Solution:
Spoofing and Connection Management
--------------------------------------------------------------------------------
SUMMARY
This article provides information on how to configure a Perle router to perform Connection Management and Spoofing in an ISDN environment.
Spoofing is the act of making a server or workstation believe that there is still a physical path to the other, when in fact, it may be currently disconnected.
Connection Management is the process of managing the availability of this physical path.
This article is a very detailed step-by-step account of what is required to configure the Perle router router from start to finish to operate in a Connection Managed/Spoofing environment. It covers the configuration of parameters in different scenarios offering insight into the use of these parameters in other applications. This is all with an eye towards optimizing the use of the Perle router in your application.
Please note that the NetWizard, a JAVA-based applet, simplifies installation of the Perle router significantly. It removes many of the intermediate steps detailed herein. However, this article intends to show the various features and how they are used to achieve specific functionality, and therefore contains many more additional steps than what you might need during an actual installation.
MORE INFORMATION
When should I use spoofing?
If you are using ISDN and are being charged for the time that the connection is established, you should use spoofing and connection management.
Also, spoofing is valuable when you must maintain such items as routes to ensure that a user session is maintained when an ISDN circuit disconnects.
Why should I use spoofing?
Using connection management and spoofing will serve to reduce usage charges that are otherwise unnecessary. By monitoring the traffic flow, the Perle router can decide when to activate the ISDN call, and when to disconnect it for optimal cost-efficiencies.
Spoofing
Spoofing is a very simple concept--create the illusion that a physical connection exists when it doesn't. To accomplish this task, the Perle router must maintain an understanding of the remote location to which it is connected. The sessions between workstations and servers, the routes that are required to reach this remote location and its resources, and any advertised services that must be replicated onto the local LAN are all examples of items that need to be maintained by the Perle router .
It must also respond to local requests for remote services and decide whether it can service it locally, or send the request to the remote location. Of course, this occurs transparently to the user.
Connection Management
Connection Management monitors traffic over a given physical connection and decides if the connection should be disconnected, maintained, or reconnected. This process is managed by the Connection Management Control Protocol (CMCP) which can be negotiated when a connection is first established to a remote location.
The Terminology
There are various terms used to describe the states of a CMCP-managed connection and the various operations of spoofing. These terms are used throughout this article and are listed here for clarity:
Session - Describing the end-to-end logical connection of a workstation and server
Circuit - Describing the logical connection between two CMCP-participating routers
Call - Describing the physical ISDN connection between two routers
Active - Describing the current connected state of an ISDN call over a CMCP-managed circuit
Suspending - Describing the action of disconnecting an active ISDN call, and placing the CMCP-managed circuit into the mode of spoofing
Suspended - Describing the current unconnected state of an ISDN call over a CMCP-managed circuit
- Spoofing active
Resume - Describing the action of reconnecting a currently suspended CMCP-managed circuit
Terminate - Describing the action of closing an ISDN call and its corresponding CMCP-managed circuit
- Stop Spoofing
Interesting Traffic - Describing that data which will be used to determine if a circuit should be suspended (indicating the lack of Interesting Traffic), resumed (indicating the recent detection of Interesting Traffic), or maintained (indicating that Interesting Traffic is currently present).
Remote Site - Describes the remote location or remote router
Remote Site Profile - Contains the configuration required to support a remote site
CONFIGURATION
When it comes time to configure a Perle router product to operate in an ISDN environment, and you want to use Connection Management, follow the steps outlined in the subsequent sections of this article. They will identify the key parameters to use, the parameters to consider, and the parameters to stay away from.
Network Setup
The following table depicts the network used in this configuration example.
ISDN Numbers Value
Router A 44 1234 567 890
NET3
Router B 1 416 667 9812
NI-1
Router A is a router located in the United Kingdom, while Router B is located in Canada. Obviously, this is a good example of where you'll want to reduce ISDN call charges.
The international flavour of this application has been selected to demonstrate how each router would be configured to support both a typical European configuration and a typical North American configuration.
Required Configuration Elements
There are a few parameters that are required to make this application function properly.
Listed below are these parameters:
CMCP - This protocol must be enabled
IPX DMR Enabled - Set to "Link_up_only"
IP Triggered RIP - Set to "Link_up_only"
PPP Authentication - To ensure proper selection of the remote site during circuit resumption
Configured on a per-remote site basis, CMCP is the control protocol that is used to control and manage the ISDN circuit between the two routers. When enabled, two CMCP-enabled routers will negotiate various circuit parameters like how to call one another during resumption activities, when to suspend, and when to terminate the call.
Step-by-Step
The procedure listed below assumes that the Perle router has had the IP Routing, IPX Routing (if so required), and ISDN configuration completed properly. This procedure outlines the requirements to configure the Remote Site profile for use in a CMCP-enabled application.
Remote Site Profile Configuration
The steps listed below are described in detail so please follow them closely.
For the purposes of this example, the configuration has been specified for a Perle P840. However, the same configuration can be applied to other Perle router products as well.
If you are not currently connected to the console of the Perle router please do so now. You'll need to login, providing the password of the console. You should now be at the MAIN Menu.
Router B Configuration
The following steps are similar for both Router A and Router B. However, the actual ISDN numbers called are different on each, and therefore must be presented seperately.
Go to the 'Configuration Menu' and choose 'WAN Setup', then choose 'Remote Site Setup', then choose 'Edit Remote Site'.
You will be prompted for 'Remote site id or alias'.
Enter a name that will reflect the use of the connection, such as 'LOCAL' and press 'enter'. * Remember this name (it is case sensitive), you will need it in later steps.
You will be at the menu entitled 'EDIT REMOTE SITE 1 MENU'
You will be immediately prompted for the 'Remote site type (interoperable or spoofing)' Enter 'spoofing' and press 'enter'.
Selecting the 'spoofing' option changes the default values of some parameters in the Remote Site profile.
Choose 'Circuit Set-up', then 'ISDN call set-up', then 'ISDN number' and enter the local ISDN number for Router A (567 890).
This is the number that your P840 Router will call when it needs to connect to the LOCAL Router. If you are trying to connect both B-channels in a Loadsharing configuration, you should enter the second ISDN number under 'Alternate ISDN number'. Again, do not enter spaces or dashes in the phone number.
Select the 'Call you' option and enter the ISDN number prefix that Router B must dial in order to call Router A (011 44 1234)
Select the 'Call me' option and enter the ISDN number prefix that Router A should use to dial back to Router B (00 1 416).
Please note that the selection of the ISDN numbers and the Call you and Call me parameters are important to the operation of the router. For additional details on setting these values, please consult the CONSIDERATIONS section further on in this article.
Tab back to the 'EDIT REMOTE SITE 1 CIRCUIT SET-UP MENU' and choose 'Inactivity timer'.
Enter the time (in seconds) that you want the Perle P840 Router to wait before dropping the connection to
Router A.
This should be several minutes and should be selected based upon the nominal 'billing period' of your local telephone company. Three (3) minutes is common, although your area may charge incremental call charges at a faster rate (i.e. 1 minute).
When traffic activity ceases over the ISDN line, the Perle IOLINK P840 will wait the selected amount of time before disconnecting from Router A. This feature can save on connect charges depending on how your local telephone company charges for ISDN service.
You may also choose to modify the Usage and Call limit parameters in this menu. For a discussion of these two parameters and their importance please read article T001 - Putting a Cap on ISDN Charges.
Tab back to 'EDIT REMOTE SITE 1 SET-UP MENU' and chose 'Security Parameters' menu.
Setting the Security parameters not only ensures a level of security for your application, but the authentication process is also used for choosing the proper remote site profile during an incoming call.
When a call is received and authenticated, the Perle router 'attaches' the call to a Remote Site Profile based upon the authenticated User Name received. If these parameters are not set up correctly, the resumption of the CMCP-enabled circuit may not occur correctly affecting the integrity of the active spoofed sessions.
Select 'Outgoing User Name' and enter the name of Router B (this router). In this example, 'REMOTE' can be used.
The name specified must be the same as the name given to the Remote Site Profile configured on Router A.
For this example, we've chosen not to configure the PAP password or CHAP secret--a password is not required to complete authentication. However, you may chose to specify these paramters for additional security.
There are other parameters that must be configured in order for this application to work properly. However, these parameters are common for both Router A and Router B. As such, they are presented in a section of their own further on in this article.
Router A Configuration
The following steps are similar to Router B.
Tab to the 'Configuration Menu' and choose 'WAN Setup', then choose 'Remote Site Setup', then choose 'Edit Remote Site'.
You will be prompted for 'Remote site id or alias'.
Enter a name that will reflect the use of the connection, such as 'REMOTE' and press 'enter'. * Remember this name (it is case sensitive), you will need it in later steps.
You will be at the menu entitled 'EDIT REMOTE SITE 1 MENU'
You will be immediately prompted for the 'Remote site type (interoperable or spoofing)' Enter 'spoofing' and press 'enter'.
Selecting the 'spoofing' option changes the default values of some parameters in the Remote Site profile.
Choose 'Circuit Set-up', then 'ISDN call set-up', then 'ISDN number' and enter the local ISDN number for Router B (667 9812).
This is the number that this P840 Router will call when it needs to connect to the REMOTE Router. If you are trying to connect both B-channels in a Loadsharing configuration, you should enter the second ISDN number under 'Alternate ISDN number'. Again, do not enter spaces or dashes in the phone number.
Select the 'Call you' option and enter the ISDN number prefix that Router A must dial in order to call Router B (00 1 416)
Select the 'Call me' option and enter the ISDN number prefix that Router B should use to dial back to Router A (011 44 1234).
Please note that the selection of the ISDN numbers and the Call you and Call me parameters are important to the operation of the router.
For additional details on setting these values, please consult the CONSIDERATIONS section further on in this article.
Tab back to the 'EDIT REMOTE SITE 1 CIRCUIT SET-UP MENU' and choose 'Inactivity timer'.
Enter the time (in seconds) that you want the Perle P840 Router to wait before dropping the connection to Router B.
This should be several minutes and should be selected based upon the nominal 'billing period' of your local telephone company.
Three (3) minutes is common, although your area may charge incremental call charges at a faster rate (i.e. 1 minute).
When traffic activity ceases over the ISDN line, the Perle P840 will wait the selected amount of time before disconnecting from Router B. This feature can save on connect charges depending on how your local telephone company charges for ISDN service.
You may also choose to modify the Usage and Call limit parameters. For a discussion of these two parameters and their importance please read article T001 - Putting a Cap on ISDN Charges.
Tab back to 'EDIT REMOTE SITE 1 SET-UP MENU' and chose 'Security Parameters' menu.
Setting the Security parameters not only ensures a level of security for your application, but the authentication process is also used for choosing the proper remote site profile during an incoming call.
When a call is received and authenticated, the Perle router 'attaches' the call to a Remote Site Profile based upon the authenticated User Name received. If these parameters are not set up correctly, the resumption of the CMCP-enabled circuit may not occur correctly affecting the integrity of the active spoofed sessions.
Select 'Outgoing User Name' and enter the name of Router A (this router). In this example, 'LOCAL' can be used.
The name specified must be the same as the name given to the Remote Site Profile configured on Router B.
For this example, we've chosen not to configure the PAP password or CHAP secret--a password is not required to complete authentication. However, you may chose to specify these paramters for additional security.