Académique Documents
Professionnel Documents
Culture Documents
Installation guide
Software version: 3.6
Hardware: Dell R630
Softswitch
Installation guide
TELES AG | HEADQUARTERS
Ernst-Reuter-Platz 8
10587 Berlin
GERMANY
Phone +49 30 399 28-066
Fax
+49 30 399 28-051
E-mail sales@teles.com
http
www.teles.com
Document version: M09001260
TELES, IntraSTAR, Intra*, iGATE, and iSWITCH are registered trademarks of TELES AG Informationstechnologien. All other trademarks used are the property of their respective owners.
The supplied hardware/software systems are protected by copyright and can be used solely by their lawful
owners.
All text and figures in this publication have been compiled with great attention to detail. Nonetheless, inaccuracies and typographical errors cannot be entirely avoided. TELES AG Informationstechnologien provides
this document 'as is' without warranty of any kind, expressed or implied. TELES AG Informationstechnologien
reserves the right to make changes in product design or specifications without notice.
Table of contents
Table of contents
1
Introduction ................................................................................ 11
1.1
1.2
1.3
1.4
1.5
1.6
2.1
2.2
2.2.1
2.2.2
2.3
2.4
2.4.1
2.4.2
2.5
2.5.1
2.5.2
M09001260
Page 3
Table of contents
3.1
Requirements ................................................................................. 42
3.2
3.3
3.4
3.5
4.1
4.2
4.3
IP settings........................................................................................ 55
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.4
Firewall settings.............................................................................. 76
4.4.1
4.4.2
4.4.3
4.4.4
M09001260
Page 4
Table of contents
4.5
4.5.1
4.5.2
4.5.3
4.5.3.1
4.5.3.2
4.5.4
4.5.5
4.6
4.7
4.8
Appendix A
A.1
A.2
A.3
A.4
M09001260
Page 5
Preface
Preface
In this Guide
This guide provides comprehensive information about installation and the network configuration on the Softswitch CLI. It
is written for network administrators, who are presumed to
have some experience working with networking devices and
are familiar with the concepts and terminology of New Generation Networks technology.
The SSW comes with the following manuals:
Signaling manual describing the GUI and the signaling
configuration
Routing manual describing the basic call routing
configuration
Routing service manual describing the call routing
services that play tones and announcements, execute
database queries, generate advice of charges and
others.
Call detail records manual describing the call details
recorded by the SSW and the RADIUS server.
Maintenance manual describing statistics, monitoring
messages, the SNMP interface, and the graphical SNMP
monitoring tool
Installation manual describing the hardware,
installation steps, and CLI-based network configuration
Conventions
This document uses the following typographic conventions:
Bold important information.
Halfbold items from the GUI and the menu. A
reference to each menu item is included in the index.
Code file names, variables, and constants in
configuration files or commands in body text.
M09001260
Page 6
Preface
M09001260
Page 7
Preface
erwise) arising in any way out of the use of this software, even
if advised of the possibility of such damage.
This product includes applications, for which the the following
licensing information applies.
GNU General Public License, Version 2, June 1991 Copyright
1989, 1991 Free Software Foundation, Inc. 51 Franklin Street,
Fifth Floor, Boston, MA 02110-1301, USA
The following is an excerpt of this agreement:
Because the program is licensed free of charge, there is no
warranty for the program, to the extent permitted by applicable law. Except when otherwise stated in writing the copyright
holders and/or other parties provide the program "as is" without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. The entire risk as to the quality and performance of the program is
with you. Shall the program prove defective, you assume the
cost of all necessary servicing, repair or cor-rection.
In no event unless required by applicable law or agreed to in
writing will any copyright holder, or any other party who may
modify and/or redistribute the program as permitted above,
be liable to you for damages, including any general, special,
incidental or consequential damages arising out of the use or
inability to use the program (including but not limited to loss
of data or data being rendered inaccurate or losses sustained
by you or third parties or a failure of the program to operate
with any other programs), even if such holder or other party
has been advised of the possibility of such damages.
M09001260
Page 8
Preface
Safety Symbols
The following symbols are used to indicate important information and to describe levels of possible danger.
!
!
!
Note
Useful information with no safety implications.
Attention
Information that must be adhered to as it is necessary to
ensure that the system functions correctly and to avoid
material damage.
Warning
Danger. Could cause personal injury or damage to the
system.
Dangerous voltage
Could cause injury by high voltage and/or damage the
system.
Electrostatic discharge
Components at risk of discharge must be grounded before being touched.
Explosion hazard
Injury hazard due to explosions endangering the person
or the system.
High temperatures
Do not touch. Hot surfaces could cause injury.
M09001260
Page 9
Organization
Organization
This guide is organized into the following chapters.
Chapter 1 Introduction explains how the Softswitch is integrated into the carrier network. It contains an overview of the
network topology supported by the SSW and the steps required for installation. People reading this chapter need to
understand the concept of the SSW, so that the installation
can take place quickly and smoothly.
Chapter 2 Hardware installation explains the installation
of the redundant server. This includes the description of the
interfaces, the assembly of the SSW, and the cable interfaces.
Chapter 3 Preparation for software installation describes the working steps needed before the software installation can be started by the TELES service team. To do these
steps, you must be familiar with computer hardware and basic IP configuration. If all configuration steps described here
are done, the TELES service team starts the installation using
the iDRAG service processor.
Chapter 4 Network Configuration explains how to configure the IP network, describing the parameters and programs
used. Before you start, make you familiar with the operation
and service of the standard programs used, such as SSH,
Bash, vi, etc.
Appendix A Possible Problems with the Cabling gives
some examples of possible problems with the cabling that
you may encounter and gives a number of ways in which
these problems can be solved.
M09001260
Page 10
1 Introduction
Introduction
1.1
1.2
M09001260
Page 12
Introduction
IP NET
PSTN
RA
DIU
Serv S
er
N
Ma GN
nag
er
Ann
oun
me cen
Serv t
er
SS7
Signaling
Links
SIGTRAN
SEP
SIGTRAN
SS7
Signaling
Links
SEP
SS
Trunks/
Bearers
TDM
MGCP/Megaco
MGCP/Megaco
RTP
Trunks/
Bearers
TDM
SWITCH
SWITCH
Announcements
Figure 1.1
The SSW uses the SIGTRAN protocol to control the SGW, and
the Megaco/MGCP protocol to control the MGW/SBC/NBE.
The VoIP soft switch (VoIP SSW) or SIP peers exchanges RTP
user data directly with the MGW, other SIP peers, or SBC/NBE,
and signaling (H.323 or SIP) with the SSW.
The following components are optional:
M09001260
Page 13
Introduction
1.3
M09001260
Page 14
Introduction
A Dom0 is installed on the redundant servers to host the virtual machines (VM) of the SSW unit and the EMS. Because the
SSW units runs in a virtual machine there, no physical redundancy is necessary.
Ethernet
stacks of the
Dom0
mp1
(bridge)
mp2
(bridge)
bond0
(bond)
bond1
(bond)
eth0
(hw)
Figure 1.2
eth2
(hw)
eth1
(hw)
eth3
(hw)
Ethernet stacks of
SSW
mp1
(trunk)
mp2
(trunk)
xennet0
(paravirt)
xennet1
(paravirt)
On the Dom0 you have the network interfaces mp1 for administration and maintanance, and mp2. In this hierarchical network model the bond is the perent of the eth interfaces and
the eth interfaces are the childs of the bond. On the virtual
machine of the SSW you have mp1 for the OAM and mp2 for
the signaling network. There is no redundance because the
physical interfaces are already redundant.
M09001260
Page 15
Introduction
For higher flexibility you can configure VLANs as shown in Figure 1.3 .
Ethernet
stacks of the
Dom0
mp2
(vlan1)
mp1
(bridge)
(bridge)
bond0
(bond)
bond1
(bond)
eth0
(hw)
Figure 1.3
mp3
(vlan2)
eth2
(hw)
eth1
(hw)
eth3
(hw)
Ethernet stacks of
SSW
mp2
(vlan1)
mp3
(vlan2)
mp1
(trunk)
trunk1
(trunk)
xennet0
(paravirt)
xennet1
(paravirt)
Schemes of Ethernet architecture of the Hypervistor and the SSW using VLANs
M09001260
Page 16
Introduction
The EMS is installed on dom 2. Other possible domains are reserved for advanced services. Figure 1.4 shows the Dom0
of the SSW Compact and the installed virtual machines.
Redundant server #1
SSW
EMS
basic (active)
config
VMManager (dom0)
config
option
NBE
NBE
config
option
NBE
NBE
config
option
DS
DS
Redundant server #2
EMS
SSW
basic (passive) (stand by)
config
VMManager (dom0)
Figure 1.4
CE3
CE5
PE 1
PE 2
(active)
(active)
PE 1
PE 2
(passive)
(passive)
config
IP-STP
option 1
IP-STP
Redundant server #2
RC
CE 2
basic (passive)
config
VMManager (dom0)
CE4
CE6
config
IP-STP
option 1
IP-STP
Redundant server #3
DST
EMS
basic
config
VMManager (dom0)
Figure 1.5
The configuration of the SSW is done via the EMS and the
Command Line Interface (CLI).
M09001260
Page 17
Introduction
M09001260
The Core/OAM network is used for internal communication of SSW processes and for Operation, Administration
and Maintenance (OAM). This network includes the SSW
with master and slave engines, the EMS, and other servers that work directly with the SSW, such as the CDR Mediation server or a RADIUS server. The applications used
by the administrator to monitor and service the SSW
(such as the EMS client and SSH) must also have access
to the Core/OAM network.
The Signaling network is used for transferring signaling
between the SSW and the signaling gateway, media gateways, session border controler or network border element and the SIP gateways or SIP user agents. It is also
used to transfer signaling with the announcement server.
Page 18
Introduction
The SSW is integrated into the Core/OAM network and the Signaling network during the installation. The EMS is only found
in the Core/OAM network.
SSW
signaling
team
SSW
signaling
team
SSW 1
service processor
SSW 2
service processor
Figure 1.6
As shown in Figure 1.6 there are two Ethernet teams on every redundant server. On every team you have the following
virtual Etherent ports:
M09001260
Page 19
1.4
Introduction
Factory settings
Table 1.1 list the factory defaults for the SSW.
Table 1.1
Interface
Used for
Default value
redundant server
service processor
redundant server
service processor
mp1 on VMManager
c4-virt1
mp1 on VMManager
c4-virt1
mp1 on SSW
OAM
mp1 on SSW
OAM
mp2 on SSW
Signaling
mp1 on EMS
OAM, configuration
mp2 on EMS
free
The first column (1) in Table 1.1 indicates the settings for
the first redundant server () and the second column (2)
shows the settings for the second redundant server (). This
means that the service processor of the first redundant server
has the IP 10.0.100.1.
A LINUX system runs as VMManager on the redundant server
to host the virtual machines for the SSW and the EMS. The
SSW is a redundant system, with one machine running as the
active and the other machine the inactive server. Both machines have their own IP address on the mp1 interface and
the same IP address on the mp2 interface used for signaling.
Only one EMS virtual machine is needed but the software is
installed on both VMManager systems. So one of the virtual
machines for the EMS is not started.
M09001260
Page 20
1.5
Introduction
Signaling overview
Figure 1.7 shows the flow of user data between the E1/T1
of the PSTN/PBX switch, the MGW and the SIP user agent. The
Megaco/MGCP signaling is performed between the SSW and
the MGW to control the bearer channels. One Megaco instance is set up on the SSW, and the Megaco trunks are configured.
PSTN/PBX
Swich
Bearer
channels
Bearer
channels
MGW
RTP
UDP
Megaco
SSW
Megaco
SIP peer
RTP
UDP
UDP
UDP
IP
TDM
IP
Figure 1.7
User datatransfer between PSTN/PBX switch, MGW, SSW, and SIP user agent
Figure 1.8 shows the flow of user data between two SIP UAs
with an TELES NBE in the middle. The Megaco signaling is performed between the SSW and the TELES NBE to control the
bearer channels. One Megaco instance is set up on the SSW,
the TELES NBE is configures as border gateway, and Media
Anchoring is required for the SIP link to the SUP UA B.
NBE
RTP
Megaco
SIP peer
RTP
UDP
UDP
UDP
SSW
Megaco
SIP peer
RTP
UDP
UDP
IP
IP
IP
Figure 1.8
M09001260
User data transfer between SIP UAs and TELES NBE or SBC
Page 21
Introduction
Figure 1.9 shows how the SS7 TDM signaling from the PSTN
switch arrives on the SGW. The Sigtran M2UA protocol is used
to transport the SS7 signaling between the SGW and the SSW.
Call routing is carried out by the SSW routing daemon. You
have to make the settings for SS7 and SIGTRAN on the SSW
and the SGW.
PSTN Swich
ISUP
MTP-L3
MTP-L2
MTP-L1
SGW
MTP-L2
MTP-L1
SSW
M2UA
SCTP
SIP
UDP
IP
IP
TDM
Figure 1.9
SIP peer
irouted
ISUP
SIP
MTP-L3
M2UA
UDP
SCTP
Signaling flow between PSTN switch, SGW, SSW, and SIP user agent
Figure 1.10 shows the signaling flow to the PSTN switch for
a PBX switch when the IUA protocol is used to transport the
Q.931 signaling to the SSW.
PBX Swich
SGW
SSW
SIP peer
irouted
Q.931
SIP
SIP
Q.931
Q.921
Q.921
IUA
SCTP
IP
TDM
Figure 1.10
IUA
SCTP
UDP
UDP
IP
Signaling flow between PBX switch, SGW, SSW, and SIP user agent
SIP signaling is performed between the SIP peer and the SSW.
There is one SIP instance and at least one SIP profile on the
SSW. Settings for different SIP peers can be managed with different SIP profiles. At first it is sufficient for you to use the default profile.
M09001260
Page 22
1.6
Introduction
Installation steps
This Installation Manual describes the hardware installation
and cabling. After the systems are mounted and cabled in the
rack, you can start the software configuration, which is divided into the following steps:
1. Prepere a network plan.
2. Install the hardware.
3. Test the network configuration (see Chapter 4 on
page 52 ).
Test the cabling, CLI, the IP settings and the SW firewall.
All other steps are described in the Reference Manual:
4. Familiarize yourself with the basics of the EMS.
Introduction to the EMS user interface, register as user,
add the SSW to the NGN Configurator.
5. Set up the TDM signaling.
Set up SS7 and SIGTRAN.
6. Set up the Media Gateways.
Set up MGCP / Megaco configuration.
7. Set up the VoIP signaling.
Set up SIP and H.323.
8. Make the basic settings for call routing.
Modify the default settings to suit your needs. Call routing for SIP to SIP calls, TDM to SIP and SIP to TDM calls,
and calls from TDM to TDM, load the call routing and
display the loaded call routing.
M09001260
Page 23
2 Hardware installation
Hardware installation
2.1
Safety precautions
Please take the time to read this section to ensure your personal safety and proper operation of your Softswitch. To
avoid personal injury or damage to the system, please follow
all safety instructions before you begin working on your Softswitch. The SSW is CE marked and fulfills the legally specified
safety regulations, including EMC (electromagnetic compatibility) and LVD (low voltage directive) requirements. The SSW
is NEBS/3 certified. Further certification information is available on request.
The manufacturer assumes no liability for consequential
damages or for damages resulting from unauthorized changes.
The following symbols are used to indicate important information and to describe levels of possible danger.
Note
Useful information with no safety implications.
Dangerous voltage
Could cause injury by high voltage and/or damage the system.
M09001260
Page 25
Hardware installation
Lift the SSW slowly, keeping your back straight. Bend your
knees, not your back. A person can lift a maximum of
18 kg.
Before you begin assembling or performing maintenance
work on the SSW, please note the following:
M09001260
Remove jewelry or other items which could act as a current or heat conductor, or could get entangled in the system.
Page 26
Hardware installation
Improperly handled lithium batteries can explode. Only authorized service technicians are allowed to replace them. Only
use the lithium batteries provided by TELES for this component.
The power supply and its safety device must always be accessible. Only use 230 V or 110 V alternating current or 48 V direct current, with a current of no more than 16 A.
2.2
System security
This section describes all points crucial to the Softswitch system security.
M09001260
Page 27
2.2.1
Hardware installation
Operating conditions
The systems location (colocation) must support normal operation of the Softswitch according to EN ETS 300 386. Be sure
to select the location with the following conditions in mind:
M09001260
Page 28
Hardware installation
2.2.2
Keep the colocation and the system free of dust and all
foreign materials.
Keep the colocation free of strong electrical or magnetic
fields, which could lead to electromagnetic interference
(EMI). EMI can lead to radio interference and, in extreme
cases, to system errors.
Environmental considerations
Take care to ensure proper disposal of the system when it is
no longer to be used.
2.3
M09001260
Page 29
Hardware installation
redundant server can be mounted in a cabinet or subrack. Table 2.1 describes the features of a redundant server Dell
R630.
Table 2.1
M09001260
Description
Dimensions and
weight
Redundant Hardware
Interfaces
Buttons
Power button to turn the system on and off. The power-on indicator lights when the system power is on.
Locate button to turn the Locate LED on and off.
NMI button used to troubleshoot software and device driver errors.
LEDs
Locate LED the fast blinking white LED is used to identify the
server.
Service action required LED the amber LED indicates that service is required.
Power LED lights when the system power is on.
Diagnostic indicators:
electrical indicator blinks amber if an electrical error appears
trmperature indicator blinks amber if the system a termal error appears.
memory indicator blinks amber is a memory error appears.
Hard-Drive indicator direct on the HD; green shows activity,
green/amber for diagnostics.
NICindicators on the Ethernet interfaces and
Power status indicators on the DC power supplies.
Page 30
Hardware installation
Figure 2.1 shows how an all redundant server Dell R630 appears when viewed from the front.
NMI button
menu buttons
USB connectors
Power-on indicator, power botton
Figure 2.1
Figure 2.2
M09001260
Description
eth0
Left Ethernet port on the Ethernet controller on the mainboard (red in Figure
2.2 ). Labeled with 1. (mp1)
eth1
Second left Ethernet port on the Ethernet controller on the mainboard (green
in Figure 2.2 ). Labeled with 2. (mp2)
eth2
Third left Etherent port on the Ethernet controller on the mainboard (red in
Figure 2.2 ). Labeled with 3. (mp1)
Page 31
Table 2.2
2.4
Hardware installation
Description
eth3
Right Etherent port on the Ethernet controller on the mainboard (green in Figure 2.2 ). Labeled with 4. (mp2)
eth4
Left Ethernet port on the network card (gray in Figure 2.2 ). (mp3)
eth5
Right Ethernet port on the network card (gray in Figure 2.2 ). (mp3)
!
2.4.1
Under no circumstances run the system without the operators expressed permission.
Immediately report any visible transport damages to customer service. If damages exist, do not attempt operation
without customer-service approval.
Authorized technicians
Only staff certified by TELES may install, replace, or maintain
the system. To perform these actions, personnel must have
read and understood the safety instructions.
2.4.2
M09001260
Page 32
Hardware installation
M09001260
Page 33
2.5
Hardware installation
!
2.5.1
Ethernet cabling
The SSW must be in at least two IP networks. You need a Core/
OAM and a signaling network. In the pictures in this manual,
cables to the Core/OAM network are red and cables to the signaling network are blue.
Each redundant server has 6 network interfaces (eth0 eth5).
The SSW uses two teams (mp1 and mp2). Each team has two
redundant network interfaces, as shown in Figure 2.3 . This
M09001260
Page 34
Hardware installation
eth4
eth5
master interface
eth0
eth1
eth2
eth3
Figure 2.3
M09001260
mp1
mp2
mp3
CORE/OAM
NETWORK
SIGNALING
NETWORK
other
network
Page 35
Hardware installation
PIN
Color
TX+
white/orange
TX-
orange
RX+
white/green
blue
white/blue
green
white/brown
brown
RX-
1 2 3 4 5 6 7 8
TXTX+ RX+
Figure 2.4
RX-
M09001260
Page 36
Hardware installation
Table 2.4
M09001260
Equipment
18 + 8
Free Ethernet ports on the (four gray) L2 network switches with Spanning
Tree support (IEEE Norm 802.1D or 802.1w).
The Core/OAM network switches have five free ports and the Signaling
network switches have four free ports. Additionally you need 8 free ports
to the backbone.
18 + 4
Ethernet cables 10 to connect to the Core/OAM network, 8 to the Signaling network. And 8 cables to the backbone.
Network IP
Systems
Core/OAM
10.0.0.0/24
SSW1 (10.0.0.1), SSW2 (10.0.0.2), EMS (10.0.0.100) service processor1 (10.0.100.1), service processor2
(10.0.100.2), dom01 (10.0.0.10), dom02 (10.0.0.11)
Signaling
10.0.10.0/24
SSW 10.0.10.1
Page 37
Hardware installation
L2 Switch
CORE/OAM
L2
Switch
CORE/
OAM
L2
Switch
Signaling
L2 Switch
CORE/OAM
SSW1
SSW
signaling
signaling team
L2
Switch
CORE/
OAM
L2
Switch
Signaling
service processor
SSW2
SSW
signaling
signaling team
service processor
L2 Switch
Signaling
L2 Switch
Signaling
Figure 2.5
M09001260
Page 38
Hardware installation
Table 2.6
Equipment
L3 Ethernet switches.
18
18
Network IP
Compact 1
Core/OAM
10.0.0.0/24
Signaling
10.0.10.0/24
SSW:10.0.10.1
Core/OAM Network
L3
Switch
(Router)
SSW
signaling
signaling team
SSW1
service processor
SSW
signaling
signaling team
SSW2
service processor
HSRP Cisco
Signaling Network
Figure 2.6
M09001260
Page 39
L3
Switch
(Router)
2.5.2
Hardware installation
Power cabling
M09001260
Page 40
3 Preparation for
software installation
3.1
Requirements
Fulfill the following requirements:
M09001260
Page 42
3.2
M09001260
Page 43
M09001260
Page 44
M09001260
Page 45
11.Close the BIOS screen with Finish. Confirm the warning with Yes and the next confirmation Dialog with OK.
M09001260
Page 46
3.3
M09001260
Page 47
3.4
M09001260
Page 48
4.
5.
6.
7.
8.
M09001260
Page 49
3.5
M09001260
Page 50
6. Now leave the System Setup menu. You see a conformation dialog as follows, confirm with yes. The system
reboots.
M09001260
Page 51
4 Network
Configuration
Network Configuration
This chapter explains how to configure the IP network, describing the parameters and programs used. Before you
start, make you familiar with the operation and service of
the standard programs used, such as SSH, Bash, vi, etc.
After an introductory explanation, this chapter explains
how to open the CLI on the SSW, and how to verify the IP address, host names, gateway, IP routes, password, software
firewall and the programs loaded on system start. After
these steps, the SSW is ready for use, and you can proceed
with the configuration via the EMS user interface.
4.1
Necessary information
Before you begin with the configuration, you need the information listed in Table 4.1 .
Table 4.1
M09001260
Meaning
Core/OAM network
Signaling network
You can choose host names and domains for the machines.
Default gateways
You can enter one default gateway. You can also set up a default gateway for each Ethernet interface in the Core/OAM network and in the Signaling network.
Other necessary IP
routes
You can set up further IP routes to systems which are not accessible over the default gateway.
NTP settings
Password
Firewall
Page 53
Network Configuration
4.2
M09001260
Page 54
Network Configuration
!
4.3
IP settings
This chapter explains the IP settings for the SSW IP interfaces.
It is divided into three sections:
4.3.1
M09001260
Page 55
4.3.2
Network Configuration
mp2
(bridge)
mp3
(bridge)
bond0
(bond)
bond1
(bond)
bond2
(bond)
eth0
(hw)
Figure 4.1
eth2
(hw)
eth1
(hw)
eth3
(hw)
eth4
(hw)
eth5
(hw)
M09001260
Page 56
Network Configuration
M09001260
Page 57
Example 4.1
Network Configuration
M09001260
Page 58
Network Configuration
M09001260
Page 59
Network Configuration
/etc/hosts
# For loopbacking.
127.0.0.1
localhost
M09001260
Page 60
Network Configuration
The syntax is <ip-address> <alias> <full-node-name>. In Example 4.6 the names ssw1/2, dom01/2 and ems within the domain domain.com are given as the default addresses.
DNS settings
Set the name server in the file /etc/resolvconf/resolv.conf.d/
base as shown in Example 4.7 .
Example 4.7
/etc/resolvconf/resolv.conf.d/base
nameserver 8.8.8.8
nameserver 8.8.4.4
In Example 4.7 the two name servers are set. Activate the
settings with the command:
resolvconf -u
In addition add the keyword dns to the variables hosts: and
networks: in the file /etc/nsswich.conf as shown in Example
4.8 .
Example 4.8
/etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd:
group:
shadow:
compat
compat
compat
hosts:
files dns
networks:
files dns
protocols: db files
services:
db files
ethers:
db files
rpc:
db files
netgroup:
M09001260
nis
Page 61
4.3.3
Network Configuration
mp1
(bridge)
mp2
(bridge)
mp3
(bridge)
bond0
(bond)
bond1
(bond)
bond2
(bond)
eth0
(hw)
Figure 4.2
VLAN
mp3.16
eth2
(hw)
eth1
(hw)
eth3
(hw)
eth4
(hw)
eth5
(hw)
M09001260
Page 62
Network Configuration
M09001260
Page 63
Network Configuration
M09001260
Page 64
Example 4.10
Network Configuration
M09001260
Page 65
Example 4.11
Network Configuration
M09001260
Page 66
Network Configuration
M09001260
Page 67
Network Configuration
Set the rights for the script with the command: chmod 755
rule-mp3.14-down.sh
Adjust the firewall rules
Open the firewall settings with the command iswipf -e and
adjust the settings. The interface names of the VLANs from
Example 4.10 are mp3.14 and mp3.16.
Add alias for the VLAN
1. Open the file /etc/network/interfaces with your favorite text editor.
2. Go to the end of the file and add the content as shown
in Example 4.15 for the VLAN alias mp3.14:1 with the
IP address 10.14.3.45 and the netmask 255.255.0.0.
Please note: Always start with number 1
(mp3.14:<number=1>). If more than one interface is
added, number the interfaces consecutively. The next
interface is mp3.14.2 and so on.
Example 4.15
M09001260
Page 68
Network Configuration
!
4.3.4
Dont forget to adjust the firewall rules after the VLAN configuration is finished (see Adjust the firewall rules on
page 68 ).
Figure 4.3
mp1
(trunk)
mp2
(trunk)
xennet0
(paravirt)
xennet1
(paravirt)
As shown in Figure 4.3 , the SSW machine configuration describes two layers: para virtual hardware (paravirt), and
trunks. The word at the top of the diagram is the name of the
configuration used for the layer.
M09001260
Page 69
Network Configuration
M09001260
It is not possible to change the IP settings for the mp1 interface on the SSW. This has to be done by TELES service.
Page 70
Network Configuration
IP address settings
On the SSW, the configuration for mp1 is stored in the file
/etc/ifconfig.trunk0. The configuration for mp2 is stored in
the file /etc/ifconfig.trunk1. The IP address and network
mask are configured in these files.
Example 4.19
Bear in mind that the mp2 interface (on the PEs and redundant IP-STPs on Cluster) is set to the same address on both
machines (master and slave). For this reason, configure the
mp2 interface as "down" (Example 4.20 ).
If an alias address is needed, enter this configuration after the
first IP configuration with the same syntax.
Example 4.20
M09001260
Page 71
Network Configuration
It is not possible to set more than one default gateway. Activate the new default gateway settings with the command:
/etc/rc.d/network restart
M09001260
Page 72
Network Configuration
IP routing settings
The IP routes are entered in the file /etc/route.conf (see Example 4.24 on page 73 ). By default this file does not exist.
If you want add IP routes you have to create it yourself.
Example 4.24
/etc/resolv.conf
# Created by dhclient at: Fri Aug 18 15:28:17 GMT 2006
search sub.domain.com domain.com
nameserver 8.8.8.8
nameserver 8.8.4.4
M09001260
Page 73
Network Configuration
Password changing
To change a password on the SSW, run the passwd program.
Enter the new password twice when prompted. The password
is now changed.
4.3.5
mp2
(vlan1)
Figure 4.4
mp3
(vlan2)
mp1
(trunk)
mp2
(trunk)
mp1
(trunk)
trunk1
(trunk)
xennet0
(paravirt)
xennet1
(paravirt)
xennet0
(paravirt)
xennet1
(paravirt)
The left side of Figure 4.4 shows the network stacks without
VLAN, the right side the network stacks with VLAN. The configuration of mp2 from the left side is change to the configuration of the VLANs mp2 and mp3.
The VLAN configuration contains the IP address, the network
mask, and the name of the interface in the /etc/
ifconfig.vlan[XX] file. Before you create the new VLAN config-
M09001260
Page 74
Network Configuration
Example 4.27
M09001260
Page 75
Example 4.28
Network Configuration
Entering the IP configuration and interface name in the VLAN configuration (contincreate
vlan 6 vlanif trunk1
10.0.70.10 netmask 255.255.255.0
up
name mp3
create
vlan 7 vlanif trunk1
10.0.80.10 netmask 255.255.255.0
up
name mp4
4.4
Firewall settings
Here you find the description of the firewall settings.
Table 4.4 on page 79 shows the firewall rules set for the
EMS, Table 4.3 on page 78 shows the firewall rules set for
the Dom0, and Table 4.6 on page 84 shows the firewall
rules set for the SSW. This information is helpful for the configuration of an external firewall.
The rules for the local interface are not stateful. All other rules
are stateful.
4.4.1
M09001260
Page 76
4.4.2
Network Configuration
Table 4.2
4.4.3
IDRAG (Dell)
ILOM (Oracle/SUN)
cp /teles/sys/firewall/etc/others/ipfmangle.rules /teles/sys/firewall/etc/ipfmangle.rules
!
M09001260
On all Linux systems the script iswipf does not support redundant systems. Change the firewall with the iswipf -e
command on both systems master and slave.
Page 77
Network Configuration
Rule
Table 4.3
Interface
Dir
Prot
sourc
e
dest
Description
port - source
lo
in/out
all
any
any
eth0
in
icmp
any
any
icmp ping
eth0
in
tcp
any
ssh - any
/teles/sys/firewall/etc/ipf.rules
-A INPUT -d 127.0.0.1 -j ACCEPT #
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT #
-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
-A INPUT -p tcp -i mp1 --dport ssh -j ACCEPT #
-A INPUT -p tcp -i mp2 --dport ssh -j ACCEPT
# allow access to emulated VNC port of a Windows HVM
#-A INPUT -p tcp -i mp1 --dport 5919 -j ACCEPT #
M09001260
Page 78
Network Configuration
Dir
lo
in/out
all
any
any
eth0
out
any
any
any
eth0
in
icmp
any
any
icmp ping
eth0
in
tcp
any
4443 - any
eth0
in
udp
any
4443 -any
eth0
in
tcp
any
4444 - any
EMS client
eth0
in
tcp
any
http - any
eth0
in
tcp
any
ssh - any
eth0
in
tcp/
udp
any
snmp - any
SNMP agent
10
eth0
in
udp
any
snmptrap - any
11
eth1
in/out
icmp
any
any
icmp ping
12
eth1
in
tcp
any
ssh - any
Rule
Table 4.4
Prot
source
dest
Description
port - source
/teles/sys/firewall/etc/ipf.rules
-A INPUT -d 127.0.0.1 -j ACCEPT #
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT #
-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
-A INPUT -p tcp -i mp1 --dport 4443 -j ACCEPT #
-A INPUT -p udp -i mp1 --dport 4443 -j ACCEPT
-A INPUT -p tcp -i mp1 --dport 4444 -j ACCEPT #
-A INPUT -p tcp -i mp1 --dport http -j ACCEPT #
-A INPUT -p tcp -i mp1 --dport ssh -j ACCEPT #
-A INPUT -p tcp -i mp1 --dport snmp -j ACCEPT #
-A INPUT -p udp -i mp1 --dport snmp -j ACCEPT
-A INPUT -p udp -i mp1 --dport snmptrap -j ACCEPT
-A INPUT -p tcp -i mp2 --dport ssh -j ACCEPT #
M09001260
Page 79
Network Configuration
4.4.4
M09001260
Page 80
Network Configuration
Firewall rules
format
[action] [dir][log][quick][if][proto][from][to][state]
MAND MAND OPT OPT OPT MAND MAND MAND OPT
M09001260
Page 81
Network Configuration
[log]
quick
[quick] [if]
on
mp2
M09001260
Firewall rules
elements
Section
Keyword
Parameter
action
(mandatory)
block
pass
dir
(mandatory)
in
out
log
(optional)
log
quick
(recommended)
quick
interface
(optional)
on
<if>
proto
(mandatory)
proto
<PR>
Page 82
Description
Table 4.5
M09001260
Network Configuration
Firewall rules
elements (continued)
Section
Keyword
Parameter
Description
from
(mandatory)
from
<ip>
Traffic source
Any
Traffic from any source
Host
E.g. 10.0.0.2 or a name taken
from the /etc/hosts folder
Network
E.g. 10.0.0.0/24
The system supports DNS but it is not recommended.
port
<P>
flag
<F>
icmp-type
<T>
to
(mandatory)
to
port
flag
icmp-type
<ip>
<P>
<F>
<T>
state
(optional)
keep
state
Page 83
Network Configuration
Dir
lo
in/out
all
any
any
mp1
in/out
icmp
any
any
icmp ping
mp1
out
tcp
any
any
mp1
out
udp
any
any
mp1
in
tcp
any
4445 - any
EMS
mp1
in
tcp
any
ssh - any
mp1
in
tcp/
udp
any
mp1
in
udp
any
ntp - any
mp1
in
tcp
any
13310 any
TELES iconnect
10
mp2
in/out
icmp
any
any
icmp ping
11
mp2
out
tcp
any
any
12
mp2
out
udp
any
any
13
mp2
out
sctp
any
any
14
mp2
in
udp
any
1718 - any
15
mp2
in
udp
any
1719 - any
16
mp2
in
tcp
any
1720 - any
Rule
Table 4.6
M09001260
Prot
source
dest
Description
port - source
Page 84
Dir
17
mp2
in
udp
any
18
mp2
in
udp
any
megaco any
19
mp2
in
sctp
any
any
20
mp2
in
udp
any
sip - any
21
mp2
in
tcp
any
sip - any
Rule
Table 4.6
Network Configuration
4.5
Prot
source
dest
Description
port - source
NTP configuration
The motherboard used in the redundant server systems contains clock components that can be used to determine time
and duration for processes.
The accuracy provided by these components is not always
sufficient to ensure uninterrupted service on the SSW for
years on end. Therefore, the SSW must be aligned to standard
time on a regular basis.
Programs are installed on the machines for the network time
protocol (NTP). You can use them to synchronize the system
time automatically over the network.
The NTP service runs on every machine. It synchronizes the
local clock from an NTP server with the aid of the network
time protocol. The NTP does more than just precisely align local time with the external signal at the cyclical synchronization
times. It also adjusts the frequency of the local clock source
M09001260
Page 85
Network Configuration
using a software PLL (phase-locked loop). Incorrect and abnormal CDRs are thus avoided, because the speed of the clock
has been adjusted with NTP.
NTP ensures that all of the machines are using the same
time. It does not guarantee that this is official time.
NTP uses a hierarchical system made up of different time
servers. The servers are divided into strata, in which stratum
3 systems receive their reference time from one or more stratum 2 systems, and so on. A stratum 1 time server is directly
connected to a stratum 0 device, a stratum 2 server is connected to the stratum 1 server over a network path. Thus, a
stratum 2 server gets its time via NTP packet requests from a
stratum 1 server. A stratum 3 server gets its time via NTP
packet requests from a stratum 2 server, and so on.
During the NTP setup enter the IP or host name of the NTP
server. You can enter multiple servers one after the other.
ntpd uses the best server; if it is not available, it uses the next
best, and so on. The ntpd uses a special algorithm to automatically determine the best server. If time is to be synchronized over the Internet. It is recommended to enter three NTP
servers to ensure a connection.
4.5.1
M09001260
Page 86
Network Configuration
Normally the customer has two Dom0 machines. Configure at least three external NTP servers for each Dom0.
Add the other Dom0 as NTP server too.
Each VM must synchronize NTP to three NTP servers in
the Internet and to each Dom0. Activate the local clock
(127.127.1.0) on all VMs.
If no connection to the Internet is available use a local
time server.
Synchronize both Dom0 machines to the local time
server and to each other.
Synchronize all VMs to the local time server, to both
Dom0 machines and to the local clock.
If two local time servers are available, use both on all
machines.
If more than two Dom0 machines are available configure these machines like VMs without local clock
settings.
For local servers use the following settings:
server 127.127.1.0 # local clock (LC)
fudge 127.127.1.0 stratum 10 # not disciplinied
M09001260
Data Server:
80.153.14.198
131.234.137.23
78.46.197.35
Dom0 #1
Dom0 #2
local time: 127.127.1.0
SSW #1:
80.153.14.198
131.234.137.23
78.46.197.35
Dom0 #1
Dom0 #2
local time: 127.127.1.0
SSW #1:
80.153.14.198
131.234.137.23
78.46.197.35
Dom0 #1
Dom0 #2
local time: 127.127.1.0
Page 87
Table 4.7
Network Configuration
4.5.2
Dom0 #2:
80.153.14.198
131.234.137.23
78.46.197.35
Dom0 #1
Example 4.33
4.5.3
M09001260
Page 88
4.5.3.1
Network Configuration
Example 4.34
The output of the date command with the time zone CEST
[root@dom0:~] date +%Z
CEST
On NetBSD (SSW) change the time zone with the link /etc/
localtime, which points to the time zone file located in the /
usr/share/zoneinfo folder. Example 4.35 shows the link to
the time zone used in Berlin. First you delete the link /etc/
localtime. Than you create a new link to your time zone. Example 4.35 shows how to set the time zone to GMT+1.
Example 4.35
You must reboot the machine every time you change the /etc/
localtime settings.
On Ubuntu (Dom0, EMS) change the time zone with the command:
Example 4.36
M09001260
Page 89
4.5.3.2
Network Configuration
Example 4.37
Restart the Web server every time you change the /etc/php5/
cli/php.ini using the following command: /etc/init.d/
apache2 restart-graceful
4.5.4
M09001260
Page 90
Network Configuration
As shown in example below the local stratum of this system is 3. This is very good. It is not a problem that the
ntptrace times out.
4. Open the configuration file with an editor:
vi /etc/ntp.conf
5. Find the line that starts with server and enter a new line
with the keyword server, a space, and the IP address of
the new NTP server.
6. Make sure that the server is reachable. If no connection
to the internet is available use one or more local NTP
server.
7. Set on all VMs use the local clock server 127.127.1.0.
8. Save the file.
9. Stop the NTP server with the following command:
/etc/init.d/ntp stop
10.Set the time on the system with one NTP server using
the following command:
ntpdate -b <NTP-server-IP>
M09001260
Page 91
Network Configuration
!
4.5.5
M09001260
Page 92
4.6
Network Configuration
Example 4.40
/etc/rc.conf file
teles=YES
openvpn=NO
ipfilter=YES
ipmon=YES
ipmon_flags="-Ds"
ntpd=YES
ntpdate=YES
ntpdate_flags="-s -b"
sshd=YES
wscons=YES
sendmail=NO
postfix=NO
critical_filesystems_local="/var /usr /teles"
fsck_flags="-y -f"
syslogd_flags=""
savecore=YES
savecore_flags="-z -N /netbsd"
savecore_dir="/var/crash"
powerd=YES
M09001260
Meaning
teles
openvpn
ipfilter
ipmon
ipmon_flags
ntpd
Page 93
Table 4.8
4.7
Network Configuration
Meaning
ntpdate
Starts the service program that sets the date and time by NTP.
ntpdate_flags
sshd
Starts the SSH, the service for access for administration purposes.
wscons
sendmail
critical_filesystems_local
fsck_flags
A file system is checked with fsck during boot before mounting it. Do not change these settings.
syslogd_flags
savecore
Used to save a core dump from the swap partition into the given directory.
powerd
M09001260
Page 94
Network Configuration
Edit the following settings via CLI: firewall, SNMP, NTP, call
routing, and RADIUS. The software automatically synchronizes the settings in Table 4.9 .
Table 4.9
Description
Call routing
Time synchronization
Network Management
Protocol
Database interface
ilogd
Firewall rules
Settings to protect the IP interface (iswipf). Only on BSD machines like SSW not on Linux based EMS.
CRONtabs
The services idabad, ilogd, and iredd are part of the TELES
configuration.
Find out the master
The SSW machines run as master/slave. On the EMS client,
you can recognize the master in the cascaded menu, as the
symbol is green and the name is followed by a star. The symbol for the slave is gray.
M09001260
Page 95
Network Configuration
On the CLI you recognize the master and slave from the output after login, as shown in Example 4.41 . The line This
system is the: indicates whether the system is a master or
slave. The associated system is indicated in the next line.
Example 4.41
You can query the status of the system with the command:
ired - iv
In
the
output,
you
MS_MODE=MASTER.
4.8
see
MS_MODE=SLAVE
or
M09001260
Page 96
Network Configuration
7. Set the log path for the remote logging form TELES
devices. The log definition use the references to the
former defined items:
log { source(s_net); filter(f_hosts_teles); destination(d_hosts_TELES);
flags(final); };
M09001260
Page 97
Network Configuration
M09001260
Page 98
A.1
HSRP Cisco
L3 Switch
(Active)
L2
Switch
CORE/
OAM
VRRP
L3 Switch
(Standby)
SSW (Master)
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
L2
Switch
CORE/
OAM
SSW (Slave)
L2
Switch
Signaling
Figure A.1
M09001260
Page 100
L2
Switch
Signaling
HSRP Hot Standby Router Protocol is a Cisco proprietary redundancy protocol for establishing a fault-tolerant default
gateway, and is described in detail in RFC 2281.
Problem 1 is solved by setting up a direct connection between
the L2 switches which are connected to the SSW. This connection is marked in Figure A.2 . You see that, despite the failure of connection , , and are also connected by .
HSRP Cisco
L3 Switch
(Active)
L2
Switch
CORE/
OAM
VRRP
L3 Switch
(Standby)
SSW (Master)
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
L2
Switch
CORE/
OAM
SSW (Slave)
L2
Switch
Signaling
Figure A.2
M09001260
Solution A to problem 1
Page 101
L2
Switch
Signaling
L2 Switch
L2
Switch
CORE/
OAM
SSW (Master)
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
L2
Switch
CORE/
OAM
SSW (Slave)
L2
Switch
Signaling
Figure A.3
M09001260
Solution B to problem 1
Page 102
L2
Switch
Signaling
L2 Switch
L2
Switch
CORE/
OAM
L2 Switch
SSW (Master)
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
L2
Switch
CORE/
OAM
SSW (Slave)
L2
Switch
Signaling
L2
Switch
Signaling
Figure A.4
Solution C to problem 1
This solution leads us to Problem 2, in which redundant cabling causes loops, causing the packets to go round in a circle
and to block the Ethernet network, as explained in the following text.
M09001260
Page 103
A.2
L2 Switch
L2
Switch
CORE/
OAM
SSW (Master)
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
L2
Switch
CORE/
OAM
SSW (Slave)
L2
Switch
Signaling
Figure A.5
M09001260
Page 104
L2
Switch
Signaling
In Figure A.6 the connection from Figure A.5 , which causes the loop,
is removed.
L2 Switch
L2
Switch
CORE/
OAM
SSW (Master)
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
L2
Switch
CORE/
OAM
SSW (Slave)
L2
Switch
Signaling
Figure A.6
M09001260
Solution A to problem 2
Page 105
L2
Switch
Signaling
L3 Switch
(Active)
L2
Switch
CORE/
OAM
VRRP
L3 Switch
(Standby)
SSW (Master)
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
L2
Switch
CORE/
OAM
SSW (Slave)
L2
Switch
Signaling
Figure A.7
M09001260
Solution B to problem 2
Page 106
L2
Switch
Signaling
Figure A.8 shows that Spanning Tree, supported by the Ethernet switch, automatically blocks a loop. In the picture, this is
the connection marked with .
L2 Switch
L2
Switch
CORE/
OAM
SSW (Master)
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
CORE,
OAM,SNMP
SIGTRAN,
MGCP,SIP
MP1
MP2
L2
Switch
CORE/
OAM
SSW (Slave)
L2
Switch
Signaling
L2
Switch
Signaling
Figure A.8
Solution C to problem 2
A.3
M09001260
Page 107
L2
Switch
CORE/
OAM
SSW (Master)
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP2
VLAN2/MP3
Trunk1
L2
Switch
CORE/
OAM
VLAN1/2
SSW (Slave)
L2
Switch
Signaling
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP2
VLAN2/MP3
Trunk1
L2
Switch
Signaling
VLAN1/2
VLAN1
VLAN2
Tagged ports
Untagged ports
Figure A.9
M09001260
L2 Switch
(untagged)
Page 108
L2
Switch
CORE/
OAM
SSW (Master)
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP2
VLAN2/MP3
Trunk1
L2
Switch
CORE/
OAM
VLAN1/2
SSW (Slave)
L2
Switch
Signaling
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP2
VLAN2/MP3
Trunk1
L2
Switch
Signaling
VLAN1/2
VLAN1
VLAN2
L2 Switch
Tagged ports
Untagged ports
Figure A.10
M09001260
Solution A to problem 3
Page 109
L2 Switch
L2
Switch
CORE/
OAM
SSW (Master)
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP2
VLAN2/MP3
Trunk1
L2
Switch
CORE/
OAM
VLAN1/2
SSW (Slave)
L2
Switch
Signaling
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP2
VLAN2/MP3
Trunk1
L2
Switch
Signaling
VLAN1/2
VLAN1
VLAN2
L2 Switch
Tagged ports
Untagged ports
Figure A.11
M09001260
Solution B to problem 3
Page 110
L2 Switch
Figure A.12 shows how an Ethernet switch that also supports VLAN is used at the Uplink. The tagged Ethernet frames
are transferred to the Ethernet switch.
L2
Switch
CORE/
OAM
SSW (Master)
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP2
VLAN2/MP3
Trunk1
L2
Switch
CORE/
OAM
VLAN1/2
SSW (Slave)
L2
Switch
Signaling
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP2
VLAN2/MP3
Trunk1
L2
Switch
Signaling
VLAN1/2
VLAN1/2
L2 Switch
L2 Switch
Tagged ports
Figure A.12
A.4
Solution C to problem 3
M09001260
Page 111
L2
Switch
CORE/
OAM
SSW (Master)
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP2
VLAN2/MP3
Trunk1
VLAN1/2
VLAN1/2
SSW (Slave)
L2
Switch
Signaling
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP2
VLAN2/MP3
Trunk1
VLAN1/2
VLAN2
VLAN1
Tagged ports
Untagged ports
Blocked by Spanning Tree
M09001260
L2
Switch
Signaling
VLAN1/2
VLAN1
VLAN2
L2 Switch
Figure A.13
L2
Switch
CORE/
OAM
Page 112
L2 Switch
L2
Switch
CORE/
OAM
SSW (Master)
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP2
VLAN2/MP3
Trunk1
VLAN1/2
VLAN1/2
SSW (Slave)
L2
Switch
Signaling
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP2
VLAN2/MP3
Trunk1
VLAN1/2
VLAN2
VLAN1
Tagged ports
Untagged ports
M09001260
L2
Switch
Signaling
VLAN1/2
VLAN1
VLAN2
L2 Switch
for VLAN1
Figure A.14
L2
Switch
CORE/
OAM
Solution A to problem 4
Page 113
L2 Switch
for VLAN2
L2
Switch
CORE/
OAM
SSW (Master)
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP2
VLAN2/MP3
Trunk1
VLAN1/2
VLAN1/2
SSW (Slave)
L2
Switch
Signaling
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP2
VLAN2/MP3
Trunk1
VLAN1/2
VLAN1/2
VLAN1/2
Tagged ports
M09001260
L2
Switch
Signaling
VLAN1/2
VLAN1/2
VLAN1/2
L3 Switch
(Active)
Figure A.15
L2
Switch
CORE/
OAM
Solution B to problem 4
Page 114
HSRP Cisco
VRRP
L3 Switch
(Stand by)
L2
Switch
CORE/
OAM
SSW (Master)
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP0
VLAN2/MP3
Trunk1
VLAN1/2
VLAN1/2
SSW (Slave)
L2
Switch
802.1s
Signaling
CORE,OAM,SNMP
MP1
SIGTRAN
MGCP
SIP
VLAN1/MP0
VLAN2/MP3
Trunk1
VLAN1/2
VLAN2
VLAN1
Tagged ports
Untagged ports
M09001260
L2
Switch
802.1s
Signaling
VLAN1/2
VLAN1
VLAN2
L2 Switch
for VLAN1
Figure A.16
L2
Switch
CORE/
OAM
Solution C to problem 4
Page 115
L2 Switch
for VLAN2
L ist o f ta bles
List of tables
1.1
2.1
2.2
2.3
2.4
2.5
2.6
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
M09001260
Page 117
L i st o f f i g u re s
List of figures
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
2.1
2.2
2.3
2.4
2.5
2.6
4.1
4.2
4.3
4.4
A.1
A.2
A.3
A.4
A.5
A.6
A.7
A.8
A.9
A.10
A.11
A.12
A.13
A.14
A.15
A.16
M09001260
Page 118
List of examples
List of examples
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
4.10
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.27
4.28
4.29
4.30
4.31
4.32
4.33
4.34
4.35
4.36
4.37
4.38
4.39
4.40
4.41
M09001260
Page 119
Index
Index
Symbols
/etc/hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
C
Cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
D
Default gateway . . . . . . . . . . . . . . . . . . . . . . . . . 72
DNS settings . . . . . . . . . . . . . . . . . . . . . . . . .61, 73
E
Ethernet cabling . . . . . . . . . . . . . . . . . . . . . . . . . 34
Ethernet jack . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Ethernet switch . . . . . . . . . . . . . . . . . . . . . . . . . 37
F
Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
BSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Linux . . . . . . . . . . . . . . . . . . . . . . . . . . .78, 79
rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
I
IP routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
IP settings . . . . . . . . . . . . . . . . . . . . . . . . . . .57, 59
BSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
iptables . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78, 79
iswipf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77, 80
L
LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
N
network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
hierachy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
ntpd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
P
Power cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
T
Table format
Invisible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
time zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
V
VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
M09001260
Page 120