DOCSLIB.ORG

Businesscom Sentinel PF Operating System Handbook

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

BusinessCom Sentinel PF Operating System Handbook BusinessCom Networks Limited Glacis Road, Portland House, Suite 2 Gibralter, GX11 1AA December 2014, Revision D Copyright 2013-2014 BusinessCom Networks Limited Glacis Road, Portland House, Suite 2, Gibralter, GX11 1AA All rights reserved. BusinessCom Networks Limited has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents or pending patent applications in the U.S. and in other countries. Portions Copyright © 2005 - 2013 Peter N. M. Hansteen, Portions Copyright © 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 The FreeBSD Documentation Project. Portions Copyright © Wikipedia. Portions Copyright © OpenVPN Technologies, Inc. U.S. Government Rights – Commercial software. Government users are subject to the BusinessCom Networks Limited standard license agreement and applicable provisions of the FAR and its supplements. This distribution may include materials developed by third parties. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Intel is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. Intel Inside is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. NVIDIA is a trademark or registered trademark of NVIDIA Corporation or its subsidiaries in the United States and other countries. LSI is a trademark or registered trademark of LSI Corporation or its subsidiaries in the United States and other countries. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this document, and the FreeBSD Project was aware of the trademark claim, the designations have been followed by the “™” or the “®” symbol. FreeBSD is a registered trademark of the FreeBSD Foundation. Heidelberg, Helvetica, Palatino, and Times Roman are either registered trademarks or trademarks of Heidelberger Druckmaschinen AG in the U.S. and other countries. IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and Electronics Engineers, Inc. in the United States. Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Linux is a registered trademark of Linus Torvalds. Motif, OSF/1, and UNIX are registered trademarks and IT DialTone and The Open Group are trademarks of The Open Group in the United States and other countries. SAP, R/3, and mySAP are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. Products covered by and information contained in this publication are controlled by U.S. Export Control laws and may be subject to the export or import laws in other countries. Nuclear, missile, chemical or biological weapons or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited. Export or reexport to countries subject to U.S. embargo or to entities identified on U.S. export exclusion lists, including, but not limited to, the denied persons and specially designated nationals lists is strictly prohibited. THIS DOCUMENTATION IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BUSINESSCOM NETWORKS LIMITED BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Do not discard electronic products in household trash. All waste electronics equipment should be recycled according to local regulations. Information for the recycler: Please cut off Lithium battery, if present, for separate recycling. ` Contents Preface 11 Typographic Conventions 11 Naming Conventions 11 About Sentinel PF 12 Deployment 12 Deployment: Branch Office 13 Deployment: Wireless ISP 14 Customer Service 15 BusinessCom Welcomes Your Comments 15 Warranty Policy 15 Limitations of Warranty 16 Exclusive Remedies 16 Electrical Safety 17 Change History 18 Installation Overview 20 Process Flow 20 Required Experience 21 Required Equipment and Software 21 Blackbird and Westwind: Checking Package Contents 22 D2, D2W and Sentinel 3: Checking Package Contents 22 Precautions 22 Physical Connections 23 Blackbird and Westwind: Front Panel 23 Blackbird and Westwind: Motherboard 24 Blackbird: LAN and WAN Ethernet Ports 24 Westwind: LAN and WAN Ethernet Ports 25 Blackbird and Westwind: Ethernet Indicator Lights 26 D2, D2W: Rear Panel Motherboard 27 Sentinel 3: Rear Panel Motherboard 28 Powering Sentinel On and Off 29 To Power On Sentinel 29 To Power Off Sentinel 29 Command Line Interface 30 Introduction to CLI 30 CLI Prompt 31 CLI Functionality Overview 31 Logout (SSH Only) 32 Assign Interfaces 32 To Assign Interfaces 33 Set Interface(s) IP Address 34 To Set Interface IP Address 34 Reset GUI Password/Reset To Factory Defaults 34 To Reset Sentinel 34 Ping host 35 CLI 35 View Network Connections 36 To Show Connections With Most Packet Rate 38 To Show Connections With Most Traffic 38 To Show Oldest Connections 38 Filter Logs 38 Restart GUI 38 Web GUI 39 Introduction to Web GUI 39 To Connect to Web GUI 39 Initial Configuration Steps 41 First Steps 41 Web GUI: System 42 Cert Manager 42 To Create New Certificate Authority (CA) 42 To Create New User or Server Certificate 43 General Setup 44 Packages 45 Routing 47 To Add New Gateway 47 To Add New Static Route 48 To Create New Gateway Group 49 User Manager 49 To Create New User 50 To Create New Group 50 To Assign Priveledges To A Group 51 To Use LDAP or RADIUS As Authentication 51 Web GUI: Interfaces 52 (assign) 52 To Create Interface Group 52 To Use Sentinel As WPA Access Point 54 To Use Sentinel As WPA Client 55 To Create a VLAN 56 To Create QinQ Interface 57 To Create PPP Interface 58 To Create GRE Tunnel 59 To Create GIF Tunnel 60 To Create Bridge 61 LAN, WAN, OPT1 and Other Interface Menus 65 Web GUI: Firewall 67 Aliases 67 To Create Alias 67 NAT 68 Rules 72 To Create Firewall Rule 74 To Move Rule 74 Schedules 78 To Create Schedule 79 Traffic Shaper 80 To Create Limiter 89 Use Limiters To Prioritize LAN Users 91 To Shape Traffic via Layer 7 93 Virtual IPs 95 Web GUI: Services 97 To Show Bandwidth Chart For Individual IP 98 Captive Portal 100 To Start Using Vouchers In Your LAN 106 DHCP Relay and DHCPv6 Relay 107 To Enable DHCP Relay 107 DHCP Server and DHCPv6 Server/RA 107 To Add Static Mapping 109 DNS Forwarder 110 To Enable DNS Forwarder 110 To Add DNS Host Override 111 To Add DNS Domain Override 111 Dynamic DNS 112 To Use Dynamic DNS 112 IGMP Proxy 113 To Enable IGMP Proxy 113 Load Balancer 114 To Create Internal Server Pool 115 To Create Virtual Server 115 NTP 116 OLSR 116 For Transparent PEP HTTP Redirect 118 PPPoE Server 119 For PEP Acceleration with HTTP Proxy Cache 129 RIP 132 SNMP 132 To Enable SNMP Daemon 134 To Create New NIDS Suppress List 137 To Edit NIDS Suppress List 137 UPnP & NAT-PMP 145 Wake on LAN 146 Web GUI: VPN 147 IPSec 147 L2TP 151 OpenVPN 152 PPTP 157 Web GUI: Status 159 CARP (failover) 159 Dashboard 159 DHCP Leases and DHCPv6 Leases 159 Filter Reload 159 Gateways 159 Interfaces 160 IPSec 160 Load Balancer 161 Network Monitor 161 NTP 161 OpenVPN 161 Package Logs 161 Queues 162 RRD Graphs 163 Services 163 System Logs 163 Traffic Graph 164 UPnP & NAT-PMP Status 164 Web GUI: Diagnostics 165 ARP Table 165 Authentication 165 Backup/Restore 166 To Backup Current Configuration 166 To Restore Configuration From File 166 To View Changes Between Configurations 167 Command Prompt 167 DNS Lookup 167 Edit File 167 Factory Defaults 168 To Reset Sentinel 168 Halt System 168 Limiter Info 168 Packet Capture 168 pfInfo 169 pfTop 170 Ping 170 Reboot 170 Routes 170 SMART Status 171 States 172 States Summary 173 System Activity 174 Tables 174 Traceroute 174 NanoBSD 174 NDP Table 174 Sockets 174 Test Port 175 Redundancy 176 Sentinel Redundancy Overview 176 Example CARP Redundant Configuration 177 Redundancy Configuration Example 178 Multiple WAN Connections 181 Mutli-WAN Environment 181 Example Redundant Multi-WAN Configuration 182 State Filter Expressions 183 Netmask/CIDR Translation Table 185 Factory Default Settings 186 Additional Support 187 DiffServ Classification & Marking 188 NIDS Incidents Classification 190 Sentinel D2 RS-232 Console Cable 195 Troubleshooting 196 Boot 196 Run-Time 196 Services 197 Preface The BusinessCom Sentinel PF Operating System Handbook provides instructions for network administrators and field engineers deploying Sentinel PF operating system based hardware servers (Sentinel thereafter); as well as any other personnel involved into the installation,operation or monitoring of networks featuring Sentinel. Typographic Conventions The following table describes the typographic conventions that are used in this book. TABLE P–1 Typographic Conventions Typeface Meaning Example AaBbCc123 The names of commands, files, and directories, and onscreen computer output Edit your .login file. AaBbCc123 What you type, contrasted with onscreen computer output machine_name% su aabbcc123 Placeholder: replace with a real name or value The command to remove a file is rm filename.
Recommended publications
  • MPLS-Based Metro Ethernet Networks a Tutorial • Paresh Khatri • 2018

    MPLS-Based Metro Ethernet Networks a Tutorial • Paresh Khatri • 2018

    MPLS-based Metro Ethernet Networks A tutorial • Paresh Khatri • 2018 1 © Nokia 2017 Public Agenda 1. Introduction 2. Introduction to Metro Ethernet Services 3. Traditional Metro Ethernet networks 4. Delivering Ethernet over MPLS 5. Summary 6. Questions 2 © Nokia 2017 Public introduction 3 © Nokia 2017 Public Introduction • Paresh Khatri ([email protected]) - Chief Architect – IP Routing & Transport APAC, Alcatel-Lucent • Key focus areas: - End-to-end network architectures - SDN/NFV - Large-scale IP/MPLS networks - L2/L3 VPNs - Carrier Ethernet - Next-generation mobile backhaul networks • Acknowledgements: - Some figures and text are provided courtesy of the Metro Ethernet Forum (MEF) 4 © Nokia 2017 Public introduction to metro ethernet services 5 © Nokia 2017 Public AGenda 2. Introduction to Metro Ethernet Services a) Why Metro Ethernet ? b) Attributes of Carrier Ethernet c) Carrier Ethernet Services defined by the MEF 6 © Nokia 2017 Public 2.1 Why Metro Ethernet ? 7 © Nokia 2017 Public Introduction to Metro Ethernet Services What is Metro Ethernet ? “… generally defined as the network that bridges or connects geographically separated enterprise LANs while also connecting across the WAN or backbone networks that are generally owned by service providers. The Metro Ethernet Networks provide connectivity services across Metro geography utilising Ethernet as the core protocol and enabling broadband applications” from “Metro Ethernet Networks – A Technical Overview” from the Metro Ethernet Forum 8 © Nokia 2017 Public Introduction to Metro
  • Generating Synthetic Voip Traffic for Analyzing Redundant Openbsd

    Generating Synthetic Voip Traffic for Analyzing Redundant Openbsd

    UNIVERSITY OF OSLO Department of Informatics Generating Synthetic VoIP Traffic for Analyzing Redundant OpenBSD-Firewalls Master Thesis Maurice David Woernhard May 23, 2006 Generating Synthetic VoIP Traffic for Analyzing Redundant OpenBSD-Firewalls Maurice David Woernhard May 23, 2006 Abstract Voice over IP, short VoIP, is among the fastest growing broadband technologies in the private and commercial sector. Compared to the Plain Old Telephone System (POTS), Internet telephony has reduced availability, measured in uptime guarantees per a given time period. This thesis makes a contribution towards proper quantitative statements about network availability when using two redun- dant, state synchronized computers, acting as firewalls between the Internet (WAN) and the local area network (LAN). First, methods for generating adequate VoIP traffic volumes for loading a Gigabit Ethernet link are examined, with the goal of using a minimal set of hardware, namely one regular desktop computer. pktgen, the Linux kernel UDP packet generator, was chosen for generating synthetic/artificial traffic, reflecting the common VoIP packet characteristics packet size, changing sender and receiver address, as well as typical UDP-port usage. pktgen’s three main parameters influencing the generation rate are fixed inter-packet delay, packet size and total packet count. It was sought to relate these to more user-friendly val- ues of amount of simultaneous calls, voice codec employed and call duration. The proposed method fails to model VoIP traffic accurately, mostly due to the cur- rently unstable nature of pktgen. However, it is suited for generating enough packets for testing the firewalls. Second, the traffic forwarding limit and failover behavior of the redun- dant, state-synchronized firewalls was examined.
  • Navigating Network Migration Challenges: Upgrade Your 1GE

    Navigating Network Migration Challenges: Upgrade Your 1GE

    Navigating Network Migration Challenges: Upgrade Your 1GE Metro Ethernet Access Network to 10GE A White Paper from Telco Systems Upgrade Your 1GE Metro Ethernet Access Network to 10GE | 2 Intoduction Many businesses and service providers are migrating from • Service providers are finding it more difficult to live up to 1GE to 10GE networks as they attempt to avoid the obstacles their customers’ service level agreements (SLA) to presented by heavy bandwidth, while leveraging the benefits provide multiple services, which require more bandwidth that 10GE networking has to offer. The requirement for • Generating more revenue within the current limits of a more bandwidth has become a constant battle. As internet 1Gig network usage continues to increase with the popularity of data and streaming services, so does the demand for more bandwidth. As the gap between service revenues and the demand for From education (homework, e-learning, campus networks), higher bandwidth grows, providers are looking for ways to finance (online banking, stock trading, bill pay), and business better control their expenses while offering higher bandwidth purposes (company intranets, remote workers), to social media and more services to more customers. With the increasing (Facebook, Instagram, Twitter, Snapchat), political (campaigns demand for more bandwidth with OTT (over-the-top) and outreach) and personal purposes, data requirements applications like video streaming, Hulu, Netflix, and Amazon continue to rise – quicker than service providers can react. Prime becoming more popular, 1GE networks aren’t going to cut it anymore. In support of these activities, service providers are being driven to enhance their network capacities in their business Ethernet, To conquer these challenges, enterprises and service mobile backhaul, E-Rate, cloud networking, and SDN & NFV providers are migrating their 1GE networks to 10GE.
  • Chapter 6: General Design Considerations

    Chapter 6: General Design Considerations

    ch01i.book Page 194 Friday, March 26, 2004 10:08 AM This chapter covers the following topics: • Physical Security Issues • Layer 2 Security Considerations • IP Addressing Design Considerations • ICMP Design Considerations • Routing Considerations • Transport Protocol Design Considerations • DoS Design Considerations ch01i.book Page 195 Friday, March 26, 2004 10:08 AM C H A P T E R 6 General Design Considerations Many things difficult to design prove easy to performance. —Samuel Johnson, Rasselas: The History of Rasselas, Prince of Abissinia, 1759 A good scientist is a person with original ideas. A good engineer is a person who makes a design that works with as few original ideas as possible. There are no prima donnas in engineering. —Freeman Dyson, Physicist, Disturbing the Universe, 1979 At the beginning of any secure network design project, many best practices apply more or less uniformly to all areas of the design. This chapter presents these practices in a single location and then draws on them throughout the rest of the book. The designs presented in Chapter 13, “Edge Security Design,” Chapter 14, “Campus Security Design,” and Chapter 15, “Teleworker Security Design,” are based on many of the concepts described here and in the companion chapters (Chapters 7–11), which detail specific design considerations for certain technologies. The topics are presented in loose compliance with the seven-layer OSI model and, as such, cover a diverse set of topics. Chapter 1, “Network Security Axioms,” presented the security axioms; this chapter translates them into actionable guidance for secure network design. Physical Security Issues One common security truism is “Once you have physical access to a box, all bets are off.” This is a good beginning assumption for this section.
  • Enterprise Ipv6 Deployment

    Enterprise Ipv6 Deployment

    Enterprise IPv6 Deployment Tim Martin CCIE #2020 BRKRST-2301 @bckcntryskr Agenda • General Design • Host Configuration • Access Layer • Routing Protocols • Data Center • WAN Deployment • Internet Edge • Conclusion Enterprise IPv6 Guidance • RFC 7381 enterprise IPv6 guidelines • Updated white paper – Cisco.com • No major change to 2/3 tier architecture Access Distribution Si Core Distribution Access WAN Data Center Internet BRKRST-2301 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Global Address Assignment • Provider Allocated (PA) PA PI • From your ISP, single homed 2000::/3 2000::/3 • /48 - /60 IANA • Provider Independent (PI) Registries • Multi home, Multi provider /12 /12 RIR • /32 - /48 /32 • Local Internet Registry (LIR) ISP Org /32 /48 • Regional registry member • Acquire & manage space Level Four /48 • /29 - /32 Entity Subordinate /48 BRKRST-2301 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Multinational Model • PA or PI from each region you operate in • Coordination of advertised space within each RIR • Most run PI from primary region as an LIR 2a00:0000::/12 2600:0000::/12 2400:0000::/12 2c00:0000::/12 2800:0000::/12 BRKRST-2301 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Prefix Length Considerations • Anywhere a host exists /64 Hosts /64 • RFC 7421, rational for /64 Core /64 or /127 • Point to Point /127 • RFC 6164, cache exhaustion Pt 2 Pt • Reserve a /64, configure a /127 /127 Servers • Loopback or Anycast /128 /64 Loopback /128 Hosts /64 BRKRST-2301
  • T-Metro 200 Carrier Ethernet Multi-Service Ces Aggregation

    T-Metro 200 Carrier Ethernet Multi-Service Ces Aggregation

    T-Metro 200 carrier ethernet multi-service ces aggregation The T-Metro 200 is a feature-rich multiservice access device designed to increase service provider revenues and deliver a complete portfolio of voice, data and video services. The T-Metro family of products supports a wide variety of technologies including Ethernet, circuit emulation services (CES), MPLS, OAM (operations, administration and maintenance) tools and hierarchical quality of service (HQoS). This rich combination of technologies PRODUCT HIGHLIGHTS allows service providers to deliver an enhanced service offering while Enhanced Ethernet services, maintaining competitive pricing. features and capabilities The T-Metro 200 provides access to advanced data services such as virtual – 802.1ad provider bridges for Ethernet private LAN services (VPLS), virtual private wire services (VPWS) and IP virtual based L2VPN services private network (IP-VPN) services. In addition, the T-Metro product line enables – Super VLAN for traffic isolation service providers to carry native TDM traffic transparently across packet – Fast-Ring with sub 50ms recovery switched networks (PSN), using various circuit emulation techniques. The TDM traffic is encapsulated in Ethernet or IP frames to emulate the functionality of a – IEEE 802.3ad link aggregation TDM circuit, ensuring that all original feature-sets are preserved. Circuit Emulation Services deliver traditional voice or leased line Designed for Metro Ethernet Services services Convergence of voice, data and video services over a single Ethernet-based – Structured agnostic traffic over infrastructure is transforming the way enterprises and service providers packet (SAToP) conduct their businesses. The T-Metro 200’s versatility, advanced feature-set, – CES over packet switched networks wire speed performance and robust design makes it an ideal convergence (CESoPSN) platform for metro applications, either in a bridged metro Ethernet or MPLS – T1/E1; DS3/T3, OC-3/STM-1 environment.
  • ISP Column an Occasional Column on Things Internet

    ISP Column an Occasional Column on Things Internet

    The ISP Column An occasional column on things Internet Hunting the Bogon May 2004 There were a number of "adventure" games in the late 1970's and early 80's. By today's standards the original versions of these computer games were not just primitive, they make banging the rooks together look sophisticated. But at the time they were a pointer to the use of computers as something more than just numerical calculators, or business machines. Programs could be imaginative and even fun (well ok, 'fun' was different then!). One of the more widespread early versions of this kind of game was "Hunt the Wumpus'. The web being what it is these days you can meander back to 1976 at http://www.atariarchives.org/bcc1/showpage.php?page=247 For those who want a first-hand experience of 1970's computer games, check out: http://www.taylor.org/~patrick/wumpus/ As far as I can tell the only difference is that the original games proceeded at a pace that could only be described as glacial! What's a "Bogon"? Good question. The word bogon probably has lots of meanings in various contexts, but in the context of the Internet address realm a bogon refers to the use of an address or, more generally a route object, that is not duly authorized by the entity to which the address, or resource, was originally assigned. I must admit that I've yet to hear of any other word that succinctly takes that rather long- winded phrase and sums it up with one word! There are two kinds of bogon objects in the inter-domain space - the first is the advertisement of IP addresses, and the second is the use of Autonomous System numbers within the AS Path attribute.
  • ARIN 2005 Annual Report

    ARIN 2005 Annual Report

    Public Participation Leading to Positive Results Applying the principles of stewardship, ARIN, a nonprofit corporation, allocates Internet Protocol resources; develops consensus-based policies; and facilitates the advancement of the Internet through information ission Statement and educational outreach. M The American Registry for Internet Numbers (ARIN) publishes annual reports to document for its community Contents the operations and activities of the organization. The ARIN at a Glance . 4 audited financial statements for fiscal year 2005 will be published separately in mid-2006. Year in Review . 6 To view this report online or to review the annual reports and financial statements from previous years, please visit Reports & Updates . 9 the ARIN website at: Global Community Activities . 17 www.arin.net/about_us/corp_docs/annual_rprt.html Internet Number © ARIN Resource Policy . 19 All Rights Reserved. “ARIN” and the ARIN logo are registered trademarks 2005 Statistics . 23 Reg. U.S. Pat. & Tm. Off. oward the end of 2005, ARIN marked its eighth year of operation and service to the Internet community. Throughout its existence, there have been many changes both within the ARIN region and throughout the Internet as a whole, while at the same time ARIN’s mission has remained the same. Our Tcommitments to stewardship of Internet number resources and providing registration, organizational, and policy facilitation services have never been stronger. One of the most recent major changes took place in April 2005, when ICANN officially recognized AfriNIC as the fifth Regional Internet Registry. Encompassing the entire continent of Africa, AfriNIC now covers a region previously served by APNIC, ARIN, and the RIPE NCC.
  • Securing Networks with Mikrotik Router OS

    Securing Networks with Mikrotik Router OS

    Securing Networks with Mikrotik Router OS Speaker: Tom Smyth, CTO Wireless Connect Ltd. Location: New Orleans Date: 28-09-2012 1 ©2006-2012 WirelessConnect.eu Wireless Connect Ltd. ✔Irish Company Incorporated in 2006 ✔Operate an ISP in the centre of Ireland. ✔Good Infrastructure Expertise. ✔ Certified MikroTik Partners ✔Training ✔Certified OEM Integrators ✔Consultants ✔Value Added Reseller 2 ©2006-2012 WirelessConnect.eu Speaker Profile: ✔Studied BEng. Mechanical & Electronic Engineering, DCU,Ireland ✔Has been working in Industry since 2000 ✔Server Infrastructure Engineer ✔Systems / Network Administrator ✔Internet Security Consultant ✔1st MikroTik Certified Trainer in June 2007 in Ireland 3 ©2006-2012 WirelessConnect.eu Security Information sources ✔ENISA –http://www.enisa.europa.eu/ ✔OWASP http://owasp.org ✔Rits Group – http://www.ritsgroup.com/ ✔ISAS – http://www.isas.ie/ ✔SANS Institute – http://sans.org ✔CIS Centre for Internet Security – http://cisecurity.org/ ✔NIST Computer Security http://csrc.nist.gov/ ✔Open BSD – http://OpenBSD.org/ ✔Spamhaus.org – http://spamhaus.org ✔nmap.org – http://nmap.org ✔ha.ckers.org – http://ha.ckers.org/ 4 ©2006-2012 WirelessConnect.eu Router OS ✔Highly Versatile ✔Highly Customisable ✔Highly Cost Effective ✔Allows one to manage Security Threats in many Ways 5 ©2006-2012 WirelessConnect.eu What Can MikroTik Router OS Do ? ✔It is a Stateful Firewall ✔It is a Web Proxy ✔It is a Socks Proxy ✔It is a DNS Cache / Proxy ✔It is a Router ✔It is an IPSEC Concentrator ✔It is an IDS – Intrusion Detection System
  • Gigabit Ethernet Pocket Guide

    Gigabit Ethernet Pocket Guide

    GbE.PocketG.fm Page 1 Friday, March 3, 2006 9:43 AM Carrier Class Ethernet, Metro Ethernet tester, Metro Ethernet testing, Metro Ethernet installation, Metro Ethernet maintenance, Metro Ethernet commissioning, Carrier Class Ethernet tester, Carrier Class Ethernet testing, Carrier Class Ethernet installation, Carrier Class Ethernet maintenance, Gigabit Ethernet tester, Gigabit Ethernet testing, Gigabit Ethernet installation, Gigabit Ethernet maintenance, Gigabit Ethernet commissioning, Gigabit Ethernet protocols, 1000BASE-T tester, 1000BASE-LX test, 1000BASE-SX test, 1000BASE-T testing, 1000BASE-LX testing Trend’s Gigabit EthernetPocket Guide AuroraTango Gigabit Ethernet Multi-technology Personal Test Assistant Platform for simple, fast and effective testing of Gigabit Ethernet, ADSL, OSI model 802.3 model SHDSL, and ISDN. Aurora Tango 7 Application Upper layers Gigabit Ethernet has an exceptional 6 Presentation Reconciliation range of features Upper ensuring reliable delivery of end-to-end 5 Session layers services over Metropolitan networks MII Media independent based on Gigabit Ethernet. 4 It includes a full range of tests and Transport measurements, such as RFC-2544, PCS top ten addresses, real-time Ethernet 3 Network LLC (802.2) statistics, multilayer BERT, etc. Two PMA Gigaport transceivers allow terminate, 2 Data Link MAC (803.3) loopback and monitor connections to Autonegotiation networks, plus a 10/100/1000BASE-T Physical cable port for legacy testing. 1 PHY (802.3) dependent Media MDI A PDA provides an intuitive graphical menu
  • Carrier Ethernet Configuration Guide, Cisco IOS Release 12.2SR

    Carrier Ethernet Configuration Guide, Cisco IOS Release 12.2SR

    Carrier Ethernet Configuration Guide, Cisco IOS Release 12.2SR Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  • Carrier Ethernet Tutorial

    Carrier Ethernet Tutorial

    Carrier . Ethernet Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 [email protected] These slides and audio/video recordings of this class lecture are at: http://www.cse.wustl.edu/~jain/cse570-19/ Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse570-19/ ©2019 Raj Jain 6-1 Overview 1. Enterprise vs Carrier Ethernet 2. UNI vs Peer-to-Peer Signaling 3. Metro Ethernet 4. Ethernet Provider Bridge (PB) 5. Provider Backbone Network (PBB) 6. Connection Oriented Ethernet Note: Although these technologies were originally developed for carriers, they are now used inside multi-tenant data centers Washington(clouds) University in St. Louis http://www.cse.wustl.edu/~jain/cse570-19/ ©2019 Raj Jain 6-2 Enterprise vs. Carrier Ethernet Enterprise Carrier Distance: up to 2km Up to 100 km Scale: Few K MAC addresses Millions of MAC Addresses 4096 VLANs Millions of VLANs Q-in-Q Protection: Spanning tree Shortest Path Routing Path determined by spanning Traffic engineered path tree Simple service SLA Priority ⇒ Aggregate QoS Need per-flow QoS No performance/Error Need performance/BER monitoring (OAM) Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse570-19/ ©2019 Raj Jain 6-3 Carriers vs. Enterprise We need to exchange topology for Sorry, We can’t tell you optimal routing. anything about our internal network. Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse570-19/ ©2019 Raj Jain 6-4 Network Hierarchy Provider Provider Backbone Provider Customer Bridge Network Bridge Network Bridge Network Customer Network (PBN) (PBBN) (PBN) Network Backbone Provider Provider Core Core Core Bridge Bridge Bridge Customer Provider Provider Customer Edge Edge Backbone Edge Edge Bridge Bridge Provider Backbone Edge Provider Bridge Bridge Edge Edge Bridge Edge Bridge Bridge Bridge Washington University in St.