DOCSLIB.ORG

Configuring VPN Failover Using a Peer Group and Generic Routing Encapsulation (GRE) Tunnel Over Ipsec on the Avaya G250 Media Gateway - Issue 1.0

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Configuring VPN Failover Using a Peer Group and Generic Routing Encapsulation (GRE) Tunnel Over Ipsec on the Avaya G250 Media Gateway - Issue 1.0 Avaya Solution & Interoperability Test Lab Configuring VPN Failover using a Peer Group and Generic Routing Encapsulation (GRE) Tunnel over IPSec on the Avaya G250 Media Gateway - Issue 1.0 Abstract These Application Notes present the steps necessary to configure the VPN failover mechanism using a VPN peer group on an Avaya G250-BRI Media Gateway. A Cisco VPN 3000 Concentrator and an Enterasys XSR-1850 Security Router are configured to be two remote peer members in a peer group. Object Trackers are used for the VPN dead peer detection (DPD). GRE over IPSec with Open Shortest Path First (OSPF) is used for IP routing. The GRE tunnels on the Avaya G250-BRI Media Gateway are terminated on a Cisco Router behind the Cisco VPN 3000 Concentrator and the Enterasys XSR-1850 Security Router. Quality of Service (QoS) configuration is not covered in these Application Notes. JZ; Reviewed: Solution & Interoperability Test Lab Application Notes 1 of 28 GAK 6/27/2005 ©2005 Avaya Inc. All Rights Reserved. G250-VPN-PG.doc 1. Introduction The network diagram in Figure 1 shows two offices. The office labeled “Main Office” contains an Avaya S8500 Media Server and an Avaya G650 Media Gateway. The office labeled “Small Office” contains an Avaya G250-BRI Media Gateway with S8300 Media Server LSP. As shown in Figure 1, a Cisco VPN 3000 Concentrator and an Enterasys XSR-1850 Security Router are two VPN remote peers for the Avaya G250-BRI Media Gateway. These Application Notes illustrate how to configure a peer group on the G250-BRI Media Gateway so that the G250-BRI Media Gateway switches over to another peer if the current peer is detected to be dead. Object Trackers are used for the VPN Dead Peer Detection (DPD). The access to the Internet from the Avaya G250-BRI Media Gateway is configured as PPP over T1 in the sample configuration. These Application Notes also apply to the scenario where an Ethernet WAN port on the Avaya G250-BRI Media Gateway is used for the Internet access via a DSL/Cable Modem or another Access Router. The Avaya Inter-Gateway Alternate Routing (IGAR) feature provides a means of alternately using PSTN facilities when the IP link is incapable of carrying the bearer connection. The number of VoIP calls allowed on the IP link is determined by the Call Admission Control – Bandwidth Limit (CAC-BL) reported from the Avaya G250-BRI Media Gateway, and the IP Codec used. The overflow calls will use the PSTN facilities. A specific number of VoIP calls can be provisioned on a VPN peer by configuring a CAC-BL associated with that VPN peer. A different number of VoIP calls can be configured for each VPN peer. Main Office Small Office GRE/OSPF Avaya S8500 VPN Tunnel Media Server Dynam ic-CAC 128kpbs Avaya S8300 Media Server LSP Cisco VPN 3000 with Avaya G250-BRI Media Gatew ay Cisco Catalyst Concentrator PMI: 192.168.203.1 6509 141.150.155.80 192.168.42.2 192.168.42.1 Internet 68.38.206.100 192.168.42.3 12.160.179.124 En t er as ys XSR-1850 Avaya IP Te le phone VPN Tunnel Dynam ic-CAC Avaya Analog Phone 64kpbs Avaya Analog Phone Avaya 4600 Series Avaya G650 IP Telephones Media Gateway PSTN ISDN BRI ISDN PRI Figure 1: VPN Failover Configuration JZ; Reviewed: Solution & Interoperability Test Lab Application Notes 2 of 28 GAK 6/27/2005 ©2005 Avaya Inc. All Rights Reserved. G250-VPN-PG.doc 2. Equipment and Software Validated Table 1 below shows the equipment and software versions used in these Application Notes. Equipment Software Avaya Communication Manager Avaya S8500 Media Server 3.0 (load 337.0) Avaya S8300 Media Server (LSP) 3.0 (load 337.0) Avaya G650 Media Gateway IPSI (TN2312AP) HW03 FW012 C-LAN (TN799DP) HW01 FW012 MEDPRO (TN2302AP) HW15 FW102 Avaya G250-BRI Media Gateway 24.11.1 Avaya 4600 Series IP Telephones 2.1.3 Cisco VPN 3000 Concentrator 4.1.7.D Cisco Catalyst 6509 Switch Layer 2 8.3(4) Layer 3 12.1(13)E6 Enterasys XSR-1850 Security Router 7.5.0.0 Table 1: Version Information 3. Configurations IGAR is a single-server feature that provides an alternate bearer path between the Port Networks (PNs) and Gateways (GWs). In order to keep a single-server system, an IP connection must exist between the Avaya Media Server and Avaya PNs/GWs. As shown in Figure 1, the Avaya G250- BRI Media Gateway will register to the Avaya S8300 LSP when there is no IP connection between the Main and Small Offices. Refer to reference [1] on how to configure the Avaya IGAR feature based on Figure 1. Refer to reference [2] for detailed VPN configuration on the Cisco VPN 3000 Concentrator and Enterasys XSR-1850 Security Router. Refer to reference [3] for an alternate generic routing encapsulation (GRE) over IPSec configuration. JZ; Reviewed: Solution & Interoperability Test Lab Application Notes 3 of 28 GAK 6/27/2005 ©2005 Avaya Inc. All Rights Reserved. G250-VPN-PG.doc 3.1 Configure Avaya G250-BRI Media Gateway 3.1.1. Configure IP Routing on the Avaya G250-BRI Media Gateway The following screen shows VLAN configurations of VLAN 202 and 203. The Avaya G250-BRI Media Gateway will use interface VLAN 203 to register to the Media Gateway Controllers (MGC). interface Vlan 202 ip address 192.168.202.1 255.255.255.0 interface Vlan 203 icc-vlan ip address 192.168.203.1 255.255.255.0 pmi In the following screen, an MM340 T1/E1 WAN Media Module on the G250-BRI Media Gateway is connected to the Internet with a public IP address. The module is configured to T1 by default. Channel group 1 is configured with 24 channels. The corresponding Serial interface 2/1:1 is configured to PPP encapsulation. ds-mode t1 controller t1 2/1 linecode b8zs framing esf channel-group 1 timeslots 1-24 speed 64 interface Serial 2/1:1 encapsulation ppp ip address 68.38.206.100 255.255.255.0 In the following screen, two Loopback interfaces and two GRE tunnel interfaces are configured. The tunnel source of tunnel 1 is configured to Loopback 1 and the tunnel source of tunnel 2 is configured to Loopback 2. Since both GRE tunnels terminate on the Cisco 6509 Layer 3 Router, the tunnel destinations must match the Loopback interfaces configured on the Cisco 6509 Layer 3 Router in Section 3.4. The VPN configuration in Section 3.1.3 will associate GRE tunnel 1 with the Cisco VPN 3000 concentrator and GRE tunnel 2 with the Enterasys XSR-1850 Security Router. In the sample configuration, tunnel 1 is configured with 128 kbps for the Dynamic-CAC and tunnel 2 is configured with 64 kbps for the Dynamic-CAC. Avaya Communication Manager will count 27 kbps for each G.729 call. If the G.729 Codec is used between the Main and Small Offices, four VoIP calls will be supported on the VPN tunnel with the Cisco VPN 3000 Concentrator and 2 VoIP calls with the Enterasys XSR-8150 Security JZ; Reviewed: Solution & Interoperability Test Lab Application Notes 4 of 28 GAK 6/27/2005 ©2005 Avaya Inc. All Rights Reserved. G250-VPN-PG.doc Router. The overflow calls will use PSTN facilities. The Tunnel keepalives will be used to tear down the line protocol of the GRE tunnel interface if the far end becomes unreachable. interface Loopback 1 ip address 192.168.204.1 255.255.255.255 exit ! interface Loopback 2 ip address 192.168.204.2 255.255.255.255 exit ! interface Tunnel 1 dynamic-cac 128 keepalive 10 3 tunnel source 192.168.204.1 tunnel destination 192.168.90.1 ip address 10.10.12.1 255.255.255.252 exit ! interface Tunnel 2 dynamic-cac 64 keepalive 10 3 tunnel source 192.168.204.2 tunnel destination 192.168.90.2 ip address 10.10.12.5 255.255.255.252 exit The following screen shows the OSPF and default route configuration. The tunnel interfaces must be included in the OSPF configuration. The default route is configured to the Internet gateway. router ospf network 10.10.12.0 0.0.0.3 area 0.0.0.0 network 10.10.12.4 0.0.0.3 area 0.0.0.0 network 192.168.202.0 0.0.0.255 area 0.0.0.0 network 192.168.203.0 0.0.0.255 area 0.0.0.0 ip default-gateway 68.38.206.1 JZ; Reviewed: Solution & Interoperability Test Lab Application Notes 5 of 28 GAK 6/27/2005 ©2005 Avaya Inc. All Rights Reserved. G250-VPN-PG.doc 3.1.2. Configure RTR and Tracking The Respond Time Report (RTR) is a network performance measure and diagnostics tool that uses active monitoring. The tracking feature provides complete separation between the objects to be tracked and the action to be taken by a client when a tracked object changes. The following commands define two RTRs and two tracking operations. rtr 1 defines an ICMP echo operation for tunnel interface 1 while rtr 2 defines an ICMP echo operation for tunnel interface 2. track 1 is associated with rtr 1 and track 2 is associated with rtr 2. Use the command rtr-schedule rtr- id start-time now life forever to activate the RTR operation. These trackers will be applied to the VPN tunnels in Section 3.1.3 for the VPN DPD. rtr 1 type echo protocol ipIcmpEcho 10.10.12.2 source-address 10.10.12.1 exit rtr-schedule 1 start-time now life forever rtr 2 type echo protocol ipIcmpEcho 10.10.12.6 source-address 10.10.12.5 exit rtr-schedule 2 start-time now life forever ! track 1 rtr 1 exit track 2 rtr 2 exit JZ; Reviewed: Solution & Interoperability Test Lab Application Notes 6 of 28 GAK 6/27/2005 ©2005 Avaya Inc.
Load more

Recommended publications
  • List of TCP and UDP Port Numbers - Wikipedia, the Free Encyclopedia 6/12/11 3:20 PM
    List of TCP and UDP port numbers - Wikipedia, the free encyclopedia 6/12/11 3:20 PM List of TCP and UDP port numbers From Wikipedia, the free encyclopedia (Redirected from TCP and UDP port numbers) This is a list of Internet socket port numbers used by protocols of the Transport Layer of the Internet Protocol Suite for the establishment of host-to-host communications. Originally, these port numbers were used by the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP), but are used also for the Stream Control Transmission Protocol (SCTP), and the Datagram Congestion Control Protocol (DCCP). SCTP and DCCP services usually use a port number that matches the service of the corresponding TCP or UDP implementation if they exist. The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses.[1] However, many unofficial uses of both well-known and registered port numbers occur in practice. Contents 1 Table legend 2 Well-known ports: 0–1023 3 Registered ports: 1024–49151 4 Dynamic, private or ephemeral ports: 49152–65535 5 See also 6 References 7 External links Table legend Color coding of table entries Official Port/application combination is registered with IANA Unofficial Port/application combination is not registered with IANA Conflict Port is in use for multiple applications (may be official or unofficial) Well-known ports: 0–1023 The port numbers in the range from 0 to 1023 are the well-known ports. They are used by system processes that provide widely-used types of network services.
    [Show full text]
  • Edition with Romkey, April 16, 1986 (PDF)
    PC/IP User's Guide MASSACHUSETTS INSTITUTE OF TECHNOLOGY Laboratory For Computer Science Network programs based on the DoD Internet Protocol for the mM Personal Computer PC/~ release or March, 1986; document updated Aprill4, 1986 by: Jerome H. Saltzer John L. Romkey .• Copyright 1984, 1985, 1986 by the Massachusetts Institute or Technology Permission to use, copy, modlt'y, and distribute these programs and their documentation ror any purpose and without ree ls hereby granted, provided that this copyright and permission notice appear on all copies and supporting documentation, the name or M.I.T. not be used in advertising or publlclty pertalnlng to dlstrlbutlon or the programs without written prior permission, and notice be glven in supporting documentation that copying and distribution ls by permlsslon or M.I.T. M.I.T. makes no representations about the suitablllty or this software for any purpose. It is provided "as ls" without express or Implied warranty. - ii - CREDITS The PC/IP packages are bullt on the work of many people in the TCP/IP community, both at M.I.T. and elsewhere. Following are some of the people who directly helped in the creation of the packages. Network environment-John L. Romkey Terminal emulator and customizer-David A. Bridgham Inltlal TFTP-Kari D. Wright Inltlal telnet-Louls J. Konopelskl Teinet model-David D. Clark Tasking package-Larry W. Allen Development system-Christopher J. Terman Development environment-Wayne C. Gramlich Administrative Assistant-Muriel Webber October 3, 1985. This document is in cover .mss - iii- - iv Table of Contents 1. Overview of PC/IP network programs 1 1.1.
    [Show full text]
  • List of TCP and UDP Port Numbers from Wikipedia, the Free Encyclopedia
    List of TCP and UDP port numbers From Wikipedia, the free encyclopedia This is a list of Internet socket port numbers used by protocols of the transport layer of the Internet Protocol Suite for the establishment of host-to-host connectivity. Originally, port numbers were used by the Network Control Program (NCP) in the ARPANET for which two ports were required for half- duplex transmission. Later, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) needed only one port for full- duplex, bidirectional traffic. The even-numbered ports were not used, and this resulted in some even numbers in the well-known port number /etc/services, a service name range being unassigned. The Stream Control Transmission Protocol database file on Unix-like operating (SCTP) and the Datagram Congestion Control Protocol (DCCP) also systems.[1][2][3][4] use port numbers. They usually use port numbers that match the services of the corresponding TCP or UDP implementation, if they exist. The Internet Assigned Numbers Authority (IANA) is responsible for maintaining the official assignments of port numbers for specific uses.[5] However, many unofficial uses of both well-known and registered port numbers occur in practice. Contents 1 Table legend 2 Well-known ports 3 Registered ports 4 Dynamic, private or ephemeral ports 5 See also 6 References 7 External links Table legend Official: Port is registered with IANA for the application.[5] Unofficial: Port is not registered with IANA for the application. Multiple use: Multiple applications are known to use this port. Well-known ports The port numbers in the range from 0 to 1023 are the well-known ports or system ports.[6] They are used by system processes that provide widely used types of network services.
    [Show full text]
  • TCP/IP Explained
    TCP/IP Explained PHILIP MILLER DIGITAL PRESS Boston Oxford Johannesburg Melbourne New Delhi Singapore Table of Contents Preface xvii Chapter 1 - Introduction 1 1.1 What is TCP/IP? 1 1.1.1 A Brief History of TCP/IP 2 1.1.2 The Internet Protocol Suite 3 1.2 The Internet 5 1.2.1 The Growth of the Internet 6 1.3 Summary 9 Chapter 2 - Standardization 11 2.1 The Internet Architecture Board 11 2.1.1 The Internet Engineering Task Force 12 2.1.2 The Internet Research Task Force 13 2.2 Internet Protocol Standards 13 2.2.1 Protocol States 14 2.2.2 Protocol Status 16 2.2.3 The Request For Comments (RFC) 16 2.3 Internet Protocol Architecture 17 2.3.1 The Open Systems Interconnection (OSI) Model 18 2.3.2 The OSI Model and LANs 20 2.3.3 The Internet Protocol Suite Model 23 2.4 A Comparison of Major Architectures 25 2.5 Summary 26 Chapter 3 - An Overview of Network Technologies and Relay Systems 27 3.1 Ethernet and IEEE 802.3 27 3.1.1 802.3 Specifications 27 3.1.2 Ethernet/802.3 Frame Structure 30 3.1.3 Ethernet/802.3 Operation 32 3.2 Token Ring 33 3.2.1 802.5 Specifications 34 3.2.2 802.5 Frame Structure 36 3.2.3 802.5 Operation 38 3.3 Fibre Distributed Data Interface (FDDI) 39 3.3.1 FDDI Specifications 41 3.3.2 FDDI Frame Structure 42 3.3.3 FDDI Operation 43 3.4 Relay Systems 43 3.4.1 Repeaters 44 3.4.2 Bridges 45 3.5 WAN Links 50 3.6 Summary 51 Chapter 4 - Internet Addressing 53 4.1 The Need for an Addressing Scheme 53 4.2 Internet Addressing 54 4.2.1 Dotted Decimal Notation 55 4.2.2 Identifying IP Addresses and Rules 56 4.2.3 Choosing the Right Addressing
    [Show full text]
  • Network Working Group J. Postel Request for Comments: 840 ISI April 1983
    Network Working Group J. Postel Request for Comments: 840 ISI April 1983 Official Protocols This RFC identifies the documents specifying the official protocols used in the Internet. Annotations identify any revisions or changes planned. To first order, the official protocols are those in the Internet Protocol Transition Workbook (IPTW) dated March 1982. There are several protocols in use that are not in the IPTW. A few of the protocols in the IPTW have been revised these are noted here. In particular, the mail protocols have been revised and issued as a volume titled "Internet Mail Protocols" dated November 1982. There is a volume of protocol related information called the Internet Protocol Implementers Guide (IPIG) dated August 1982. A few of the protocols (in particular the Telnet Options) have not been revised for many years, these are found in the old ARPANET Protocol Handbook (APH) dated January 1978. This document is organized as a sketchy outline. The entries are protocols (e.g., Transmission Control Protocol). In each entry there are notes on status, specification, comments, other references, dependencies, and contact. The status is one of: required, recommended, elective, or experimental. The specification identifies the protocol defining documents. The comments describe any differences from the specification or problems with the protocol. The other references identify documents that comment on or expand on the protocol. The dependencies indicate what other protocols are called upon by this protocol. The contact indicates a person
    [Show full text]
  • ECHO Through EXEC
    ECHO through EXEC • ECHO, page 3 • EDONKEY-STATIC, page 4 • EDONKEY, page 5 • EGP, page 6 • EIGRP, page 7 • ELCSD, page 8 • EMBL-NDT, page 9 • EMCON, page 10 • EMFIS-CNTL, page 11 • EMFIS-DATA, page 12 • ENCAP, page 13 • ENCRYPTED-BITTORRENT, page 14 • ENCRYPTED-EMULE, page 15 • ENTOMB, page 16 • ENTRUST-AAAS, page 17 • ENTRUST-AAMS, page 18 • ENTRUST-ASH, page 19 • ENTRUST-KMSH, page 20 • ENTRUST-SPS, page 21 • EPMAP, page 22 • ERPC, page 23 • ESCP-IP, page 24 • ESIGNAL, page 25 • ESPN-BROWSING, page 26 NBAR2 Protocol Pack 7.0.0 1 ECHO through EXEC • ESPN-VIDEO, page 27 • ESRO-EMSDP, page 28 • ESRO-GEN, page 29 • ETHERIP, page 30 • EUDORA-SET, page 31 • EXCHANGE, page 32 • EXEC, page 33 NBAR2 Protocol Pack 7.0.0 2 ECHO through EXEC ECHO ECHO Name/CLI Keyword echo Full Name Echo Protocol Description Echo is a protocol that is used for debugging and measurement. It works by sending back all the data that was received from the source. The protocol works on TCP and UDP, typically on port 7. Reference http://www.faqs.org/rfcs/rfc862.html Global ID L4:7 ID 101 Known Mappings UDP Port 7 TCP Port 7 IP Protocol - IP Version IPv4 Support Yes IPv6 Support Yes Application Group other Category net-admin Sub Category network-management P2P Technology No Encrypted No Tunnel No Underlying Protocols - NBAR2 Protocol Pack 7.0.0 3 ECHO through EXEC EDONKEY-STATIC EDONKEY-STATIC Name/CLI Keyword edonkey-static Full Name eDonkey Description eDonkey is peer-to-peer file sharing adopted to share large files.
    [Show full text]
  • VPN Ipsec Tunnels with Cisco ASA/Asav VTI on Oracle Cloud Infrastructure
    Deploying VPN IPSec Tunnels with Cisco ASA/ASAv VTI on Oracle Cloud Infrastructure O R A C L E SOLUTION GUIDE | M A R C H 2 0 1 8 | VERSION 1.1 Table of Contents Overview 4 Scope and Assumptions 4 VPN IPSec Tunnel Concepts 5 CPE Configuration 5 General Requirements for Connecting to the Oracle Cloud Infrastructure DRG via IPSec 6 Establish the IKE Security Association Using Pre-Shared Keys 6 Establish the IPSec Security Association 6 Use AES 256-Bit Encryption 6 Use the SHA-1 or SHA-256 Hashing Function 6 Use Diffie-Hellman with Perfect Forward Secrecy 7 IPSec Dead Peer Detection 7 Bind Tunnel to Logical Interface (Route-Based VPN) 7 Fragment IP Packets Before Encryption 8 Recommendations for TCP Maximum Segment Size and DF Flags 8 Data Lifetime Rekey Interval 9 VPN IPSec Tunnels on Oracle Cloud Infrastructure 9 Key Components of VPN IPSec Tunnels on OCI 10 Access Requirements for VPN IPSec Tunnels Configuration 13 Configure the VPN IPSec 14 Step 1: Create a VCN 15 Step 2: Create the DRG 16 Step 3: Attach the DRG to the VCN 17 Step 4: Modify the Default Route Table for the VCN 17 Step 6: Edit the Default Security List for the Subnet 18 2 | DEPLOYING VPN IPSEC TUNNELS WITH CISCO ASA/ASAV VTI ON ORACLE CLOUD INFRASTRUCTURE Step 7: Create a Subnet 19 Step 8: Create a CPE Object 21 Step 9: Create an IPSec Tunnel Between the DRG and CPE 22 Step 10: Verify the IPSec Tunnels 23 Summary 24 Configure the ASA/ASAv On-Premises Device 25 Step 1: Note All the Values Used in the ASA/ASAv Configuration 25 Step 2: Configure the IKE and IPSec Policy and IPSec Profile 26 Step 3: Set Up Some IPSec and Tunnel Friendly Parameters 27 Step 4: Configure the Tunnel Group 28 Step 5: Configure the VTI 28 Step 6: Configure the Static Routes 29 Step 7: Verify That the Tunnels Are Up on Oracle Cloud Infrastructure 31 Sample ASA/ASAv Configuration File from this Document 31 Conclusion 33 3 | DEPLOYING VPN IPSEC TUNNELS WITH CISCO ASA/ASAV VTI ON ORACLE CLOUD INFRASTRUCTURE Overview This guide provides step-by-step instructions for configuring VPN IPSec tunnels on Oracle Cloud Infrastructure.
    [Show full text]
  • Official 2 TCP UDP Compr
    Port TCP UDP Description Status 0 UDP Reserved Official 1 TCP UDP TCP Port Service Multiplexer (TCPMUX) Official 2 TCP UDP CompressNET[2] Management Utility[3] Official 3 TCP UDP CompressNET[2] Compression Process[4] Official 4 TCP UDP Unassigned Official 5 TCP UDP Remote Job Entry Official 7 TCP UDP Echo Protocol Official 8 TCP UDP Unassigned Official 9 TCP UDP Discard Protocol Official 9 UDP Wake-on-LAN Unofficial 10 TCP UDP Unassigned Official 11 TCP UDP Active Users (systat service)[5][6] Official 12 TCP UDP Unassigned Official 13 TCP UDP Daytime Protocol (RFC 867) Official 14 TCP UDP Unassigned Official 15 TCP UDP Previously netstat service[5] Unofficial 16 TCP UDP Unassigned Official 17 TCP UDP Quote of the Day Official 18 TCP UDP Message Send Protocol Official 19 TCP UDP Character Generator Protocol (CHARGEN) Official 20 TCP UDP FTP data transfer Official 21 TCP FTP control (command) Official 22 TCP UDP Secure Shell (SSH) — used for secure logins, file Officialtransfers (scp, sftp) and port forwarding 23 TCP UDP Telnet protocol—unencrypted text communicationsOfficial 24 TCP UDP Priv-mail : any private mail system. Official 25 TCP Simple Mail Transfer Protocol (SMTP)—used forOfficial e-mail routing between mail servers 26 TCP UDP Unassigned Official 27 TCP UDP NSW User System FE Official 29 TCP UDP MSG ICP Official 33 TCP UDP Display Support Protocol Official 35 TCP UDP Any private printer server protocol Official 37 TCP UDP TIME protocol Official 39 TCP UDP Resource Location Protocol*7+ (RLP)—used for determiningOfficial the location
    [Show full text]
  • The Definitive Guide to HTML5 Websocket // Example Websocket Server
    For your convenience Apress has placed some of the front matter material after the index. Please use the Bookmarks and Contents at a Glance links to access them. Contents at a Glance Foreword ���������������������������������������������������������������������������������������� xiii About the Authors ���������������������������������������������������������������������������� xv About the Technical Reviewer ������������������������������������������������������� xvii Acknowledgments �������������������������������������������������������������������������� xix ■ Chapter 1: Introduction to HTML5 WebSocket �������������������������������� 1 ■ Chapter 2: The WebSocket API ����������������������������������������������������� 13 ■ Chapter 3: The WebSocket Protocol ��������������������������������������������� 33 ■ Chapter 4: Building Instant Messaging and Chat over WebSocket with XMPP ��������������������������������������������������������� 61 ■ Chapter 5: Using Messaging over WebSocket with STOMP ���������� 85 ■ Chapter 6: VNC with the Remote Framebuffer Protocol ������������� 109 ■ Chapter 7: WebSocket Security �������������������������������������������������� 129 ■ Chapter 8: Deployment Considerations �������������������������������������� 149 ■ Appendix A: Inspecting WebSocket Traffic ��������������������������������� 163 ■ Appendix B: WebSocket Resources �������������������������������������������� 177 Index ���������������������������������������������������������������������������������������������� 183 v CHAPTER 1 Introduction
    [Show full text]
  • Scalable Remote Measurement of Application-Layer Censorship
    Quack: Scalable Remote Measurement of Application-Layer Censorship Benjamin VanderSloot, Allison McDonald, Will Scott, J. Alex Halderman, and Roya Ensafi University of Michigan {benvds, amcdon, willscott, jhalderm, ensafi}@umich.edu Abstract under repressive or secretive government controls, coop- erating with security researchers has substantial risks. Remote censorship measurement tools can now detect An emerging body of work addresses these problems DNS- and IP-based blocking at global scale. However, by using existing protocols and infrastructure to remotely a major unmonitored form of interference is blocking measure network interference. Such approaches have triggered by deep packet inspection of application-layer been effective in measuring DNS poisoning [35,41] and data. We close this gap by introducing Quack, a scalable, for detecting interference in TCP/IP-connectivity between remote measurement system that can efficiently detect remote machines [17,34]. There has not yet been a global, application-layer interference. remote method for detecting another broadly deployed We show that Quack can effectively detect application- censorship technique: application-layer censorship. layer blocking triggered on HTTP and TLS headers, and Application-layer censorship has become increasingly it is flexible enough to support many other diverse pro- important with the rise of content delivery networks tocols. In experiments, we test for blocking across 4458 (CDNs). CDNs use a small number of network entry- autonomous systems, an order of magnitude larger than points for a large number of customers, resulting in siz- provided by country probes used by OONI over a one able collateral damage to IP-based blocking techniques. week span. We also test a corpus of 100,000 keywords When an adversary wishes to block some, but not all, of from vantage points in 40 countries to produce detailed these sites, they must look into the content of requests national blocklists.
    [Show full text]
  • Implementing Host Services and Applications
    Implementing Host Services and Applications Cisco IOS XR software Host Services and Applications features on the router are used primarily for checking network connectivity and the route a packet follows to reach a destination, mapping a hostname to an IP address or an IP address to a hostname, and transferring files between routers and UNIX workstations. Note For a complete description of host services and applications commands listed in this module, refer to the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference publication. Feature History for Implementing Host Services and Applications Release Modification Release This feature was introduced. 3.7.2 • Prerequisites for Implementing Host Services and Applications , on page 1 • Information About Implementing Host Services and Applications , on page 2 • How to Implement Host Services and Applications , on page 5 • Configuring syslog source-interface, on page 14 • IPv6 Support for IP SLA ICMP Echo Operation, on page 15 • Configuration Examples for Implementing Host Services and Applications , on page 17 • Additional References, on page 19 Prerequisites for Implementing Host Services and Applications The following prerequisites are required to implement Cisco IOS XR software Host Services and applications • You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command,
    [Show full text]
  • Configuring IP Slas UDP Echo Operations
    Configuring IP SLAs UDP Echo Operations This module describes how to configure an IP Service Level Agreements (SLAs) User Datagram Protocol (UDP) Echo operation to monitor end-to-end response time between a Cisco device and devices using IPv4 or IPv6. UDP echo accuracy is enhanced by using the Cisco IP SLAs Responder at the destination Cisco device. This module also demonstrates how the results of the UDP echo operation can be displayed and analyzed to determine how a UDP application is performing. • Finding Feature Information, page 1 • Restrictions for IP SLAs UDP Echo Operations, page 1 • Information About IP SLAs UDP Echo Operations, page 2 • How to Configure IP SLAs UDP Echo Operations, page 3 • Configuration Examples for IP SLAs UDP Echo Operations, page 12 • Additional References, page 12 • Feature Information for the IP SLAs UDP Echo Operation, page 13 Finding Feature Information Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. Restrictions for IP SLAs UDP Echo Operations We recommend using a Cisco networking device as the destination device, although any networking device that supports RFC 862, Echo Protocol , can be used.
    [Show full text]