qacafe - ip test solutions
Knowledge Base > Release Notes > CDRouter 2.4 Release Notes

CDRouter 2.4 Release Notes

Welcome to CDRouter version 2.4!

What's new since version 2.3:


  802.1q VLAN support on LAN interface
  ------------------------------------

  * Starting in CDRouter 2.4, the LAN interface may be configured as
    part of an 802.1q VLAN. The interface is assigned a VLAN id using
    the testvar lanVlanId. The 802.1p priority bits may also be
    configured using the testvar lanVlanPriority. All outbound packets
    will be sent with the same 802.1p priority.

    Example:

    testvar lanVlanId        100
    testvar lanVlanPriority  7

    When configured as VLAN interface, all ethernet traffic from the
    LAN interface will be tagged as part of the 802.1q VLAN. Only
    received traffic with a matching 802.1q VLAN id will be 
    accepted by the LAN interface.

    NOTE: CDRouter's vlan implementation is currently limited to 
    sending ethernet packets with a maximum length of 1518 bytes.


  New NAT timeout test module
  ---------------------------

  * A new NAT timeout test module has been added in CDRouter 2.4. This
    module adds several new tests to verify the NAT session clean
    up for TCP, UDP, ICMP, and DNS sessions.


    TEST 67: Verify NAT TCP session timeout after FIN close
    MODULE: nat-timeout.tcl 
    NAME: cdrouter_nat_timeout_1 

    TEST 68: Verify NAT TCP session timeout after RST close
    MODULE: nat-timeout.tcl 
    NAME: cdrouter_nat_timeout_2 

    TEST 69: Verify NAT TCP session timeout for established session
    MODULE: nat-timeout.tcl 
    NAME: cdrouter_nat_timeout_10 

    TEST 70: Verify NAT TCP SYN session timeout
    MODULE: nat-timeout.tcl 
    NAME: cdrouter_nat_timeout_11 

    TEST 71: Verify NAT UDP session timeout
    MODULE: nat-timeout.tcl 
    NAME: cdrouter_nat_timeout_20 

    TEST 72: Verify NAT DNS session timeout
    MODULE: nat-timeout.tcl 
    NAME: cdrouter_nat_timeout_25 

    TEST 73: Verify NAT ICMP session timeout
    MODULE: nat-timeout.tcl 
    NAME: cdrouter_nat_timeout_30 

    To enable the new test cases, the following timeout values must
    be configured to match the NAT implementation:
 
      testvar natFinRstTimeout    240
      testvar natTcpTimeout       86400
      testvar natSynTimeout       90
      testvar natUdpTimeout       300
      testvar natDnsTimeout       300
      testvar natIcmpTimeout      120

    Please see the the user guide for additional descriptions of
    each NAT timeout related testvar.
 

  New FTP PORT retransmission test
  --------------------------------

  * A new FTP PORT retransmission test has been added to the apps.tcl
    module. This new test case, cdrouter_apps_12, verifies that 
    retransmitted FTP PORT commands sent through NAT are
    translated to the same IP and TCP port number each time. In the case 
    of the return TCP ACK getting lost, the FTP server will have already
    received the initial FTP PORT command and will be attempting to
    use the initial translation for the transfer.

    TEST 110: Verify FTP 'PORT' translation stays the same when TCP segment is retransmitted
    MODULE: apps.tcl 
    NAME: cdrouter_app_12 


  HTTP client connections
  -----------------------

  * Several test changes have been updated in the CDRouter 2.4 release
    that involve HTTP connections. In previous releases, CDRouter may
    attempt to validate the IP address used by NAT immediately after
    opening a TCP connection from a LAN client. Now, all LAN clients 
    will attempt to load a URL on the HTTP connection before CDRouter will
    verify the WAN side IP information. This change was added to 
    support router devices that terminate HTTP connections directly on
    the router and support HTTP proxy.

  Default DNS entries
  -------------------

  * remotehost.cdrouter.com is now added to the default DNS entry setup
    for each DNS server. This domain is automatically mapped to the
    testvar remoteHostIp. This information can be used to configure
    router policies or filtering rules to verify that the remoteHostIp
    is always reachable for the majority of tests that involve the
    remoteHostIp address.

    At the end of the start-up phase, the first DHCP client on the LAN
    will issue 2 DNS queries for the domain remotehost.cdrouter.com.
    This allows any implementation that involves DNS tracking to map
    the remoteHostIp to a specific domain name.


  URL Filtering test updates
  --------------------------

  * The url-filter.tcl test module has been updated to include DNS client
    requests for URL domains before clients attempt to open the URL. This
    update supports URL filtering techniques that use DNS information
    as part of the filtering technique.

  * A new test case has also been added to the url-filter.tcl module to
    verify the HTTPS sessions can be blocked based on the domain name.

    TEST 174: Verify HTTPS GETs to filtered URLs are blocked
    MODULE: url-filter.tcl 
    NAME: cdrouter_urlfilter_40 


  New logfile and directory output options
  ----------------------------------------

  * This release introduces 2 new output log capabilities. The buddy
    test harness can now automatically create a log file using the
    -logfile  option. Additionally, a directory of results
    can now be created using the -logdir  option. When
    the directory option is enabled, a log for each test case is
    generated using a logfile named after the test case. The format of
    the logfile name can be changed using the -number-format option.

    Here are some examples:

    # -- create a log file of all the results
    % buddy -trace -pt -logfile myresults.txt

    # -- place all results in the "result" directory
    % buddy -trace -pt -logdir /home/lab/result

    # -- place all results in the "result" directory and delete any
    #    existing results
    % buddy -trace -pt -logdir /home/lab/result -force

    # -- use the test number format for log files
    % buddy -trace -pt -logdir /home/lab/result -force -number-format


    When the directory option is used, the initial startup log 
    messages are placed in the "start.txt" file. The shutdown phase
    and final results are placed in the "final.txt" file. If a test
    is repeated multiple times, each test run is appended with an
    instance number.

    When the -report-html option is used with -logdir, buddy will 
    automatically create links from the HTML report to the log files.


  Improved Firewall/Port scan configuration
  -----------------------------------------

  * CDRouter 2.4 allows you to configure a list of open and closed ports
    for both TCP and UDP ports.

    Example:

       testvar firewallTcpClosedPorts "113 2323"
       testvar firewallTcpOpenPorts "22 443"

       testvar firewallUdpClosedPorts "113"
       testvar firewallUdpOpenPorts "1234"


  DynDNS test updates
  ---------------------

  * The DynDNS test module (dyndns.tcl) has been updated to add
    additional update checks at the end of each test case.
  

  DMZ scan rate
  -------------

  * Speed of the DMZ scan tests in dmz.tcl can now be controled
    using the testvar portScanDelay. The portScanDelay value may be
    set to the number of millisecond to wait between the sending
    of each packet from the WAN.

    Some routers configured with both a DMZ host and other virtual
    services, may drop inbound packets if the incoming rate is
    to quick. The portScanDelay testvar can be used to pace the
    rate of scanning.