High Availability in Linux Firewalls using VRRP
|
|
- Carmel Harper
- 8 years ago
- Views:
Transcription
1 Translated Document ( from Spanish original) High Availability in Linux Firewalls using VRRP Original by Sancho Lerena <slerena@iname.com> 15 Abril 2002 Translated by Ben Terry 10 June It is prohibited to modify this document without references to the author of the original work. This document is published under GPL. Any use of this document for commercial purposes is outside the scope of this document. The author is not responsible or liable for any problems that could be caused by the actions taken from the reading of this document
2 0. Introduction to the High Availability (HA) in firewalls Not written yet. 1. Introduction to VRRP VRRP is a protocol standard used for route redundancy, in effect, a generic redundancy protocol, referenced in RFC The idea is very simple and allows for implementation in practically every device in a network enviroment. VRRP can be found in production today in almost all platforms. Many types of network hardware, such as routers or load balancers, can implement and participate in internal VRRP. The protocol is very similar to Cisco s HSRP, although their standards are opened and proprietary commitment on the part of markers or manufacturers is subject to no one. Its operation is based on IP multicast and MAC multicast, therefore it is necessary that these are supported in a TCP/IP implementation of the SSOO which is we are using. In the case of Linux it s necessary that these parameters are part of the kernel. It is also worth emphasizing that the protocol has been designed to work simply with IPv4, but proposals for a similar implementation for IPv6 do exist. The concept is simple and is based on the necessity to have a reserve machine that acts as destination in a route. If we have a router and it fails, all the routes that use that gateway as destination are lost, if we have a reserve machine that takes the place from which it has failed, we can avoid the failure automatically and intelligently. This is the concept of Failure Redundancy and this is the first model of Redundancy for Routers, and equally Firewalls. As we will see further ahead, we can extend this model so that instead of having a machine in delay (Stand By) that does not do anything, we can make distribution of load between two machines and if one of the two fails, the other takes control of the traffic bound for the failed device, everything happens transparent and automatic. This advanced model can be implemented with VRRP. We will also see that VRRP can be applied to hosts and non-single gateways, and is able to be implemented in an extremely simple form of clustering with load balancing and HA in any type of network: HTTP, FTP, telnet, and with any ordinary type of TCP/UDP service.
3 2. Foundations of VRRP Beginning with the initial concept: the need for a multi-homed machine that acts like a gateway, simply routing packets from one interface to the other. In a transparent way, but like a router or filtering like a router. We will even see that we also can do modifications in packets doing NAT transparently before a network failure. IP Real: IP VRRP: VRID = 1 IP Real: IP VRRP: VRRP has several concept anchors, which are interesting principles to know since we will use this terminology to explain the following elements. When we speak of machines, we will talk about gateways, routers, firewalls or hosts, understanding its roll in its surroundings are wanted to implement the redundancy. Virtual Router (VR), is one of the machines that participates in the HA configuration, this can be as we said, a router, firewall or host. The one requisite is that it has a formed VRRP daemon and can execute itself in at least one interface. IP Virtual, is the IP that shared amongst several machines and is the base the HA implementations. This Virtual IP is the one that we will use to refer us to the assembly of machines from an external point of view, that is to say, the jump-off point in the route for all hosts. It does not have anything to do (in principle) with the physical IP of the adapter. VRID (Virtual Router ID): is the identifier (a whole number of 8 bits) of the Virtual Router, or assembly of machines that share the Virtual IP. This number must be unique and can only be used by the machines that share that virtual IP. In the different case of using the same number for the virtual IP's, it is necessary to make sure that the cards that use the same VRID are in different or separated physical networks logically with a VLAN by port. VR Priority, is a whole number of 8 bits, and is the assigned weight to one of the VRID of a Virtual Router, with him we specified the behavior of IS it since we can establish a hierarchy based on the greater priority. The greater priority is in 255. We will see that the node that has greater priority acts as VRMaster and the rest of nodes of the network with same VRID acts like VRBackup. VRMaster and VRBackup, is the way we reference the VR according to which function it has in the HA configuration at the present moment. When a VR in Backup status does not receive traffic for that virtual IP. (Although of course it can receive it for his dedicated IP or other VRID that is like VRMaster).
4 Version Type VRID Priority Count IP Addr Auth Type Advertising Interval Checksum IP Address ( 1 )... IP Address ( n ) Autication Data ( 1 )... Autication Data ( n ) The VRRP protocol is based on IP and its number assigned by IANA is 112. We can see the head of the protocol as specified by RFC For more details on the implementation of this protocol, we can reference the documentation of the IETF that is very concise and makes specific in this respect. It is possible to emphasize its importance by the different values that can have the priority field, and which value has vital importance since these values determine the machine s behavior in a VRRP assembly. Priority 0 means that the node has let participate in VRRP group, that well is sometimes not implemented, that way we will suppose that the way to let participate in effective form like Virtual Router, is to stop the VRRP daemon who shows that VRID. Priority 255 means that the VR has the status of Master and acts like so. Actually the VRMaster is determined with the VR that has more priority. In the case of having two VR with the same priority usually we will have a problem since it depends on how it is implemented, in any case it is not easy to arrive at that point if a strategy is followed when implanting VRRP, simply deciding to stagger the degrees of priority in units of 10, 20 or 50. Let us see an example: In this case the Master is machine B (here represented as a generic router). The machine A has a priority of 50 whereas B has 100, the selection of the master is clear. At this moment a "Flood" IP multicast by that network, towards defined exists with VRID 1 that consists of a mere interchange of packets between IP Real: IP VRRP: Prio = 50 VRBackup A VRID = 1 B IP Real: IP VRRP: Prio = 100 VRMaster
5 the elements of VRID 1 indicating that members exist, that IP and that have the priority. Packets between the nodes interchange, exists "a virtual" interface of network Ethernet with a defined MAC of static form as it follows: 00:00:5E:00:01:XX, where XX are the value in hexadecimal of the VRID, this way each VR has a different MAC for each VRID. VRRP uses like reference multicast IP, this is indifferent except clear is if it interests to us to have it in account from the point of view of the filter that we have applied on firewall. We must allow that traffic between the groups of implied machines. If we ran TCPDUMP in that cable segment we would see the following: [Example with other IP's, 100 is the one of VRRP] 07:57: arp who-has tell :57: arp reply is-at 0:0:5e:0:1:6a 07:57: > : icmp: echo request 07:57: > : icmp: echo reply 07:57: > : ip-proto :57: > : ip-proto :57: > : ip-proto :57: > : ip-proto :57: > : ip-proto :57: > : ip-proto :57: arp who-has tell :57: arp reply is-at 0:c0:26:70:12:34 We can see the multicast IP establishes the Master, and the backup remains listening in the VRRP channel. If a member does not find packets of others by a Heart Beat (so called because it indicates the state of life of the participants in the VRRP group), it would be promoted as VRMaster and would adopt the IP of the Virtual Router, assigning in addition the virtual MAC to the VR. Let us assume this happens because the master has had a problem and the VRRP packets do not arrive to his companion, this would be due to having the VRRP service stopped or because the machine has failed. In any case, we can suppose that it needs service. If it returned in good condition suddenly, it would listen to the VRRP channel and if it saw that their VRID is superior to the VR like master, it would make an announcement of his VRID and Priority and would settle down like Master. The basic idea is that a Heart Beat based on protocol IP 112 takes place (VRRP), and that through a concrete multicast IP propagates the state of the cluster and the degree of Master/Backup is decided. Configuration of VRRP in Linux We have a basic VRRP daemon, at the moment in a quite stable version that is we can use for this task. First we must obtain the version of VRRPD and compile it, it is not very
6 complex, rather, quite simple. We can find an extension to the original VRRPD in Alexandre Cassen The original implementation of Jerome Etienne, can be found here Once fact this, we happen to see its syntax: vrrpd -v <vr_id> -p <prio> -i <interface> <virtual_ip> The parameters are quite evident, since they are with which we have worked in the examples and the previous explanations. What there is to consider now it is that firewall works (in real cases of production) like a machine that does forward of traffic, that is to say, the traffic enters by an interface and leaves by another one: the traffic is not originated in the local machine, nor has like origin the local machine. That is to say, in the process they are always involved two interfaces of network, soon is logical to think that in the balance process it must include to mount VRRP in the interfaces where there is traffic. The conclusion to this, is to mount a daemon VRRP in each interface where it is wanted to implement HA. Prio = 50 VRBackup IP Real: IP VRRP: We can see a scheme of this idea, shaped like a device of generic routing (represented like two routers), forming a configuration of IS Active/Passive, where Router B acts like the master. First we before see as the nodes are formed to A and B: A Prio = 50 VRBackup IP Real: IP VRRP: VRID = 1 VRID = 101 B Prio = 100 VRMaster IP Real: IP VRRP: Prio = 100 VRMaster IP Real: IP VRRP:
7 Castor (Nodo B) Interfaces eth0 Link encap:ethernet HWaddr 00:C0:DF:E2:50:AF inet addr: Bcast: Mask: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:79 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:9 Base address:0xffe0 eth1 Link encap:ethernet HWaddr 00:A0:C9:4C:F8:CF inet addr: Bcast: Mask: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:145 errors:0 dropped:0 overruns:0 frame:0 TX packets:73 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:9 Base address:0x2000 Rutas Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface U eth U eth UG eth1 Pollux (Nodo A) Interfaces eth0 Link encap:ethernet HWaddr 00:00:5E:00:01:6A inet addr: Bcast: Mask: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:908 errors:0 dropped:0 overruns:0 frame:0 TX packets:838 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:9 Base address:0xfca0 eth1 Link encap:ethernet HWaddr 00:00:5E:00:01:69 inet addr: Bcast: Mask: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3269 errors:0 dropped:0 overruns:0 frame:0 TX packets:2541 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:11 Base address:0x2000 Rutas Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface U eth U eth UG eth1
8 We could try to load the daemons by hand in the following way: two for node A and two for node B, each daemon listening on a different interface. For node B (Castor) vrrpd -v 1 -p 100 -i eth vrrpd -v 101 -p 100 -i eth For node A (Pollux) vrrpd -v 1 -p 50 -i eth vrrpd -v 101 -p 50 -i eth The problem of all this is that generally firewalls have more than two interfaces, and as we will see further ahead, can interest that firewalls in HAS are simultaneously working balancing traffic, which will suppose, to duplicate the number of interfaces: Summarizing, we will have to manually send to many processes in each host. And this is the problem. The main problem of all this is that we will have a good number of VRRP daemons running in the machine, and when it is necessary to stop one of them we do not have form to determine that process is necessary to stop, since doing ps A cannot be differentiated to what interface and VRID belong to each one. In order to avoid that problem vrrp-start and vrrp-stop set out scripts that manages by means of the VRID and the interface the PID of the daemons, this way the syntax to raise an instance of daemon VRRP is as followings: vrrpd-start <vrid> <prio> <iface> <virtual_ip> vrrpd-stop <vrid> <iface> Scripts mentioned previously are the following: vrrp-start #!/bin/bash # # VRRP Daemon Start, 01/03/02 # Sancho Lerena, slerena@gnusec.com VRRPD=/usr/sbin/vrrpd INIC="VRRP Daemon Start, Sancho Lerena <slerena@gnusec.com>" VER="v2.0, 15/04/02" PIDFILE="/var/run/vrrpd.pid" PIDFILE_TMP="/var/run/vrrpd.pid.tmp" echo $INIC $VER if [ $# -lt 4 ] echo " Syntax: " echo " " echo " vrrpd-start <vrid> <prio> <iface> <virtual_ip>" echo " " exit VRID=$1 PRIO=$2 IFACE=$3 VIRTUAL_IP=$4
9 # We did not verify that the data passed as parameters are correct or with sense if [ -e "$PIDFILE" ] # If it exists we continued verifying # If the file exists, we verified that # there is not a VR installed in the same interface. RES=`grep "$IFACE:$VRID:" $PIDFILE` if [ -n "$RES" ] # If it exists echo "ERROR: A VRID already exists on the interface." exit # We start the daemon /sbin/start-stop-daemon --start -m --pidfile $PIDFILE_TMP --background \ --verbose --exec $VRRPD -- -i $IFACE -v $VRID -p $PRIO $VIRTUAL_IP # We wait until the daemon starts while [! -e $PIDFILE_TMP ] do sleep 1 done; # Obtenemos el PID de este daemonio PID=`cat $PIDFILE_TMP` echo "Starting VRRP Daemon, with PID "$PID" echo "VRRP Data: $VIRTUAL_IP"("$IFACE ") with VRID " $VRID " and Priority " $PRIO # We write this information into the daemon s information file echo $IFACE:$VRID:$PID >> "$PIDFILE" rm $PIDFILE_TMP echo "Waiting for VRRP Daemon" sleep 10 echo "Restoring IP Routing" # Here you must put your IP routes, because when VRRP changes the MAC in your # system, IP routes have been deleted automatically. Please be warned about # this and check this issue with care. vrrp-stop #!/bin/bash # # VRRP Daemon Stop, 01/03/02 # Sancho Lerena, slerena@gnusec.com VRRPD=/usr/sbin/vrrpd INIC="VRRP Daemon Stop, Sancho Lerena <slerena@gnusec.com>" VER="v2.0, 15/04/02" PIDFILE="/var/run/vrrpd.pid" PIDFILE_TMP="/var/run/vrrpd.tmp" echo $INIC $VER if [ $# -lt 2 ]
10 echo " Syntax: " echo " " echo " vrrpd-stop <vrid> <iface>" echo " " exit VRID=$1 IFACE=$2 # We did not verify that the passed data parameters are correct or with sense if [ -e "$PIDFILE" ] # If it exists we continued verifying # If the file it exists, we verified that there is not # a VR installed in the same interface. RES=`grep "$IFACE:$VRID:" $PIDFILE` if [ -z "$RES" ] # If an entrance with this data does not exist echo "ERROR: No existing VRID on this interface." exit else echo "No existing $PIDFILE, no VRRPD process running." exit; # We obtain the PID PID=`echo $RES cut -f 3 -d ":"` echo "Stopping VRRP Daemon, with PID "$PID echo "VRRP Data: ("$IFACE") with VRID " $VRID kill $PID # We erase this information from daemon s information file grep -v "$IFACE:$VRID" $PIDFILE >> $PIDFILE_TMP rm $PIDFILE mv $PIDFILE_TMP $PIDFILE
11 3. Switch Over con VRRP Switch Over is when a failure in a member of cluster is detected and this it happens to be like Masters to be like Backup or disconnected node of group VRRP. In this case we can contemplate three events that justify a Switch Over: - Manual Shutdown (to do maintenance, p.e) - Physical Problems (disconnected network, feeding off, etc) - Breakdown detection on a a single interface. The global events but, like which they affect to total physical shutdown of the machine or the loss of connectivity (for example, the Firewall HA electrical provision, the network or the Hot-StandBy operating system with kernel panic), imply Red Datos "A" that the VRRP lets work and that the companion of group VRRP will realize of which the master has go down, in that case W the Switch Over is automatic, but that it Red Control y happens if there is a partial failure or a failure HeartBeat that is not detected by the VRRP mechanism?. fw1 <Activo> fw2 <Pasivo> For example, it can happen thus that one of the networks of firewall falls single, of being, would continue entering packets by the alive interface and they could not be enrutar by the fallen interface. This problem is known as a Black Hole typically. VRRP v2 does not cover it. Diverse manufacturers (Nokia, Cisco) have implemented mechanisms to resolve this problem, although we will approach it from an extremely simple form. If we lose the connectivity, we stop all the VRRP daemons, in this way the machine will lose the status of VRRP master since he will send Heart Beat VRRP packets. The consequence of all this, is that when a firewall that is in Stand By (to the delay) gives account of which the Master no longer sends Heart Beat VRRP packets, it will send Firewall HA Hot-StandBy Red Datos "B" Dfw1 <Down> Red Datos "B" Red Datos "A" fw2 <Activo> Red Control y HeartBeat
12 his to the VRRP group and the one that has a greater priority remains the Master, obviously in this case, where there only are two elements, the one that is the backup firewall is now the master. The way to implement "connectivity" control is by means of a PING test. The act consists of sending a PING to the host that responds and that is trustworthy (not a non apt remote host on the Internet, but a host that is on the LAN and that cannot be affected by retardations in ping). In the proposed configuration, it would be simple to execute this script using cron, executing every minute, and the monitored IP s of the Switches that are in the two networks of the firewalls, in this case the and the , which are the IP's of the Switches of the previous examples. In case it failed the ping, the execution of VRRP in the host would be aborted, including all daemons running VRRP, we could improve this script by implementing some type of alert in the Syslog (or via SNMP, , etc.) since the host deactivates the VRRP, but its local IP's continue working (in the case that the network is not the problem). vrrp-check #!/bin/bash # # Checking connectivity with ICMP Ping, VRRPD Companion Script VER="11/03/ v1.0" PIDFILE="/var/run/vrrpd.pid" if [ -z $1 ] echo " ping check " $VER echo " " echo " params :" echo " pingcheck <ip_dest> [ <check_time> ]" echo " " exit SLEEP_TIME=$2 if [ -z $2 ] SLEEP_TIME=5 # Run-down time between checks, in seconds # If not specified, check is every 5 seconds # Obtain the PID the VRRPD processes in memory LISTA_PROCESOS=`ps -A grep "vrrpd" tr -s " " cut -d " " -f 2` if [ -z "$LISTA_PROCESOS" ] echo " No VRRP Daemon running, aborting. " exit IP_DESTINO=$1 # IP of verification, passed like parameter #1 RES=0
13 while [ "$RES" -eq 0 ] do COMANDO="`ping -c 1 "$IP_DESTINO" grep '100% packet loss'`" if [! -z "$COMANDO" ] echo " Ping fail " echo " Shutting down VRRP daemons " kill -s 9 $LISTA_PROCESOS rm $PIDFILE RES=1 else # echo " Debug: Ping ok" sleep $SLEEP_TIME done; 3. Example of Operation How does a host see all this externally? The host behind a Cluster of firewalls, in this case, called hercules, sees the single IP of the cluster of the Firewall. Let s take a look at the graph. This tries to represent the vision that the host is behind the cluster that it sees. It sees the IP of the cluster, and in addition, it does not matter to us which of the cluster s members is the Master. The only matter to us is that we have an IP by where we put the packets and another IP by where the packets leave, the rest is irrelevant. This, clear is supposes to abstract information that from the point of view of the user of the cluster, deberia to be opaque. Internet Firewall HA Hot-StandBy Red Datos "A" Red Datos "B" Switch L2 Red Control y HeartBeat Router Remoto Router Local Switch L2 Red A Red B The Hercules configuration is simple: it has a route by defect to the , the Virtual IP of network B of cluster of Firewalls. We can ping the IP of the Cluster: Hercules C:\>ping Pinging with 32 bytes of data: Reply from : bytes=32 time<10ms TTL=255 Reply from : bytes=32 time<10ms TTL=255 Reply from : bytes=32 time<10ms TTL=255 Reply from : bytes=32 time<10ms TTL=255 C:\>arp -a
14 Interface: on Interface 0x2 Internet Address Physical Address Type e a dynamic
BASIC TCP/IP NETWORKING
ch01 11/19/99 4:20 PM Page 1 CHAPTER 1 BASIC TCP/IP NETWORKING When you communicate to someone or something else, you need to be able to speak a language that the listener understands. Networking requires
More informationDigi Certified Transport Technician Training Course (DCTT)
1 2 A roadblock to this might be if dynamic routing using proprietary protocols, like EIGRP, are required. 3 (VRRP Can also be used over FDDI/Token Ring) HSRP (Hot Standby Router Protocol) is the Cisco
More informationHIGH AVAILABILITY (HA) WITH OPENSIPS
HIGH AVAILABILITY (HA) WITH OPENSIPS Setting up the HA Environment Norm Brandinger SIP Transport SIP is able to be transmitted using Multiple Protocols such as: UDP, TCP, or TCP with TLS (SSL) encryption
More informationVM-Series Firewall Deployment Tech Note PAN-OS 5.0
VM-Series Firewall Deployment Tech Note PAN-OS 5.0 Revision A 2012, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Supported Topologies... 3 Prerequisites... 4 Licensing... 5
More informationIntroduction to NetGUI
Computer Network Architectures gsyc-profes@gsyc.escet.urjc.es December 5, 2007 (cc) 2007. Algunos derechos reservados. Este trabajo se entrega bajo la licencia Creative Commons Attribution-ShareAlike.
More informationThe Internet/Network Layer
IP Addresses and Routing Tables Destination Gateway Genmask Flags MSS Window Irtt Iface 138.38.96.0 0.0.0.0 255.255.248.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo default 138.38.103.254 0.0.0.0
More informationLecture Computer Networks
Prof. Dr. H. P. Großmann mit M. Rabel sowie H. Hutschenreiter und T. Nau Sommersemester 2012 Institut für Organisation und Management von Informationssystemen Thomas Nau, kiz Lecture Computer Networks
More informationProtecting and controlling Virtual LANs by Linux router-firewall
Protecting and controlling Virtual LANs by Linux router-firewall Tihomir Katić Mile Šikić Krešimir Šikić Faculty of Electrical Engineering and Computing University of Zagreb Unska 3, HR 10000 Zagreb, Croatia
More informationTechnical Support Information Belkin internal use only
The fundamentals of TCP/IP networking TCP/IP (Transmission Control Protocol / Internet Protocols) is a set of networking protocols that is used for communication on the Internet and on many other networks.
More informationA New Approach to Developing High-Availability Server
A New Approach to Developing High-Availability Server James T. Yu, Ph.D. School of Computer Science, Telecommunications, and Information Systems DePaul University jyu@cs.depaul.edu ABSTRACT This paper
More informationnetkit lab MPLS VPNs with overlapping address spaces 1.0 S.Filippi, L.Ricci, F.Antonini Version Author(s)
netkit lab MPLS VPNs with overlapping address spaces Version Author(s) 1.0 S.Filippi, L.Ricci, F.Antonini E-mail Web Description silvia.filippi@kaskonetworks.it http://www.kaksonetworks.it/ A lab showing
More informationTCP/IP Network Essentials. Linux System Administration and IP Services
TCP/IP Network Essentials Linux System Administration and IP Services Layers Complex problems can be solved using the common divide and conquer principle. In this case the internals of the Internet are
More informationLAB THREE STATIC ROUTING
LAB THREE STATIC ROUTING In this lab you will work with four different network topologies. The topology for Parts 1-4 is shown in Figure 3.1. These parts address router configuration on Linux PCs and a
More informationNetwork Management and Debugging. Jing Zhou
Network Management and Debugging Jing Zhou Network Management and Debugging Network management generally includes following task: Fault detection for networks, gateways and critical servers Schemes for
More informationQuick Note 53. Ethernet to W-WAN failover with logical Ethernet interface.
Quick Note 53 Ethernet to W-WAN failover with logical Ethernet interface. Digi Support August 2015 1 Contents 1 Introduction... 2 1.1 Introduction... 2 1.2 Assumptions... 3 1.3 Corrections... 3 2 Version...
More informationGuideline for setting up a functional VPN
Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the
More informationBridgewalling - Using Netfilter in Bridge Mode
Bridgewalling - Using Netfilter in Bridge Mode Ralf Spenneberg, ralf@spenneberg.net Revision : 1.5 Abstract Firewalling using packet filters is usually performed by a router. The packet filtering software
More informationHow To Understand and Configure Your Network for IntraVUE
How To Understand and Configure Your Network for IntraVUE Summary This document attempts to standardize the methods used to configure Intrauve in situations where there is little or no understanding of
More informationIP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP
CSCE 515: Computer Network Programming TCP/IP IP Network Layer Wenyuan Xu Department of Computer Science and Engineering University of South Carolina IP Datagrams IP is the network layer packet delivery
More informationLinux TCP/IP Network Management
Linux TCP/IP Network Management Arnon Rungsawang fenganr@ku.ac.th Massive Information & Knowledge Engineering Department of Computer Engineering Faculty of Engineering Kasetsart University, Bangkok, Thailand.
More informationRedundancy and load balancing at L3 in Local Area Networks. Fulvio Risso Politecnico di Torino
Redundancy and load balancing at L3 in Local Area Networks Fulvio Risso Politecnico di Torino 1 Default gateway redundancy (1) H1 DG: R1 H2 DG: R1 H3 DG: R1 R1 R2 ISP1 ISP2 Internet 3 Default gateway redundancy
More informationM2M Series Routers. Virtual Router Redundancy Protocol (VRRP) Configuration Whitepaper
Virtual Router Redundancy Protocol (VRRP) Configuration Whitepaper Table of Contents What is VRRP?... 3 VRRP Terminology... 3 Virtual Router... 3 VRRP Instance... 3 Virtual Router ID... 3 Virtual Router
More information1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet
Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer
More informationIP Addressing and Subnetting. 2002, Cisco Systems, Inc. All rights reserved.
IP Addressing and Subnetting 2002, Cisco Systems, Inc. All rights reserved. 1 Objectives Upon completion, you will be able to: Discuss the Types of Network Addressing Explain the Form of an IP Address
More informationnetkit lab static-routing Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group
Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab static-routing Version Author(s) E-mail Web Description 2.2 G. Di Battista, M. Patrignani,
More informationCELLTRACKS ANALYZER II. Networking Guide J40169EN
CELLTRACKS ANALYZER II Networking Guide J40169EN CELLTRACKS ANALYZER II Networking Guide LBL50902 2014-01-01 J40169EN Proprietary Notice This document discloses subject matter in which Janssen Diagnostics,
More informationIP Addressing A Simplified Tutorial
Application Note IP Addressing A Simplified Tutorial July 2002 COMPAS ID 92962 Avaya Labs 1 All information in this document is subject to change without notice. Although the information is believed to
More informationThe IP Transmission Process. V1.4: Geoff Bennett
The IP Transmission Process V1.4: Geoff Bennett Contents Communication Between Hosts Through a MAC Bridge Through a LAN Switch Through a Router The tutorial is divided into four sections. Section 1 looks
More informationHost Configuration (Linux)
: Location Date Host Configuration (Linux) Trainer Name Laboratory Exercise: Host Configuration (Linux) Objectives In this laboratory exercise you will complete the following tasks: Check for IPv6 support
More informationCisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)
Cisco Certified Network Associate Exam Exam Number 200-120 CCNA Associated Certifications CCNA Routing and Switching Operation of IP Data Networks Operation of IP Data Networks Recognize the purpose and
More informationnetkit lab single-host Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group
Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group netkit lab single-host Version Author(s) E-mail Web Description 2.2 G. Di Battista, M. Patrignani,
More informationWorkshop on Scientific Applications for the Internet of Things (IoT) March 16-27 2015
Workshop on Scientific Applications for the Internet of Things (IoT) March 16-27 2015 IPv6 in practice with RPi Alvaro Vives - alvaro@nsrc.org Contents 1 Lab topology 2 IPv6 Configuration 2.1 Linux commands
More informationThis howto is also a bit old now. But I thought of uploading it in the howtos section, as it still works.
Assalam-u-alaikum, This howto is also a bit old now. But I thought of uploading it in the howtos section, as it still works. Created : Mid 2007 Last updated: Mid 2007 The following link is very nice tutorial
More informationCCT vs. CCENT Skill Set Comparison
Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More informationRedundancy and load balancing at L3 in Local Area Networks. Fulvio Risso Politecnico di Torino
Redundancy and load balancing at L3 in Local Area Networks Fulvio Risso Politecnico di Torino 1 Problem: the router is a single point of failure H1 H2 H3 VLAN4 H4 VLAN4 Corporate LAN Corporate LAN R1 R2
More informationWireless LAN Apple Bonjour Deployment Guide
Wireless LAN Apple Bonjour Deployment Guide Document ID: 113443 Contents Introduction Prerequisites Requirements Components Used Conventions Deployment Considerations Configure the Controller to Support
More informationMigration from Cisco GLBP to industry standard VRRPE
Migration from Cisco GLBP to industry standard VRRPE Technical white paper Table of contents Overview... 2 Gateway load balancing protocols... 2 Introduction to Cisco GLBP... 2 Introduction to VRRPE...
More informationVRRP Technology White Paper
Issue 01 Date 2012-08-31 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of
More informationComputer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University
Computer Networks Introduc)on to Naming, Addressing, and Rou)ng Week 09 College of Information Science and Engineering Ritsumeikan University MAC Addresses l MAC address is intended to be a unique identifier
More informationChapter 3. TCP/IP Networks. 3.1 Internet Protocol version 4 (IPv4)
Chapter 3 TCP/IP Networks 3.1 Internet Protocol version 4 (IPv4) Internet Protocol version 4 is the fourth iteration of the Internet Protocol (IP) and it is the first version of the protocol to be widely
More informationCHAPTER 10 LAN REDUNDANCY. Scaling Networks
CHAPTER 10 LAN REDUNDANCY Scaling Networks CHAPTER 10 10.0 Introduction 10.1 Spanning Tree Concepts 10.2 Varieties of Spanning Tree Protocols 10.3 Spanning Tree Configuration 10.4 First-Hop Redundancy
More informationOSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R
OSBRiDGE 5XLi Configuration Manual Firmware 3.10R 1. Initial setup and configuration. OSBRiDGE 5XLi devices are configurable via WWW interface. Each device uses following default settings: IP Address:
More informationComputer Networks. Lecture 3: IP Protocol. Marcin Bieńkowski. Institute of Computer Science University of Wrocław
Computer Networks Lecture 3: IP Protocol Marcin Bieńkowski Institute of Computer Science University of Wrocław Computer networks (II UWr) Lecture 3 1 / 24 In previous lectures We learned about layer 1
More informationOperating System for Ubiquiti EdgeRouters Release Version: 1.4
Operating System for Ubiquiti EdgeRouters Release Version: 1.4 Table of Contents Table of Contents Chapter 1: Overview...1 Introduction......................................................................
More informationAire-6 Acceso Inalámbrico a Redes IPV6. Christian Lazo R. Universidad Austral de Chile
Aire-6 Acceso Inalámbrico a Redes IPV6 Christian Lazo R. Universidad Austral de Chile Proyecto Frida 2004 Objetivos HOT SPOT IPv6 NATIVO IPv6 + WiFI E2E, Always On, Movilidad AAAC (Authentication, Authorization,
More informationBR-6624. Load Balancing Router. Manual
BR-6624 Load Balancing Router Manual TABLE OF CONTENTS 1: INTRODUCTION...1 Internet Features...1 Other Features...3 Package Contents...4 Physical Details...4 2: BASIC SETUP...8 Overview...8 Procedure...8
More informationTop-Down Network Design
Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,
More informationHow To Install Openstack On Ubuntu 14.04 (Amd64)
Getting Started with HP Helion OpenStack Using the Virtual Cloud Installation Method 1 What is OpenStack Cloud Software? A series of interrelated projects that control pools of compute, storage, and networking
More information8.2 The Internet Protocol
TCP/IP Protocol Suite HTTP SMTP DNS RTP Distributed applications Reliable stream service TCP UDP User datagram service Best-effort connectionless packet transfer Network Interface 1 IP Network Interface
More informationRESILIENT NETWORK DESIGN
Matěj Grégr RESILIENT NETWORK DESIGN 1/36 2011 Brno University of Technology, Faculty of Information Technology, Matěj Grégr, igregr@fit.vutbr.cz Campus Best Practices - Resilient network design Campus
More informationTHE HONG KONG POLYTECHNIC UNIVERSITY Department of Electronic and Information Engineering
THE HONG KONG POLYTECHNIC UNIVERSITY Department of Electronic and Information Engineering ENG 224 Information Technology Laboratory 6: Internet Connection Sharing Objectives: Build a private network that
More informationVoIP Laboratory B How to re flash an IP04
VoIP Laboratory B How to re flash an IP04 (cc) Creative Commons Share Alike Non Commercial Attribution 3 This lab guides you through the process of re flashing an IP04. To re flash a unit is useful when
More informationCS244A Review Session Routing and DNS
CS244A Review Session Routing and DNS January 18, 2008 Peter Pawlowski Slides derived from: Justin Pettit (2007) Matt Falkenhagen (2006) Yashar Ganjali (2005) Guido Appenzeller (2002) Announcements PA
More informationZarząd (7 osób) F inanse (13 osób) M arketing (7 osób) S przedaż (16 osób) K adry (15 osób)
QUESTION NO: 8 David, your TestKing trainee, asks you about basic characteristics of switches and hubs for network connectivity. What should you tell him? A. Switches take less time to process frames than
More information3. The Domain Name Service
3. The Domain Name Service n Overview and high level design n Typical operation and the role of caching n Contents of DNS Resource Records n Basic message formats n Configuring/updating Resource Records
More information1.0 Basic Principles of TCP/IP Network Communications
Section 1 Basic Principles of TCP/IP Network Communications Section 2 Introduction to Doors NetXtreme Section 3 Common Connection Issues Section 4 Common Causes Section 5 Tools Section 6 Contact Keri Systems
More informationRedundancy and load balancing at L3 in Local. Fulvio Risso Politecnico di Torino
Redundancy and load balancing at L3 in Local Area Networks Fulvio Risso Politecnico di Torino 1 Copyright notice This set of transparencies, hereinafter referred to as slides, is protected by copyright
More informationLayer 3 Redundancy with HSRP By Sunset Learning Instructor Andrew Stibbards
Layer 3 Redundancy with HSRP By Sunset Learning Instructor Andrew Stibbards Hot Standby Router Protocol (HSRP) is a Cisco proprietary protocol which allows several routers or multilayer switches to appear
More informationChapter 4 Customizing Your Network Settings
Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the RangeMax Dual Band Wireless-N Router WNDR3300, including LAN, WAN, and routing settings.
More informationJason Dixon DixonGroup Consulting. September 17, 2005 NYCBSDCON 2005
Failover Firewalls with OpenBSD and CARP Jason Dixon DixonGroup Consulting September 17, 2005 NYCBSDCON 2005 Introduction Firewalls are a mandatory network component Introduction Firewalls are a mandatory
More informationNetwork Agent Quick Start
Network Agent Quick Start Topic 50500 Network Agent Quick Start Updated 17-Sep-2013 Applies To: Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7 and 7.8 Websense
More informationEthernet. Ethernet. Network Devices
Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking
More informationLab 5 Explicit Proxy Performance, Load Balancing & Redundancy
Lab 5 Explicit Proxy Performance, Load Balancing & Redundancy Objectives The purpose of this lab is to demonstrate both high availability and performance using virtual IPs coupled with DNS round robin
More informationSetting Up A High-Availability Load Balancer (With Failover and Session Support) With Perlbal/Heartbeat On Debian Etch
By Falko Timme Published: 2009-01-11 19:32 Setting Up A High-Availability Load Balancer (With Failover and Session Support) With Perlbal/Heartbeat On Debian Etch Version 1.0 Author: Falko Timme
More informationFBR-4000. Multi-WAN VPN Router. User Manual
FBR-4000 Multi-WAN VPN Router User Manual V1.0 TABLE OF CONTENTS 1: INTRODUCTION... 1 INTERNET FEATURES... 1 OTHER FEATURES... 3 PACKAGE CONTENTS... 4 PHYSICAL DETAILS... 4 Front Panel... 4 Rear Panel...
More informationSmart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1
Smart Tips Enabling WAN Load Balancing Overview Many small businesses today use broadband links such as DSL or Cable, favoring them over the traditional link such as T1/E1 or leased lines because of the
More informationNetwork Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik
Network Security Chapter 3 Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: October 21, 2015 IN2101, WS 15/16, Network Security 1 Security Policies and
More informationCisco Networking Academy CCNP Multilayer Switching
CCNP3 v5 - Chapter 5 Cisco Networking Academy CCNP Multilayer Switching Implementing High Availability in a Campus Environment Routing issues Hosts rely on a router to find the best path Issues with established
More informationComputer Networks/DV2 Lab
Computer Networks/DV2 Lab Room: BB 219 Additional Information: http://www.fb9dv.uni-duisburg.de/ti/en/education/teaching/ss08/netlab Equipment for each group: - 1 Server computer (OS: Windows 2000 Advanced
More informationWhat is VLAN Routing?
Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one
More informationChapter 4 Customizing Your Network Settings
. Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the Wireless-G Router Model WGR614v9, including LAN, WAN, and routing settings. It
More informationGuide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols
Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various
More informationLink Layer Discovery Protocol
12 Link Layer Discovery Protocol Contents Overview..................................................... 12-2 LLDP..................................................... 12-2 LLDP Messages............................................
More informationVirtual Systems with qemu
Virtual Systems with qemu Version 0.1-2011-02-08 Christian Külker Inhaltsverzeichnis 1 Image Creation 2 1.1 Preparations.................................. 2 1.2 Creating a Disk Image.............................
More informationQuick Start for Network Agent. 5-Step Quick Start. What is Network Agent?
What is Network Agent? The Websense Network Agent software component uses sniffer technology to monitor all of the internet traffic on the network machines that you assign to it. Network Agent filters
More informationChapter 2 TCP/IP Networking Basics
Chapter 2 TCP/IP Networking Basics A network in your home or small business uses the same type of TCP/IP networking that is used for the Internet. This manual provides an overview of IP (Internet Protocol)
More informationClustering. Configuration Guide IPSO 6.2
Clustering Configuration Guide IPSO 6.2 August 13, 2009 Contents Chapter 1 Chapter 2 Chapter 3 Overview of IP Clustering Example Cluster... 9 Cluster Management... 11 Cluster Terminology... 12 Clustering
More information- Redundancy and Load Balancing -
1 - Redundancy and Load Balancing - Importance of Redundancy High availability is critical in most environments. Even a brief outage due to hardware failure may be considered unacceptable. Consider the
More informationThis How To Note describes one possible basic VRRP configuration.
AlliedWare TM OS How To Configure VRRP (Virtual Router Redundancy Protocol) Introduction VRRP is a popular protocol for providing device redundancy, for connecting redundant WAN gateway routers or server
More informationInternetworking. Problem: There is more than one network (heterogeneity & scale)
Internetworking Problem: There is more than one network (heterogeneity & scale) Hongwei Zhang http://www.cs.wayne.edu/~hzhang Internetworking: Internet Protocol (IP) Routing and scalability Group Communication
More informationLoad Balancing Router. User s Guide
Load Balancing Router User s Guide TABLE OF CONTENTS 1: INTRODUCTION... 1 Internet Features... 1 Other Features... 3 Package Contents... 4 Physical Details... 4 2: BASIC SETUP... 8 Overview... 8 Procedure...
More informationCCNA R&S: Introduction to Networks. Chapter 5: Ethernet
CCNA R&S: Introduction to Networks Chapter 5: Ethernet 5.0.1.1 Introduction The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.
More informationGLBP - Gateway Load Balancing Protocol
GLBP - Gateway Load Balancing Protocol Gateway Load Balancing Protocol (GLBP) protects data traffic from a failed router or circuit, like Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy
More informationRed Hat Linux Networking
The information presented should act as a guide to Red Hat Linux networking. It is intended to be accompanied with training and self study. To access most of these items you will need to have root access,
More informationCourse Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.
Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols
More informationTwin Peaks Software High Availability and Disaster Recovery Solution For Linux Email Server
Twin Peaks Software High Availability and Disaster Recovery Solution For Linux Email Server Introduction Twin Peaks Softwares Replication Plus software is a real-time file replication tool, based on its
More informationIP Address: the per-network unique identifier used to find you on a network
Linux Networking What is a network? A collection of devices connected together Can use IPv4, IPv6, other schemes Different devices on a network can talk to each other May be walls to separate different
More informationLab Exercise Configure the PIX Firewall and a Cisco Router
Lab Exercise Configure the PIX Firewall and a Cisco Router Scenario Having worked at Isis Network Consulting for two years now as an entry-level analyst, it has been your hope to move up the corporate
More informationChapter 3 LAN Configuration
Chapter 3 LAN Configuration This chapter describes how to configure the advanced LAN features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. This chapter contains the following sections
More informationNetwork Diagnostic Tools. Jijesh Kalliyat Sr.Technical Account Manager, Red Hat 15th Nov 2014
Network Diagnostic Tools Jijesh Kalliyat Sr.Technical Account Manager, Red Hat 15th Nov 2014 Agenda Network Diagnostic Tools Linux Tcpdump Wireshark Tcpdump Analysis Sources of Network Issues If a system
More informationConfiguration Guide. DHCP Server. LAN client
DHCP Server Configuration Guide 4.0 DHCP Server LAN client LAN client LAN client Copyright 2007, F/X Communications. All Rights Reserved. The use and copying of this product is subject to a license agreement.
More informationForensic Network Analysis Tools
Forensic Network Analysis Tools Strengths, Weaknesses, and Future Needs Eoghan Casey Author, Digital Evidence and Computer Crime Editor, Handbook of Computer Crime Investigation Technical Director, Knowledge
More informationCS 348: Computer Networks. - IP addressing; 21 st Aug 2012. Instructor: Sridhar Iyer IIT Bombay
CS 348: Computer Networks - IP addressing; 21 st Aug 2012 Instructor: Sridhar Iyer IIT Bombay Think-Pair-Share: IP addressing What is the need for IP addresses? Why not have only MAC addresses? Given that
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More informationUnderstanding TCP/IP. Introduction. What is an Architectural Model? APPENDIX
APPENDIX A Introduction Understanding TCP/IP To fully understand the architecture of Cisco Centri Firewall, you need to understand the TCP/IP architecture on which the Internet is based. This appendix
More informationCanopy Wireless Broadband Platform
1 Canopy Wireless Broadband Platform Frequently Asked Questions Software Ordering and License Fulfillment Process May 2007 CONTENTS GENERAL SOFTWARE ORDERING PROCESS...2 USING THE LICENSING PORTAL...5
More informationUnderstanding Layer 2, 3, and 4 Protocols
2 Understanding Layer 2, 3, and 4 Protocols While many of the concepts well known to traditional Layer 2 and Layer 3 networking still hold true in content switching applications, the area introduces new
More informationRecent advances in IPv6 insecurities Marc van Hauser Heuse Deepsec 2010, Vienna. 2010 Marc Heuse <mh@mh-sec.de>
Recent advances in IPv6 insecurities Marc van Hauser Heuse Deepsec 2010, Vienna 2010 Marc Heuse Hello, my name is The future is here already Let s start with the basics IPv4 4 octets 4.294.967.296
More information04 Internet Protocol (IP)
SE 4C03 Winter 2007 04 Internet Protocol (IP) William M. Farmer Department of Computing and Software McMaster University 29 January 2007 Internet Protocol (IP) IP provides a connectionless packet delivery
More information