You are on page 1of 120

Softswitch

Installation guide
Software version: 3.6
Hardware: Dell R630

Softswitch

Installation guide

TELES AG | HEADQUARTERS
Ernst-Reuter-Platz 8
10587 Berlin
GERMANY
Phone +49 30 399 28-066
Fax
+49 30 399 28-051
E-mail sales@teles.com
http
www.teles.com
Document version: M09001260

Software version: 3.6

Copyright 2016 TELES AG Informationstechnologien. All rights reserved.

Revised: March 10, 2016

TELES, IntraSTAR, Intra*, iGATE, and iSWITCH are registered trademarks of TELES AG Informationstechnologien. All other trademarks used are the property of their respective owners.
The supplied hardware/software systems are protected by copyright and can be used solely by their lawful
owners.
All text and figures in this publication have been compiled with great attention to detail. Nonetheless, inaccuracies and typographical errors cannot be entirely avoided. TELES AG Informationstechnologien provides
this document 'as is' without warranty of any kind, expressed or implied. TELES AG Informationstechnologien
reserves the right to make changes in product design or specifications without notice.

Table of contents

Table of contents
1

Introduction ................................................................................ 11

1.1

About this guide ............................................................................. 12

1.2

The SSW in the carrier network.................................................... 12

1.3

The SSW system architecture ....................................................... 14

1.4

Factory settings .............................................................................. 20

1.5

Signaling overview ......................................................................... 21

1.6

Installation steps ............................................................................ 23

Hardware installation ................................................................ 24

2.1

Safety precautions ......................................................................... 25

2.2

System security .............................................................................. 27

2.2.1

Operating conditions ..................................................................... 28

2.2.2

Environmental considerations ..................................................... 29

2.3

Physical description of the redundant server Dell R630 ........... 29

2.4

Unpacking the shipment ............................................................... 32

2.4.1

Authorized technicians .................................................................. 32

2.4.2

Mounting the redundant server................................................... 32

2.5

Cabling the redundant server....................................................... 34

2.5.1

Ethernet cabling ............................................................................. 34

2.5.2

Power cabling ................................................................................. 40

M09001260

Page 3

Table of contents

Preparation for software installation ...................................... 41

3.1

Requirements ................................................................................. 42

3.2

Set the IP address to the service processor................................ 43

3.3

IP configuration for the iDRAC...................................................... 47

3.4

Set the iDRAC password ................................................................ 48

3.5

Disable the PXE boot protocol of the Ethernet interface .......... 50

Network Configuration .............................................................. 52

4.1

Necessary information .................................................................. 53

4.2

Connecting the SSW to the CLI ..................................................... 54

4.3

IP settings........................................................................................ 55

4.3.1

IP settings for the Dell R630 service processor .......................... 55

4.3.2

IP settings for Dom0 and EMS ...................................................... 56

4.3.3

VLAN and multiple gateway settings on Dom0 and EMS.......... 62

4.3.4

IP settings for the SSW machine .................................................. 69

4.3.5

Setting Up VLAN on the SSW machine ........................................ 74

4.4

Firewall settings.............................................................................. 76

4.4.1

Emergency rules on every machine............................................. 76

4.4.2

Firewall settings for the service processor ................................. 77

4.4.3

Firewall settings on the Dom0 and EMS machine...................... 77

4.4.4

Firewall settings on the SSW machine......................................... 80

M09001260

Page 4

Table of contents

4.5

NTP configuration .......................................................................... 85

4.5.1

NTP settings on TELES architecture ............................................. 86

4.5.2

Daylight Savings Time (DST) activation check............................. 88

4.5.3
4.5.3.1
4.5.3.2

Time zone settings ......................................................................... 88


Time zone settings on Dom0, EMS or SSW ................................. 89
Additional time zone adjunstmens on the EMS ......................... 90

4.5.4

NTP configuration on the Dom0 and on the EMS...................... 90

4.5.5

NTP configuration on the SSW machines.................................... 92

4.6

Checking the services in the configuration file........................... 93

4.7

Redundant configuration on the SSW machines ....................... 94

4.8

Configure syslog-ng for logging.................................................... 96

Appendix A

Possible Problems with the Cabling . . . . . . . . . . . . . . . . 99

A.1

Problem 1 Redundant Cabling.................................................100

A.2

Problem 2 Loop in the Redundant Cabling............................104

A.3

Problem 3 Network Configuration with VLAN .......................107

A.4

Problem 4 Spanning Tree in the VLAN ...................................111

M09001260

Page 5

Preface

Preface
In this Guide
This guide provides comprehensive information about installation and the network configuration on the Softswitch CLI. It
is written for network administrators, who are presumed to
have some experience working with networking devices and
are familiar with the concepts and terminology of New Generation Networks technology.
The SSW comes with the following manuals:
Signaling manual describing the GUI and the signaling
configuration
Routing manual describing the basic call routing
configuration
Routing service manual describing the call routing
services that play tones and announcements, execute
database queries, generate advice of charges and
others.
Call detail records manual describing the call details
recorded by the SSW and the RADIUS server.
Maintenance manual describing statistics, monitoring
messages, the SNMP interface, and the graphical SNMP
monitoring tool
Installation manual describing the hardware,
installation steps, and CLI-based network configuration
Conventions
This document uses the following typographic conventions:
Bold important information.
Halfbold items from the GUI and the menu. A
reference to each menu item is included in the index.
Code file names, variables, and constants in
configuration files or commands in body text.

M09001260

Page 6

Preface

"Conventions" on page 6 cross-references can be


accessed in the PDF by a single mouse click.
ACKNOWLEDGEMENTS
This product includes applications, for which the following licensing information applies.
Copyright () 1983, 1989, 1991, 1993 The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above
copyright notice, this list of conditions and the following
disclaimer.
2. Redistributions in binary form must reproduce the
above copyright notice, this list of conditions and the
following disclaimer in the documentation and/or other
materials provided with the distribution.
3. Neither the name of the University nor the names of its
contributors may be used to endorse or promote products derived from this software without specific prior
written permission.
This software is provided by the regents and contributors as
is and any express or implied warranties, including, but not
limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall
the regents or contributors be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement or substitute goods
or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether
in contract, strict liability, or tort (including negligence or oth-

M09001260

Page 7

Preface

erwise) arising in any way out of the use of this software, even
if advised of the possibility of such damage.
This product includes applications, for which the the following
licensing information applies.
GNU General Public License, Version 2, June 1991 Copyright
1989, 1991 Free Software Foundation, Inc. 51 Franklin Street,
Fifth Floor, Boston, MA 02110-1301, USA
The following is an excerpt of this agreement:
Because the program is licensed free of charge, there is no
warranty for the program, to the extent permitted by applicable law. Except when otherwise stated in writing the copyright
holders and/or other parties provide the program "as is" without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of
merchantability and fitness for a particular purpose. The entire risk as to the quality and performance of the program is
with you. Shall the program prove defective, you assume the
cost of all necessary servicing, repair or cor-rection.
In no event unless required by applicable law or agreed to in
writing will any copyright holder, or any other party who may
modify and/or redistribute the program as permitted above,
be liable to you for damages, including any general, special,
incidental or consequential damages arising out of the use or
inability to use the program (including but not limited to loss
of data or data being rendered inaccurate or losses sustained
by you or third parties or a failure of the program to operate
with any other programs), even if such holder or other party
has been advised of the possibility of such damages.

M09001260

Page 8

Preface

Safety Symbols
The following symbols are used to indicate important information and to describe levels of possible danger.

!
!
!

Note
Useful information with no safety implications.
Attention
Information that must be adhered to as it is necessary to
ensure that the system functions correctly and to avoid
material damage.
Warning
Danger. Could cause personal injury or damage to the
system.
Dangerous voltage
Could cause injury by high voltage and/or damage the
system.
Electrostatic discharge
Components at risk of discharge must be grounded before being touched.
Explosion hazard
Injury hazard due to explosions endangering the person
or the system.
High temperatures
Do not touch. Hot surfaces could cause injury.

M09001260

Page 9

Organization

Organization
This guide is organized into the following chapters.
Chapter 1 Introduction explains how the Softswitch is integrated into the carrier network. It contains an overview of the
network topology supported by the SSW and the steps required for installation. People reading this chapter need to
understand the concept of the SSW, so that the installation
can take place quickly and smoothly.
Chapter 2 Hardware installation explains the installation
of the redundant server. This includes the description of the
interfaces, the assembly of the SSW, and the cable interfaces.
Chapter 3 Preparation for software installation describes the working steps needed before the software installation can be started by the TELES service team. To do these
steps, you must be familiar with computer hardware and basic IP configuration. If all configuration steps described here
are done, the TELES service team starts the installation using
the iDRAG service processor.
Chapter 4 Network Configuration explains how to configure the IP network, describing the parameters and programs
used. Before you start, make you familiar with the operation
and service of the standard programs used, such as SSH,
Bash, vi, etc.
Appendix A Possible Problems with the Cabling gives
some examples of possible problems with the cabling that
you may encounter and gives a number of ways in which
these problems can be solved.

M09001260

Page 10

1 Introduction

Introduction

This chapter explains how the Softswitch is integrated into


the carrier network. It contains an overview of the network
topology supported by the SSW and the steps required for
installation. People reading this chapter need to understand the concept of the SSW, so that the installation can
take place quickly and smoothly.

1.1

About this guide


This manual gives a general overview of the SSW, contains a
description of the hardware installation, and provides instructions on how to integrate the SSW into network and set it up
in a few simple steps. The signaling configuration is described
in the SSW Signaling manual and call routing is described in
the SSW Routing manual. The integration of other systems,
such as the CDR Mediation system or announcement server,
are described in the corresponding manuals.

1.2

The SSW in the carrier network


The SSW plays a central role in the carrier network. Figure
1.1 shows how your SSW is integrated into the network,
which includes a media gateway (MGW), a signaling gateway
(SGW), a session border controller (SBC not in figure) or net-

M09001260

Page 12

Introduction

work border element (NBE) an announcement server, a CDR


mediation server server and a RADIUS server. You also see
the EMS providing the GUI for the SSW.
PSTN

IP NET

PSTN

NGN Configurator Client,


NGN Monitor

RA
DIU
Serv S
er

N
Ma GN
nag
er
Ann

oun
me cen
Serv t
er

SS7
Signaling
Links

SIGTRAN

SEP

SIGTRAN

SS7
Signaling
Links
SEP

SS

Trunks/
Bearers
TDM

MGCP/Megaco

MGCP/Megaco
RTP

Trunks/
Bearers
TDM
SWITCH

SWITCH

Announcements

Figure 1.1

SSW integration in a network

The SSW uses the SIGTRAN protocol to control the SGW, and
the Megaco/MGCP protocol to control the MGW/SBC/NBE.
The VoIP soft switch (VoIP SSW) or SIP peers exchanges RTP
user data directly with the MGW, other SIP peers, or SBC/NBE,
and signaling (H.323 or SIP) with the SSW.
The following components are optional:

M09001260

CDR Mediation Server.


Class 4 Routing Server.
A third party Media Server.
TELES IP-STP.
LI Server.

Page 13

Introduction

The TDM signaling and user data arrive on the MGW/SGW


from the E1/T1 from a PSTN switch or a PBX switch. The TDM
signaling is converted by the SGW and transferred via SIGTRAN to the SSW. The user data is converted by the MGW and
sent to the SIP user agent and vice versa via RTP. The SSW
uses the MCGP or Megaco protocol to control the MGW . A
Border Gateway or a Network Border Element enables media
anchoring for calls to and from VoIP. The SSW also carries out
call signaling and controls the Border Gateway or Network
Border Element.

1.3

The SSW system architecture


The Softswitch is implemented in 19 inch servers. Each redundant server has a service processor with one Ethernet and
one serial interface and two Ethernet teams in failover
mode. This means the redundant server has four Ethernet interfaces (eth0, eth1, eth2, and eth3), as shown on the left side
of Figure 1.2 next to Ethernet stacks of the Dom0, or VM
Manager, or Hypervisor.
Pairs of Ethernet interfaces are combined into bonds in
failover mode. This means that two physical network connections form a logical network interface (bond). If a physical
network interface fails, the other one takes over the connection in the network.
There are two logical network interfaces on the redundant
server, connected to two networks that are independent of
each other. In each case, the first logical network interface is
connected to the Core/OAM network, and the second to the
Signaling network.

M09001260

Page 14

Introduction

A Dom0 is installed on the redundant servers to host the virtual machines (VM) of the SSW unit and the EMS. Because the
SSW units runs in a virtual machine there, no physical redundancy is necessary.
Ethernet
stacks of the
Dom0

mp1
(bridge)

mp2
(bridge)

bond0
(bond)

bond1
(bond)

eth0
(hw)

Figure 1.2

eth2
(hw)

eth1
(hw)

eth3
(hw)

Ethernet stacks of
SSW
mp1
(trunk)

mp2
(trunk)

xennet0
(paravirt)

xennet1
(paravirt)

Schemes of the Ethernet architecture of the Dom0 and the SSW

On the Dom0 you have the network interfaces mp1 for administration and maintanance, and mp2. In this hierarchical network model the bond is the perent of the eth interfaces and
the eth interfaces are the childs of the bond. On the virtual
machine of the SSW you have mp1 for the OAM and mp2 for
the signaling network. There is no redundance because the
physical interfaces are already redundant.

M09001260

Page 15

Introduction

For higher flexibility you can configure VLANs as shown in Figure 1.3 .
Ethernet
stacks of the
Dom0

mp2
(vlan1)

mp1
(bridge)

(bridge)

bond0
(bond)

bond1
(bond)

eth0
(hw)
Figure 1.3

mp3
(vlan2)

eth2
(hw)

eth1
(hw)

eth3
(hw)

Ethernet stacks of
SSW
mp2
(vlan1)

mp3
(vlan2)

mp1
(trunk)

trunk1
(trunk)

xennet0
(paravirt)

xennet1
(paravirt)

Schemes of Ethernet architecture of the Hypervistor and the SSW using VLANs

In Figure 1.3 on the Dom0 we have two VLAN interfaces.


VLAN mp2 and mp3 instad of former mp2 which used for signaling. On the SSW we have two VLANs mp2 and mp3 as parent for the trunk1 used for signaling.
DOM0 (from here on referred to as VMManager) has a special
function. The operating system LINUX and the Dom0 are installed on the server, forming the basis of the SSW (dom 1).

M09001260

Page 16

Introduction

The EMS is installed on dom 2. Other possible domains are reserved for advanced services. Figure 1.4 shows the Dom0
of the SSW Compact and the installed virtual machines.
Redundant server #1
SSW
EMS
basic (active)
config
VMManager (dom0)

config
option
NBE

NBE

config
option
NBE

NBE

config
option
DS

DS

Redundant server #2
EMS
SSW
basic (passive) (stand by)
config
VMManager (dom0)
Figure 1.4

Schema of the Dom0 with the SSW compact virtual machine

Figure 1.5 shows the VMManager of the SSW Cluster and


the installed virtual machines. On the SSW Cluster are three
redundant server in use.
Redundant server #1
RC
CE 1
basic (active)
config
VMManager (dom0)

CE3

CE5

PE 1

PE 2

(active)

(active)

PE 1

PE 2

(passive)

(passive)

config
IP-STP
option 1
IP-STP

Redundant server #2
RC
CE 2
basic (passive)
config
VMManager (dom0)

CE4

CE6

config
IP-STP
option 1
IP-STP

Redundant server #3
DST
EMS
basic
config
VMManager (dom0)
Figure 1.5

Schema of the Dom0 with the SSW cluster virtual machine

The configuration of the SSW is done via the EMS and the
Command Line Interface (CLI).

M09001260

Page 17

Introduction

The SSW Cluster is a group of machines that work together


closely so you can see it as one SSW. The components are connected to each other though the Core/OAM network. A SSW
Cluster consists of 2+2 Protocol Engines, 2 IP-STPs, 1 Distributor, 1 EMS, 4 Call Engines and 1+1 Redundancy Controllers.
The following interfaces can be used as CLI: a service processor in the redundant server with a serial and an Ethernet interface or SSH for direct administration over the Ethernet. The
operating system used on the SSW is NetBSD. The operating
system used on the EMS and the Dom0 is Linux. All systems
use Bash as command line interface.
A software firewall protects the network interfaces of the individual machines of the SSW and the EMS within their networks. Provide additional protection for access to IP networks
with a third-party firewall.
The IP network is divided into the following parts:

M09001260

The Core/OAM network is used for internal communication of SSW processes and for Operation, Administration
and Maintenance (OAM). This network includes the SSW
with master and slave engines, the EMS, and other servers that work directly with the SSW, such as the CDR Mediation server or a RADIUS server. The applications used
by the administrator to monitor and service the SSW
(such as the EMS client and SSH) must also have access
to the Core/OAM network.
The Signaling network is used for transferring signaling
between the SSW and the signaling gateway, media gateways, session border controler or network border element and the SIP gateways or SIP user agents. It is also
used to transfer signaling with the announcement server.

Page 18

Introduction

The SSW is integrated into the Core/OAM network and the Signaling network during the installation. The EMS is only found
in the Core/OAM network.
SSW
signaling
team

SSW EMS dom0


OAM OAM OAM
OAM team

SSW
signaling
team

SSW EMS dom0


OAM OAM OAM
OAM team

SSW 1

service processor

SSW 2

service processor
Figure 1.6

Ethernet ports on the SSW

As shown in Figure 1.6 there are two Ethernet teams on every redundant server. On every team you have the following
virtual Etherent ports:

M09001260

the service processor IP interface of SSW 1 and 2 in OAM


network,
the IP interface mp1 of VMManager in OAM network of
SSW 1 and 2,
the IP interface mp1 of SSW 1 and 2 in OAM network,
the IP interface mp1 of the EMS (MGR) in OAM network
(on SSW 2 the EMS is not active),
the IP interface mp2 of SSW in signaling network.

Page 19

1.4

Introduction

Factory settings
Table 1.1 list the factory defaults for the SSW.

Table 1.1

Factory settings of the SSW


1

Interface

Used for

Default value

redundant server
service processor

Managing the host PC

10.0.100.1/24 in OAM net

redundant server
service processor

Managing the host PC

10.0.100.2/24 in OAM net

mp1 on VMManager

c4-virt1

10.0.0.10/24 in OAM net

mp1 on VMManager

c4-virt1

10.0.0.11/24 in OAM net

mp1 on SSW

OAM

10.0.0.1/24 in OAM net

mp1 on SSW

OAM

10.0.0.2/24 in OAM net

mp2 on SSW

Signaling

10.0.10.1/24 in Signaling net

mp1 on EMS

OAM, configuration

10.0.0.100/24 in OAM net

mp2 on EMS

free

10.0.30.100/24 in free net

The first column (1) in Table 1.1 indicates the settings for
the first redundant server () and the second column (2)
shows the settings for the second redundant server (). This
means that the service processor of the first redundant server
has the IP 10.0.100.1.
A LINUX system runs as VMManager on the redundant server
to host the virtual machines for the SSW and the EMS. The
SSW is a redundant system, with one machine running as the
active and the other machine the inactive server. Both machines have their own IP address on the mp1 interface and
the same IP address on the mp2 interface used for signaling.
Only one EMS virtual machine is needed but the software is
installed on both VMManager systems. So one of the virtual
machines for the EMS is not started.

M09001260

Page 20

1.5

Introduction

Signaling overview
Figure 1.7 shows the flow of user data between the E1/T1
of the PSTN/PBX switch, the MGW and the SIP user agent. The
Megaco/MGCP signaling is performed between the SSW and
the MGW to control the bearer channels. One Megaco instance is set up on the SSW, and the Megaco trunks are configured.
PSTN/PBX
Swich
Bearer
channels

Bearer
channels

MGW
RTP
UDP

Megaco

SSW
Megaco

SIP peer
RTP

UDP

UDP

UDP

IP

TDM

IP

Figure 1.7

User datatransfer between PSTN/PBX switch, MGW, SSW, and SIP user agent

Figure 1.8 shows the flow of user data between two SIP UAs
with an TELES NBE in the middle. The Megaco signaling is performed between the SSW and the TELES NBE to control the
bearer channels. One Megaco instance is set up on the SSW,
the TELES NBE is configures as border gateway, and Media
Anchoring is required for the SIP link to the SUP UA B.
NBE
RTP
Megaco

SIP peer
RTP

UDP

UDP

UDP

SSW
Megaco

SIP peer
RTP

UDP

UDP

IP
IP

IP
Figure 1.8

M09001260

User data transfer between SIP UAs and TELES NBE or SBC

Page 21

Introduction

Figure 1.9 shows how the SS7 TDM signaling from the PSTN
switch arrives on the SGW. The Sigtran M2UA protocol is used
to transport the SS7 signaling between the SGW and the SSW.
Call routing is carried out by the SSW routing daemon. You
have to make the settings for SS7 and SIGTRAN on the SSW
and the SGW.
PSTN Swich
ISUP
MTP-L3
MTP-L2
MTP-L1

SGW

MTP-L2
MTP-L1

SSW

M2UA
SCTP

SIP

UDP
IP

IP

TDM

Figure 1.9

SIP peer

irouted
ISUP
SIP
MTP-L3
M2UA
UDP
SCTP

Signaling flow between PSTN switch, SGW, SSW, and SIP user agent

Figure 1.10 shows the signaling flow to the PSTN switch for
a PBX switch when the IUA protocol is used to transport the
Q.931 signaling to the SSW.
PBX Swich

SGW

SSW

SIP peer

irouted
Q.931
SIP

SIP

Q.931
Q.921
Q.921

IUA
SCTP
IP

TDM

Figure 1.10

IUA
SCTP

UDP

UDP
IP

Signaling flow between PBX switch, SGW, SSW, and SIP user agent

SIP signaling is performed between the SIP peer and the SSW.
There is one SIP instance and at least one SIP profile on the
SSW. Settings for different SIP peers can be managed with different SIP profiles. At first it is sufficient for you to use the default profile.

M09001260

Page 22

1.6

Introduction

Installation steps
This Installation Manual describes the hardware installation
and cabling. After the systems are mounted and cabled in the
rack, you can start the software configuration, which is divided into the following steps:
1. Prepere a network plan.
2. Install the hardware.
3. Test the network configuration (see Chapter 4 on
page 52 ).
Test the cabling, CLI, the IP settings and the SW firewall.
All other steps are described in the Reference Manual:
4. Familiarize yourself with the basics of the EMS.
Introduction to the EMS user interface, register as user,
add the SSW to the NGN Configurator.
5. Set up the TDM signaling.
Set up SS7 and SIGTRAN.
6. Set up the Media Gateways.
Set up MGCP / Megaco configuration.
7. Set up the VoIP signaling.
Set up SIP and H.323.
8. Make the basic settings for call routing.
Modify the default settings to suit your needs. Call routing for SIP to SIP calls, TDM to SIP and SIP to TDM calls,
and calls from TDM to TDM, load the call routing and
display the loaded call routing.

M09001260

Page 23

2 Hardware installation

Hardware installation

This chapter explains the installation of the redundant


server. This includes the description of the interfaces, the
assembly of the SSW, and the cable interfaces.
The hardware installation must be carried out by qualified
service technicians. After installation you can proceed with
the configuration.

2.1

Safety precautions
Please take the time to read this section to ensure your personal safety and proper operation of your Softswitch. To
avoid personal injury or damage to the system, please follow
all safety instructions before you begin working on your Softswitch. The SSW is CE marked and fulfills the legally specified
safety regulations, including EMC (electromagnetic compatibility) and LVD (low voltage directive) requirements. The SSW
is NEBS/3 certified. Further certification information is available on request.
The manufacturer assumes no liability for consequential
damages or for damages resulting from unauthorized changes.
The following symbols are used to indicate important information and to describe levels of possible danger.

Note
Useful information with no safety implications.
Dangerous voltage
Could cause injury by high voltage and/or damage the system.

M09001260

Page 25

Hardware installation

Before you begin to assemble the Softswitch, please take note


of the following advice.
Danger of electric shock - the power supplies run on 230 V.
Unplug the Softswitch from its power source before working
on the power supply or extension socket.
Bear in mind that telephone and WAN lines are also energized
and can cause electric shocks.
Wire your system using only the cables included in the package contents. Use only proper Ethernet cables.
Do not insert foreign objects into openings in the device. Conductible objects can cause short-circuiting that results in fire,
electric shock, or damage to the device.

Do not open the Softswitch. Changes in the device are not


permitted.
Be sure to respect country-specific regulations, standards
or guidelines for accident prevention.
Tips for EMC Protection: Use shielded cables. Do not remove any housing components. They provide EMC protection.
Transport: Disconnect all cables before moving or lifting the
SSW. Make sure that the SSW is in a secure upright position
during transport.

Lift the SSW slowly, keeping your back straight. Bend your
knees, not your back. A person can lift a maximum of
18 kg.
Before you begin assembling or performing maintenance
work on the SSW, please note the following:

M09001260

Remove jewelry or other items which could act as a current or heat conductor, or could get entangled in the system.

Page 26

Hardware installation

Familiarize yourself with the location and function of the


emergency power switch in the service room.
Never work alone under potentially dangerous conditions.
Never do anything that could cause danger.
Never work on the SSW or connect or disconnect cables
during a thunderstorm.
Never insert objects into the openings in the machine.
Because of dangerous voltage, electrically conductive
objects could lead to short circuits, causing fire, electric
shocks or damage to the machine.

Improperly handled lithium batteries can explode. Only authorized service technicians are allowed to replace them. Only
use the lithium batteries provided by TELES for this component.
The power supply and its safety device must always be accessible. Only use 230 V or 110 V alternating current or 48 V direct current, with a current of no more than 16 A.

2.2

System security
This section describes all points crucial to the Softswitch system security.

M09001260

Page 27

2.2.1

Hardware installation

Operating conditions
The systems location (colocation) must support normal operation of the Softswitch according to EN ETS 300 386. Be sure
to select the location with the following conditions in mind:

Electrical equipment must conform to the regulations.


The protection of higher-level power distribution must
be designed to offer sufficient protection for the SSW
and to meet all specifications.
The site must be protected from unauthorized entry.
Make sure you install the system in a clean, dry, dust-free
location. If possible, the site shall be air-conditioned. The
site must be free of strong electrical or magnetic fields,
which cause disrupted signals and, in extreme cases, system failure.
The site must maintain a temperature between 5 and
45C (41F to 104F). Be sure to guard against tempera-

ture fluctuations. Resulting condensation can result in


short circuit. The humidity level may not exceed 80%.
To avoid overheating the system, make sure the site provides adequate ventilation.
The site must contain a central emergency switch for the
entire power source.
The sites fuses must be calculated to provide adequate
system security. The electrical facilities must comply with
applicable regulations.
The operating voltage and frequency may not exceed or
fall below what is stated on the label.

Please observe the following regulations:

M09001260

Do not put any instruments or components on the floor


or in passageways.
Cables must not cross or obstruct any pathways.
Remove any possible sources of danger (such as wet areas, malfunctioning electrical installations, etc.)

Page 28

Hardware installation

2.2.2

Keep the colocation and the system free of dust and all
foreign materials.
Keep the colocation free of strong electrical or magnetic
fields, which could lead to electromagnetic interference
(EMI). EMI can lead to radio interference and, in extreme
cases, to system errors.

Environmental considerations
Take care to ensure proper disposal of the system when it is
no longer to be used.

2.3

Physical description of the redundant


server Dell R630
This description is for the iPC server Dell R630 and Ubuntu
Linux on the SSW; for other hardware variants, please see
the previous versions of this manual.
Two redundant servers Dell R630 are used for the SSW Compact for the SSW Cluster three or more. The chassis of the redundant server Dell R630 are 19 wide and 1 U high. Each

M09001260

Page 29

Hardware installation

redundant server can be mounted in a cabinet or subrack. Table 2.1 describes the features of a redundant server Dell
R630.
Table 2.1

M09001260

Features of the redundant server Dell R630


Feature

Description

Dimensions and
weight

Height: 42.8 mm (1.685 in.)


Width: 434 mm (17.09 in.) including bezel
Depth: 736 mm (29 in.) max., to power supply handles
Depth: 682.7 mm (26.88 in.) max., to rear I/O
Weight: 19.8Kg (43.56lb)

Redundant Hardware

2 hard disks with RAID1 controller (redundant)


8 fans (redundant)
2 power supplies (redundant).

Interfaces

2 power inlets, 4 Ethernet connectors (1 GB),


Service processor with 1 serial interface and 1 Ethernet connector.

Buttons

Power button to turn the system on and off. The power-on indicator lights when the system power is on.
Locate button to turn the Locate LED on and off.
NMI button used to troubleshoot software and device driver errors.

LEDs

Locate LED the fast blinking white LED is used to identify the
server.
Service action required LED the amber LED indicates that service is required.
Power LED lights when the system power is on.
Diagnostic indicators:
electrical indicator blinks amber if an electrical error appears
trmperature indicator blinks amber if the system a termal error appears.
memory indicator blinks amber is a memory error appears.
Hard-Drive indicator direct on the HD; green shows activity,
green/amber for diagnostics.
NICindicators on the Ethernet interfaces and
Power status indicators on the DC power supplies.

Page 30

Hardware installation

Figure 2.1 shows how an all redundant server Dell R630 appears when viewed from the front.

NMI button

menu buttons

USB connectors
Power-on indicator, power botton
Figure 2.1

redundant server (front view)

Figure 2.2 shows what the redundant server Dell R630


looks like when viewed from the rear.
eth4 eth5
1

eth0 eth1 eth2 eth3

Power supply left Power supply right

1 - Eth Service processor


2 - Serial interface
3 - VGA interface
4 - USB interfaces

Figure 2.2

redundant server (rear view)

The redundant server Dell R630 has the physical IP interfaces


listed in Table 2.2 .
Table 2.2

M09001260

SSW physical IP interfaces


Interface

Description

eth0

Left Ethernet port on the Ethernet controller on the mainboard (red in Figure
2.2 ). Labeled with 1. (mp1)

eth1

Second left Ethernet port on the Ethernet controller on the mainboard (green
in Figure 2.2 ). Labeled with 2. (mp2)

eth2

Third left Etherent port on the Ethernet controller on the mainboard (red in
Figure 2.2 ). Labeled with 3. (mp1)

Page 31

Table 2.2

2.4

Hardware installation

SSW physical IP interfaces (continued)


Interface

Description

eth3

Right Etherent port on the Ethernet controller on the mainboard (green in Figure 2.2 ). Labeled with 4. (mp2)

eth4

Left Ethernet port on the network card (gray in Figure 2.2 ). (mp3)

eth5

Right Ethernet port on the network card (gray in Figure 2.2 ). (mp3)

Unpacking the shipment


Unpack the components and check that the shipment is complete. Check the delivery note to ensure that you have received all of the hard- and software ordered. Check that there
is no equipment damage..

!
2.4.1

Under no circumstances run the system without the operators expressed permission.
Immediately report any visible transport damages to customer service. If damages exist, do not attempt operation
without customer-service approval.

Authorized technicians
Only staff certified by TELES may install, replace, or maintain
the system. To perform these actions, personnel must have
read and understood the safety instructions.

2.4.2

Mounting the redundant server


The redundant server can be installed in a standard 19-inch
rack. As the redundant server is delivered without a cabinet,
follow these recommendations:

M09001260

Page 32

Hardware installation

Ensure unrestricted access to the front and back of the


redundant server.
Provide adequate ventilation with a continual unrestricted air flow.
Do not place any objects within 15 cm of the ventilation
openings.
Do not allow air emitted from other systems to disturb
the air supply.

Place every redundant server into a pre-installed shelf (not


supplied) in the rack.
1. Place every redundant server on the shelf (you will find
more details in the Dell PowerEdge R630 Technical
Guide).
2. Fasten the devices to the frame of the rack while it is
placed on the shelf. This prevents the devices from sliding when inserting cables into connectors on the rear
panel.

M09001260

Page 33

2.5

Hardware installation

Cabling the redundant server


This description is for the iPC server Dell R630 and Ubuntu
Linux on the SSW; for other hardware variants, please see
the previous versions of this manual.
Before you carry out any assembly or servicing tasks, please
note the safety instructions given in Chapter 2.1 on
page 25 .
The power supplies are fed with 230 V or 110 V AC, or 48 V DC.
Unplug the SSW from the mains before working on a power
supply unit or socket strip. Remove both plugs from the affected chassis or turn off both socket strips for the cabinet.
Only use cables of the correct type and power. Make sure that
non-insulated lines are not left uncovered as they could cause
electric shocks or short circuits.

!
2.5.1

Never bundle different types of cable together (such as


power cables and Ethernet cables). Network cables must
always be laid separately.

Ethernet cabling
The SSW must be in at least two IP networks. You need a Core/
OAM and a signaling network. In the pictures in this manual,
cables to the Core/OAM network are red and cables to the signaling network are blue.
Each redundant server has 6 network interfaces (eth0 eth5).
The SSW uses two teams (mp1 and mp2). Each team has two
redundant network interfaces, as shown in Figure 2.3 . This

M09001260

Page 34

Hardware installation

means that it is recommended that the Ethernet connections


have redundant cabling. In Figure 2.3 , the master interface
is colored yellow.

eth4

eth5

master interface

eth0

eth1

eth2

eth3

Ethernet service processor

Figure 2.3

M09001260

mp1

mp2

mp3

CORE/OAM
NETWORK

SIGNALING
NETWORK

other
network

redundant server Ethernet connections

Page 35

Hardware installation

The Ethernet jacks on the network interfaces are assigned as


usual (1 TX+, 2 TX-, 3 RX+, 4 not assigned, 5 not assigned, 6 RX, 7 and 8 not assigned see Figure 2.4 ).
Signal

PIN

Color

TX+

white/orange

TX-

orange

RX+

white/green

blue

white/blue

green

white/brown

brown

RX-

1 2 3 4 5 6 7 8

TXTX+ RX+

Figure 2.4

RX-

Ethernet jacks pin assignment in diagram form

The first logical network interface (mp1) is connected to the


Core/OAM network. The Core/OAM network connects both
redundant servers to each other. On the mp1 interface, the
two redundant servers have different IP addresses.
The second logical network interface (mp2) is connected to
the signaling network. The SSW has an active IP address on
the master system only, but both master and slave system
share the same IP address(es). The mp2 network interface is
not active on the slave system.
The number of Ethernet switches required depends on the
features of the Ethernet switches used. It is recommended
that you use two Ethernet switches for each network. The cabling in the backbone can also be redundant.

M09001260

Page 36

Hardware installation

Example 1 Setting Up an L2 Switched Network


Figure 2.5 shows an example of Softswitch cabling. Four L2
Ethernet switches (gray in the figure) with Spanning Tree support (IEEE Norm 802.1D) connected directly to the two redundant servers. Spanning Tree is a technique used to avoid
loops from broadcast packets on redundant cabling.
The Ethernet switch with the red cables for connections to the
OAM team (Ethernet ports eth0 and eth2) and service processor is the interface to the Core/OAM network. The Ethernet
switch with the gray cables for connections to signaling team
(Ethernet ports eth4 and eth5) is the interface with the Signaling network. The other four L2 Ethernet switches with Spanning Tree support connect to the Uplink and the Core/OAM or
Signaling network.
For this example, which is shown in Figure 2.5 on page 38 ,
you need the equipment listed in Table 2.3 , below. Table
2.4 on page 37 provides an example of the IP addresses to
which you can connect.
Table 2.3

Table 2.4

M09001260

Required equipment an L2 switched network as shown in Figure 2.5


Quantity

Equipment

L2 Ethernet switches with Spanning Tree support (IEEE Norm 802.1D or


802.1w)

18 + 8

Free Ethernet ports on the (four gray) L2 network switches with Spanning
Tree support (IEEE Norm 802.1D or 802.1w).
The Core/OAM network switches have five free ports and the Signaling
network switches have four free ports. Additionally you need 8 free ports
to the backbone.

18 + 4

Ethernet cables 10 to connect to the Core/OAM network, 8 to the Signaling network. And 8 cables to the backbone.

IP Network for an L2 switched network as shown in Figure 2.5


Network

Network IP

Systems

Core/OAM

10.0.0.0/24

SSW1 (10.0.0.1), SSW2 (10.0.0.2), EMS (10.0.0.100) service processor1 (10.0.100.1), service processor2
(10.0.100.2), dom01 (10.0.0.10), dom02 (10.0.0.11)

Signaling

10.0.10.0/24

SSW 10.0.10.1

Page 37

Hardware installation

L2 Switch
CORE/OAM

L2
Switch
CORE/
OAM

L2
Switch
Signaling

L2 Switch
CORE/OAM

SSW1

SSW
signaling
signaling team

SSW EMS dom0


OAM OAM OAM
OAM team

L2
Switch
CORE/
OAM

SSW EMS dom0


OAM OAM OAM
OAM team

L2
Switch
Signaling

service processor

SSW2

SSW
signaling
signaling team

service processor

L2 Switch
Signaling

L2 Switch
Signaling

Blocked by Spanning Tree

Figure 2.5

M09001260

Complete redundancy with eight L2 Ethernet switches and Spanning Tree

Page 38

Hardware installation

Example 2 Setting Up an L3 Switched Network


You can set up an L3 switched network with VRRP, HSRP, or
CARP, as described below. For this example, which is shown in
Figure 2.6 on page 39 , you need the equipment listed in Table 2.5 , below. Table 2.6 on page 39 provides an example of the IP addresses to which you can connect.
Table 2.5

Table 2.6

Required equipment for an L3 switched network as shown in Figure 2.6


Quantity

Equipment

L3 Ethernet switches.

18

Free Ethernet ports on the (two) L3 switches.

18

Ethernet cables 2 to connect to the Core/OAM network, 2 to the Signaling


network.

IP Network for an L3 switched network as shown in Figure 2.6


Network

Network IP

Compact 1

Core/OAM

10.0.0.0/24

SSW1 (10.0.0.1), SSW2 (10.0.0.2), EMS (10.0.0.100) service


processor1 (10.0.100.1), service processor2 (10.0.100.2),
dom01 (10.0.0.10), dom02 (10.0.0.11)

Signaling

10.0.10.0/24

SSW:10.0.10.1

Deacitvated because the


other switch is master

Core/OAM Network
L3
Switch
(Router)

SSW
signaling
signaling team

SSW1

SSW EMS dom0


OAM OAM OAM
OAM team

service processor

SSW
signaling
signaling team

SSW2

SSW EMS dom0


OAM OAM OAM
OAM team

service processor

HSRP Cisco
Signaling Network

Figure 2.6

M09001260

Complete redundancy with two L3 Ethernet switches

Page 39

L3
Switch
(Router)

2.5.2

Hardware installation

Power cabling

Connect the redundant server to two separate power


sources.
Connect at least one Ethernet switch to one of these
power sources, and at least one other Ethernet switch to
the other.

The Appendix A on page 99 gives examples of possible


problems that you can experience with cabling, together with
explanations of how these problems can be solved.

M09001260

Page 40

3 Preparation for
software installation

Preparation for software installation

This chapter describes the working steps needed before the


software installation can be started by the TELES service
team. To do these steps, you must be familiar with computer hardware and basic IP configuration. If all configuration
steps described here are done, the TELES service team
starts the installation using the iDRAG service processor.

3.1

Requirements
Fulfill the following requirements:

Before starting lay ready a VGA monitor, keyboard and


mouse (both with USB connectors).
A fix public IP address for the iDRAC service processor is
needed.
Make sure that the iDRAC service processor is reachable
for the TELES service team.
Adjust the router and firewall settings. The following TCP
ports must be open: 443, 5900, and 5901.

Before starting do the working steps described in the previous chapter:

M09001260

Unpack the server (see Chapter 2.4 on page 32 ).


Mount the server (see Chapter 2.4.2 on page 32 ).
Connect the server to Ethernet (see Chapter 2.5.1 on
page 34 ).
Connect the server to power (see Chapter 2.5.2 on
page 40 ).

Page 42

3.2

Preparation for software installation

Set the IP address to the service processor


1. Connect a VGA monitor, keyboard and mouse to the
server.
2. Start the server.
3. Press F2 to enter the BIOS settings during boot. You
see the System Setup screen.

M09001260

Page 43

Preparation for software installation

4. Open the System BIOS, by pressing Enter.

5. Press Alt + F to restore the Default settings.


Confirm the Warning with Yes. Confirm the next dialog with Yes. You see a Success dialog, confirm with
OK.

M09001260

Page 44

Preparation for software installation

6. Change to the menu entry System Profile Settings,


open the dialog with Enter.

7. Select for System Profile the value Performance, click


Back.
8. Change to the menu entry Miscellaneous Settings,
open the dialog with Enter.

9. Disable F1/F2 Prompt on Error. Click Back.

M09001260

Page 45

Preparation for software installation

10.Activate the serial console access using the iDRAC


interface by selecting the menu entry Serial communication. Set here Serial communication to On with
Console Redirection via COM2. Click Back.

11.Close the BIOS screen with Finish. Confirm the warning with Yes and the next confirmation Dialog with OK.

12.Now the System Setup screen opens.


The next task is the iDRAC setup. iDRAC is the name of the Dell
service processor.

M09001260

Page 46

3.3

Preparation for software installation

IP configuration for the iDRAC


1. Start from the System Setup screen.
2. Select iDRAC Settings, open the next screen with
Enter.

3. Open the Network link. Make sure that the following


settings are active:

M09001260

Enable NIC Enabled.


Auto Negotiation On.
Register DRAC on DNS Disabled.
Auto Config Domain Name Disabled.

Page 47

Preparation for software installation

IP4 SETTINGS Enabled.


Enable DHCP Disabled.
4. Set the IP Address, default Gateway, and Subnet
Mask.

5. Set Enable IPMI over LAN Enabled and set the


Channel Privilege Level Limit to Administrator, dont
change the Encryption Key.
6. Close the Network dialog with Back or ESC.

3.4

Set the iDRAC password


1. Start from the System Setup screen.
2. Select iDRAC Settings, open the next screen with
Enter.

M09001260

Page 48

Preparation for software installation

3. Open the User Configuration link.

4.
5.
6.
7.
8.

Make sure that Enable User is Enabled,


User Name is root,
LAN User Privilege is Administrator and
Serial Port User Privilege is Administrator.
Change Password in the text field to:
beamupbeamup, reenter the password in the next
dialog and confirm with OK.
9. Close the dialog with Back or ESC.
10.Close the iDRACSettings screen with Finish. Confirm
the warning with Yes and the next confirmation Dialog
with OK.

11.The System Setup screen opens.


Now disable the PXE boot protocol of the Ethernet interface.

M09001260

Page 49

3.5

Preparation for software installation

Disable the PXE boot protocol of the


Ethernet interface
The first Dell R630 Ethernet interface has an activated PXE
boot protocol, this is not needed so disable the PXE boot with
the following steps:
1. Select Device Settings from the System Setup menu.

2. Select the Integrated NIC 1 Port 1: Intel(R) Gigabit 4P


and press Enter.
3. Select the menu item NIC Configuration and press
Enter.
4. Select the option None on the Legacy Boot Protocol
menu item.
5. Click Back and Finish, Finish.

M09001260

Page 50

Preparation for software installation

6. Now leave the System Setup menu. You see a conformation dialog as follows, confirm with yes. The system
reboots.

Inform the TELES service technican that the system with IP


xxx.xxx.xxx is running and waiting for the software installation.

M09001260

Page 51

4 Network
Configuration

Network Configuration

This chapter explains how to configure the IP network, describing the parameters and programs used. Before you
start, make you familiar with the operation and service of
the standard programs used, such as SSH, Bash, vi, etc.
After an introductory explanation, this chapter explains
how to open the CLI on the SSW, and how to verify the IP address, host names, gateway, IP routes, password, software
firewall and the programs loaded on system start. After
these steps, the SSW is ready for use, and you can proceed
with the configuration via the EMS user interface.

4.1

Necessary information
Before you begin with the configuration, you need the information listed in Table 4.1 .

Table 4.1

M09001260

Information necessary for the SSW configuration


Information

Meaning

Core/OAM network

The IP addresses for the Core/OAM network of your machines


are pre-configured to the addresses listed in Table 1.1 on
page 20 .
If you use a different Core/OAM network, you must inform
your TELES service technician to make the changes.

Signaling network

The IP address for the Signaling network is pre-configured to


that listed in Table 1.1 on page 20 .

host name and domain

You can choose host names and domains for the machines.

Default gateways

You can enter one default gateway. You can also set up a default gateway for each Ethernet interface in the Core/OAM network and in the Signaling network.

Other necessary IP
routes

You can set up further IP routes to systems which are not accessible over the default gateway.

NTP settings

The NTP settings must be entered to ensure that the correct


time is on the machines.

Password

Set the user password on the machines.

Firewall

Check the function of the software firewall.

Page 53

Network Configuration

The following text summarizes the steps required for network


configuration, which is carried out over the CLI. Check the settings and change them if they do not correspond with your
needs. Begin with the first redundant server and continue
with the second one.
A software firewall is installed on every machine, but it does
not protect the machine from DoS attacks. TELES recommends that the carrier install a specialized 3rd-party hardware firewall to protect against attacks from the Internet.

4.2

Connecting the SSW to the CLI


This description is for the iPC server Dell R630 and Ubuntu
Linux on the SSW; for other hardware variants, please see
the previous versions of this manual.
The most common way to connect to the redundant server is
over the Ethernet. Make an SSH connection to the machine
over the Ethernet, using the command: ssh admin@10.0.0.1,
if the default IP address of the core network is 10.0.0.1. The IP
addresses set on delivery are listed in Table 1.1 on page 20 .
The user name is admin, and the password is beamup.
The NetBSD operating system is used with a Bash on the SSW.
The vi, emacs, and nano editors are installed on the system.
The EMS and Dom0 use the LINUX operating system with a
Bash as user interface. The editors vi and nano are installed
on the system.
The service processor iDRAG also allows a direct connection
to the machine. Open a Web browser, enter the IP of the
iDRAG (see Table 1.1 on page 20 ), and log on as root with
password beamupbeamup. Start the virtual console from
there.

M09001260

Page 54

Network Configuration

Alternatively, you can connect a monitor and a USB keyboard


directly to the redundant server.

!
4.3

Because you are operating two redundant servers a


master and a redundant slave, the network configuration
must be carried out on both systems separately.

IP settings
This chapter explains the IP settings for the SSW IP interfaces.
It is divided into three sections:

the settings for the service processor,


the settings for Dom0 and EMS machines running on
Linux, and
the settings for the SSW machines running on BSD.

Several other settings, for example the firewall, must also be


adjusted if the IP settings are changed.

4.3.1

IP settings for the Dell R630 service processor


Do the following steps to set the IP address for the service
processor:
1. Connect a monitor, a USB keyboard and a mouse to the
machine. Start the machine. Open the BIOS settings by
pressing F2.
2. Select iDRAC setup from the System Setup Main
menu, open the next screen with Enter.
3. Select the Network menu and press Enter.
4. Enter IP address, network mask, and gateway in the
group field IP V4 Settings.
5. Click Back, Finish, Finish and confirm the Exit with yes.
The system reboots.

M09001260

Page 55

4.3.2

Network Configuration

IP settings for Dom0 and EMS


This description is for the iPC server Dell R630 and Ubuntu
Linux on the SSW; for other hardware variants, please see
the previous versions of this manual.
Dom0 and EMS use a LINUX operating system (Debian). Before you start to configure your system to suit your needs, display the current configuration as described in the next
section.

The IP interfaces of Dom0 are set to auto-negotiation.


The remote device, i.e. the Ethernet switch or router, must
also be set to auto (auto-negotiation).
The IP configuration contains the following devices: lo (loop
device), eth0, eth1, eth2, eth3, eth4, and, eth5. The Ethernet
configuration refers to the configuration mp1, mp2, and mp3.
mp1
(bridge)

mp2
(bridge)

mp3
(bridge)

bond0
(bond)

bond1
(bond)

bond2
(bond)

eth0
(hw)
Figure 4.1

eth2
(hw)

eth1
(hw)

eth3
(hw)

eth4
(hw)

eth5
(hw)

Network configuration on the Dom0 machine

As shown in Figure 4.1 , the Dom0 configuration describes


three layers: hardware (hw), bond and bridge. The word at the
top of the diagram is the name of the configuration used for
the layer.

M09001260

Page 56

Network Configuration

The IP configuration contains the following devices: lo (loop


device), eth0, eth1, eth2, eth3, eth4, and eth5. The Ethernet
configuration refers to the configuration mp1, mp2, and mp3.
The configuration files for the IP devices are located in the directory: /etc/network
IP address settings on the Dom0
The file containing the IP address settings is interfaces. Example 4.1 shows the configuration of mp1, mp2 and mp3, the
IP interface of mp1 has the address 10.0.0.10 and the net
mask 255.255.255.0 and the default gateway 10.0.0.1.
Example 4.1

Dom0 config file /etc/network/interfaces


## The loopback network interface
auto lo
iface lo inet loopback
############################################
# BLOCK for mp1
############################################
## Phy IF for bond0 / mp1
auto eth0
iface eth0 inet manual
bond-master bond0
bond-primary eth0 eth2
auto eth2
iface eth2 inet manual
bond-master bond0
bond-primary eth0 eth2
## bond0
auto bond0
iface bond0 inet manual
bond-slaves none
bond-mode 1
bond-miimon 100
## Network bridge for mp1
auto mp1
iface mp1 inet static
address 10.0.0.10
netmask 255.255.255.0
gateway 10.0.0.1
# Initialize the bridge
bridge_ports bond0
bridge_stp off

M09001260

Page 57

Example 4.1

Network Configuration

Dom0 config file /etc/network/interfaces (continued)


############################################
# BLOCK for mp2
############################################
## Phy IF for bond1 / mp2
auto eth1
iface eth1 inet manual
bond-master bond1
bond-primary eth1 eth3
auto eth3
iface eth3 inet manual
bond-master bond1
bond-primary eth1 eth3
## bond1
auto bond1
iface bond1 inet manual
bond-slaves none
bond-mode 1
bond-miimon 100
## Network bridge for mp2
auto mp2
iface mp2 inet static
address 10.0.0.12
netmask 255.255.0.0
gateway 10.0.0.1
# Initialize the bridge
bridge_ports bond1
bridge_stp off
############################################
# BLOCK for mp3
############################################
## Phy IF for bond2 / mp3
auto eth4
iface eth4 inet manual
bond-master bond2
bond-primary eth4 eth5
auto eth5
iface eth5 inet manual
bond-master bond2
bond-primary eth4 eth5
## bond2
auto bond2
iface bond2 inet manual
bond-slaves none
bond-mode 1
bond-miimon 100
## Network bridge for mp3
auto mp3
iface mp3 inet static
address 10.0.0.14
netmask 255.255.255.0
# Initialize the bridge
bridge_ports bond2
bridge_stp off

M09001260

Page 58

Network Configuration

IP address settings on the EMS


The file containing the IP address settings of the EMS is
interfaces. Example 4.2 shows the configuration of mp1
and mp2 the IP interface of mp1 has the address 10.0.0.100
and the net mask 255.255.255.0 and the default gateway
10.0.0.1.
Example 4.2

EMS config file /etc/network/interfaces


## The loopback network interface
auto lo
iface lo inet loopback
############################################
# BLOCK for mp1
############################################
## Phy IF for mp1
auto mp1
iface mp1 inet static
address 10.0.0.100
netmask 255.255.255.0
gateway 10.0.0.1
############################################
# BLOCK for mp2
############################################
## Phy IF for mp2
auto mp2
iface mp2 inet static
address 10.0.30.100
netmask 255.255.255.0
gateway 10.0.30.1

Host name settings for the Dom0


Set the host name in the files /etc/hostname and /etc/hosts.
As shown in Example 4.3 , the host name is set in the file /
etc/hostname to vm_mgr. On the EMS insert the new hostname also in the /etc/hosts file.
Example 4.3

Dom0 hostname settings in /etc/hostname


vm_mgr

M09001260

Page 59

Network Configuration

As shown in Example 4.4 , the host name is set in the file /


etc/hosts to vm_mgr.
Example 4.4

Dom0 hostname settings in /etc/hosts


# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost localhost.localdomain
127.0.0.1 vm_mgr

Host name settings for the EMS


After changing the host name you must also enter hostname
and IP address into the file /etc/hosts as shown in the last line
of Example 4.5 . Enter the IP address first (in this example
10.0.0.100), a space, and then the host name (here the host
name is vm_mgr).
Example 4.5

EMS hostname settings in /etc/hosts


# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost localhost.localdomain
127.0.0.1 vim_mgr
10.0.0.100 vm_mgr

Domain name settings


Set your own domain name to the suffix in the file /etc/hosts
as shown in Example 4.6 .
Example 4.6

/etc/hosts
# For loopbacking.
127.0.0.1

localhost

# Machines on the local network


10.0.0.1
ssw1 ssw1.domain.com
10.0.0.2
ssw2 ssw2.domain.com
10.0.0.10
dom01 dom01.domain.com
10.0.0.11
dom02 dom02.domain.com
10.0.0.100
ems ems.domain.com
# End of hosts.

M09001260

Page 60

Network Configuration

The syntax is <ip-address> <alias> <full-node-name>. In Example 4.6 the names ssw1/2, dom01/2 and ems within the domain domain.com are given as the default addresses.
DNS settings
Set the name server in the file /etc/resolvconf/resolv.conf.d/
base as shown in Example 4.7 .
Example 4.7

/etc/resolvconf/resolv.conf.d/base
nameserver 8.8.8.8
nameserver 8.8.4.4

In Example 4.7 the two name servers are set. Activate the
settings with the command:
resolvconf -u
In addition add the keyword dns to the variables hosts: and
networks: in the file /etc/nsswich.conf as shown in Example
4.8 .
Example 4.8

/etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd:
group:
shadow:

compat
compat
compat

hosts:
files dns
networks:
files dns
protocols: db files
services:
db files
ethers:
db files
rpc:
db files
netgroup:

M09001260

nis

Page 61

4.3.3

Network Configuration

VLAN and multiple gateway settings on Dom0


and EMS
VLANs enables you to use more than three IP interfaces on
the machine. The configured VLANs must be supported by the
connected Ethernet switches.
On a Ubuntu Linux system the VLANs will be added at the top
of the bridge.
VLAN
mp3.14

mp1
(bridge)

mp2
(bridge)

mp3
(bridge)

bond0
(bond)

bond1
(bond)

bond2
(bond)

eth0
(hw)
Figure 4.2

VLAN
mp3.16

eth2
(hw)

eth1
(hw)

eth3
(hw)

eth4
(hw)

eth5
(hw)

Network configuration on the Dom0 machine with VLANs

In Figure 4.2 the VLAN configuration for the VLANs mp3.14


and mp3.16 is added at the top of the mp3 bridge. VLAN
mp3.14 use the bridge mp3 and the VLAN tag 14. VLAN
mp3.16 use the bridge mp3 and the VLAN tag 16. That means
the configuration of mp3 must be changed and the configuration for the VLANs mp3.14 and mp3.16 must be added.
For the VLAN configuration do the following steps:
1. Install the VLAN driver 8021q as described on page
63 .
2. Remove the IP settings from mp3 (or the other bridge
interface the VLANs will be added to) as described on
page 63 .
3. Add the VLANs as described on page 64 .
4. Configure the VLANs as described on page 64 .

M09001260

Page 62

Network Configuration

5. Set the default gateway for the second VLAN with a


post-up script as described on page 65 .
6. Set up the pre-down scripts for every VLAN as
described on page 67 .
7. Adjust the firewall settings as described on page 68 .
8. Add aliases to the VLANs if needed as described on
page 68 .
Install the VLAN driver 8021q
1. Open a CLI on the machine.
2. Run the command: modinfo 8021q
3. Check that 8021q is installed with the command:
lsmod | grep 8021q
The output must have a line that starts with 8021q
4. If the driver is not installed run the following commands:
modprobe -a 8021q
echo 8021q >> /etc/modules
Remove the IP settings from mp3
This description assumes that mp3 is the bridge interface the
VLANs will be installed on. If an other bridge will be used
change mp3 from this description in to the other bridge
name.
1. Open the file /etc/network/interfaces with your favorite text editor.
2. Search for the text auto mp3 at the begin of the line.
3. Change the keyword static to manual in the line starts
with iface.
4. Comment out with a # the following lines starts with
address, netmask, and gateway.

M09001260

Page 63

Network Configuration

5. Save and close the file.


The new settings for mp3 looks linke shown in Example
4.9 .
Example 4.9

Settings in /etc/network/interfaces for mp3.14 and mp3.16


## Network bridge for mp3
auto mp3
# iface mp3 inet static
iface mp3 inet manual
# address 10.14.3.44
# netmask 255.255.0.0
# gateway 10.14.0.1
# Initialize the bridge
bridge_ports bond2
bridge_stp off

Add the VLANs


1. Use the following command:
vconfig add <bridge> <vlan-tag>,
<bridge> is the name of the bridge the VLAN is added
to (here mp1, mp2 or mp3), <vlan-tag> is the integer
number of the VLAN tag.
2. For example the following command add the VLAN with
tag 14 to the bridge mp3:
vconfig add mp3 14
3. Repeat the command for every VLAN to be added.
With the command the following files will be added:
/proc/net/vlan/config,
/proc/net/vlan/<bridge>.<vlan-tag>
Configure the VLANs
1. Open the file /etc/network/interfaces with your favorite text editor.
2. Go to the end of the file and add the content as shown
in Example 4.10 for the VLANs mp3.14 and mp3.16.
<bridge> is here mp3, <vlan-tag> is 14 and 16.
Example 4.10

Settings in /etc/network/interfaces for mp3.14 and mp3.16


#vlan
auto mp3.14
auto mp3.16

M09001260

Page 64

Example 4.10

Network Configuration

Settings in /etc/network/interfaces for mp3.14 and mp3.16 (continued)


#vlan14
iface mp3.14 inet static
address 10.14.3.44
netmask 255.255.0.0
gateway 10.14.0.1
vlan_raw_device mp3
#vlan16
iface mp3.16 inet static
address 10.16.3.48
netmask 255.255.0.0
gateway 10.16.0.1
vlan_raw_device mp3

3. address, netmask, and gateway contains the IP settings


for the VLAN. Now your finished with the VLAN configuration. Adjust the firewall settings as described in
Chapter Adjust the firewall rules on page 68 . If multiple gateways are needed for the VLANs continue with
the next chapter.
Set the multiple default gateways for the VLANs
If you have added two or more VLANs, set the new default
gateway for every VLAN with the post-up script. The scripts
are called from the /etc/network/interfaces file. Example
4.11 shows the additional post-up and pre-down entrys
pointing to the related scripts. Add these lines to the /etc/
network/interfaces file and comment out the gateway settings.
Example 4.11

Settings in /etc/network/interfaces for mp3.14 and mp3.16 with post-up scripts


#vlan
auto mp3.14
auto mp3.16
#vlan14
iface mp3.14 inet static
address 10.14.3.44
netmask 255.255.0.0
#
gateway 10.14.0.1
vlan_raw_device mp3
post-up /etc/network/if-up.d/rule-mp3.14-up.sh
pre-down /etc/network/if-down.d/rule-mp3.14-down.sh

M09001260

Page 65

Example 4.11

Network Configuration

Settings in /etc/network/interfaces for mp3.14 and mp3.16 with post-up scripts


#vlan16
iface mp3.16 inet static
address 10.16.3.48
netmask 255.255.0.0
#
gateway 10.16.0.1
vlan_raw_device mp3
post-up /etc/network/if-up.d/rule-mp3.16-up.sh
pre-down /etc/network/if-down.d/rule-mp3.16-down.sh

Do the following steps for every VLAN added:


1. Create a new routing table with the name neta using the
following command:
echo "1 neta" >> /etc/iproute2/rt_tables
For the second VLAN replace the 1 by a 2 and change
the name of the net as follow:
echo "2 netb" >> /etc/iproute2/rt_tables
2. Create a start script for every VLAN interface. Example
4.12 shows the start script for the VLAN interface
mp3.14 with the path
/etc/network/if-up.d/rule-mp3.14-up.sh.
Example 4.12

Start script for VLAN interface mp3.14 /etc/network/if-up.d/rule-mp3.14-up.sh


#!/bin/sh -e
# netb route/rules vlan14
/sbin/ip route add 10.14.0.0/16 dev mp3.14 src 10.14.3.44 table neta
/sbin/ip route add default via 10.14.0.1 dev mp3.14 table neta
/sbin/ip rule add from 10.14.3.44/32 table neta
/sbin/ip rule add to 10.14.3.44/32 table neta
exit 0

3. The own IP of VLAN mp3.14 is 10.14.3.44, the default


gateway for this net is 10.14.0.1, and neta is used.
4. Set the rights for the script with the following command:
chmod 755 rule-mp3.14-up.sh

M09001260

Page 66

Network Configuration

5. Example 4.13 shows the start script for the VLAN


interface mp3.16 with the path
/etc/network/if-up.d/rule-mp3.16-up.sh.
Example 4.13

Start script for VLAN interface mp3.16 /etc/network/if-up.d/rule-mp3.16-up.sh


#!/bin/sh -e
# netb route/rules vlan16
/sbin/ip route add 10.16.0.0/16 dev mp3.16 src 10.16.3.66 table netb
/sbin/ip route add default via 10.16.0.1 dev mp3.16 table netb
/sbin/ip rule add from 10.16.3.66/32 table netb
/sbin/ip rule add to 10.16.3.66/32 table netb
exit 0

6. The own IP of VLAN mp3.16 is 10.16.3.66, the default


gateway for this net is 10.16.0.1, and netb is used.
7. Set the rights for the script with the following command:
chmod 755 rule-mp3.16-up.sh
Create the pre-down scripts for every VLAN interface
The pre-down scripts are needed for the network restart without a reboot of the system. The scripts are called from the
/etc/network/interfaces file.
Create a stop script for every VLAN interface. Example 4.14
shows the stop script for the VLAN interface mp3.14 with the
path /etc/network/if-down.d/rule-mp3.14-down.sh.
Example 4.14

Stop script for VLAN intf. mp3.14 /etc/network/if-down.d/rule-mp3.14-down.sh


#!/bin/sh -e
# neta route/rules vlan14
/sbin/ip rule del from all to 10.14.3.44/32
/sbin/ip rule del from 10.14.3.44/32
/sbin/ip route del 10.14.0.0/16 table neta
/sbin/ip route del 10.14.0.0/16
/sbin/ip route del default table neta
exit 0

Adjust the settings for own IP address (10.14.3.44), net mask


(/32), default network (10.14.0.0/16), and network name
(neta).

M09001260

Page 67

Network Configuration

Set the rights for the script with the command: chmod 755
rule-mp3.14-down.sh
Adjust the firewall rules
Open the firewall settings with the command iswipf -e and
adjust the settings. The interface names of the VLANs from
Example 4.10 are mp3.14 and mp3.16.
Add alias for the VLAN
1. Open the file /etc/network/interfaces with your favorite text editor.
2. Go to the end of the file and add the content as shown
in Example 4.15 for the VLAN alias mp3.14:1 with the
IP address 10.14.3.45 and the netmask 255.255.0.0.
Please note: Always start with number 1
(mp3.14:<number=1>). If more than one interface is
added, number the interfaces consecutively. The next
interface is mp3.14.2 and so on.
Example 4.15

Settings in /etc/network/interfaces for an alias on mp3.14


#alias 1 for vlan14
up ip addr add 10.14.3.45/16 broadcast 10.14.255.255 dev mp3.14 label mp3.14:1

3. Adapt the if-up and pre-down scripts for the alias by


enhancing the net masks.
Check the network settings
1. List the IP rules with the following command: ip rule
show
Example 4.16

Output of the command ip rule show


0: from all lookup local
32762: from all to 10.16.3.44 lookup netb
32763: from 10.16.3.44 lookup netb
32764: from all to 10.14.3.44 lookup neta
32765: from 10.14.3.44 lookup neta
32766: from all lookup main
32767: from all lookup default

M09001260

Page 68

Network Configuration

2. List the table neta or netb settings with the command:


ip route list table neta
Example 4.17

Output of the command ip route list table neta


> ip route list table neta
default via 10.14.0.1 dev mp3.14
10.14.0.0/16 dev mp3.14 scope link src 10.14.3.44
> ip route list table netb
default via 10.16.0.1 dev mp3.16
10.16.0.0/16 dev mp3.16 scope link src 10.16.3.44

!
4.3.4

Dont forget to adjust the firewall rules after the VLAN configuration is finished (see Adjust the firewall rules on
page 68 ).

IP settings for the SSW machine


The SSW uses the NetBSD operating system.
Before you start to configure your system to suit your needs,
display the current configuration as described in the next section.

Figure 4.3

mp1
(trunk)

mp2
(trunk)

xennet0
(paravirt)

xennet1
(paravirt)

Network configuration on the SSW machines

As shown in Figure 4.3 , the SSW machine configuration describes two layers: para virtual hardware (paravirt), and
trunks. The word at the top of the diagram is the name of the
configuration used for the layer.

M09001260

Page 69

Network Configuration

Display the network configuration


The network interfaces are already pre-configured. Display
the network configuration with the ifconfig commands
shown in Example 4.18 . In Example 4.18 , the configuration of mp1 and mp2 is displayed.
Example 4.18

Displaying the current IP configuration on mp1 and mp2 of the SSW


admin@ssw-compact-S1(1)[~]> ifconfig mp1
mp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
capabilities=2800<TCP4CSUM_Tx,UDP4CSUM_Tx>
enabled=0
trunk: trunkproto failover
trunkport xennet0 master - is currently used
address: 00:16:3e:15:5a:31
media: Ethernet autoselect
status: active
inet 10.0.0.1 netmask 0xffff0000 broadcast 10.0.255.255
admin@ssw-compact-S1(2)[~]> ifconfig mp2
mp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
capabilities=2800<TCP4CSUM_Tx,UDP4CSUM_Tx>
enabled=0
trunk: trunkproto failover
trunkport xennet1 master - is currently used
address: 00:16:3e:63:47:c5
media: Ethernet autoselect
status: active
inet 10.15.0.1 netmask 0xffff0000 broadcast 10.15.255.255

M09001260

It is not possible to change the IP settings for the mp1 interface on the SSW. This has to be done by TELES service.

Page 70

Network Configuration

IP address settings
On the SSW, the configuration for mp1 is stored in the file
/etc/ifconfig.trunk0. The configuration for mp2 is stored in
the file /etc/ifconfig.trunk1. The IP address and network
mask are configured in these files.
Example 4.19

Team configuration for mp1


create
trunkport xennet0
trunkproto failover
10.0.0.1 netmask 255.255.0.0
up
name mp1

Bear in mind that the mp2 interface (on the PEs and redundant IP-STPs on Cluster) is set to the same address on both
machines (master and slave). For this reason, configure the
mp2 interface as "down" (Example 4.20 ).
If an alias address is needed, enter this configuration after the
first IP configuration with the same syntax.
Example 4.20

Team configuration for mp2


create
trunkport xennet0
trunkproto failover
10.0.10.1 netmask 255.255.0.0 down
192.168.1.1 netmask 255.255.0.0 alias down
down
name mp2

Host name settings


Enter all IP changes in the /etc/hosts file of all SSW units and
the EMS.
Display the host name on the SSW with the following command:
hostname

M09001260

Page 71

Network Configuration

On the SSW the host name is entered in the file /etc/


myname.
Example 4.21

Host name settings in /etc/myname


best-of-ssw.teles.de

Default gateway settings


On the SSW, display the default gateway and the configured
IP routes with the following command:
route show
Example 4.22

Displaying the IP routes set up on the SSW


admin@docu-ssw(5)[~]> route show
Routing tables
Internet:
Destination
Gateway
Flags
default
10.0.0.1
UG
10.0.0.0/16
link#5
U
10.0.10.0/16 link#4
U
10.0.0.1
00:30:48:43:e6:57 UH
loopback
127.0.0.1
UGR
localhost
127.0.0.1
UH

On the SSW the IP address for the default gateway is entered


in the file /etc/mygate.
Example 4.23

Enter default gateway /etc/mygate


default -gateway 192.168.0.254

It is not possible to set more than one default gateway. Activate the new default gateway settings with the command:
/etc/rc.d/network restart

M09001260

Page 72

Network Configuration

IP routing settings
The IP routes are entered in the file /etc/route.conf (see Example 4.24 on page 73 ). By default this file does not exist.
If you want add IP routes you have to create it yourself.
Example 4.24

Enter the ip routes in /etc/route.conf


# net <net ip> -netmask <netmask> <if ip>
net 200.200.0.0 -netmask 255.255.0.0 192.0.2.23
net 175.31.168.0 -netmask 255.255.255.0 192.0.2.23

More information is available from the man page:


man route.conf.
DNS settings
By default, DNS is deactivated. Enable DNS in the file
/etc/nsswitch.conf (as shown in Example 4.25 )
Example 4.25

/etc/nsswitch.conf with active DNS


hosts: files dns

Then enter the name server in the file /etc/resolv.conf (as


shown in Example 4.26 )
Example 4.26

/etc/resolv.conf
# Created by dhclient at: Fri Aug 18 15:28:17 GMT 2006
search sub.domain.com domain.com
nameserver 8.8.8.8
nameserver 8.8.4.4

In Example 4.26 the local domain is domain.com and the


name servers are 8.8.8.8 and 8.8.4.4. You can test your settings with the outdated program nslookup. Exit this program
with exit or ^C.

M09001260

Page 73

Network Configuration

Password changing
To change a password on the SSW, run the passwd program.
Enter the new password twice when prompted. The password
is now changed.

4.3.5

Setting Up VLAN on the SSW machine


It is possible to set up VLANs on the SSW machine. This enables you to use more than two IP interfaces on the SSW machines. For example, you can set up VLANs for the different
signaling protocols which are transmitted over the public IP
network, e.g. single VLANs for SIP, MGCP, Megaco, RADIUS,
etc. The VLANs are realized on network layer 2.
If you use VLANs, they must be supported by the Ethernet
switch. You can separate VLANs into different LANs using special Ethernet switches.

mp2
(vlan1)

Figure 4.4

mp3
(vlan2)

mp1
(trunk)

mp2
(trunk)

mp1
(trunk)

trunk1
(trunk)

xennet0
(paravirt)

xennet1
(paravirt)

xennet0
(paravirt)

xennet1
(paravirt)

Network configuration on a SSW machine with and without VLAN

The left side of Figure 4.4 shows the network stacks without
VLAN, the right side the network stacks with VLAN. The configuration of mp2 from the left side is change to the configuration of the VLANs mp2 and mp3.
The VLAN configuration contains the IP address, the network
mask, and the name of the interface in the /etc/
ifconfig.vlan[XX] file. Before you create the new VLAN config-

M09001260

Page 74

Network Configuration

uration, remove the configuration of mp2. Instead, enter the


IP configuration and the interface name in the VLAN configuration.

mp2 has already been allocated as an identifier for


trunk1. Before you set up a VLAN with the identifier mp2,
you must remove the identifier from the /etc/
ifconfig.trunk1 file. Remove the following lines:
10.0.0.1 netmask 255.255.255.0
name mp2
Example 4.27 is the same as the default configuration with
the lines containing the IP address and name removed. In addition set the MTU size to the recommended value 1504.

Example 4.27

VLAN configuration new /etc/ifconfig.trunk1


create
trunkport xennet1
trunkproto failover
mtu 1504
down

After editing /etc/ifconfig/trunk1, you can create a number


of files containing the new definitions of the IP configuration
and interface name:
/etc/ifconfig.vlan5, /etc/ifconfig.vlan6, ... etc .
In Example 4.28 , three such files are created. Create a minimum of two files.
Example 4.28

Entering the IP configuration and interface name in the VLAN configuration


create
vlan 5 vlanif trunk1
10.0.60.10 netmask 255.255.255.0
up
name mp2

M09001260

Page 75

Example 4.28

Network Configuration

Entering the IP configuration and interface name in the VLAN configuration (contincreate
vlan 6 vlanif trunk1
10.0.70.10 netmask 255.255.255.0
up
name mp3

create
vlan 7 vlanif trunk1
10.0.80.10 netmask 255.255.255.0
up
name mp4

Configure the firewall rules for the new network interfaces


mp3 and mp4 from Example 4.28 .

4.4

Firewall settings
Here you find the description of the firewall settings.
Table 4.4 on page 79 shows the firewall rules set for the
EMS, Table 4.3 on page 78 shows the firewall rules set for
the Dom0, and Table 4.6 on page 84 shows the firewall
rules set for the SSW. This information is helpful for the configuration of an external firewall.
The rules for the local interface are not stateful. All other rules
are stateful.

4.4.1

Emergency rules on every machine


On every machine you will find the emergency rules used for
SSH access by the TELES service team. On every interface any
incoming traffic for the TCP protocol is allowed for the IPs
from the IP network 195.4.13.0/24 and the IP address
213.143.108.92 to the destination port 22 (SSH).
Use the command iswipf -e -E to edit the current rule set of
emergency rules and load them.

M09001260

Page 76

4.4.2

Network Configuration

Firewall settings for the service processor


Table 4.2 list the ports needed for remote access to the service processor. Open these ports on all firewalls in front of the
network interface of the service processor to allow full access
to the service processor.

Table 4.2

4.4.3

Ports needed for communication with the service processor


Service Processor

Open port on the firewall

IDRAG (Dell)

443, 445, 636, 2049, 3269 , 5900

ILOM (Oracle/SUN)

443, 5120, 5121, 5123, 5556, 7578, 7579

Firewall settings on the Dom0 and EMS machine


The Dom0 and EMS machines use the firewall iptables with
the syntax of iptables. The firewall starts automatically when
the system starts as set in /etc/sysconfig/teles file.
Edit the firewall FILTER table with the command: iswipf -e
After editing, the rules will be checked and activated. The SSH
connection will not be disconnected while the new rule set is
being activated.
The file you edit is located in /teles/sys/firewall/etc/ipf.rules
To edit the NAT table use the command iswipf -e -N
To edit the MANGLE table use the command iswipf -e -M
Before you edit the MANGLE table copy the table template
with the following command :

cp /teles/sys/firewall/etc/others/ipfmangle.rules /teles/sys/firewall/etc/ipfmangle.rules

Show the currently loaded firewall rules with the command:


iptables -L

!
M09001260

On all Linux systems the script iswipf does not support redundant systems. Change the firewall with the iswipf -e
command on both systems master and slave.

Page 77

Network Configuration

The firewall configuration of iptables for the Dom0 is listed in


Table 4.4 .
Rules of the ipfstat configuration on the Dom0 machine

Rule

Table 4.3

Interface

Dir

Prot

sourc
e

dest

Description

port - source

lo

in/out

all

any

any

all local traffic

eth0

in

icmp

any

any

icmp ping

eth0

in

tcp

any

ssh - any

SSH secure shell (on port


22)

Example 4.29 shows the default configuration for iptables


of the VMManager.
Example 4.29

/teles/sys/firewall/etc/ipf.rules
-A INPUT -d 127.0.0.1 -j ACCEPT #
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT #
-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
-A INPUT -p tcp -i mp1 --dport ssh -j ACCEPT #
-A INPUT -p tcp -i mp2 --dport ssh -j ACCEPT
# allow access to emulated VNC port of a Windows HVM
#-A INPUT -p tcp -i mp1 --dport 5919 -j ACCEPT #

Here is a short description of Example 4.29 :


1. All local IP traffic is allowed.
2. Incoming and outgoing PING requests and replies are
allowed on all IP interfaces.
3. SSH is allowed on mp1 and mp2 for every IP address.
Outgoing traffic is allowed with a rule, not shown in this
Example 4.29 .
4. The rule that is commented out allows incoming VNC
connections to mp1 on tcp port 5919.

M09001260

Page 78

Network Configuration

The firewall configuration of iptables for the EMS is listed in


Table 4.4 .
Rules of the ipfstat configuration on the EMS machine
Interface

Dir

lo

in/out

all

any

any

all local traffic

eth0

out

any

any

any

all output allowed

eth0

in

icmp

any

any

icmp ping

eth0

in

tcp

any

4443 - any

EMS alarm messages

eth0

in

udp

any

4443 -any

EMS alarm messages

eth0

in

tcp

any

4444 - any

EMS client

eth0

in

tcp

any

http - any

Web traffic (on port 80)

eth0

in

tcp

any

ssh - any

SSH secure shell (on port


22)

eth0

in

tcp/
udp

any

snmp - any

SNMP agent

10

eth0

in

udp

any

snmptrap - any

SNMP trap messages

11

eth1

in/out

icmp

any

any

icmp ping

12

eth1

in

tcp

any

ssh - any

SSH secure shell (port 22)

Rule

Table 4.4

Prot

source

dest

Description

port - source

Example 4.30 shows the default configuration for iptables


of the EMS.
Example 4.30

/teles/sys/firewall/etc/ipf.rules
-A INPUT -d 127.0.0.1 -j ACCEPT #
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT #
-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
-A INPUT -p tcp -i mp1 --dport 4443 -j ACCEPT #
-A INPUT -p udp -i mp1 --dport 4443 -j ACCEPT
-A INPUT -p tcp -i mp1 --dport 4444 -j ACCEPT #
-A INPUT -p tcp -i mp1 --dport http -j ACCEPT #
-A INPUT -p tcp -i mp1 --dport ssh -j ACCEPT #
-A INPUT -p tcp -i mp1 --dport snmp -j ACCEPT #
-A INPUT -p udp -i mp1 --dport snmp -j ACCEPT
-A INPUT -p udp -i mp1 --dport snmptrap -j ACCEPT
-A INPUT -p tcp -i mp2 --dport ssh -j ACCEPT #

M09001260

Page 79

Network Configuration

Here is a short description of Example 4.30 :


1. All local IP traffic is allowed.
2. Incoming and outgoing PING requests and replies are
allowed on all IP interfaces.
3. Incoming EMS alarm messages using TCP or UDP are
allowed on mp1 for every IP address.
4. Incoming EMS client traffic using TCP is allowed on mp1
for every IP address.
5. Incoming Web traffic on TCP port 80 is allowed on mp1
for every IP address.
6. SSH is allowed on mp1 for every IP address.
7. SNMP and SNMP traps using TCP and UDP is allowed on
mp1 for every IP address.
8. SSH is allowed on mp2 for every IP address.
To check the active firewall rules type:
iptables -L
Reload the firewall with the following command:
service ipfilter restart

4.4.4

Firewall settings on the SSW machine


The SSW machines use the firewall ipfilter. On delivery, the
firewall blocks all traffic except that covered by the default
configuration.
The rules for the firewall are stored in the file ipf.rules in the
folder /teles/sys/firewall/etc/. You are not allowed to edit or
load the rules manually. Use the iswipf script instead.
Edit the firewall configuration on the SSW master with the following command: iswipf -e
The script iswipf checks the syntax. If the syntax is OK, the
rules already loaded are deleted and the new rules are activated. The rules are then synchronized with the slave SSW. If
the check shows up errors, you can start the script again to
modify the rules you had just edited.

M09001260

Page 80

Network Configuration

To display the active rules for incoming and outgoing traffic,


type ipfstat -i -o or
ipfstat -io.
To view a list of active firewall states, type ipfstat -sl
The list will only display the rules that contain the keep state
keyword.
The command netstat an displays port numbers and the
names of protocols defined in the services file.
By default, the data (logs) is written into the file
/var/log/ipf.log.
There is a manual containing information about ipfstat commands on your system. It can be accessed by running
man ipfstat.
More detailed information about the rules can be found in
/teles/sys/firewall/howto/ipf-howto.txt.
Firewall rules of ipfstat
A group of rules is called a rule set. Sample rule sets and the
basic settings for the firewall are stored in the folder /teles/
sys/firewall/etc/others. Since no other files can be opened
with iswipf, all required examples will contained in the file:
/teles/isdn/firewall/etc/ipf.rules.
Example 4.31 shows the format of a typical firewall rule.
MAND indicates a mandatory entry, OPT an optional one.
Example 4.31

Firewall rules

format

[action] [dir][log][quick][if][proto][from][to][state]
MAND MAND OPT OPT OPT MAND MAND MAND OPT

M09001260

Page 81

Network Configuration

Example 4.32 shows an example of a typical firewall rule.


The first row contains the label of the column in square brackets. The next row contains the actual rule.
Example 4.32

Sample firewall rule


[action] [dir]
pass
out

[log]
quick

[quick] [if]
on
mp2

[proto] [from] [to]


[state]
proto tcpfrom anyto any flags S keep state

Table 4.5 explains the elements in the firewall rules.


Table 4.5

M09001260

Firewall rules

elements

Section

Keyword

Parameter

action
(mandatory)

block
pass

Denies the defined traffic.


Allows the defined traffic.

dir
(mandatory)

in
out

Applies the rule to incoming traffic.


Applies the rule to outgoing traffic.

log
(optional)

log

Creates a log for each matched packet.

quick
(recommended)

quick

The rule containing this keyword is carried out


immediately. No further rules are checked for
this packet.

interface
(optional)

on

<if>

Rule match to the named interface. Possible


values
mp1
Mainboard port 1
mp2
Mainboard port 2

proto
(mandatory)

proto

<PR>

Match to packets to/from the named protocol.


Possible values in the range 0255 or
Name
Name taken from the file
/etc/protocols (tcp, udp, etc.)

Page 82

Description

Table 4.5

M09001260

Network Configuration

Firewall rules

elements (continued)

Section

Keyword

Parameter

Description

from
(mandatory)

from

<ip>

Traffic source
Any
Traffic from any source
Host
E.g. 10.0.0.2 or a name taken
from the /etc/hosts folder
Network
E.g. 10.0.0.0/24
The system supports DNS but it is not recommended.

port

<P>

Useful only for proto=udp or tcp.


Possible values for port are
Number
Number in the range 065535
Name
Name from the
/etc/services file (e.g. telnet,
ftp, http,...)

flag

<F>

Useful only for proto=tcp.


Rule only matches packets containing ALL given flags. Possible values for flags are: S = SYN,
A = ACK, F = FIN, R= RST, U= URG

icmp-type

<T>

Works with proto=icmp only. (icmp-type = <T>)


Possible values e.g. echo, timest, etc.

to
(mandatory)

to
port
flag
icmp-type

<ip>
<P>
<F>
<T>

Please refer to the explanation for from.

state
(optional)

keep
state

Works with pass keyword only.


Packets matching this rule create a state within
the firewall, i.e. the firewall remembers the IP
connection (IP address and ports). All further
packets corresponding to this connection information (same IP address and ports) will be
identified more quickly and let pass. Packets in
the opposite direction (opposite IP addresses
and ports) will be assigned the same state and
let pass.
A state is cleared automatically shortly after a
TCP connection is torn down.
In the case of UDP and ICMP, it is cleared after
a defined timeout.

Page 83

Network Configuration

A rule is only carried out if it is a perfect match for the traffic.


The order of the rules in the ipf.rules files is crucial because it determines how the firewall works. The last
matched rule is the one carried out, unless a previous
matched rule contains the keyword quick.
Settings for ipfstat
The default configuration of the individual machines is found
in the directory /teles/sys/firewall/etc. The firewall configuration for the SSW machines is listed in Table 4.6 .
Rules of the ipfstat configuration on the SSW machines
Interface

Dir

lo

in/out

all

any

any

all local traffic, without stateful


packet inspection

mp1

in/out

icmp

any

any

icmp ping

mp1

out

tcp

any

any

all tcp output allowed

mp1

out

udp

any

any

all udp output allowed

mp1

in

tcp

any

4445 - any

EMS

mp1

in

tcp

any

ssh - any

Secure shell (port 22)

mp1

in

tcp/
udp

any

snmp - any SNMP agent (port 161)

mp1

in

udp

any

ntp - any

NTP (port 123)

mp1

in

tcp

any

13310 any

TELES iconnect

10

mp2

in/out

icmp

any

any

icmp ping

11

mp2

out

tcp

any

any

all tcp output allowed

12

mp2

out

udp

any

any

all udp output allowed

13

mp2

out

sctp

any

any

all sctp output allowed

14

mp2

in

udp

any

1718 - any

H.323 gatekeeper discovery

15

mp2

in

udp

any

1719 - any

H.323 gatekeeper RAS

16

mp2

in

tcp

any

1720 - any

H.323 tcp transport

Rule

Table 4.6

M09001260

Prot

source

dest

Description

port - source

Page 84

Rules of the ipfstat configuration on the SSW machines (continued)


Interface

Dir

17

mp2

in

udp

any

mgcp - any MGCP communication to the MGW


(port 2727)

18

mp2

in

udp

any

megaco any

Megaco comm. to the MGW (port


2944)

19

mp2

in

sctp

any

any

SCTP (SIGTRAN, SIP)

20

mp2

in

udp

any

sip - any

SIP udp transport (port 5060)

21

mp2

in

tcp

any

sip - any

SIP tcp transport (port 5060)

Rule

Table 4.6

Network Configuration

4.5

Prot

source

dest

Description

port - source

NTP configuration
The motherboard used in the redundant server systems contains clock components that can be used to determine time
and duration for processes.
The accuracy provided by these components is not always
sufficient to ensure uninterrupted service on the SSW for
years on end. Therefore, the SSW must be aligned to standard
time on a regular basis.
Programs are installed on the machines for the network time
protocol (NTP). You can use them to synchronize the system
time automatically over the network.
The NTP service runs on every machine. It synchronizes the
local clock from an NTP server with the aid of the network
time protocol. The NTP does more than just precisely align local time with the external signal at the cyclical synchronization
times. It also adjusts the frequency of the local clock source

M09001260

Page 85

Network Configuration

using a software PLL (phase-locked loop). Incorrect and abnormal CDRs are thus avoided, because the speed of the clock
has been adjusted with NTP.

NTP ensures that all of the machines are using the same
time. It does not guarantee that this is official time.
NTP uses a hierarchical system made up of different time
servers. The servers are divided into strata, in which stratum
3 systems receive their reference time from one or more stratum 2 systems, and so on. A stratum 1 time server is directly
connected to a stratum 0 device, a stratum 2 server is connected to the stratum 1 server over a network path. Thus, a
stratum 2 server gets its time via NTP packet requests from a
stratum 1 server. A stratum 3 server gets its time via NTP
packet requests from a stratum 2 server, and so on.
During the NTP setup enter the IP or host name of the NTP
server. You can enter multiple servers one after the other.
ntpd uses the best server; if it is not available, it uses the next
best, and so on. The ntpd uses a special algorithm to automatically determine the best server. If time is to be synchronized over the Internet. It is recommended to enter three NTP
servers to ensure a connection.

4.5.1

NTP settings on TELES architecture


Normally the TELES systems are redundant, so that two or
more industry PCs are used as domain controllers (VM manager or Dom0). This Dom0 will be a clock-source system for
NTP requests on the installed VMs too. Set the NTP server
confirming the following rules:

M09001260

Page 86

Network Configuration

Normally the customer has two Dom0 machines. Configure at least three external NTP servers for each Dom0.
Add the other Dom0 as NTP server too.
Each VM must synchronize NTP to three NTP servers in
the Internet and to each Dom0. Activate the local clock
(127.127.1.0) on all VMs.
If no connection to the Internet is available use a local
time server.
Synchronize both Dom0 machines to the local time
server and to each other.
Synchronize all VMs to the local time server, to both
Dom0 machines and to the local clock.
If two local time servers are available, use both on all
machines.
If more than two Dom0 machines are available configure these machines like VMs without local clock
settings.
For local servers use the following settings:
server 127.127.1.0 # local clock (LC)
fudge 127.127.1.0 stratum 10 # not disciplinied

Table 4.7 shows the example schema for NTP settings on


an SSW using external NTP sources. The names of the local
systems are added to the host file.
Table 4.7

M09001260

Settings for a softswitch using external NTP sources


EMS:
80.153.14.198
131.234.137.23
78.46.197.35
Dom0 #1
Dom0 #2
local time: 127.127.1.0

Data Server:
80.153.14.198
131.234.137.23
78.46.197.35
Dom0 #1
Dom0 #2
local time: 127.127.1.0

SSW #1:
80.153.14.198
131.234.137.23
78.46.197.35
Dom0 #1
Dom0 #2
local time: 127.127.1.0

SSW #1:
80.153.14.198
131.234.137.23
78.46.197.35
Dom0 #1
Dom0 #2
local time: 127.127.1.0

Page 87

Table 4.7

Network Configuration

Settings for a softswitch using external NTP sources (continued)


Dom0 #1:
80.153.14.198
131.234.137.23
78.46.197.35
Dom0 #2

4.5.2

Dom0 #2:
80.153.14.198
131.234.137.23
78.46.197.35
Dom0 #1

Daylight Savings Time (DST) activation check


Use the command zdump -v /etc/localtime to show the daylight savings time (DST) activation on the machine. As shown
in Example 4.33 , the output contains isdst=1 if the automatic switch between normal and DST is active. In case of active
DST, the row with isdst=1 shows the date and time of DST activation, and the row with isdst=0 shows the date and time of
normal time activation.

Example 4.33

Output of zdump -v /etc/localtime for the automatic DST activation check

# this is output if DST switch is not active


zdump -v /etc/localtime
/etc/localtime Fri Dec 13 20:45:52 1901 UTC = Fri Dec 13 19:45:52 1901 GMT+1 isdst=0
/etc/localtime Sat Dec 14 20:45:52 1901 UTC = Sat Dec 14 19:45:52 1901 GMT+1 isdst=0
/etc/localtime Mon Jan 18 03:14:07 2038 UTC = Mon Jan 18 02:14:07 2038 GMT+1 isdst=0
/etc/localtime Tue Jan 19 03:14:07 2038 UTC = Tue Jan 19 02:14:07 2038 GMT+1 isdst=0
# this is output if DST switch is active
zdump -v /etc/localtime
/etc/localtime Sun Mar 25 00:59:59 2012 UTC = Sun Mar 25 01:59:59 2012 CET isdst=0
/etc/localtime Sun Mar 25 01:00:00 2012 UTC = Sun Mar 25 03:00:00 2012 CEST isdst=1
/etc/localtime Sun Oct 28 00:59:59 2012 UTC = Sun Oct 28 02:59:59 2012 CEST isdst=1
/etc/localtime Sun Oct 28 01:00:00 2012 UTC = Sun Oct 28 02:00:00 2012 CET isdst=0

4.5.3

Time zone settings


The time zone is used to show the local time on the machine.

M09001260

Page 88

4.5.3.1

Network Configuration

Time zone settings on Dom0, EMS or SSW


Logged in as root, check which time zone your machine is currently using by executing date.

Example 4.34

The output of the date command with the time zone CEST
[root@dom0:~] date +%Z
CEST

On NetBSD (SSW) change the time zone with the link /etc/
localtime, which points to the time zone file located in the /
usr/share/zoneinfo folder. Example 4.35 shows the link to
the time zone used in Berlin. First you delete the link /etc/
localtime. Than you create a new link to your time zone. Example 4.35 shows how to set the time zone to GMT+1.
Example 4.35

Time zone setup on NetBSD based SSW


/etc/localtime -> /usr/share/zoneinfo/Europe/Berlin
rm -fv /etc/localtime
ln -sf /usr/share/zoneinfo/Etc/GMT+1 /etc/localtime

You must reboot the machine every time you change the /etc/
localtime settings.
On Ubuntu (Dom0, EMS) change the time zone with the command:
Example 4.36

Time zone setup on Ubuntu based Dom0 or EMS


dpkg-reconfigure tzdata

M09001260

Page 89

4.5.3.2

Network Configuration

Additional time zone adjunstmens on the EMS


The time zone must also be set for the Perfmon, which uses
the time for its graphics. If the time zone is not set, the time in
the Perfmon graphics will not be accurate.
Set the time zone in the config file /etc/php5/cli/php.ini. Find
the [Date] section and assign the variable date.timezone a
keyword to define the time zone. The defined keywords are
described here: http://php.net/date.timezone. Example
4.37 shows a detail from the
/etc/php5/cli/php.ini with the date.timezone settings.

Example 4.37

Detail of the [Date] section of a php.ini with time zone settings


[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
; date.timezone = "Europe/Berlin"
date.timezone = "GMT"

Restart the Web server every time you change the /etc/php5/
cli/php.ini using the following command: /etc/init.d/
apache2 restart-graceful

4.5.4

NTP configuration on the Dom0 and on the EMS


For these machines, the NTP configuration must occur without a separate commands on the CLI and editing the config
file. Follow these steps:
1. Check that the local NTP server is running with the command:
/etc/init.d/ntp status

M09001260

Page 90

Network Configuration

2. Check the NTP status with the command:


ntpdc -n -c peers
Example 4.38

Output of the ntpdc -n -c peers command


remote
local st poll reach delay offset disp
=======================================================================
=127.127.1.0 127.0.0.1
5 64 0 0.00000 0.000000 3.99217
=178.63.14.131 172.20.51.230 3 1024 377 0.02214 0.001007 0.14011
=172.20.13.94 172.20.51.230 3 1024 377 0.00139 0.000630 0.12303
*5.9.110.236 172.20.51.230 2 1024 377 0.02196 -0.000097 0.13823

The line in the table starts with a * shows the IP of the


time server used as time source. The Column st shows
the stratum of the server.
3. Use the following script to show stratum of the local
machine: ntptrace
Example 4.39

Output of the script ntptrace


localhost: stratum 3, offset 0.000205, synch distance 0.014775
5.9.110.236: timed out, nothing received
***Request timed out

As shown in example below the local stratum of this system is 3. This is very good. It is not a problem that the
ntptrace times out.
4. Open the configuration file with an editor:
vi /etc/ntp.conf
5. Find the line that starts with server and enter a new line
with the keyword server, a space, and the IP address of
the new NTP server.
6. Make sure that the server is reachable. If no connection
to the internet is available use one or more local NTP
server.
7. Set on all VMs use the local clock server 127.127.1.0.
8. Save the file.
9. Stop the NTP server with the following command:
/etc/init.d/ntp stop
10.Set the time on the system with one NTP server using
the following command:
ntpdate -b <NTP-server-IP>

M09001260

Page 91

Network Configuration

11.Start the NTP server with the following command:


/etc/init.d/ntp start
12.Check the NTP server's status with the following command:
/etc/init.d/ntp status
The following message indicates that everything is OK:
* NTP server is running
13.Wait 10 minutes or more. Check the NTP settings with
the following command:
ntpdc -n -c peers

!
4.5.5

Use only the IPs of trusted NTP server.

NTP configuration on the SSW machines


To synchronize the time over the Internet, proceed as follows
the SSW master:
1. Check the NTP configuration with the command:
ntp.configure -do -status
2. Run the following command to set the local time on the
machines where <IP> is the IP address of the NTP
server:
ntp.configure -do -set_date <IP>
This step is required, because the machine needs the
right time before any chances of the NTP configuration
works.
3. Change the NTP configuration using the following command:
ntp.configure -do -server <IP>
<IP> is the IP address of the NTP server. Repeat this step
for every server you want add.
4. Wait 10 minutes and check the NTP status with:
ntp.configure -do -status

M09001260

Page 92

4.6

Network Configuration

Checking the services in the configuration file


The services that start automatically with the SSW are entered
in the configuration file /etc/rc.conf. Compare your configuration with Example 4.40 .

Example 4.40

/etc/rc.conf file
teles=YES
openvpn=NO
ipfilter=YES
ipmon=YES
ipmon_flags="-Ds"
ntpd=YES
ntpdate=YES
ntpdate_flags="-s -b"
sshd=YES
wscons=YES
sendmail=NO
postfix=NO
critical_filesystems_local="/var /usr /teles"
fsck_flags="-y -f"
syslogd_flags=""
savecore=YES
savecore_flags="-z -N /netbsd"
savecore_dir="/var/crash"
powerd=YES

The keywords used in the /etc/rc.conf file are listed in Table


4.8 .
Table 4.8

M09001260

Keywords used in the /etc/rc.conf file


Keyword

Meaning

teles

Starts the SSW software.

openvpn

Starts the open source VPN daemon.

ipfilter

Starts the firewall.

ipmon

Starts the log service for the firewall.

ipmon_flags

Settings or parameter which are send to ipmon when ipmon


starts.

ntpd

Starts the NTP (Network time protocol) service.

Page 93

Table 4.8

4.7

Network Configuration

Keywords used in the /etc/rc.conf file (continued)


Keyword

Meaning

ntpdate

Starts the service program that sets the date and time by NTP.

ntpdate_flags

Settings or parameters which are sent to ntpdate when ntpdate starts.

sshd

Starts the SSH, the service for access for administration purposes.

wscons

Starts the workstation console access service. The wscons


driver provides support for machine independent access to
the console. Do not change these settings.

sendmail

Local mail service is not started and not configured. Do not


change these settings.

critical_filesystems_local

File systems mounted very early in the system on boot before


networking services are available. Do not change these settings.

fsck_flags

A file system is checked with fsck during boot before mounting it. Do not change these settings.

syslogd_flags

The syslogd daemon is started with the flags listed. By default


this keyword is empty. Do not change these settings.

savecore

Used to save a core dump from the swap partition into the given directory.

powerd

Enables a powerdown initiated by VMManager.

Redundant configuration on the SSW


machines
Although most of the configuration is done on the EMS client,
the SSW also uses text-based configuration files.

M09001260

Page 94

Network Configuration

Edit the following settings via CLI: firewall, SNMP, NTP, call
routing, and RADIUS. The software automatically synchronizes the settings in Table 4.9 .
Table 4.9

Settings automatically transferred form the master to the slave


Configuration

Description

Call routing

Configuration of the call routing (iswroute).

Time synchronization

Configuration of the service for time synchronization (NTP


network time protocol daemon).

Network Management
Protocol

Settings for the Network Management Protocol (SNMP).

Database interface

Configuration of the database interface (idabad).

ilogd

Logging of the TELES services.

Firewall rules

Settings to protect the IP interface (iswipf). Only on BSD machines like SSW not on Linux based EMS.

CRONtabs

Time-dependent scripts (iswcron).

The services idabad, ilogd, and iredd are part of the TELES
configuration.
Find out the master
The SSW machines run as master/slave. On the EMS client,
you can recognize the master in the cascaded menu, as the
symbol is green and the name is followed by a star. The symbol for the slave is gray.

M09001260

Page 95

Network Configuration

On the CLI you recognize the master and slave from the output after login, as shown in Example 4.41 . The line This
system is the: indicates whether the system is a master or
slave. The associated system is indicated in the next line.
Example 4.41

Output after login


Last login: Tue Apr 12 08:12:30 2011 from 172.20.50.125
NetBSD 3.0 (TELES-SUN-5.PROF) #0: Mon Sep 7 15:38:26 2009
Welcome to TELES !
Terminal type is pcansi.
TELES Software version: mgc-300a-mod00-build032
TELES architecture: compact
TELES Software is: running
This system is the: MASTER unit
The other unit is: 10.18.8.126

You can query the status of the system with the command:
ired - iv
In
the
output,
you
MS_MODE=MASTER.

4.8

see

MS_MODE=SLAVE

or

Configure syslog-ng for logging


On the EMS and on other Ubuntu machines the syslog-ng is
installed. You can configure this service to receive loggings
from iMGW. Do the following steps:
1. Open a CLI on the EMS.
2. Open the config file with you faforit text editor:
vi /etc/syslog-ng/syslog-ng.conf

M09001260

Page 96

Network Configuration

3. Add the option create_dirs(yes); in a new line to the


options section. The compleate section looks as follow:
options { chain_hostnames(off); flush_lines(0); use_dns(no);
use_fqdn(no);
owner("root"); group("adm"); perm(0640); stats_freq(0);
bad_hostname("^gconfd$");
create_dirs(yes);
};

4. Add a line as follows with the IP address of the EMS and


the UDP port to receive the log files.
In the following example the EMS IP address is
172.20.13.97 and the UDP port is 514.
source s_net { udp(ip(172.20.13.97) port(514) so_rcvbuf(65539)); };

5. Create a new destination section d_hosts_TELES as follows:


destination d_hosts_TELES {
file("/var/log/hosts/$SOURCEIP/$PROGRAM.log"
dir_perm(0777)
perm(0777)
template("$MSGONLY\n")
template_escape(no)
);
};

6. Define a filter for all allowed remote hosts:


filter f_hosts_teles { host(172.20.13.*) ; };

7. Set the log path for the remote logging form TELES
devices. The log definition use the references to the
former defined items:
log { source(s_net); filter(f_hosts_teles); destination(d_hosts_TELES);
flags(final); };

8. Check that the folder /var/log/hosts exist, if not create


the folder with the command:
mkdir /var/log/hosts

M09001260

Page 97

Network Configuration

9. Create the following file teles in the folder /etc/


logrotate.d:
/var/log/hosts/*/*.log {
daily
missingok
rotate 10
size 10M
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
}

10.Add the following firewall rule for incoming syslog traffic:


-A INPUT -p udp -m udp --dport 514 -j ACCEPT

11.Add all machines from wich log traffic is expected to the


/etc/hosts file.
172.20.13.95 iMGW_95

12.Reload the syslog-ng service:


service syslog-ng reload

M09001260

Page 98

Appendix A Possible Problems


with the Cabling

Possible Problems with the Cabling

This appendix gives some examples of possible problems


with the cabling that you may encounter and gives a number of ways in which these problems can be solved.

A.1

Problem 1 Redundant Cabling


As the SSW is redundant, redundant cabling is recommended.
Make sure that both Ethernet switches of the network to
which the SSW is connected are available externally (Uplink)
and that they can contact each other.
In Figure A.1 , the right L2 switch Core/OAM is not directly
connected to the Master L3 switch. If connection or fails,
there is no longer a connection to the Uplink, nor is there a
connection to the SSW 2 port marked in Figure A.1 .

HSRP Cisco

L3 Switch
(Active)

L2
Switch
CORE/
OAM

VRRP

L3 Switch
(Standby)

SSW (Master)
CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

L2
Switch
CORE/
OAM

SSW (Slave)
L2
Switch
Signaling

Figure A.1

M09001260

Problem 1 redundant cabling

Page 100

L2
Switch
Signaling

Possible Problems with the Cabling

HSRP Hot Standby Router Protocol is a Cisco proprietary redundancy protocol for establishing a fault-tolerant default
gateway, and is described in detail in RFC 2281.
Problem 1 is solved by setting up a direct connection between
the L2 switches which are connected to the SSW. This connection is marked in Figure A.2 . You see that, despite the failure of connection , , and are also connected by .
HSRP Cisco

L3 Switch
(Active)

L2
Switch
CORE/
OAM

VRRP

L3 Switch
(Standby)

SSW (Master)
CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

L2
Switch
CORE/
OAM

SSW (Slave)
L2
Switch
Signaling

Figure A.2

M09001260

Solution A to problem 1

Page 101

L2
Switch
Signaling

Possible Problems with the Cabling

Figure A.3 shows an alternative solution to the problem. In


this case, the redundant L3 Ethernet switches are replaced
with a single L2 Ethernet switch. However, this solution removes the redundancy of the network switches (Uplink
switches to the OAM network).

L2 Switch

L2
Switch
CORE/
OAM

SSW (Master)
CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

L2
Switch
CORE/
OAM

SSW (Slave)
L2
Switch
Signaling

Figure A.3

M09001260

Solution B to problem 1

Page 102

L2
Switch
Signaling

Possible Problems with the Cabling

Figure A.4 shows a third possible solution to Problem 1


with two L2 Ethernet switches which are connected to each
other. Spanning tree blocking is used to prevent loops.

L2 Switch

L2
Switch
CORE/
OAM

L2 Switch

SSW (Master)
CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

L2
Switch
CORE/
OAM

SSW (Slave)
L2
Switch
Signaling

L2
Switch
Signaling

Blocked by Spanning Tree

Figure A.4

Solution C to problem 1

This solution leads us to Problem 2, in which redundant cabling causes loops, causing the packets to go round in a circle
and to block the Ethernet network, as explained in the following text.

M09001260

Page 103

Possible Problems with the Cabling

A.2

Problem 2 Loop in the Redundant Cabling


Redundant cabling can lead to loops, causing packets to go
round in a circle, thus paralyzing the network. Figure A.5
shows a loop at the L2 switch to the Uplink between three
points , , and .

L2 Switch

L2
Switch
CORE/
OAM

SSW (Master)
CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

L2
Switch
CORE/
OAM

SSW (Slave)
L2
Switch
Signaling

Figure A.5

M09001260

Problem 2 loop between 1, 2, and 3

Page 104

L2
Switch
Signaling

Possible Problems with the Cabling

In Figure A.6 the connection from Figure A.5 , which causes the loop,
is removed.

L2 Switch

L2
Switch
CORE/
OAM

SSW (Master)
CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

L2
Switch
CORE/
OAM

SSW (Slave)
L2
Switch
Signaling

Figure A.6

M09001260

Solution A to problem 2

Page 105

L2
Switch
Signaling

Possible Problems with the Cabling

Figure A.7 shows that redundant cabling without loops is


possible by introducing L3 Ethernet switches, as only one of
the two L3 Ethernet switches is active.
HSRP Cisco

L3 Switch
(Active)

L2
Switch
CORE/
OAM

VRRP

L3 Switch
(Standby)

SSW (Master)
CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

L2
Switch
CORE/
OAM

SSW (Slave)
L2
Switch
Signaling

Figure A.7

M09001260

Solution B to problem 2

Page 106

L2
Switch
Signaling

Possible Problems with the Cabling

Figure A.8 shows that Spanning Tree, supported by the Ethernet switch, automatically blocks a loop. In the picture, this is
the connection marked with .

L2 Switch

L2
Switch
CORE/
OAM

SSW (Master)
CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

CORE,
OAM,SNMP

SIGTRAN,
MGCP,SIP

MP1

MP2

L2
Switch
CORE/
OAM

SSW (Slave)
L2
Switch
Signaling

L2
Switch
Signaling

Blocked by Spanning Tree

Figure A.8

Solution C to problem 2

A.3

Problem 3 Network Configuration


with VLAN
If you are using more than one VLAN on top of one logical interface, make sure that you do not send these untagged Ethernet frames to the same L2 switch. This will result in the L2
switch not knowing to which port a MAC address shall be applied.

M09001260

Page 107

Possible Problems with the Cabling

In Figure A.9 , the L2 switch receives Ethernet frames from


two source ports with the same MAC address. When the L2
switch wants to send information to this MAC address, it does
not know which port shall be used.

L2
Switch
CORE/
OAM

SSW (Master)
CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP2
VLAN2/MP3
Trunk1

L2
Switch
CORE/
OAM

VLAN1/2
SSW (Slave)
L2
Switch
Signaling

CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP2
VLAN2/MP3
Trunk1

L2
Switch
Signaling
VLAN1/2
VLAN1
VLAN2

Tagged ports
Untagged ports

Figure A.9

M09001260

L2 Switch
(untagged)

Problem 3 configuration of the VLAN

Page 108

Possible Problems with the Cabling

Figure A.10 shows how the untagged packets are sent to


different Ethernet switches on the Uplink.

L2
Switch
CORE/
OAM

SSW (Master)
CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP2
VLAN2/MP3
Trunk1

L2
Switch
CORE/
OAM

VLAN1/2
SSW (Slave)
L2
Switch
Signaling

CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP2
VLAN2/MP3
Trunk1

L2
Switch
Signaling
VLAN1/2
VLAN1
VLAN2

L2 Switch

Tagged ports
Untagged ports

Figure A.10

M09001260

Solution A to problem 3

Page 109

L2 Switch

Possible Problems with the Cabling

Figure A.11 shows how an L3 Ethernet switch can be used


instead of the L2 Ethernet switch. The L3 switch routes the different IP parameters and their IP addresses correctly and
does not use the MAC addresses.

L2
Switch
CORE/
OAM

SSW (Master)
CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP2
VLAN2/MP3
Trunk1

L2
Switch
CORE/
OAM

VLAN1/2
SSW (Slave)
L2
Switch
Signaling

CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP2
VLAN2/MP3
Trunk1

L2
Switch
Signaling
VLAN1/2
VLAN1
VLAN2

L2 Switch

Tagged ports
Untagged ports

Figure A.11

M09001260

Solution B to problem 3

Page 110

L2 Switch

Possible Problems with the Cabling

Figure A.12 shows how an Ethernet switch that also supports VLAN is used at the Uplink. The tagged Ethernet frames
are transferred to the Ethernet switch.

L2
Switch
CORE/
OAM

SSW (Master)
CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP2
VLAN2/MP3
Trunk1

L2
Switch
CORE/
OAM

VLAN1/2
SSW (Slave)
L2
Switch
Signaling

CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP2
VLAN2/MP3
Trunk1

L2
Switch
Signaling
VLAN1/2
VLAN1/2

L2 Switch

L2 Switch

Tagged ports

Figure A.12

A.4

Solution C to problem 3

Problem 4 Spanning Tree in the VLAN


Spanning Tree uses different norms (802.1w, 802.1D, 802.1s).
Please check that when VLANs are used, the corresponding
Spanning Tree norm is supported.

M09001260

Page 111

Possible Problems with the Cabling

Figure A.13 shows how using Spanning Tree wrongly at the


network switch for VLAN2 blocks the connection to the left
Ethernet switch. This causes problems if you need to use that
switch.

L2
Switch
CORE/
OAM

SSW (Master)
CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP2
VLAN2/MP3
Trunk1

VLAN1/2

VLAN1/2
SSW (Slave)
L2
Switch
Signaling

CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP2
VLAN2/MP3
Trunk1

VLAN1/2
VLAN2
VLAN1

Tagged ports
Untagged ports
Blocked by Spanning Tree

M09001260

L2
Switch
Signaling
VLAN1/2
VLAN1
VLAN2

L2 Switch

Figure A.13

L2
Switch
CORE/
OAM

Problem 4 Spanning Tree in the VLAN

Page 112

L2 Switch

Possible Problems with the Cabling

In Figure A.14 , the problem is solved by not using Spanning


Tree on the Ethernet switches and making sure that there are
no Spanning Tree frames in the whole network.

L2
Switch
CORE/
OAM

SSW (Master)
CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP2
VLAN2/MP3
Trunk1

VLAN1/2

VLAN1/2
SSW (Slave)
L2
Switch
Signaling

CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP2
VLAN2/MP3
Trunk1

VLAN1/2
VLAN2
VLAN1

Tagged ports
Untagged ports

M09001260

L2
Switch
Signaling
VLAN1/2
VLAN1
VLAN2

L2 Switch
for VLAN1

Figure A.14

L2
Switch
CORE/
OAM

Solution A to problem 4

Page 113

L2 Switch
for VLAN2

Possible Problems with the Cabling

In Figure A.15 the problem is solved by using L3 Ethernet


switches in the Master / Standby service instead of L2 Ethernet switches.

L2
Switch
CORE/
OAM

SSW (Master)
CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP2
VLAN2/MP3
Trunk1

VLAN1/2

VLAN1/2
SSW (Slave)
L2
Switch
Signaling

CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP2
VLAN2/MP3
Trunk1

VLAN1/2
VLAN1/2
VLAN1/2

Tagged ports

M09001260

L2
Switch
Signaling
VLAN1/2
VLAN1/2
VLAN1/2

L3 Switch
(Active)

Figure A.15

L2
Switch
CORE/
OAM

Solution B to problem 4

Page 114

HSRP Cisco
VRRP

L3 Switch
(Stand by)

Possible Problems with the Cabling

In Figure A.16 , the problem is solved by using the Multiple


Spanning Tree Protocol (MSTP: 802.1s) in all lower L2 switches. With the MSTP, there is one STP instance per VLAN.

L2
Switch
CORE/
OAM

SSW (Master)
CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP0
VLAN2/MP3
Trunk1

VLAN1/2

VLAN1/2
SSW (Slave)
L2
Switch
802.1s
Signaling

CORE,OAM,SNMP
MP1

SIGTRAN
MGCP

SIP
VLAN1/MP0
VLAN2/MP3
Trunk1

VLAN1/2
VLAN2
VLAN1

Tagged ports
Untagged ports

M09001260

L2
Switch
802.1s
Signaling
VLAN1/2
VLAN1
VLAN2

L2 Switch
for VLAN1

Figure A.16

L2
Switch
CORE/
OAM

Solution C to problem 4

Page 115

L2 Switch
for VLAN2

Lists and Index

L ist o f ta bles

List of tables
1.1
2.1
2.2
2.3
2.4
2.5
2.6
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9

M09001260

Factory settings of the SSW ........................................................................................20


Features of the redundant server Dell R630 ..............................................................30
SSW physical IP interfaces ............................................................................................31
Required equipment an L2 switched network as shown in Figure 2.5 ...........37
IP Network for an L2 switched network as shown in Figure 2.5 ......................37
Required equipment for an L3 switched network as shown in Figure 2.6 .....39
IP Network for an L3 switched network as shown in Figure 2.6 ......................39
Information necessary for the SSW configuration ....................................................53
Ports needed for communication with the service processor.................................77
Rules of the ipfstat configuration on the Dom0 machine ........................................78
Rules of the ipfstat configuration on the EMS machine ...........................................79
Firewall rules elements ..............................................................................................82
Rules of the ipfstat configuration on the SSW machines .........................................84
Settings for a softswitch using external NTP sources ...............................................87
Keywords used in the /etc/rc.conf file.........................................................................93
Settings automatically transferred form the master to the slave ...........................95

Page 117

L i st o f f i g u re s

List of figures
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
1.9
1.10
2.1
2.2
2.3
2.4
2.5
2.6
4.1
4.2
4.3
4.4
A.1
A.2
A.3
A.4
A.5
A.6
A.7
A.8
A.9
A.10
A.11
A.12
A.13
A.14
A.15
A.16

M09001260

SSW integration in a network.......................................................................................13


Schemes of the Ethernet architecture of the Dom0 and the SSW ..........................15
Schemes of Ethernet architecture of the Hypervistor and the SSW using VLANs.16
Schema of the Dom0 with the SSW compact virtual machine.................................17
Schema of the Dom0 with the SSW cluster virtual machine ....................................17
Ethernet ports on the SSW ...........................................................................................19
User datatransfer between PSTN/PBX switch, MGW, SSW, and SIP user agent ....21
User data transfer between SIP UAs and TELES NBE or SBC ...................................21
Signaling flow between PSTN switch, SGW, SSW, and SIP user agent ....................22
Signaling flow between PBX switch, SGW, SSW, and SIP user agent.......................22
redundant server (front view) ......................................................................................31
redundant server (rear view) .......................................................................................31
redundant server Ethernet connections ....................................................................35
Ethernet jacks pin assignment in diagram form........................................................36
Complete redundancy with eight L2 Ethernet switches and Spanning Tree .........38
Complete redundancy with two L3 Ethernet switches .............................................39
Network configuration on the Dom0 machine ..........................................................56
Network configuration on the Dom0 machine with VLANs .....................................62
Network configuration on the SSW machines ...........................................................69
Network configuration on a SSW machine with and without VLAN........................74
Problem 1 redundant cabling .................................................................................100
Solution A to problem 1..............................................................................................101
Solution B to problem 1..............................................................................................102
Solution C to problem 1..............................................................................................103
Problem 2 loop between 1, 2, and 3.......................................................................104
Solution A to problem 2..............................................................................................105
Solution B to problem 2..............................................................................................106
Solution C to problem 2..............................................................................................107
Problem 3 configuration of the VLAN ....................................................................108
Solution A to problem 3..............................................................................................109
Solution B to problem 3..............................................................................................110
Solution C to problem 3..............................................................................................111
Problem 4 Spanning Tree in the VLAN...................................................................112
Solution A to problem 4..............................................................................................113
Solution B to problem 4..............................................................................................114
Solution C to problem 4..............................................................................................115

Page 118

List of examples

List of examples
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
4.10
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.27
4.28
4.29
4.30
4.31
4.32
4.33
4.34
4.35
4.36
4.37
4.38
4.39
4.40
4.41

M09001260

Dom0 config file /etc/network/interfaces....................................................................... 57


EMS config file /etc/network/interfaces.......................................................................... 59
Dom0 hostname settings in /etc/hostname .................................................................. 59
Dom0 hostname settings in /etc/hosts........................................................................... 60
EMS hostname settings in /etc/hosts.............................................................................. 60
/etc/hosts............................................................................................................................ 60
/etc/resolvconf/resolv.conf.d/base.................................................................................. 61
/etc/nsswitch.conf ............................................................................................................. 61
Settings in /etc/network/interfaces for mp3.14 and mp3.16....................................... 64
Settings in /etc/network/interfaces for mp3.14 and mp3.16....................................... 64
Settings in /etc/network/interfaces for mp3.14 and mp3.16 with post-up scripts ... 65
Start script for VLAN interface mp3.14 /etc/network/if-up.d/rule-mp3.14-up.sh ..... 66
Start script for VLAN interface mp3.16 /etc/network/if-up.d/rule-mp3.16-up.sh ..... 67
Stop script for VLAN intf. mp3.14 /etc/network/if-down.d/rule-mp3.14-down.sh .... 67
Settings in /etc/network/interfaces for an alias on mp3.14 ......................................... 68
Output of the command ip rule show ............................................................................ 68
Output of the command ip route list table neta ........................................................... 69
Displaying the current IP configuration on mp1 and mp2 of the SSW ....................... 70
Team configuration for mp1 ............................................................................................ 71
Team configuration for mp2 ............................................................................................ 71
Host name settings in /etc/myname............................................................................... 72
Displaying the IP routes set up on the SSW ................................................................... 72
Enter default gateway /etc/mygate ................................................................................. 72
Enter the ip routes in /etc/route.conf ............................................................................. 73
/etc/nsswitch.conf with active DNS ................................................................................. 73
/etc/resolv.conf .................................................................................................................. 73
VLAN configuration new /etc/ifconfig.trunk1.............................................................. 75
Entering the IP configuration and interface name in the VLAN configuration .......... 75
/teles/sys/firewall/etc/ipf.rules ........................................................................................ 78
/teles/sys/firewall/etc/ipf.rules ........................................................................................ 79
Firewall rules format ...................................................................................................... 81
Sample firewall rule........................................................................................................... 82
Output of zdump -v /etc/localtime for the automatic DST activation check .............. 88
The output of the date command with the time zone CEST ........................................ 89
Time zone setup on NetBSD based SSW ........................................................................ 89
Time zone setup on Ubuntu based Dom0 or EMS ........................................................ 89
Detail of the [Date] section of a php.ini with time zone settings ................................ 90
Output of the ntpdc -n -c peers command .................................................................... 91
Output of the script ntptrace ........................................................................................... 91
/etc/rc.conf file ................................................................................................................... 93
Output after login .............................................................................................................. 96

Page 119

Index

Index
Symbols
/etc/hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

C
Cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Power . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

D
Default gateway . . . . . . . . . . . . . . . . . . . . . . . . . 72
DNS settings . . . . . . . . . . . . . . . . . . . . . . . . .61, 73

E
Ethernet cabling . . . . . . . . . . . . . . . . . . . . . . . . . 34
Ethernet jack . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Ethernet switch . . . . . . . . . . . . . . . . . . . . . . . . . 37

F
Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
BSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Linux . . . . . . . . . . . . . . . . . . . . . . . . . . .78, 79
rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

I
IP routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
IP settings . . . . . . . . . . . . . . . . . . . . . . . . . . .57, 59
BSD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
iptables . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78, 79
iswipf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77, 80

L
LEDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

N
network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
hierachy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
ntpd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

P
Power cabling . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

T
Table format
Invisible . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
time zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

V
VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Host name . . . . . . . . . . . . . . . . . . . . . . . . . .59, 72

M09001260

Page 120