Cisco ONS 15327 Manual page 13

Proxy Server is a set of three options (checkboxes) in the Provisioning > Network tabs listed under
Gateway Settings: Craft Access Only, Enable Proxy and Enable Firewall. These new features can be used
individually or in combination. Each is described briefly in the following sections.
Enable Proxy Server
When you select Enable Proxy, a proxy server task is activated on the ONS 15327 causing the ONS
15327 to behave in a similar manner to a SOCKS proxy for any other ONS 15327s that it has a DCC
connection to. A CTC workstation connected to an ONS 15327 proxy server has CTC visibility to
DCC-connected ONS 15327s and ONS 15454s even if there is no direct IP connectivity. All that is
required is that the CTC workstation has connectivity to the ONS 15327 that has proxy server enabled.
Firewall
The Firewall feature can prevent CTC workstations from using an ONS 15327's DCC communications
path to access other workstations on the DCN. When Firewall is enabled, unnecessary IP
communications are restricted between the ONS 15327's DCC channels and the XTC Ethernet port. The
node accomplishes this by discarding craft Ethernet packets not addressed to itself and DCC packets not
addressed to itself or to a DCC peer.
Craft Access Only
In previous releases, when an ONS 15327 XTC card detected an active link on its LAN port it would
advertise a route to other DCC connected ONS 15327s indicating that all packets with a destination
matching its own subnet should be routed to its LAN port. If two or more ONS 15327s were on the same
subnet and had active links, multiple routes would result for packets on this subnet. This would cause
some packets to be sent to one of the ONS 15327s and others to be sent to another resulting in loss of
connectivity to some of the nodes in CTC. In previous releases, this behavior could be prevented by
entering a static host route in the ONS 15327 with the connected CTC workstation as its destination.
The Craft Access Only feature allows multiple CTC sessions to ONS 15327 which are all on the same
subnet, without the need to enter static host routes. When the feature is enabled, the ONS 15327 will not
advertise routes to other 15327s it has DCC connectivity to. The ONS 15327 will only send packets for
the connected CTC workstation through its LAN port. Other packets arriving from or being sent to other
DCC connected nodes will be routed as though the CTC workstation is not connected.
Hitless Software Upgrades
Software upgrades from a previous release to Release 3.3 can be accomplished with no bit errors on
traffic traversing or terminating in the ONS 15327 outside of the standard thresholds for hitless
provisioning (60ms). The exception to this capability is the E-series Ethernet cards. Due to the necessary
topology change observed by the software during a XTC reset, and subsequent spanning tree
re-convergence, E-series cards do not pass traffic from the time of the active XTC reset (during
activation) until the E-series cards reboot, plus approximately 30 to 45 seconds for spanning tree
re-convergence. The total down time for E-series Ethernet traffic is approximately five minutes.
G-series Ethernet cards operate at layer one and do not lose traffic during an upgrade.
Note
OL-2671-01
New Features and Functionality
Release Notes for Cisco ONS 15327 Release 3.3
13