input packets 0, bytes 0, errors 0

  Output packets 0, bytes 0, errors 0

   Service instance te0.100 is down

    ingress encapsulation none

    ingress rewrite none

    egress encapsulation none

    egress none

    Input packets 0, bytes 0

    Output packets 0, bytes 0

   Service instance te0.200 is down

    ingress encapsulation dot1q any

    ingress rewrite none

    egress encapsulation dot1q any

    egress none

    Input packets 0, bytes 0

    Output packets 0, bytes 0

 10 Gigabit Ethernet [none] port te1 is up

  MTU: 9728

  LACP priority: 32767

   link state UP;

  Input packets 0, bytes 0, errors 0

  Output packets 0, bytes 0, errors 0

ecorouter(config-port)#no shutdown

ecorouter(config-port)#[Fri Sep  2 08:34:28 2016][INFO] PHYS: LINK is UP  on port 'te0(0)'

ecorouter#show port

 10 Gigabit Ethernet [none] port te0 is up

  MTU: 9728

  LACP priority: 32767

   link state UP;

  Input packets 0, bytes 0, errors 0

  Output packets 0, bytes 0, errors 0

   Service instance te0.100 is up

    ingress encapsulation none

    ingress rewrite none

    egress encapsulation none

    egress none

    Input packets 0, bytes 0

    Output packets 0, bytes 0

   Service instance te0.200 is up

    ingress encapsulation dot1q any

    ingress rewrite none

    egress encapsulation dot1q any

    egress none

    Input packets 0, bytes 0

    Output packets 0, bytes 0

 10 Gigabit Ethernet [none] port te1 is up

  MTU: 9728

  LACP priority: 32767

   link state UP;

  Input packets 0, bytes 0, errors 0

  Output packets 0, bytes 0, errors 0

PPPoE interface

The Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating PPP frames inside Ethernet frames. The PPPoE mostly used by xDSL services and provides additional features (authentication, encryption, and compression).

The PPPoE server configuration command in EcoRouter are shown in the table below.

pppoe-profile <PROFILE_NAME>

interface pppoe.<IF_NUMBER>

profile <PROFILE_NAME>

Pseudowire (pseudo-wire) or L2-circuit is a virtual private network service for communicating two network segments in a point-to-point manner. Any incoming traffic on the PE router is assigned an MPLS label over which the routing takes place.

QoS (quality of service) - this term refers to the probability that the communication network corresponds to a specified traffic agreement. QoS also means the ability to guarantee the delivery of packets, bandwidth control, prioritization for different classes of network traffic.

RADIUS (Remote Authentication in Dial-In User Service) – network protocol, designed to provide centralized Authentication, Authorization, and Accounting, (AAA) of users, that are connecting to various network services. Used, for example, for user authentication: WiFi, VPN, in the past, dialup-connections, and other similar cases. Described in the standards RFC 2058, RFC 2059, RFC 2865 and RFC 2866.

Service instance (subinterface, SI) is a logical subinterface operating between L2 and L3 levels. This type of interface is needed to connect the physical port with L3 interface, a bridge, ports. It is used for flexible traffic management which is based on the presence of VLAN tags in the frames, or the lack thereof. Through the service instance passes all traffic that entering the port. There can be a lot of service instances at the one port that handle different VLAN tags in the different ways.

The command to create the service instance: service-instance <NAME>.

Subinterface name is set by the administrator. In every line of service instance can have only one traffic attribute.

Example:

ecorouter(config)#port te0

The service instance is created in the port configuration mode.

ecorouter(config-port)#service-instance 100

ecorouter(config-service-instance)#encapsulation dot1q 4

Specifies the number of processed VLAN.

ecorouter(config-service-instance)#rewrite pop 1

Specifies the operation.

ecorouter(config-service-instance)#connect ip interface e1

Specifies in which interface you want to send the processed frames.

SNMP (Simple Network Management Protocol) is a standard Internet protocol for controlling devices in IP networks based on TCP / UDP architectures. With the SNMP protocol, network device management software can access information that is stored on managed devices (for example, on a switch). On managed devices, SNMP stores information about the device on which it is running in a database called MIB.

SNMP is one of the protocols that implement the concept of Internet Standard Management Framework.

Within the framework of this concept, a system consisting of three main elements is built for network management:

• The SNMP manager manages and monitors the network activity of the devices. It is often called the Network Management System (NMS);
• SNMP agent - software that runs on a managed device, or on a device connected to the management interface of a managed device. Gathers data from the managed device and sends it to the SNMP manager;
• Management Information Base (MIB) is a database that is used to manage devices on the network. It has a tree structure in which information about hosts is stored. The MIB elements have symbolic names and the corresponding numeric values - OID (of the format N.N.N ... .N).

TACACS+ (Terminal Access Controller Access Control System plus) — the session protocol, the result is further improvement of TACACS made by Cisco.

Improved Protocol security (encryption), and introduced the dividing of the functions of authentication, authorization and accounting, which can now be used separately.

TACACS+ uses the concept of sessions. Under TACACS + possible to establish three different types of sessions AAA (Authentication, authorization, accounting). Establishing a session type does not generally require prior successful establishment of any other. Protocol specification does not require to open the first session authentication for the opening of the authorization session. TACACS + server may require authentication, but the protocol does not specify this.

VRRP, Virtual Router Redundancy Protocol is a L3 redundancy protocol for devices in IPv4/6 networks.

Link aggregation means combining several channels into a single logical link for increased bandwidth and redundancy. You can add ports to the aggregated link if they are parallel and configured identically. That is, aggregated channels must connect two devices in parallel.

Up to 8 ports can be aggregated in one on the same or different cards of the router. The speed characteristics of ports must match for the aggregation. Also the ports should not be attached to service instances. Service instance for the operations with VLAN tags will be configured at the aggregated port (read more in the "Service Instances" section).

The administrative distance is the amount that the router uses to determine the best path to the destination network, if there are two or more routes to the network that are received using different routing protocols. The administrative distance controls the selection of one dynamic routing protocol or static route among others, when more than one protocol is added to the route in the same network in the routing table. Priority is given to the protocol with the lowest administrative distance.

A virtual router is a technology that allows you to configure several independent routing tables on the same physical router.

An inverse mask (a back mask, a wildcard mask, a wildcard mask) is a mask that gives in total for each digit with a straight line 255. Unlike a direct mask operating with networks, the reverse operates on hosts.

The inverse mask is used in access lists (except for cisco ASA), the description of networks in OSPF. The direct mask is used in all other cases. The number of direct masks is 33, the reverse - 4294967296.

Command Line Interface, CLI – the main EcoRouter control and monitoring interface.

ICMP (Internet Control Message Protocol) - network protocol included in TCP/IP protocol stack. ICMP is mainly used for error and other exceptions message transmitting during data transmitting.