14 NETBUILDER SOFTWARE VERSION 11.1 RELEASE NOTES
of the queue policies, Priority Queuing, and Protocol Reservation are supported. In
addition to the currently supported policies, a metering algorithm has been added.
If the queue handler detects that the underlying bandwidth exceeds a certain
threshold specified, then the queueing and metering functions are effectively
bypassed and packets are transmitted directly without queuing. This optimizes
high-speed interfaces in which the customer assumes that everything presented to
the interface can be transmitted without going through the prioritization or
metering processing and without much fear of packet loss.
Firewall Enhancements
The recent enormous growth in the Internet has increased the security risks to
corporate and government networks. The existing Firewall Service has been
enhanced to support more predefined filters for popular applications, to allow you
to create your own filter definitions, and to combine noncontiguous IP addresses
into named groups to which firewall policies may be applied.
Firewall enhancements include:
■ Predefined service filters for multimedia applications such as Real Networks’
RealPlayer.
■ The ability to define a service and group of IP addresses.
■ Support for traceroute.
■ Additional predefined service filters.
■ Secure HTTP
■ BGP-4
■ Finger
■ Whois
■ SOCKS
■ DNS client-to-server.
■ IPSEC support for Encapsulated Security Payload (ESP) headers and
Authentication Headers (AH).
IP Version 6 (Phase II)
IPv6 Phase II features include the BGP-4 multiprotocol extensions for IPv6
inter-domain routing plus native IPv6 routing over PPP and point-to-point ATM
PVCs.
BGP-4 Enhancements
Enhancements have been incorporated that address the scaling issues with the
current BGP implementation. The new implementation also includes BGP-4+
features. BGP-4+ is an extension to the existing BGP protocol for handling
multiprotocol routing. For example, it enables interdomain routing of IPv4
multicast, IPv6 unicast, and IPv6 multicast network layers. The following network
layer reachability information attributes are implemented:
■ Multiprotocol Reachable NLRI
■ Multiprotocol Unreachable NLRI