Quick links:
Product Overview
Installation
Settings and Administration
ADSL
SIP Support
Telephone ports
Network
Firewall
Wireless
VPN
Misc
Licenses
Troubleshooting
This shows you the differences between two versions of the page.
| network:extrawan [2010/11/09 13:01] mats | network:extrawan [2011/09/16 13:05] (current) tibor | ||
|---|---|---|---|
| Line 7: | Line 7: | ||
| The way multiple WAN interfaces work is depending on the underlying technology for the WAN port, being ADSL/ATM or Ethernet. | The way multiple WAN interfaces work is depending on the underlying technology for the WAN port, being ADSL/ATM or Ethernet. | ||
| - | Read more: [[wp>Wide_area_network|WAN]] | + | Read more: [[wp>Wide_area_network|WAN]], [[web_gui:extra_wan_interfaces|Extra WAN Interfaces configuration page]] | 
| ===== Extra WAN interfaces in the ADSL case ===== | ===== Extra WAN interfaces in the ADSL case ===== | ||
| Line 18: | Line 18: | ||
| As seen on the [[web_gui:extra_wan_interfaces|Extra WAN interfaces/ Virtual circuits]] web page, the LINE interface cannot be removed, but other interfaces, called “ipwan2”, “ipwan3” etc. can be added (or removed), by using their respective //In use// checkbox. | As seen on the [[web_gui:extra_wan_interfaces|Extra WAN interfaces/ Virtual circuits]] web page, the LINE interface cannot be removed, but other interfaces, called “ipwan2”, “ipwan3” etc. can be added (or removed), by using their respective //In use// checkbox. | ||
| - | The VPI and VCI (VPI=Virtual Path Identifier, VCI=Virtual Channel Identifier) values must be set to unique values, or rather, there must not be two interfaces (rows) with the same combination of VPI and VCI. The VPI and VCI values together determine their channel identification in the ATM processing, in the central site modem (DSLAM) and further up the network. As with almost all settings concerning Extra WAN interfaces, these values must be set by specification from the Internet service provider. | + | The VPI and VCI (VPI=Virtual Path Identifier, VCI=Virtual Channel Identifier) values must be set to unique values, or rather, there must not be two interfaces (rows) with the same combination of VPI and VCI. The VPI and VCI values together determine their channel identification in the ATM processing, in the central site modem (DSLAM) and further up the network. :!: As with almost all settings concerning Extra WAN interfaces, these values must be set by specification from the Internet service provider. | 
| + | |||
| + | {{:network:extrawan_adsl.jpg|}} | ||
| ATM has the ability to specify resources on a per-PVC basis, thus using the bandwidth in an optimal way for different types of traffic, for example ensuring a minimal delay for certain critical traffic. The fields for setting these service parameters on the [[web_gui:extra_wan_interfaces|Extra WAN interfaces/ Virtual circuits]] page are ATM QoS class, PCR, SCR, BT and MBS. The ATM QoS class is by default set to UBR (Unspecified Bit Rate), implying that the traffic on this channel takes what bandwidth is available. One may think of UBR as the “best effort”. Other classes can be used to give traffic more priority. In particular, VBR-real time (VBR=Variable Bit Rate) is used for traffic sensitive to delays, for example voice streams. Further ATM settings that may be specified are: | ATM has the ability to specify resources on a per-PVC basis, thus using the bandwidth in an optimal way for different types of traffic, for example ensuring a minimal delay for certain critical traffic. The fields for setting these service parameters on the [[web_gui:extra_wan_interfaces|Extra WAN interfaces/ Virtual circuits]] page are ATM QoS class, PCR, SCR, BT and MBS. The ATM QoS class is by default set to UBR (Unspecified Bit Rate), implying that the traffic on this channel takes what bandwidth is available. One may think of UBR as the “best effort”. Other classes can be used to give traffic more priority. In particular, VBR-real time (VBR=Variable Bit Rate) is used for traffic sensitive to delays, for example voice streams. Further ATM settings that may be specified are: | ||
| Line 28: | Line 30: | ||
| The SCR and BT/MBS values need only to be set for VBR types of ATM QoS class. | The SCR and BT/MBS values need only to be set for VBR types of ATM QoS class. | ||
| - | It should be remembered that these ATM QoS settings (as the QoS routing described later) essentially describes the upstream behaviour. | + | :!: It should be remembered that these ATM QoS settings (as the QoS routing described later) essentially describes the upstream behaviour. | 
| The incoming downstream flow of traffic is simply processed as the packets arrive, without any real possibility to do any prioritization at all. | The incoming downstream flow of traffic is simply processed as the packets arrive, without any real possibility to do any prioritization at all. | ||
| Read more: [[wp>Asynchronous_Transfer_Mode|ATM]], [[wp>Permanent_virtual_circuit|PVC]], [[wp>Virtual_path_identifier|VPI]], [[wp>Virtual_channel_identifier|VCI]], [[wp>Traffic_contract|ATM traffic types]] | Read more: [[wp>Asynchronous_Transfer_Mode|ATM]], [[wp>Permanent_virtual_circuit|PVC]], [[wp>Virtual_path_identifier|VPI]], [[wp>Virtual_channel_identifier|VCI]], [[wp>Traffic_contract|ATM traffic types]] | ||
| - | ===== Extra WAN interfaces in the ethernet case – VLAN tags ===== | + | ===== Extra WAN interfaces in the Ethernet case – VLAN tags ===== | 
| On the [[web_gui:network_page|Network Configuration]] web page, one may select to use “ET0” (on older 4-port models "ET4") as the WAN interface instead of “LINE”. | On the [[web_gui:network_page|Network Configuration]] web page, one may select to use “ET0” (on older 4-port models "ET4") as the WAN interface instead of “LINE”. | ||
| Line 42: | Line 44: | ||
| - Untagged WAN traffic, using different network subnets on the WAN port | - Untagged WAN traffic, using different network subnets on the WAN port | ||
| - | VLAN-tagged traffic is not supported on the inside (LAN) interfaces. (More on VLAN-taggging below.) | + | :!: VLAN-tagged traffic is not supported on the inside (LAN) interfaces. (More on VLAN-taggging below.) | 
| Like the ADSL case, there is a [[web_gui:extra_wan_interfaces|Extra WAN interfaces]] configuration page, a link to this is found on the Advanced network page. The first time this page is visited, one must enable the multiple-WAN feature by selecting “enabled” in the Extra WAN Interfaces drop-down box. Clicking “Apply” will then enforce a new restart, and after that the web page will contain the full set of configurations, in Ethernet mode. | Like the ADSL case, there is a [[web_gui:extra_wan_interfaces|Extra WAN interfaces]] configuration page, a link to this is found on the Advanced network page. The first time this page is visited, one must enable the multiple-WAN feature by selecting “enabled” in the Extra WAN Interfaces drop-down box. Clicking “Apply” will then enforce a new restart, and after that the web page will contain the full set of configurations, in Ethernet mode. | ||
| Line 48: | Line 50: | ||
| Many of the column headings are the same as for the ADSL case. In the Ethernet case, there is obviously no need for any ATM values. | Many of the column headings are the same as for the ADSL case. In the Ethernet case, there is obviously no need for any ATM values. | ||
| Instead, there is two columns to the far right of the page named //VLAN Id// and //PCP//. | Instead, there is two columns to the far right of the page named //VLAN Id// and //PCP//. | ||
| - | (IX68 and older versions of IX78 may not support the VLAN tagging, having no such column. One can also check the Help: Device Information from the top menu, under the “Hardware” box the switch chip type should be IP175D to support VLANs.) | + | (older versions of Internet Gate may not support the VLAN tagging, having no such column. One can also check the Help: Device Information from the top menu, under the “Hardware” box the switch chip type should be IP175D to support VLANs.) | 
| The VLAN (Virtual LAN, Virtual Local Area Network) tagging according to specification IEEE Std 802.1Q is a way to let logical groups of stations communicate as if they were on the same LAN. | The VLAN (Virtual LAN, Virtual Local Area Network) tagging according to specification IEEE Std 802.1Q is a way to let logical groups of stations communicate as if they were on the same LAN. | ||
| Line 59: | Line 61: | ||
| The single non-VLAN-tagged interface should then be set to the (faked) //VLAN Id// “4096”. | The single non-VLAN-tagged interface should then be set to the (faked) //VLAN Id// “4096”. | ||
| - | One may also, for each VLAN used, fill in a //PCP// value. This is the three bit //Priority Code Point// value, sometimes called //COS//, according to IEEE 802.1p standard. | + | {{:network:extrawan_et0.jpg|}} | 
| + | |||
| + | One may also, for each VLAN used, fill in a //PCP// value. This is the three bit //Priority Code Point// value, sometimes called //CoS// (Class of Service), according to IEEE 802.1p standard. | ||
| It is used for marking outgoing traffic with a priority value (0-7) that may be treated specially in upstream switches and routers. | It is used for marking outgoing traffic with a priority value (0-7) that may be treated specially in upstream switches and routers. | ||
| If the //PCP// field is left empty (which is common) the priority value defaults to 0. | If the //PCP// field is left empty (which is common) the priority value defaults to 0. | ||
| - | Read more: [[wp>VLAN]], [[wp>IEEE_802.1Q|IEEE 802.1Q standard]], [[wp>IEEE_802.1p|IEEE 802.1p]] | + | Read more: [[wp>VLAN]], [[wp>IEEE_802.1Q|IEEE 802.1Q standard]], [[wp>IEEE_802.1p|IEEE 802.1p, PCP, CoS]] | 
| ===== Non-VLAN tag case ===== | ===== Non-VLAN tag case ===== | ||
| Line 80: | Line 84: | ||
| If the WAN IP interfaces use DHCP, the DHCPDISCOVER/DHCPREQUEST packets sent out will request the server to use unicast (the broadcast bit in the DHCP message flags cleared), so consequently the DHCP server must support unicast (as broadcast DHCP messages from the server would be impossible to route to the correct IP interface). | If the WAN IP interfaces use DHCP, the DHCPDISCOVER/DHCPREQUEST packets sent out will request the server to use unicast (the broadcast bit in the DHCP message flags cleared), so consequently the DHCP server must support unicast (as broadcast DHCP messages from the server would be impossible to route to the correct IP interface). | ||
| Multicast (incoming) packets are treated specially, they are sent to the interface having its IGMP Proxy checkbox checked (more on IGMP below). | Multicast (incoming) packets are treated specially, they are sent to the interface having its IGMP Proxy checkbox checked (more on IGMP below). | ||
| + | |||
| + | Read more: [[wp>Address_Resolution_Protocol|ARP]], [[wp>DHCP|DHCP]], [[wp>MAC_address|MAC address]] | ||
| ===== Firewall / NAT behaviour for extra WAN interfaces ===== | ===== Firewall / NAT behaviour for extra WAN interfaces ===== | ||
| Line 88: | Line 94: | ||
| When incoming packets on one of the multiple WAN interfaces have passed the firewall and having their destination IP addresses NAT:ed they are subjected to routing to any of the local (‘inside’) ports. | When incoming packets on one of the multiple WAN interfaces have passed the firewall and having their destination IP addresses NAT:ed they are subjected to routing to any of the local (‘inside’) ports. | ||
| At this stage, there is no longer any information in the packet by which WAN interface it came in (such as VLAN tag). | At this stage, there is no longer any information in the packet by which WAN interface it came in (such as VLAN tag). | ||
| - | One should not try to build a one-to-one relationship between a particular WAN “channel” and a particular local port, a packet coming in on any WAN can go out on any LAN port, all controlled by the IP address/routing only. | + | :!: One should not try to build a one-to-one relationship between a particular WAN “channel” and a particular local port, a packet coming in on any WAN can go out on any LAN port, all controlled by the IP address/routing only. | 
| For the upstream direction there is similar NAT and firewall treatment, here the QoS routing (described below) or ordinary destination address routing are the mechanisms that make a packet select its WAN “channel”. | For the upstream direction there is similar NAT and firewall treatment, here the QoS routing (described below) or ordinary destination address routing are the mechanisms that make a packet select its WAN “channel”. | ||
| + | |||
| + | Read more: [[wp>NAT|NAT]] | ||
| ===== DHCP / PPP issues ===== | ===== DHCP / PPP issues ===== | ||
| Line 97: | Line 105: | ||
| For example, pressing //Release// will produce a DHCPRELEASE packet sent out simultaneously on all WAN IP interfaces (that have their Access type set to “DHCP”). | For example, pressing //Release// will produce a DHCPRELEASE packet sent out simultaneously on all WAN IP interfaces (that have their Access type set to “DHCP”). | ||
| A //Renew// may not succeed to renew all interfaces’ IP address and will report if partly failed. | A //Renew// may not succeed to renew all interfaces’ IP address and will report if partly failed. | ||
| - | A failure is not “for ever”, the DHCP client keeps constantly trying on all the WAN IP interfaces that haven’t yet got their IP address leases. | + | :!: A failure is not “for ever”, the DHCP client keeps constantly trying on all the WAN IP interfaces that haven’t yet got their IP address leases. | 
| + | |||
| + | Read more: [[wp>DHCP|DHCP]], [[wp>Point-to-Point_Protocol|PPP]], [[wp>PPPoE]], [[wp>PPPoA]] | ||
| ===== QoS (Quality of Service) routing ===== | ===== QoS (Quality of Service) routing ===== | ||
| Line 129: | Line 139: | ||
| Needless to say, these entries in the routing table will not show up until the respective IP interface has got its IP address (by DHCP, PPP or manually). | Needless to say, these entries in the routing table will not show up until the respective IP interface has got its IP address (by DHCP, PPP or manually). | ||
| - | Read more: [[wp>Default_gateway|Default gateway]] | + | Read more: [[wp>Routing_table|Routing table]], [[wp>Default_gateway|Default gateway]], [[wp>Hop_(networking)|Next hop]] | 
| ===== Classifying SIP traffic ===== | ===== Classifying SIP traffic ===== | ||
| Line 166: | Line 177: | ||
| ===== IGMP Proxy ===== | ===== IGMP Proxy ===== | ||
| - | One of the WAN IP interfaces may be used for receiving multicast traffic, typically data streams for video and IP-TV. | + | One of the WAN IP interfaces may be used for receiving [[multicast]] traffic, typically data streams for video and IP-TV. | 
| The task for a router is to distribute this traffic to whatever clients on the local side (LAN) that are listening. | The task for a router is to distribute this traffic to whatever clients on the local side (LAN) that are listening. | ||
| It is of course preferred not to send all multicast packets to all LAN clients at any time. | It is of course preferred not to send all multicast packets to all LAN clients at any time. | ||
| Line 174: | Line 185: | ||
| On the local side it acts as the ‘router’ that sends queries and keeps track of what hosts are members of which groups. | On the local side it acts as the ‘router’ that sends queries and keeps track of what hosts are members of which groups. | ||
| - | The IGMP Proxy needs to know which is the upstream interface, i.e. from where it will expect incoming IGMP queries and to where it should send back reports of membership additions/removals in groups. | + | The [[multicast|IGMP Proxy]] needs to know which is the upstream interface, i.e. from where it will expect incoming IGMP queries and to where it should send back reports of membership additions/removals in groups. | 
| Normally, when using only one WAN interface this is of course no problem. | Normally, when using only one WAN interface this is of course no problem. | ||
| When using extra WAN interfaces, however, one must decide which of the multiple WAN “channels” that should be regarded as the upstream interface. | When using extra WAN interfaces, however, one must decide which of the multiple WAN “channels” that should be regarded as the upstream interface. | ||
| Line 181: | Line 192: | ||
| Only one of them or none should be checked. If none is checked, the internet IP interface (“ET0” or “LINE”) will be used as the IGMP upstream interface. | Only one of them or none should be checked. If none is checked, the internet IP interface (“ET0” or “LINE”) will be used as the IGMP upstream interface. | ||
| - | If multicast streams and IGMP will be used, one must also enable the //IGMP/Multicast// on the Security Settings for the profile (Hi, Lo or AC) that is used. | + | :!: If multicast streams and IGMP will be used, one must also enable the //IGMP/Multicast// on the Security Settings for the profile (Hi, Lo or AC) that is used. | 
| There is a checkbox under //Applications from inside// that should be checked to allow the IGMP traffic through the firewall. | There is a checkbox under //Applications from inside// that should be checked to allow the IGMP traffic through the firewall. | ||
| Under “General Settings” on that page there are also settings for the IGMP Proxy itself (enabled by default). | Under “General Settings” on that page there are also settings for the IGMP Proxy itself (enabled by default). | ||
| Line 190: | Line 201: | ||
| If there are two or more hosts on the LAN listening to the same multicast channel the multicast packets are transmitted on the LAN in normal, link-layer multicast manner, using special multicast MAC addresses. | If there are two or more hosts on the LAN listening to the same multicast channel the multicast packets are transmitted on the LAN in normal, link-layer multicast manner, using special multicast MAC addresses. | ||
| + | Read more: [[wp>IGMP]], [[wp>Proxy_server|proxy]], [[wp>Multicast]] | ||