[A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z]
Triple data encryption standard. A strengthened version of the data encryption standard (DES) documented in RFC 1851. Also known as triple DES , this standard is based on the existing DES, but has a key three times as long.
Physical specification for a type of Ethernet that transmits 10Mbps signals over thin 50-ohm baseband coaxial cable and has a cable length limit of 607 feet (185m) per segment. A 10Base2 Ethernet network is the least expensive Ethernet. This version of Ethernet is also known as thin Ethernet or Cheapernet .
Physical specification for a type of Ethernet that transmits 10Mbps signals over standard (thick) 50-ohm baseband coaxial cable and has a cable length limit of 1640 feet (500m) per segment. A 10Base5 Ethernet network provides a low-cost alternative to fiber optic cable for use as a backbone within one building. This version of Ethernet is also known as thick Ethernet .
Physical specification for a type of Ethernet that transmits 10Mbps signals over fiber optic cable and has a cable length limit of from 1640 feet to 6560 feet (500m to 2000m) per segment. Use a 10BaseF Ethernet network to link users in different buildings.
Physical specification for a type of Ethernet that transmits 10Mbps signals over unshielded twisted-pair cable and has a cable length limit of 330 feet (100m) per segment. A 10BaseT Ethernet network is the most flexible topology for LANs and is generally the best choice for most network installations.
Authentication, authorization, and accounting. A remote access security approach that controls network access by requiring user identification and restricting access to only particular resources. AAA, also known as triple A, maintains records of use for billing and network audit.
A set of rules that determine the path and route information the PortMaster® accepts from a BGP peer for further processing. See also policy .
See remote access server .
A packet sent by a network access server to a RADIUS server when a user logs in to the network access server. The access-request packet includes the user's login name and password and information about the connection made by the user to the network access server. RADIUS uses the access-request to authenticate the user and authorize services to the authenticated user.
A type of router used to link a LAN across a WAN. An access router uses an Ethernet port to connect to a LAN and one or more asynchronous and/or synchronous ports to provide the LAN with a long-distance connection to another router on another network. PortMaster Office Routers and PortMaster IRX products are access routers.
See remote access server .
See RADIUS accounting .
See ARP .
A relationship between two routers on the same physical network or between the endpoints of a virtual link that controls the distribution of routing protocol packets by limiting their exchange to those routers or endpoints.
Asymmetric digital subscriber line. A modem and compression technology that can transmit multiple channels of multimedia data over regular telephone lines. An ADSL circuit is much faster than a regular telephone connection even though the customer connection is the same copper wires used for regular telephone service. Because an ADSL circuit must be configured to connect two specific locations, it is similar to a leased line.
A set of rules that determines the path and route information the PortMaster advertises to a BGP peer. See also policy .
The process of combining multiple prefixes from one or several routes so that a single prefix and route can be advertised. Route aggregation reduces the amount of information that a device running BGP must store and exchange with its BGP peers. See also summarization .
The American National Standards Institute (ANSI) T1.617 Frame Relay Annex-D version of the Local Management Interface (LMI) protocol. The Annex-D protocol has a more robust feature set than the proprietary Cisco/Stratacom LMI, but was developed later. Recent versions of the PortMaster software support either type of LMI. Earlier versions supported only the Cisco/Stratacom version. See also LMI .
Application program interface or application programming interface. An interface between an operating system and application programs that includes the calling convention used for their communication and the services that the operating system makes available to the programs. An API provides a set of routines, protocols, and tools for building software applications, and specifies the standard software interrupts, calls, functions, and data formats that an application must use to initiate contact with hardware or network services. Programmers can use the API to write applications consistent with the operating environment without having to know all about it. In contrast to an API, a graphical user interface (GUI) and command interface are direct user interfaces to either the application or the operating system.
1) A small application, such as a utility or other small program, that does not run on its own but is embedded and run from within another application. Applets often cannot access certain resources on the local computer, such as files and serial devices, and cannot communicate with most other computers across a network. 2) A small distributed application created with the Sun Microsystems Java programming language. Java applets are often embedded in HTML pages and can be downloaded and used by any computer equipped with a Java-capable browser. See also HTML ; Java .
See ARA .
See API .
See API .
ARCHIvE. An Internet utility for finding files stored on anonymous FTP sites. To find a file with Archie, you must know the exact filename or a substring of it. See also FTP .
In OSPF, a router that attaches to the backbone and one other area. An area border router runs separate copies of the shortest-path-first (SPF) algorithm for each area it attaches to. Area border routers condense the topological information of their attached areas and distribute it over the backbone to the other areas.
Address Resolution Protocol. A protocol that discovers the unique physical hardware address of a node or a LAN from its IP address. When an ARP request is sent to the network, naming the IP address, the machine with that IP address returns its physical address so that it can receive the transmission.
See ADSL .
Not synchronized by a shared signal and therefore proceeding independently; not occurring at predetermined or regular intervals.In asynchronous communication, data is transmitted character by character, intermittently rather than in a steady stream. Transmission can start and stop at any time. The beginning of a character of asynchronous data is indicated by a start bit, and the end is indicated by a stop bit. Asynchronous communication is slower and less efficient than synchronous communication, but usually simpler and cheaper. All PortMaster products have at least one asynchronous port for connection to a console, or to connect an external modem, mainframe computer, or other peripheral device to the local network. Compare synchronous .
See ATM .
Asynchronous Transfer Mode. A packet switching network technology that organizes digital data into 53-byte cells, or packets, and transmits them via digital signal technology. ATM creates a fixed channel, or route, between two points whenever data transfer begins. The short, standardized ATM cells can be processed through a digital ATM switch and transmitted at speeds of 600Mbps or more. ATM supports multiple services, including voice, graphics, data, and video, and allows telephone and cable TV companies to dynamically assign bandwidth to individual customers.
An international nonprofit organization formed to accelerate the use of Asynchronous Transfer Mode (ATM) products and services through a rapid convergence of interoperability specifications. In addition, the Forum promotes industry cooperation and awareness.
In RADIUS, the name of a characteristic that identifies (authenticates) a user or configures (authorizes) a user's session, and its value. Attribute-value pairs, also known as AV pairs, define the RADIUS protocol. Packets that are sent between a RADIUS server and a network access server consist of attribute-value pairs--for example, password = "s64bigE&rt" .
See RADIUS authentication .
See AAA .
See RADIUS authorization .
A collection of routers under the control of a single technical administration, using one or more Interior Gateway Protocols (IGPs)--such as OSPF--to route packets within itself, and an Exterior Gateway Protocol (EGP)--such as BGP--to route packets to other autonomous systems. An autonomous system typically uses a common BGP policy and always presents a consistent view of network reachability to other autonomous systems.
In OSPF, a router that exchanges information with routers from other autonomous systems. Autonomous system border routers are also used to import routing information about RIP, direct, or static routes from non-OSPF attached interfaces.
In BGP, the list of autonomous systems that a packet must traverse to reach a given set of IP address destinations located within a single autonomous system destination. The list can consist of sequences (which are series of autonomous systems that must be traversed in the order specified) and sets (which are collections of autonomous systems, one of more of which must be traversed in any order to the destination). For example, an autonomous system path list might consist of Sequence 1, 2, 3, Set 4, 5, Sequence 6, 7. This list indicates that a packet traverses autonomous systems 1, 2, and 3 in order, then one or both of autonomous systems 4 and 5 in any order, and finally autonomous systems 6 and 7 in order. Autonomous system 7 is the destination autonomous system.
In OSPF, an area consisting of networks and routers not contained in any area and autonomous system border routers. The backbone area is responsible for distributing routing information between areas. This backbone area must be contiguous either physically or through a virtual link. The number reserved for the backbone area is 0.0.0.0.
See BRI .
Bulletin board system. A computer service reached via modem or Telnet that allows users to conduct discussions, upload or download files, and post announcements. Some BBSs are devoted to specific interests; others offer a more general service. The World Wide Web is superseding most BBSs because it provides wider, cheaper access to information.
Bearer channel. The ISDN channel that is the primary carrier of data, voice, and other services. An ISDN Basic Rate Interface (BRI) has a single 64Kbps B channel, and an ISDN Primary Rate Interface (PRI) has either 23 B channels (in the United States) or 30 B channels (in Europe).
Border Gateway Protocol. A routing protocol for exchanging network reachability information among autonomous systems. A routing device can use this information to construct a "map" of autonomous system connectivity. Version 4 of this protocol (BGP-4), which supports classless interdomain routing (CIDR) and route aggregation, is the predominant routing protocol used to propagate routes between autonomous systems on the Internet. BGP uses TCP as its transport protocol
Version 4 of BGP. See also BGP .
Binary digit. 1) The basic unit of information. 2) The amount of information obtained as the answer to a yes-or-no question. (3) A computational quantity that can take on one of two values, such as true and false , or 0 and 1. (4) The smallest unit of storage that is sufficient to hold one bit. See also bps ; byte .
See bps .
Internet Bootstrap Protocol. Protocol used by a network node to determine the IP address of its Ethernet interfaces for network booting. When dumb hosts send a broadcast packet out on the network, UNIX hosts running BOOTP reply with an IP address, the address of a boot server, and the path of a configuration file to be loaded at boot time.
See BGP .
Basic Rate Interface. An ISDN interface for homes and small businesses that consists of two 64Kbps B channels for voice or data and one 16Kbps D channel for signaling. Compare PRI .
See BBS .
A set of bits (usually 8) that represent a single character. See also bit .
A remote access server configuration that disconnects a dial-in user and then calls the user back at a pre-established telephone number before providing access. Callback provides an extra layer of security and can simplify telephone charges. Callback is sometimes known as dialback .
Competitive access provider. A company that provides network links between the customer and the interexchange carrier (IEC) or even directly to the Internet service provider (ISP). CAPs operate private networks independent of local exchange carriers. See also CLEC .
See CD .
Consultative Committee for International Telegraph and Telephone. International organization formerly responsible for the development of communications standards and now called the ITU-T . See also ITU-T .
Carrier Detect. A signal that indicates whether an interface is active. Also, a data communications equipment (DCE) signal--Data Carrier Detect (DCD)--generated by a modem indicating that a call has been connected.
See CO .
Common gateway interface. A standard set of rules for transferring information between a World Wide Web server and a CGI program--any program designed to accept and return data that conforms to the CGI specification. For example, a CGI program can put the content of a form into an email message, or transform data into a database query. The program can be written in any programming language, including C, Perl, Java, or Visual Basic.
See CHAP .
See CSU .
Challenge Handshake Authentication Protocol. A Point-to-Point Protocol (PPP) authentication method for identifying a dial-in user. The user is given an unpredictable number and challenged to respond with an encrypted version. CHAP does not itself prevent unauthorized access; it merely identifies the remote end. See also PAP .
Real-time communication between two users on the Internet via computer. See also IRC .
A packet-filtering application that enables central server storage of filters, dynamic filter downloading, and the control of user access based on lists of sites rather than individual sites. Developed by Lucent Technologies, the ChoiceNet server is shipped with all PortMaster remote access servers and routers.
In object-oriented programming, a category of objects. The class defines the common properties, operations, and behaviors of different objects that belong to it. For example, a class called shape might contain objects that are circles, rectangles, and triangles. A class can be regarded as a template definition of the methods and variables in a particular kind of object. A class with subclasses, which inherit all or some of its characteristics, is also known as a superclass. The structure of a class and its subclasses is called a class hierarchy. See also class library ; object ; subclass .
A collection of related classes that solve specific programming problems. See also class .
See CIDR .
A forwarding server in a proxy confederation that stores the addresses of all remote servers so that the other forwarding servers need to store only its address. The clearing house server forwards requests from forwarding servers to remote servers, and passes information back from the remote servers to the forwarding servers.
Competitive local exchange carrier. A company that provides local dial-tone services as well as long-distance, data, and Internet services, usually to corporate markets in metropolitan areas. Many CLECs can compete with established regional Bell operating companies (RBOCs) because they use more current technology. See also CAP .
A software program on one computer that contacts and obtains data from a server software program running on another computer. Each client program is designed to work with one or more specific kinds of server programs, and each server requires a specific kind of client--a World Wide Web browser, for example.
An environment where a computer system or process requests a service from another computer system. For example, a workstation can request services from a file server across a network. The ChoiceNet product, for example, runs in a client-server environment.
An identifier, in dotted decimal format, that uniquely identifies a BGP route reflection cluster within an autonomous system. All route reflectors within the cluster must be configured with the same cluster ID. Internal peers that are not reflectors within the cluster must not be configured with a cluster ID. The cluster ID is typically set to the BGP router ID of one of the route reflectors within the cluster. See also cluster ; route reflection ; route reflector .
Confederation member autonomous system. A subdivision of an autonomous system that is recognized only by other peers within the confederation. Within the confederation, each BGP peer treats only the peers in its own CMAS as internal peers. Peers in different CMASs are treated as external peers.
The visual appearance and command input conventions that enable system administrators and system operators to configure, monitor, and manage the connected nodes in a data network. This type of direct command-entry screen interface is distinguishable from graphical user interfaces (GUIs). Compare GUI .
See CIR .
See CGI .
A remote access device with one or more asynchronous ports that provides dial-up network access to users and devices without network interfaces. A communications server allows remote users, nonnetwork printers, mainframe computers, and other peripherals to connect to a network through its asynchronous port(s). PortMaster 2 products are communications servers. Compare remote access server .
A label that identifies a group of BGP destinations for the purpose of policy enforcement. Assembling destinations into identifiable "communities" lets BGP peers base policy decisions on the identity of the group rather than on individual destinations. The community identifier, which consists either of one 32-bit value or two 16-bit values, is advertised in update messages between BGP peers.
See CAP .
See CLEC .
A protocol that can improve Internet transmission speeds by as much as 400 percent by compressing data at the sending modem and decompressing it at the receiving modem. For PortMaster products, ComOS version 3.7 or later implements the PPP Compression Control Protocol (RFC 1962) and Stac LZS Compression Protocol (RFC 1974). Stac LZS data compression is available only on the PortMaster 3 and PortMaster Office Routers.
In BGP, an autonomous system that has been subdivided into smaller autonomous systems called confederation member autonomous systems . (CMASs). A confederation appears like a single autonomous system to other autonomous systems and is recognized only by other confederation members. Subdivision of an autonomous system into a confederation changes the peer relationships of confederation members in different CMASs from internal to external. Use of confederations in an autonomous system requires that all routers in the autonomous system belong to a CMAS; however, the policies used by BGP peers can change across confederation boundaries. Confederations are one method for avoiding the overhead of having all peers within an autonomous system fully communicate to--be fully meshed with--each other. Route reflection clusters provide an easier method, but require the use of identical policies on all peers within the autonomous system. See also route reflection .
Any router running BGP and recognizing that its autonomous system is subdivided into smaller autonomous systems called confederation member autonomous systems (CMASs). The CMASs are recognized only by confederation members and not by peers external to the confederation. Subdivision of an autonomous system into a confederation changes the peer relationships of confederation members in different CMASs from internal to external.
See CMAS .
See CCITT .
A small data file written to your hard drive by some websites when you view them in your browser. These data files contain information the site can use to track such things as passwords, lists of pages you have visited, and the date when you last looked at a certain page. Cookies maintain continuity in a series of requests and responses to the website.
An arbitrary value assigned by a network administrator and used to compare paths through an internetwork environment. Cost is normally based on hop count, media bandwidth, or other measures. Routing protocols use cost values to determine the best--lowest-cost--path to a particular destination.
Customer premises equipment. Any hardware or software installed at a customer's site--such as routers, access servers, communications servers, terminal adapters, or modems--to enable communications with the public switched telephone network (PSTN). Maintenance of this equipment is primarily the responsibility of the customer rather than the responsibility of the local and/or long-distance carrier.
Cyclic redundancy check. An error-detection technique that derives a binary number by reading an incoming block of data and comparing it with a number transmitted with the data. If the numbers do not match, an error exists. See also CRC error .
See CPE .
See CRC .
A large collection of data organized for rapid search and retrieval, relatively simple management, and ease of updating. Traditional databases are organized by fields, records, and files. A field is a single piece of information, a record is one complete set of fields, and a file is a collection of records. The most prevalent type of database is the relational database. A database management system (DBMS) is required to access information from a database. See also DBMS ; distributed database ; object-oriented database ; RDBMS; relational database .
See DBMS .
See DCE .
See DCE .
See DES .
See DLCI .
See DSU .
See DSR .
See DTE .
See DTR .
Database management system. A collection of programs that enables you to store, modify, and extract information--organized in fields, records, and files--from a database. The DBMS accepts requests for data from the application program and instructs the operating system to transfer the appropriate data. Requests for information from a database are made in the form of a query--a stylized question. The terms relational , network , flat , and hierarchical refer to the way a DBMS organizes information internally. The internal organization can affect how quickly and flexibly information is extracted. New categories of data can be added to the database without disruption to the existing system. A DBMS also controls the security and integrity of the database. See also RDBMS .
Data communications equipment or data circuit-terminating equipment. Devices and connections of a communications network that make up the network end of the interface between the network and the user. The DCE provides a physical connection to the network, forwards traffic, and provides a clocking signal to synchronize data transmission between DCE and data terminal equipment (DTE) devices. Modems and interface cards are DCEs.
Data channel or delta channel. A full-duplex, 16Kbps Basic Rate Interface (BRI) or 64Kbps Primary Rate Interface (PRI) ISDN channel for performing call signaling and setup to establish a connection. The D channel is sometimes also used to carry user data.
In BGP, an arbitrary rating number that the PortMaster assigns to every route it receives from a BGP peer. A higher number indicates a greater preference for a route when more than one exists to a destination. A route from an internal peer is assigned the local preference number that the PortMaster learned with the route. For a route learned from an external peer, the PortMaster calculates a number based on the autonomous system path length; the shortest path is preferred. You can use a routing policy rule to override the calculated or learned value and assign your own degree of preference to a route. See also local preference .
Data encryption standard. A popular block encryption method based on a 56-bit key. DES has been adopted by the U.S. Department of Defense and standardized as American National Standards Institute (ANSI) standards X3.92 and X3.106.
In BGP, the final autonomous system in the autonomous system path whose IP address prefixes and associated netmasks are reported in the network layer reachability information (NLRI) field of an update message. A destination and its path comprise a BGP route. See also path ; route .
Dynamic Host Configuration Protocol. The underlying protocol for a network administration software tool that enables network managers to set up servers to automatically supply IP addresses and configuration settings to clients. DHCP extends and enhances the BOOTP protocol by providing reusable IP addresses and allocating IP addresses based on subnet, client ID string, or media access control (MAC) address.
See callback .
See DNIS .
See RADIUS dictionary .
See DSU .
See DSP .
See DSL .
See DMA .
A database that can be dispersed or replicated among different points in a network. See also database .
Data link connection identifier. A unique number that represents a particular permanent virtual circuit (PVC) on a particular physical segment of the Frame Relay network. As the frame is passed through each switch, the DLCI is remapped automatically by the switch as necessary.
Dynamic link library. A file containing executable routines--generally performing a specific function or set of functions--that is stored separately, loaded into memory only when required, and unloaded when space is needed for other applications. A DLL conserves memory, can be shared by other programs, and can be modified without changes to the calling program or other DLLs.
Dialed number identification service. A caller identification service that provides you with the number that the caller dialed. DNIS is typically a feature of 800 and 900 lines and is useful when calls from multiple 800 or 900 numbers are routed to the same destination. This service is most often provided on T1 lines by passing touch-tone dual-tone multifrequency (DTMF) or multifrequency (MF) digits and requires a T1 voice board.
A name that identifies one or more IP addresses. Domain names are used in uniform resource locators (URLs) to identify particular World Wide Web pages. Domain names always have two or more parts: the part to the left is the most specific, and the part to the right is the most general (as, for example, Lucent.com ). A given machine can have more than one domain name, but a given domain name points only to one machine. Because the Internet is based on IP addresses, not domain names, every Web server requires a Domain Name System (DNS) server to translate domain names into IP addresses.
See DNS .
Common n.n.n.n notation for IP addresses. Each number n represents, in decimal, 1 byte of the 4-byte IP address. Dotted decimal notation is also known as dot address, dotted notation, dotted quad notation, or four-part notation.
Digital signal level 1. See T1 .
Digital subscriber line. A technology that uses sophisticated modulation schemes to pack data onto copper wires for connections from a telephone switching station to a home or office. DSL is similar to ISDN because both operate over existing copper telephone lines and require runs of usually less than 20,000 feet to a central telephone office. However, DSL offers much higher speeds than ISDN. Types of DSL include asymmetric DSL (ADSL), symmetric DSL (SDSL), high-data-rate DSL (HDSL) and single-line DSL (SDSL). See also ADSL .
Digital signal processor. A specialized digital microprocessor that performs calculations on digital signals that were originally analog to improve their accuracy and reliability. Most DSPs are programmable and can manipulate different types of information, including sound, images, and video.
Data Set Ready. The circuit that is activated when data communications equipment (DCE) is started up and ready for use. See also DCE .
Digital service unit or data service unit. An ancillary device needed to adapt the physical interface on a data terminal equipment (DTE) device--such as a V.35 interface on a port--to a transmission facility--such as leased line or a Frame Relay switch. If the DTE lacks complete digital line interface capability, the DSU can be located with the channel service unit (CSU) on the customer's site and known as a CSU/DSU . See also CSU .
Data terminal equipment. A device at the user end of the interface between the network and the user. The DTE connects to a data network through data communications equipment (DCE)--such as a modem or an interface card. DTEs convert user information into data signals for transmission, and reconvert received data signals into user information. Compare DCE .
See DDE .
See DHCP .
See DLL .
See DRAM .
A digital WAN carrier facility used predominantly in Europe that carries data at a rate of 2.048Mbps. E1 lines can be leased for private use from common carriers and can be connected with T1 lines for international use. Compare T1 .
A specialized, predefined BGP policy that simplifies the use of PortMaster routers in straightforward multihomed environments. When you define easy-multihome for a peer, you restrict what the PortMaster handles from the peer to information that is no more than two autonomous system hops away from the PortMaster. Only information that meets this criterion is accepted from the peer, put into the routing table used to forward packets to their destinations, and advertised to other peers. If you define easy-multihome for a peer, you must also define a default route on each router in your autonomous system to point them to destinations more distant than two hops. See also multihome routing ; policy .
Exterior BGP. The BGP used between peers in different autonomous systems, or, when confederations are in use, between peers in different confederation member autonomous systems (CMASs). Unlike internal BGP peers, EBGP peers need not have full connectivity with one another.
A diagnostic test used to check network reachability in which an Internet Control Message Protocol (ICMP) Echo Request packet or Simple Network Management Protocol (SNMP) test packet is sent to elicit a standard response.
See ESP .
Encapsulating Security Payload. A mechanism, documented in RFC 1827, for providing integrity and confidentiality to IP datagrams by means of encryption. See also IPSec .
A network communications system developed and standardized by Digital Equipment Corporation, Intel, and Xerox using baseband transmission, carrier sense multiple access/carrier detect (CSMA/CD) access, logical bus topology, and coaxial cable. The successor IEEE 802.3 standard provides for integration of Ethernet into the Open System Interconnection (OSI) model and extends the physical layer and media with repeaters and implementations that operate on fiber optic cable, broadband, and unshielded twisted pair (UTP).
See EBGP .
An intranet that is accessible to authorized outsiders. You can access an extranet only if you have a valid username and password, and your identity determines which parts of the extranet you can view. Extranets are a popular means for business partners to exchange information. Compare intranet .
Frequently asked questions. Documents that list and answer the questions most often asked about a particular subject. The World Wide Web contains thousands of FAQs on subjects as diverse as pet grooming and cryptography.
Fiber Distributed Data Interface. A standard for transmitting data on fiber optic cable at rates of up to 100 million bits per second--10 times as fast as Ethernet, and about twice as fast as T3. FDDI networks are typically used as backbones for WANs.
See FDDI .
See FTP .
Generally, a process or device that screens network traffic for certain characteristics, such as source address, destination address, or protocol, and determines whether to forward or discard that traffic based on the established criteria.
A way to restrict access between the Internet and an internal network. Most often, a firewall is a set of hardware components with appropriate filtering software that can guard an internal network against known problems or intruders, or isolate less secure parts of the internal network from other parts.
A PortMaster IRX router with two Ethernet ports that provides two networks: a public network accessible to the Internet via World Wide Web and File Transfer Protocol (FTP) servers, and a private internal network protected from Internet traffic and potential intruders.
See NVRAM .
A technique for ensuring that a transmitting entity, such as a modem, does not overwhelm a receiving entity with data. When the buffers on the receiving device are full, a message is sent to the sending device to suspend the transmission until the data in the buffers has been processed. Flow control can be software-based, or hardware-based.
A server running a version of RADIUS that supports proxy service. The forwarding server passes a request for service from a proxy user to a remote server--or another forwarding server--for authentication.
A packaging structure for network data and control information. A frame consists of an opening flag, address, control protocol, data, padding, frame check sequence, and closing flag. The 802.3 standard for Ethernet specifies that the minimum size data frame is 64 bytes and the maximum size data frame is 1518 bytes.
An industry-standard switched data link layer protocol that handles multiple virtual circuits using high-level data link layer control (HDLC) encapsulation between connected devices. It is used across the interface between user devices (for example, hosts and routers) and network equipment (for example, switching nodes). Frame Relay is more efficient than X.25, the protocol it replaced.
See FRAD .
See FAQ .
File Transfer Protocol. A TCP/IP protocol used to transfer files between network hosts or two Internet sites. Many Internet sites can be publicly accessed through the use of FTP. Users can log in with the account name anonymous . These sites are called anonymous FTP servers .
A combination of hardware and software linking two or more networks that use different protocols. Gateways between email systems, for example, allow users on different email systems to exchange messages. Gateways provide address translation services, but do not translate data.
See GRE .
Graphics interchange format. A common format for image files on the World Wide Web and elsewhere on the Internet, especially suitable for images containing large areas of the same color. GIF is a bit-mapped format that also includes data compression. See also JPEG .
See GUI .
See GIF .
Generic Routing Encapsulation. A protocol documented in RFC 1701 that allows one network protocol to be transmitted over another by encapsulating its packets--called payload packets --within GRE packets, which in turn are contained within packets of the outer or delivery protocol. RFC 1702 describes the use of GRE when the delivery protocol is IP.
Graphical user interface. A software interface based on pictorial representations and menus of operations and files. Compare command line interface .
The ITU-T recommendation describing terminals that send video, audio, and computer (multimedia) data over low bit-rate networks such as the public switched telephone network (PSTN). H.324 terminals can be integrated into PCs or implemented in stand-alone devices such as videotelephones.
Keyed-hashing message authentication code. A message authentication mechanism that uses cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function--for example, MD5 or SHA-1--in combination with a secret shared key. The effectiveness of HMAC depends on the properties of the underlying hash function. See also MD5 ; SHA-1 .
Measurement of the distance between a source and destination that is used as a metric to compare routes. If a packet traverses six routers between source and destination nodes, the hop count for the packet will be 6 when it arrives at its destination node.
Able to be removed and replaced while the power is on and the system is operating. Hot-swapping components might disrupt service, however. For example, the line boards on a PortMaster 4 are hot-swappable because they can be replaced while ComOS is operating in a unit that is plugged in and turned on. Although you must turn off the line board and thereby terminate any services it is actively providing, the PortMaster 4 retains the board's settings so that the new board requires no reconfiguration after the swap. Compare redundant .
HyperText Markup Language. The authoring language used to create hypertext documents for the World Wide Web. Like the Standard Generalized Markup Language (SGML), on which it is based, HTML identifies the types of information in a document rather than the exact way it is to be presented. The presentation is left to the software that converts the contents to a suitable format for viewing. HTML also provides a way to link a word or block of text on a website to another file on the same or another website. See also HTTP .
HyperText Transfer Protocol. The application protocol for moving hypertext files across the Internet. This protocol requires an HTTP client program on one end of a connection and an HTTP server program on the other.
See HTML .
See HTTP .
Interior BGP. The BGP used between peers in the same autonomous system, or, when confederations are in use, between peers in the same confederation member autonomous system (CMAS). All IBGP peers must maintain direct BGP connections to--be fully meshed with--every other internal peer, but need not be physically attached to one another.
Internet Control Message Protocol. The part of the Internet Protocol (IP) that allows for generation of error messages, test packets, and informational messages related to IP. This protocol is used by the ping function to send an ICMP Echo Request to a network host, which replies with an ICMP Echo Reply.
The transmission of signaling information over the same path as data and/or voice information. Compare out-of-band signaling .
A set of rules that determine the path and route information the PortMaster takes from BGP and places into its routing table used to forward packets to their destinations. The PortMaster uses the information to determine how packets it receives are forwarded to their ultimate destinations. See also policy .
See remote access server .
See ISDN .
Connection and interaction between hardware, software, and the user. The interface between components in a network is called a protocol . On the PortMaster, the virtual connection between a PortMaster port and the network to which it is connected is called an interface . The connection can be permanent, as with the Ethernet interface or network hardwired ports, or it can be temporary, as with ports used for dial-in or dial-out connections.
See IBGP .
See ISO .
See ITU-T .
The total collection of interconnected networks and attached devices that use TCP/IP protocols. World-wide the Internet currently consists of several large national backbone networks and several regional and campus networks.
See ICMP .
See IETF .
See InterNIC .
See IPX .
See IP .
See IPSec .
See IRC .
See ISP .
See VoIP .
A private internetwork inside a company or agency that uses the same kind of software running on the Internet, but only for internal purposes. A corporate intranet uses the Internet as its backbone, but the firewall surrounding the intranet prevents unauthorized access. Like the Internet, intranets are used to share information. See also Internet ; extranet .
A 32-bit number assigned by the system administrator, usually written in the form of four decimal fields separated by periods--for example, 192.168.200.1. Any computing device that uses IP must be assigned an Internet or IP address. Part of the Internet address is the IP network number (IP network address), and part is the host address (IP host address). All machines on a given IP network use the same IP network number, and each machine has a unique IP host address. The system administrator sets the subnet mask to specify how much of the address is network number and how much is host address.
An IP address number that, when paired with a netmask length, represents a range of addresses rather than a single IP network. For example, the prefix and netmask length 10.0.0.0/8 describe all networks whose IP addresses begin with 128. See also netmask length .
See IPCP .
Internet Protocol Security. A set of protocols being developed by the Internet Engineering Task Force (IETF) to support secure exchange of packets at the network layer. IPSec is useful for virtual private networks (VPNs) and for remote user access through dial-up connection to private networks. IPSec provides two choices of security service: Authentication Header (AH), which allows authentication of the sender of data, and Encapsulating Security Payload (ESP), which supports both sender authentication and data encryption.
IP-based virtual private network. See VPN .
See IPXWAN .
Internet Relay Chat. A protocol that provides real-time communication over the Internet via a series of linked, Internet-connected IRC servers. IRC allows anyone with Internet access and IRC client software to chat with others who have similar access. Unlike older chat systems, IRC is not limited to just two participants. See also chat .
Integrated Services Digital Network. A digital communications standard that enables the transmission of information over existing twisted pair telephone lines at higher speeds than standard analog telephone service. ISDN is available at two levels of service: Basic Rate Interface (BRI) for home and small business use and Primary Rate Interface (PRI) for larger users. Both levels provide multiple B (bearer) channels for data, voice, and other services, and one D channel for control and signaling information. See also BRI ; PRI .
Internet service provider. A company that provides individuals and other companies with access to the Internet and other related services. An ISP has the equipment and the telecommunication line access required to provide points-of-presence (POPs) on the Internet for the geographic area served. Larger ISPs who have their own high-speed leased lines are less dependent on the telecommunication providers and can provide better service to their customers.
International Telecommunication Union Telecommunication Standardization Sector. International organization that develops worldwide standards for telecommunications technologies. The ITU-T carries out the functions of the former CCITT. See also CCITT .
1) A device that provides improper electrical signals on a network. On an Ethernet network, which uses electrical signal levels to determine whether the network is available for transmission, a jabber can cause the network to halt because it indicates to all other devices that the Ethernet is busy. 2) To transmit meaningless data via networks.
A cross-platform, object-oriented programming language invented by Sun Microsystems. Java programs can be easily downloaded to a computer from the Internet. Small Java programs called applets add special features to World Wide Web pages including animation and interactive tools like calculators. See also applet .
See JDBC .
See JDK .
See JRE .
See JVM .
Sometimes known as Java database connectivity. A Java application programming interface (API) for carrying out structured query language (SQL) statements. JDBC consists of a set of classes and interfaces written in the Java programming language. It provides a standard API for tool and database developers to write database applications in pure Java.
Java development kit. A suite of software than enables programmers to write applets and applications conforming to the Java 1.1 core application programming interface (API). Applets written with the JDK can be run by browsers supporting Java.
Java Runtime Environment. The smallest set of executable programs and files that constitute the standard Java platform. The JRE consists of the Java Virtual Machine (JVM), the Java platform core classes, and supporting files. Because it is the runtime part of the Java development kit (JDK), the JRE includes no compiler, debugger, or tools.
See JPEG .
Joint Photographic Experts Group. A bitmapped format for image files. JPEG provides lossy compression by segmenting the picture into small blocks, which are divided to get the desired ratio; the process is reversed to decompress the image. JPEG format is preferred over GIF files for the storage and transmission of color and grayscale photographs. See also GIF .
Java Virtual Machine. Software that acts like a mini-PC, interpreting the Java code so that the PC itself does not have to. A single Java applet or application can run unmodified on any operating system that has a virtual machine, or VM. Sun Microsystems writes a virtual machine that it licences to other companies, but operating system vendors generally write their own.
A technology developed by Lucent Technologies and Rockwell International for delivering data rates up to 56Kpbs over standard telephone lines. K56flex sends digital data downstream --to a modem at a home or business but not from it. Data transmission in the upstream direction takes place at speeds of up to only 33Kbps. K56flex technology conforms to the ITU-T-approved V.90 standard for 56Kbps modems.
A periodic message sent between BGP peers to keep their BGP sessions open. If a preset amount of time elapses between keepalive messages from a peer, the PortMaster identifies the peer as no longer operational and drops the session--and any information learned from that peer. See also notification message ; open message ; update message .
See HMAC .
See Kb .
See Kbps .
See KB .
Layer 2 Forwarding. A protocol developed by Cisco Systems and similar to the Point-to-Point Tunneling Protocol (PPTP) developed by Microsoft Corporation. L2F supports the creation of secure virtual private networks (VPNs) over the Internet. Cisco and Microsoft recently agreed to merge their protocols into a single standard called Layer Two Tunneling Protocol (L2TP) . See also L2TP .
Layer 2 Tunneling Protocol. An extension to the Point-to-Point Protocol (PPP) that enables Internet service providers (ISPs) and others to operate virtual private networks (VPNs) over the Internet. L2TP interoperates with such existing standard security protocols as RADIUS. See also L2F .
L2TP access concentrator. A Point-to-Point Protocol (PPP) access server with Layer 2 Tunneling Protocol (L2TP) capabilities that provides the physical connection (usually a modem or ISDN port) between the dial-in user and the outsourcer. On a PortMaster 4, a LAC can be a single line board or the entire device. See also LNS; outsourcer.
Local area network. A local collection, usually within a single building or several buildings, of PCs and other devices connected by cable to a common transmission medium, allowing users to share resources and exchange files. Compare WAN .
1) The delay between the time a device requests access to a network and the time it is granted permission to transmit. 2) The delay between the time when a device receives a frame and the time that frame is forwarded out the destination port.
See L2F .
See L2TP .
Lightweight Directory Access Protocol. A proposed open standard for directory services that enables anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on a corporate intranet. Endorsed by more than 40 companies, LDAP allows corporate directory entries to be arranged in a hierarchical structure that reflects geographical and organizational boundaries rather than according to arbitrary codes. LDAP is based on the standards contained within the X.500 standard, but is significantly simpler and supports TCP/IP.
A permanent telephone connection between two points that is rented for exclusive use from a telecommunications common carrier. In contrast to a normal dial-up connection, a leased line is always active. Typically, the highest-speed data connections require a leased line connection. For example, a T1 channel is a type of leased line that provides a maximum transmission speed of 1.544Mbps
Local exchange carrier. An organization that provides telephone exchange service or exchange access. An LEC is a U.S. local telephone company, which can be either a regional Bell operating company (RBOC) or an independent. See also RBOC .
The speed of the physical wire attached to the interface or interface hardware. The line speed is 10Mbps for Ethernet and 1.544Mbps for T1. Fractional T1 is often implemented with a wire speed of T1 (1.544Mbps) and a lower port speed. Upgrading line speed is generally a hardware change. See also port speed .
See LCP .
See LSA .
Local Management Interface. A protocol used to communicate link status and permanent virtual circuit (PVC) status in Frame Relay. Two types of LMI are available on Frame Relay: the original proprietary Cisco Systems/Stratacom LMI, and the American National Standards Institute (ANSI) T1.617 Annex-D LMI. Although the PortMaster supports both, LMI on the PortMaster refers to the Cisco/Stratacom implementation. See also Annex-D .
L2TP network server. A Point-to-Point Protocol (PPP) server with Layer 2 Tunneling Protocol (L2TP) capabilities that is the end point of a session.The LNS handles the authentication of the user via a RADIUS server and routes network traffic to and from the user. The LNS has no physical ports, only virtual interfaces. On a PortMaster 4, an LNS can be an LNS board, a Quad T1 or Tri E1 board, or the entire device. See also LAC.
See LAN .
See LEC .
See LMI .
In BGP, the degree-of-preference number that the PortMaster assigns to every external route it advertises to an internal or confederation-member BGP peer. A higher number indicates a greater preference for a route when more than one exists to a destination. Internal and confederation-member peers receiving this route use this local preference rather than calculating their own degree of preference for a route. You can use a routing policy rule to override this value and assign your own local preference to a route you advertise. See also degree of preference .
A database on the PortMaster where location settings are stored. See also location .
A feature of BGP on the PortMaster that ensures consistency of routing information between the BGP and non-BGP routers within its autonomous system. Lockstep forces the PortMaster to advertise a route learned from an internal BGP peer only when it has learned the same route via an Interior Gateway Protocol (IGP)--OSPF or RIP--or a static route. See also transit service .
RADIUS accounting data for an individual RADIUS user. Login status includes such information as username, start and stop times, connection times, IP address of the network access server, network access server port, and IP address of the user (framed IP address).
Link state advertisement. The state of the router links (interfaces), networks, summaries, or autonomous system external links of an OSPF router that it periodically advertises. Link states are also advertised when a link state changes.
1) Media access control. See MAC address . 2) Message authentication code. A mechanism used between two parties that share a secret key to verify the contents, origin, author, and other attributes of information exchanged by the parties. See also HMAC .
See MIB .
In Multichassis PPP, the PortMaster through which an initial connection for a given user is made. Every master also has a corresponding slave. Masters are for a given connection only, and a PortMaster that functions as a master for one user's connection can be a slave for a different user's connection. See also slave .
See MTU .
Multicast backbone. An experimental framework for developing and refining multicast protocols and applications on the Internet. The MBone network within the Internet supports IP multicasting--the two-way transmission of data between multiple sites. Multicasting sends files, usually audio and video streams, to multiple users at roughly the same time somewhat as radio and TV programs are broadcast over the airwaves.
Message digest algorithm 5. An iterative cryptographic hash function for message authentication. Used in Simple Network Management Protocol (SNMP) v.2, for example, MD5 verifies the integrity of the communication, authenticates the origin, and checks for timeliness. The PortMaster ComOS uses the RSA Data Security, Inc. MD5 Message-Digest Algorithm. See also SHA-1 .
See MTTR .
See MTTR .
See MAC address .
See Mb .
See Mbps .
See MB .
See MAC .
See MD5 .
Multipurpose Internet Mail Extensions. The standard, documented in RFC 1522 and RFC 1523, for attaching non-ASCII files to standard Internet mail messages. These files include graphics, spreadsheets, formatted word-processor documents, audio files, and other binary data.
1) Mean time to recovery. The average amount of time a device will spend in corrective maintenance over a given period of time. 2) Mean time to repair. The average amount of time needed to repair a failed unit.
See MBone .
In BGP, an arbitrary rating number that the PortMaster can use to enforce the use of preferred exit and entry points when multiple connections exist between its autonomous system and another. The PortMaster assigns the multiexit discriminator to any route that it advertises to its external peers, and forwards any multiexit discriminator it learns from its external peers on to its internal peers. A lower number indicates a greater preference for a route when more than one exists to a destination through multiple peers within the same neighboring autonomous system. You can use a routing policy rule to override this value and assign your own multiexit discriminator to a route that you learn or advertise.
In BGP, the process of choosing among multiple exit points to route packets out of a single autonomous system, typically to the Internet. Routers in a multihomed autonomous system usually store large amounts of network reachability information to help them select the best exit point. See also easy-multihome .
The ability of a PortMaster to add additional lines when network traffic is heavy. If more than one line to a remote location is established, the PortMaster balances the traffic among the lines. Multiline load balancing is a proprietary PortMaster technique distinct from Multilink PPP .
Multilink Point-to-Point Protocol. A protocol defined in RFC 1990 that allows a PortMaster to automatically build up additional ISDN B channels as bandwidth needs increase. See also Multichassis PPP .
See MIME .
See remote access server .
Network address translator. Software that runs on a router and maps one IP address or group of IP addresses to another IP address or group of IP addresses. The mapping, or translation, is transparent to users and applications. The Lucent ComOS implementation of the Network Address Translator (NAT) protocol is based on the latest Internet Engineering Task Force (IETF) draft entitled The IP Network Address Translator (NAT).
1) NetWare Core Protocol. A Novell protocol for accessing Novell NetWare file and print service functions via an underlying IPX or IP transport protocol. 2) Network Control Protocol. A series of protocols for establishing and configuring different network layer protocols over the Point-to-Point Protocol (PPP).
A 32-bit number that distinguishes the portion of an IP address referring to the network or subnet from the portion referring to the host. Compare subnet mask .
A number between 0 and 32 preceded by a slash (/) and following an IP address prefix. The netmask length indicates the number of high-order bits in the prefix that an IP address must match to fall within the range indicated by the prefix. For example, the prefix and netmask length 10.0.0.0/8 describe all networks whose IP addresses begin with 128. See also IP address prefix .
See NCP .
See remote access server .
See NAT .
See NCP .
See NIC .
See NIS .
See NIS+ .
See NIC .
See NLRI .
In the Open System Interconnection (OSI) model, the five functional application areas of accounting management, configuration management, fault management, performance management, and security management.
1) Network information center. Any office that handles information for a network. The famous of these on the Internet is the InterNIC. See also InterNIC . 2) Network interface card. A computer circuit board that provides network communication to and from a computer system. A NIC is also known as an adapter.
Network Information Service. A UNIX-based client-server protocol developed by Sun Microsystems for network naming and administration on LANs. On a network using NIS, each host client or server has information about the entire system. A user at a host can access files or applications on any host in the network with a single username and password. NIS is similar to the Domain Name System (DNS) used on the Internet, only simpler. See also DNS ; NIS+ .
A later version of the Network Information Service (NIS) that provides additional security, hierarchical name spaces, and other improvements. See also NIS .
Network layer reachability information. The part of a BGP route containing the IP address prefixes and associated netmask lengths that are reachable via the path described in the route. The networks indicated by these prefixes and netmasks reside in the destination autonomous system--the final one listed in the path.
A device, such as a PC, server, switching point, bridge, or gateway, connected to a network at a single location. A node can also be called a station . See also host .
See NFAS .
See NVRAM .
See NVRAM .
A message sent between BGP peers to inform the receiving peer that the sending peer must terminate the BGP session because an error occurred. The message contains information that explains the error. See also keepalive message ; open message ; update message .
See NSSA .
Not-so-stubby-area. In OSPF, an area similar to a stub area except that Type 1 and Type 2 external routes can be learned from it. Any external routes learned from an NSSA are translated into Type 1 and Type 2 external routes for the backbone area or other areas that accept external routes. Like stub areas, NSSAs can have default costs set for them but cannot have external routes advertised into them.
Network termination 1 device. The device that provides an interface between the ISDN Basic Rate Interface (BRI) line used by the telephone company and a customer's terminal equipment. The NT1 also provides power for the terminal equipment, if necessary. In North America, where ISDN BRI is a U loop, the customer must supply the NT1 device; in Japan and the European countries where BRI is an S/T bus, the telephone company supplies the NT1. The PortMaster integrates the NT1 device into its ISDN BRI ports that are U interfaces.
A cable that joins computing devices directly to each other instead of over a network. You use a null modem cable to connect the console port or any asynchronous data terminal equipment (DTE) port on a PortMaster device to a terminal or other DTE.
In a database management system (DBMS), a specific instance of a class. An object contains real values instead of variables. Compare class .
A database in which data is stored as objects in an object-oriented programming environment. See also database .
Open database connectivity. A standard database access method developed by Microsoft Corporation to enable any application to access data handled by any database management system (DBMS). ODBC inserts a middle layer called a database driver between the application and the DBMS to translate the application's data queries into commands that the DBMS can recognize. Both application and DBMS must be ODBC-compliant--the application must be able to issue ODBC commands, and the DBMS must be able to respond to them.
A password that provides additional security for network access because it is used only once. Also known as a dynamic password, a one-time password is generated in encrypted form--via multiple iterations of a secure hash function--by software running on a user's computer or by a hardware device. The password is often based on a "seed" value sent by the server that provides access to the network, plus the user's secret pass phrase. The server runs software that calculates the same encrypted password. The passwords produced by the generator and the server must match before the user is granted access to the network. Users who do not have the algorithm of the device for generating the encrypted response cannot access the network. See also ActivCard ; CHAP ; SecurID ; token .
See ODBC .
See ODI .
See OSPF .
See OSI .
Open Systems Interconnection. An ISO standard for worldwide communications that defines a framework for the common functions in a telecommunications system. Control is passed from one layer to the next, starting at the application layer in one station, proceeding to the bottom (physical) layer, over the channel to the next station and back up the hierarchy. Instead of serving as the universal standard as originally intended, the OSI standard serves as the model for designing and understanding networking products and protocols.
Open Shortest Path First. A link-state interior gateway routing protocol designed for a hierarchical routing structure. OSPF chooses routes on a best-path, least-cost basis and supports variable-length subnet masks (VLSMs) for classless networking, allows up to 255 hops between routers, and provides packet authentication. See also RIP .
The transmission of signaling information over a different path from data and/or voice information. Compare in-band signaling .
A company that purchases goods and/or services for its customers and/or employees from an outside or third-party company known as a wholesaler . For example, an Internet service provider (ISP) or enterprise can purchase remote access services from another ISP or a telephone company. See also RAO.
A technology for sending data over a network--the Internet, for example. The data that comes out of a connected device is broken into chunks called packets . Each packet contains the address of its origin (source) and the address of its destination. Data packets from many different sources can travel along the same lines and be sorted and directed through different routes by routers along the way. When all the packets forming a message arrive at the destination, they are recompiled into the original message. Most modern WAN protocols are based on packet switching technology. In contrast, normal telephone service is based on circuit switching, which allocates a dedicated line for transmission between two parties.
Password Authentication Protocol. An authentication protocol that allows the network access server to authenticate the user. The remote router attempting to connect to the local router is required to send an authentication request. Unlike the Challenge Handshake Authentication Protocol (CHAP), PAP passes unencrypted passwords. PAP does not itself prevent unauthorized access, but it identifies the remote end of the connection. The router or access server then determines if that user is allowed access. See also CHAP .
A process for checking the integrity of a character. A parity check appends a bit to a character or word to make the total number of binary 1 digits in the character or word (excluding the parity bit) either odd (for odd parity) or even (for even parity).
See PAP .
In BGP, a autonomous system path list and a collection of attributes that provide descriptions of and explain how to reach a given collection of IP address destinations in a single autonomous system. A path and its destination comprise a BGP route. See also autonomous system path list ; destination; route .
Personal Computer Memory Card International Association. An international body and trade association that establishes standards for integrated circuit cards called PCMCIA cards --or PC cards . These are credit-card-sized devices that expand the capability of a portable computer or other device to include more memory, modems, or a portable disk drive. For example, the PortMaster PCMCIA Office Router features a slot for a PCMCIA card that allows the use of V.34 or V.32bis PCMCIA modems.
A router running BGP that the PortMaster running BGP communicates with via open messages, notification messages, update messages, and keepalive messages. A PortMaster can have both internal and external peers. See also external peer ; internal peer .
Practical extraction and report language. An interpreted language developed by Larry Wall and distributed free over USENET. Perl version 5 (Perl5) includes object-oriented programming facilities and is a useful programming tool for the World Wide Web, UNIX system administration, and many other applications. Perl5 provides a more concise and readable way to do many system management tasks that were formerly accomplished by C programs or shell programs. Perl uses sophisticated pattern matching techniques to quickly scan large text files, extract information, and print reports. Although optimized for scanning text, Perl also handles binary data and can make dbm files look like associative arrays.
The most obvious very high-level feature of Perl. A single simple pattern match in Perl can perform the work of many lines in a different language. Regular expressions identify strings and help parse their contents using regular expression memory, most often with the regular expression memory variables $1, $2, $3, and so on. These variables are associated with parentheses inside a regular expression that can identify what its contents matched. Perl5 regular expressions are constructed and parsed by means of grammatical rules and operators that are similar to those used for arithmetic expressions. See also regular expression .
See PVC .
See PCMCIA .
Packet Internet Groper. A program used to test and debug networks. Ping sends an Internet Control Message Protocol (ICMP) echo request packet to the specified host and waits for an echo reply packet. Ping reports success or failure and sometimes statistics about its operation.
Public key infrastructure using X.509. A set of standards for an Internet public key infrastructure (PKI) that uses the ISO X.509 authentication standard. A PKI defines data formats and procedures for distributing and managing cryptographic keys via certificates digitally signed by certification authorities.
See POTS .
See POP .
See PPP .
See PPTP .
In BGP, the rule or set of rules a PortMaster product follows for accepting, injecting, and/or advertising BGP routes to its BGP internal and external peers. You assign policies to a peer when you add it to the PortMaster during configuration. You can use the default policy easy-multihome, or create and assign your own policies. One policy can handle all three functions, or you can create separate policies for acceptance, injection, and advertisement. See also acceptance policy ;advertisement policy ; injection policy .
1) Point of presence. The location of a switching dial-in facility, usually for a long-distance telecommunications provider or an Internet service provider (ISP). Also, a local telephone number through which you can access your ISP. 2) Post Office Protocol. An extensible protocol for retrieving email from a remote server.
1) On a computer, the physical channel or connection through which data flows. 2) In a TCP/IP or UDP network, a numbered end point to a logical connection that determines the way a client application program specifies a particular server application on the network. Higher-level applications have ports with numbers preassigned by the Internet Assigned Numbers Authority (IANA)--for example, HTTP is assigned port 80, and RADIUS is assigned port 1645. These "well-known" ports are listed in RFC 1700, Assigned Numbers.
The rate at which data is accepted by the port at the end of the wire. For example, when a T1 line exists between a site and a telecommunications provider, the telecommunications provider accepts only the number of bits per second ordered by the customer into the port on its equipment. Upgrading port speed is generally a software change.
See POP .
Plain old telephone service. The analog dial-tone-type telephone networks and services in place worldwide, with transmission rates up to 52Kbps. In contrast, telephone services based on digital communications lines, such as ISDN and Fiber Distributed Data Interface (FDDI), have higher speeds and bandwidths. The POTS network is also called the public switched telephone network (PSTN).
Point-to-Point Protocol. A protocol that provides connections between routers and between hosts and networks over synchronous and asynchronous circuits. PPP was designed to work with network layer protocols like IP, IPX, and AppleTalk Remote Access (ARA) protocol, and relies on the Link Control Protocol (LCP) and Network Control Protocol (NCP). PPP also has built-in security mechanisms such as the Challenge Handshake Authentication Protocol (CHAP) and Password Handshake Authentication Protocol (PAP). See also SLIP .
Point-to-Point Tunneling Protocol. A protocol developed by Microsoft Corporation and similar to the Layer 2 Forwarding (L2F) protocol developed by Cisco Systems. PPTP supports the creation of secure virtual private networks (VPNs) over the Internet. Cisco and Microsoft recently agreed to merge their protocols into a single standard called Layer Two Tunneling Protocol (L2TP) . See L2TP .
Primary Rate Interface. The ISDN interface to primary rate access. Primary rate access consists of a single 64Kbps D channel--plus 23 64Kbps B channels on a T1 line, or 30 64Kbps B channels on an E1 line--for voice, data, and other services. Compare BRI .
See PRI .
The process of translating and forwarding routes from one routing protocol into another. Route propagation is also known as route redistribution . Lucent recommends using route filters in propagation rules to ensure that you redistribute information without creating routing loops. Compare summarization .
The process of supplying telecommunications service and equipment to a user. In ISDN provisioning, for example, a telephone service provider configures its own switch that connects via an ISDN line to the user's ISDN hardware. Because switch configuration varies according to hardware, telephone company, switch, and available ISDN line, user and provider must work together to establish the correct settings.
See Proxy ARP .
A variation of the Address Resolution Protocol (ARP) in which a router or other device sends an ARP response to the requesting host on behalf of another node. Proxy ARP can reduce the use of bandwidth on slow-speed WAN links. See also ARP .
Public switched telephone network. See POTS .
See PKIX .
See POTS .
Permanent virtual circuit. A circuit that defines a permanent connection in a switched digital service such as Frame Relay. Frame Relay is the only switched digital service that uses PVCs supported by PortMaster products.
Quality of service. An indicator of the performance of a transmission system on the Internet and other networks. QoS is measured in transmission rate, error rates, latency, and other characteristics, and can to some extent be guaranteed to a customer in advance. Asynchronous Transfer Mode (ATM) technology supports QoS levels.
See QoS .
The server component of RADIUS that monitors and records attempted and successful user connections. RADIUS accounting data includes RADIUS usernames, start and stop times, connection status, IP address of the network access server, network access server port, and IP address of the user (framed IP address).
Remote access outsourcing. The practice whereby one service provider or enterprise, known as an outsourcer , purchases remote access services from another service provider, or wholesaler . The wholesaler physically terminates the dial-up access lines---telephone, ISDN, digital subscriber line (DSL), or other circuits---of one or more outsourcers and provides each outsourcer with a private dial-up network. The outsourcer is the end point for a session. The wholesaler can maintain the remote access equipment on the outsourcer's premises or can integrate the equipment into its own network, and often provides the outsourcer with tools for viewing resources. The wholesaler's equipment can be statically partitioned among outsourcers, or can dynamically allocate its ports to outsourcers as needed. RAO is also known as wholesaling .
Reverse Address Resolution Protocol. A protocol used in network routers that provides a method for finding IP addresses based on media access control (MAC) addresses. Compare ARP .
See remote access server .
See RBOC .
Regional Bell operating company. One of the seven regional telephone companies created by the breakup of AT&T in 1984. Each owns two or more local telephone companies called Bell operating companies (BOCs) . RBOCs are also known as Baby Bells or regional Bell holding companies (RBHCs) , and more generally as local exchange carriers (LECs) . See also LEC .
Relational database management system. A DBMS that stores data in the form of related tables. Relational databases require few assumptions about how data is related or how it is extracted from the database, enabling the database to be viewed in many different ways. In contrast to flat-file databases, which consist of a single table, a relational system can spread the database over several tables. Most full-scale database systems are structured as an RDBMS. Small database systems often use other designs that provide less flexibility in posing queries.
In a database management system (DBMS), a complete set of information that constitutes a single entry in a database table. Records are composed of fields, each of which contains one item of information. In a typical database, a set of records constitutes a file. For example, a personnel file might contain records that have three fields: a name field, an address field, and a telephone number field.
Serving as a duplicate component to prevent failure of a system. When one component fails, the redundant one takes over its functions without interrupting service. For example, the optional third AC power supply on a PortMaster 4 is redundant because it is not required for normal operation unless one of the two required AC power supplies fails. Redundancy generally improves reliability. Compare hot-swappable .
See RBOC .
See RBOC .
A powerful tool for matching patterns to manipulate text and data. Regular expressions are generally included as part of a larger utility--for example, grep --and are found in scripting languages (including Perl, Tcl, awk, and Python), editors (including Emacs, vi , and Nisus Writer), programming environments (including Delphi and Visual C++), and specialized tools (including lex , Expect, and sed ). See also Perl5 regular expression .
See RDBMS .
Any device that enables multiple remote users to access a network. PortMaster 2 and PortMaster 3 products are remote access servers. A remote access server is sometimes called a RAS --or a network access server (NAS). Compare communications server .
See RADIUS .
See RMI .
See ROBO .
A component of a RADIUS user profile that the RADIUS server sends one or more of to the network access server to specify a user's connection when all check items in the profile have been satisfied by the access-request. See also check item ; SHA-1 .
See RFC .
See RARP .
Request for Comments. One of a series of documents that communicate information about the Internet. Most RFCs document protocol specifications, such as those for IP and BGP. Some RFCs are designated as standards.
Remote login. A terminal emulation program, similar to Telnet, offered in most UNIX implementations. The rlogin program uses the local terminal type given in an environment TERM variable as the remote terminal type.
A service that enables two or more Internet service providers (ISPs) to allow one another's users to dial in to any member ISP's network for service. Users traveling outside their normal area of service are provided service through another ISP.
Remote office/branch office. An end-user segment of the internetworking market. See also SOHO .
A way for a packet to reach its target via the Internet. For example, a BGP route provides a path of autonomous systems--plus any path attributes--to a single destination autonomous system that contains particular IP address prefixes and associated netmasks. Packets whose targets fall within the networks identified by these prefixes and netmasks can use this BGP route. BGP peers advertise routes to each other in update messages.
A network layer device that links one network to another. Routers forward packets between networks along optimal paths. The Internet is made up of thousands of routers sending and receiving packets to and from one another. In contrast to servers, which also run routing services, routers provide service to networks rather than to client devices or software. See also access router ; routing table .
In BGP, a method for maintaining path and attribute information across an autonomous system, while avoiding the overhead of having all peers within an autonomous system fully communicate to--be fully meshed with--each other. To reduce the number of links, all internal peers are divided into clusters, each of which has one or more route reflectors. A route received by a route reflector from an internal peer is transmitted to its clients, which are the other peers in the cluster that are not route reflectors. Route reflection requires that all internal peers use identical policies. See also cluster ; cluster ID ; confederation ; route reflector .
A router configured to transmit routes received from internal BGP peers to one or more other internal peers within its same cluster. These peers are called the route reflector's clients . See also cluster ; cluster ID ; route reflection .
See RIP .
A database of routes to particular network destinations, stored on a router or other device. The routing table stored on the PortMaster contains the following information for each route: IP address and netmask length of the destination, IP address of the gateway, source of the route (if any), type of route, hop-count metric, and PortMaster interface used to forward packets along the route.
Rivest-Shamir-Adelman. A public key encryption and authentication technology that uses an algorithm developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm, especially for data sent over the Internet. The technology is owned by RSA Data Security, Inc., now a subsidiary of Security Dynamics.
A packet below the minimum size. On an Ethernet network, a runt packet has a frame size between 8 and 63 bytes with frame check sequence (FCS) or alignment errors. The runt packet is presumed to be a fragment resulting from a collision.
Service Advertisement Protocol. An IPX protocol that provides a means of informing network clients, via routers and servers, of available network resources and services. See also IPX .
In a database management system (DBMS), a collection of objects that are available to a user. Schema objects are the logical structures that directly refer to the data in a database. Schema objects include such structures as tables, views, sequences, stored procedures, synonyms, indexes, clusters, and database links.
See shared secret .
See SHA-1 .
See SSL .
An authentication system available from Security Dynamics, Inc. SecurID uses tokens and a software server to generate and confirm one-time passwords to identify users and grant or deny them network access.
See SLIP .
See SAP .
See SPID .
Secure hash algorithm. An iterative cryptographic hash function for message authentication. See also MD5 .
A character string specified on both a server and another device or server that establishes mutual identification. A shared secret is required for RADIUS and ChoiceNet clients as well as for proxy, or remote, servers. The shared secret is used to encrypt the user's password so it does not travel across the network in clear text. The server in turn uses the shared secret to decrypt the password upon receipt.
See STP .
See SMTP .
See SNMP .
A list of sites--each specified by its IP address or fully qualified domain name--used by a ChoiceNet filter instead of individual source or destination host addresses to permit or deny access by users.
In Multichassis PPP, a PortMaster through which a subsequent connection for a particular user is made. (The port through which the connection is made is called the slave port .) Every slave has a corresponding master. Slaves are for a given connection only, and a PortMaster that functions as a slave for one user's connection can be a master for a different user's connection. See also master .
Serial Line Internet Protocol. The protocol that was made obsolete by Point-to-Point Protocol (PPP), for point-to-point serial connections using TCP/IP. See also PPP .
See SOHO .
Switched Multimegabit Data Service. An emerging high-speed packet switched public data communications service for exchanging large amounts of data over a WAN on a nonconstant or "bursty" basis. SMDS provides an architecture and services for connecting geographically separate LANs into a WAN without a dedicated private line. SMDS is expected to be widely used by telephone companies as the basis for their data networks.
Small office/home office. An end-user segment of the internetworking market. See also ROBO .
A single BGP router that is able to communicate with other routers that run BGP. When two BGP speakers communicate with each other, they are called BGP peers. See also peer .
Service profile identifier. A number used by some service providers to define the services to which an ISDN device subscribes. The ISDN device uses the SPID when accessing the switch that initializes the connection to a service provider.
Structured query language. A language conforming to ISO and American National Standards Institute (ANSI) standards that is used to create, maintain, and query relational databases. SQL is not a full-fledged language that can create standalone applications, but is often embedded within other programming languages. SQL uses plain English words for many of its commands, making it easy to use. Although different database applications have their own versions of SQL to implement their unique features, all SQL-capable databases support a common subset of SQL. SQL supports distributed databases so that several users on a LAN can access the same database simultaneously.
Secure Sockets Layer. A program layer and protocol designed by Netscape Communications to enable encrypted and authenticated communications across the Internet. Many websites use SSL protocol to obtain confidential user information. SSL uses a public and private key encryption system from RSA Data Security, Inc., which includes use of a digital certificate.
A data compression algorithm for efficiently compressing packets encapsulated for the Point-to-Point Protocol (PPP). Based on the Lempel-Ziv compression algorithm, the Stac LZS data compression algorithm, described in RFC 1974, supports all file types and both single and multiple compression histories.
The connection for the ISDN Basic Rate Interface (BRI) switch type used in Japan, Europe, and other countries using international ISDN standards. In contrast, the United States and the rest of North America use the U interface. See also U interface .
Shielded twisted pair. A two-pair wiring medium used in a variety of network implementations. STP cable has a layer of shielded insulation to reduce electromagnetic interference. See also twisted pair ; UTP .
See SQL .
In OSPF, an area into which no external routes are imported. A stub area cannot contain autonomous system border routers and cannot be a transit area for virtual links. Summary advertisements external to the area are by default imported into the stub area but might be squelched to further reduce area database size. In this case, the default route advertisement by the autonomous system border routers handle all routes external to the area.
A class subordinate to another class--known as a superclass--that inherits some or all of the characteristics of the superclass. Subclasses can also define their own methods and variables that are not contained in their superclasses. See also class .
A 32-bit netmask used to indicate the bits of an IP address that are being used for the subnet address. Compare netmask .
The process of combining routing information from one routing protocol into another for advertisement. For example, the PortMaster summarizes non-BGP route information it receives internally via the Interior Gateway Protocol (IGP) OSPF or RIP, or via a static route, into BGP for advertisement to BGP internal and external peers. Summarized routing information must comply with BGP advertisement policy rules before advertisement. Compare propagation .
Switched virtual circuit. A connection established between two physical circuits, such as an ordinary telephone call or X.25 connection. The call creates a virtual circuit between the originator and the party called.
See SMDS .
See SVC .
Occurring at the same time or at regular intervals established by a synchronized timing signal. In synchronous communication, the receiver and transmitter are synchronized, either within the data signal or by a separate clock signal, so that data is sent at a fixed rate. Data is transmitted in a block--as an entire message or frame--rather than one character at a time. Synchronous communication is faster and more efficient than asynchronous communication, but is generally more complex and expensive. Synchronous WAN ports on a PortMaster router or access concentrator provide high-speed dedicated connections between two remote LANs over leased lines, Frame Relay, switched 56Kbps lines, or ISDN lines. Compare asynchronous .
1) The process that handles system messages by reading and forwarding them to a log file or users depending on the priority of the message and the system facility that originated the message. 2) The log file created by the syslog process.
System operator. A person responsible for the day-to-day operation of a computer system or network resource--for example, server, LAN, bulletin board system (BBS), online service, or special interest group (SIG).
See sysop .
A leased line digital WAN carrier system for transmitting data formatted for digital signal level 1 (DS-1) at 1.544Mbps through the telephone-switching network, using alternate mark inversion (AMI) or bipolar 8-zero substitution (B8ZS) coding. The system uses four wires and provides full-duplex communication--two wires for receiving and two for sending simultaneously. The wires can be twisted pair copper wire, coaxial cable, optical fiber, or other media. Compare E1 ; T3 .
A leased line digital WAN carrier system for carrying data formatted for digital signal level 3 (DS-3) at 44.736Mbps--about 40 times the speed of a T1 line. T3 transmissions support full-screen, full-motion video. Compare T1 .
Transmission Control Protocol/ Internet Protocol. An open network standard that defines how devices from different manufacturers communicate with each other over interconnected networks. TCP/IP protocols are the foundation of the Internet.
A device from which you send commands to a remotely located computer, usually via a serial interface. A terminal at minimum consists of a keyboard, a display screen, and some simple circuitry. Early terminals were called teletypes (ttys) ; later versions were known as video display terminals (VDTs) . Currently, terminal software in an intelligent PC or workstation at a network node can emulate a physical terminal and allow you to type commands to a remote computer. As the Internet grows in size and intelligence, simple terminals that support only communications and a browser might become the primary access to the World Wide Web.
A device that provides ISDN compatibility to non-ISDN devices. An asynchronous terminal adapter turns an asynchronous bit stream into ISDN and is treated by the PortMaster as if it were a modem. A synchronous terminal adapter takes a synchronous bit stream and turns it into ISDN, typically supports V.25bis dialing, and connects to a PortMaster synchronous port. Some terminal adapters can be configured for either synchronous or asynchronous operation.
Trivial File Transfer Protocol. A simplified version of the File Transfer Protocol (FTP) that transfers files but does not provide password protection or user directory capability. TFTP can be used by diskless devices that keep software in ROM and use it to boot themselves. The PortMaster can be booted from the network by means of Reverse Address Resolution Protocol (RARP) and TFTP.
A small hand-held device that generates dynamic or one-time passwords for user authentication. Some tokens generate a response to a challenge entered by the user. Other tokens are synchronized with the security server and independently generate a matching password on request. See also ActivCard ; SecurID .
In BGP, the function provided by an autonomous system that is in the path of a route but not the origination or destination. To provide reliable transit service, an autonomous system must ensure that its BGP and non-BGP routers agree on the interior routes and exit and entry points for each transit route through the autonomous system. The PortMaster synchronizes routing information between the BGP and non-BGP routers within its autonomous system by means of the lockstep feature. See also lockstep .
See TCP/IP .
See 3DES .
See TFTP .
1) A primitive teletypewriter terminal with a mechanical printer, limited character set, and poor print quality. 2) A UNIX command that displays the name of the current controlling terminal. 3) In UNIX systems, any terminal. 4) In UNIX systems, the serial communications (hardware) port on a computer.
Relatively low-speed transmission medium consisting of two insulated wires--shielded or unshielded--in regular spiral patterns. The wires are twisted around each other to minimize interference from other twisted pairs in the cable. Twisted pair is common in telephone wiring and is increasingly common in data networks. It is used for 10BaseT Ethernet connections with RJ-45 connectors. See also STP ; UTP .
The ISDN interface defined as the connection between the network termination 1 device (NT1) and the telephone company local loop. The U interface standard is set by each country. The U interface described in PortMaster documentation refers to the U.S. definition. See also S/T interface .
User-Network Interface. 1) An interface point between Asynchronous Transfer Mode (ATM) end users and a private ATM switch, or between a private ATM switch and the public carrier ATM network; defined by physical and protocol specifications in ATM Forum UNI documents. 2) A similar connection in a Frame Relay network. 3) The interoperability standard adopted by the ATM Forum to define connections between users or end stations and a local switch. See also ATM ; ATM Forum .
See URL .
See UUCP .
See UTP .
A message sent between BGP peers to convey network reachability information in two parts. The first part lists the IP address prefixes and associated netmasks for one or more routes that the PortMaster is withdrawing from service because it can no longer reach them. The second part of an update message consists of a single BGP route. See also keepalive message ; notification message ; open message ; route .
Uniform resource locator. The address of a file (resource) accessible on the Internet. The type of resource depends on the Internet application protocol. For the World Wide Web's protocol, the Hypertext Transfer Protocol (HTTP), the resource can be an HTML page, a program such as a Java applet, or any other file supported by HTTP. The URL contains the name of the protocol required to access the resource, a domain name that identifies a specific computer on the Internet, and, if necessary, a path to the resource on the computer.
See RADIUS user .
See UDP .
See UNI .
Unshielded twisted pair. A four-pair wire medium used in a variety of networks. UTP does not require the fixed spacing between connections necessary with coaxial connections. The five grades of UTP cable commonly used are Category 1 through Category 5; Category 5 can carry the most data. See also STP ; twisted pair
An ITU-T standard for data transmission via modems that extends the V.32 connection range from 4800bps to 14.4Kbps. V.32bis modems fall back to the next lower speed when line quality is impaired, and fall back further as necessary. They fall forward to the next higher speed when line quality improves.
An ITU-T standard for data transmission via modems at 56Kbps. The V.90 standard resolves the difference between two modem technologies--X2 and K56flex. Both technologies now conform to V.90, and most previously manufactured 56Kbps modems can support V.90 via a software upgrade. See also K56flex .
An ITU-T standard for performing asynchronous rate adaptation into ISDN over a 64Kbps line. The PortMaster supports 9600bps and 19,200bps over this older standard that allows pre-ISDN devices to be adapted for ISDN.
See VLSM .
A logical connection between two endpoints on a switched digital network. Virtual circuits can be switched or permanent. A switched virtual circuit (SVC) is used for an ordinary telephone call, an ISDN connection, or a V.25 switched 56Kbps connection. A permanent virtual circuit (PVC) is used in Frame Relay. See also PVC ; SVC .
See VLAN .
See VPN .
See VPN .
See VPN .
See VTP .
Virtual LAN. A group of devices on one or more LANs that communicate as if they were connected to the same wire even though they are physically located on different LAN segments. Because VLANs are configured through software rather than hardware, they are extremely flexible.
Variable-length subnet mask. A means of specifying a different subnet mask for the same network number on different subnets. VLSMs often allow addresses to be assigned more efficiently. OSPF and BGP support classless or VLSM routes.
See VoIP .
Voice over IP. A category of hardware and software that allows people to use the Internet as the transmission medium for telephone calls. Currently, VoIP does not offer the same quality of telephone service as direct telephone connections. VoIP is also known as Internet telephony and Voice over the Internet (VOI) .
A subgroup of the International Multimedia Teleconferencing Consortium (IMTC) that develops standards for Internet telephony. The VoIP Forum plans to define technical guidelines for two-party voice and other audio communications for compatibility with traditional telephone service networks via telephony and/or IP gateways.
Virtual private dial-up network or virtual private data network. See VPN .
Virtual private network. A restricted network that uses public wires to connect nodes. A VPN provides a way to encapsulate, or "tunnel," private data cheaply, reliably, and securely through a public network, usually the Internet. IP packets are encapsulated in a VPN protocol. VPNs use encryption and other security mechanisms to prevent unauthorized users from accessing the network and intercepting the data.
Virtual Terminal Protocol. An ISO application for establishing a virtual terminal connection across a network. VTP provides terminal emulation that allows a computer system to appear to a remote system as if it were a directly attached terminal.
Wide area network. A data communications network that serves users across a broad geographic area and often uses transmission devices provided by common carriers. Frame Relay is an example of a WAN. Compare LAN .
See WAN .
All the resources and users on the Internet that are using the Hypertext Transport Protocol (HTTP). The Web is made up of thousands of HTTP servers that enable text, graphics, and sound files to be mixed together and provided to users requesting access and download capability via connections to the Internet.
See World Wide Web .