Cisco ONS 15454 SDH Installation and Operations Guide, Release 3.4
Chapter 4, IP Networking

Table of Contents

IP Networking
4.1 Before You Begin
4.2 Scenario 1: CTC and ONS 15454 SDH Nodes on Same Subnet
4.3 Scenario 2: CTC and ONS 15454 SDH Nodes Connected to Router
4.4 Scenario 3: Using Proxy ARP to Enable an ONS 15454 SDH Gateway
4.5 Scenario 4: Default Gateway on CTC Computer
4.6 Scenario 5: Using Static Routes to Connect to LANs
4.7 Scenario 6: Static Route for Multiple CTCs
4.8 Scenario 7: Using OSPF
4.9 Scenario 8: Using RIP
4.10 Scenario 9: Using the Proxy Server Features
4.11 Viewing the ONS 15454 SDH Routing Table

IP Networking


This chapter explains how to set up Cisco ONS 15454 SDH nodes in IP networks. The chapter does not provide a comprehensive explanation of IP networking concepts and procedures.


Note   To set up ONS 15454 SDH nodes within an IP network, you must work with a LAN administrator or other individual at your site who has IP network training and experience. To learn more about IP networking, many outside resources are available. IP Routing Fundamentals, by Mark Sportack (Cisco Press, 1999), provides a comprehensive introduction to routing concepts and protocols in IP networks.

Table 4-1 lists IP networking topics. Table 4-2 lists IP networking routing procedures on the ONS 15454 SDH.

4.1 Before You Begin

Determine how your network will be connected. There are many different ONS 15454 SDH connection options within an IP environment:

  • ONS 15454 SDH nodes can be connected to LANs directly or through a router.
  • IP subnetting can create ONS 15454 SDH node groups, allowing you to provision non-DCC connected nodes in a network.
  • Different IP functions and protocols can be used to achieve specific network goals. For example, Proxy Address Resolution Protocol (ARP) enables one LAN-connected ONS 15454 SDH to serve as a gateway for ONS 15454 SDH nodes that are not connected to the LAN.
  • You can create static routes to enable connections among multiple CTC sessions with ONS 15454 SDH nodes that reside on the same subnet but have different destination IP addresses.
  • If ONS 15454 SDH nodes are connected to open shortest path first (OSPF) networks, ONS 15454 SDH network information is automatically communicated across multiple LANs and WANs.

ONS 15454 SDH IP addressing generally has eight common scenarios or configurations. Each of these scenarios is described in this chapter. Use the scenarios as building blocks for more complex network configurations.

Table 4-3 provides a general list of items to check when setting up ONS 15454 SDH nodes in IP networks. Additional procedures for troubleshooting Ethernet connections and IP networks are provided in "Ethernet Operation."

Table 4-3   General ONS 15454 SDH IP Networking Checklist

Item  What to Check 

PC/workstation

Each CTC computer must have the following:

  • Web browser
  • Java Runtime Environment
  • Java.policy file (modified for CTC)

See the "Check Computer Software Requirements" section for detailed information.

Link integrity

Link integrity exists between:

  • CTC computer and network hub/switch
  • ONS 15454 SDH nodes (backplane wire-wrap pins or RJ-45 port) and network hub/switch
  • Router ports and hub/switch ports

ONS 15454 SDH hub/switch ports

Set the hub or switch port that is connected to the ONS 15454 SDH to 10 Mbps half-duplex.

Ping

Ping the node to test connections between computers and ONS 15454 SDH nodes.

IP addresses/subnet masks

ONS 15454 SDH IP addresses and subnet masks are set up correctly.

Optical connectivity

ONS 15454 SDH optical trunk ports are in service; DCC is enabled on each trunk port.

4.2 Scenario 1: CTC and ONS 15454 SDH Nodes on Same Subnet

Scenario 1 shows a basic ONS 15454 SDH LAN configuration (Figure 4-1). The ONS 15454 SDH nodes and CTC computer reside on the same subnet. All ONS 15454 SDH nodes connect to LAN A, and all ONS 15454 SDH nodes have DCC connections.


Note   Instructions for creating DCC connections are provided in "SDH Topologies" within the MS-SPRing, SNCP, and linear ADM procedures.


Figure 4-1   Scenario 1: CTC and ONS 15454 SDH nodes on same subnet


4.3 Scenario 2: CTC and ONS 15454 SDH Nodes Connected to Router

In Scenario 2, the CTC computer resides on a subnet (192.168.1.0) and attaches to LAN A (Figure 4-2). The ONS 15454 SDH nodes reside on a different subnet (192.168.2.0) and attach to LAN B. A router connects LAN A to LAN B. The IP address of router interface A is set to LAN A (192.168.1.1), and the IP address of router interface B is set to LAN B (192.168.2.1).

On the CTC computer, the default gateway is set to router interface A. If the LAN uses DHCP (Dynamic Host Configuration Protocol), the default gateway and IP address are assigned automatically. In the Figure 4-2 example, a DHCP server is not available.


Figure 4-2   Scenario 2: CTC and ONS 15454 SDH nodes connected to router


4.4 Scenario 3: Using Proxy ARP to Enable an ONS 15454 SDH Gateway

Scenario 3 is similar to Scenario 1, but only one ONS 15454 SDH (Node 1) connects to the LAN (Figure 4-3). Two ONS 15454 SDH nodes (2 and 3) connect to ONS 15454 SDH 1 through the SDH DCC. Because all three ONS 15454 SDH nodes are on the same subnet, Proxy ARP enables ONS 15454 SDH 1 to serve as a gateway for ONS 15454 SDH nodes 2 and 3.


Figure 4-3   Scenario 3: Using Proxy ARP to enable an ONS 15454 SDH gateway


ARP matches higher-level IP addresses to the physical addresses of the destination host. It uses a lookup table (called ARP cache) to perform the translation. When the address is not found in the ARP cache, a broadcast is sent out on the network with a special format called the ARP request. If one of the machines on the network recognizes its own IP address in the request, it sends an ARP reply back to the requesting host. The reply contains the physical hardware address of the receiving host. The requesting host stores this address in its ARP cache so that all subsequent datagrams (packets) to this destination IP address can be translated to a physical address.

Proxy ARP enables one LAN-connected ONS 15454 SDH to respond to the ARP request for ONS 15454 SDH nodes not connected to the LAN. (ONS 15454 SDH Proxy ARP requires no user configuration.) For this to occur, the DCC-connected ONS 15454 SDH nodes must reside on the same subnet. When a LAN device sends an ARP request to an ONS 15454 SDH that is not connected to the LAN, the gateway ONS 15454 SDH returns its MAC address to the LAN device. The LAN device then sends the datagram for the remote ONS 15454 SDH to the MAC address of the proxy ONS 15454 SDH. The proxy ONS 15454 SDH uses its routing table to forward the datagram to the non-LAN ONS 15454 SDH. The routing table is built using the OSPF IP routing protocol. (An OSPF example is presented in the "Scenario 7: Using OSPF" section.)

4.5 Scenario 4: Default Gateway on CTC Computer

Scenario 4 is similar to Scenario 3, but Nodes 2 and 3 reside on different subnets, 192.168.2.0 and 192.168.3.0, respectively (Figure 4-4). Node 1 and the CTC computer are on subnet 192.168.1.0. The network includes different subnets because Proxy ARP is not used. In order for the CTC computer to communicate with ONS 15454 SDH nodes 2 and 3, ONS 15454 SDH 1 is entered as the default gateway on the CTC computer using the "Setting Up the CTC Computer" section.


Figure 4-4   Scenario 4: Default gateway on a CTC computer


4.6 Scenario 5: Using Static Routes to Connect to LANs

Static routes are used for two purposes:

  • To connect ONS 15454 SDH nodes to CTC sessions on one subnet connected by a router to ONS 15454 SDH nodes residing on another subnet. (These static routes are not needed if OSPF is enabled. Scenario 7 shows an OSPF example.)
  • To enable multiple CTC sessions among ONS 15454 SDH nodes residing on the same subnet. (Scenario 6 shows an example.)

In Figure 4-5, one CTC residing on subnet 192.168.1.0 connects to a router through interface A. (The router is not set up with OSPF.) ONS 15454 SDH nodes residing on subnet 192.168.2.0 are connected through ONS 15454 SDH 1 to the router through interface B. Proxy ARP enables ONS 15454 SDH 1 as a gateway for ONS 15454 SDH nodes 2 and 3. To connect to CTC computers on LAN A, a static route is created on ONS 15454 SDH 1.


Figure 4-5   Scenario 5: Static route with one CTC computer used as a destination


The destination and subnet mask entries control access to the ONS 15454 SDH nodes.

  • If a single CTC computer is connected to the router, enter the complete CTC "host route" IP address as the destination with a subnet mask of 255.255.255.255.
  • If all CTC computers on a subnet are connected to the router, enter the destination subnet (in this example, 192.168.1.0) and a subnet mask of 255.255.255.0.
  • If all CTC computers on all subnets are connected to the router, enter a destination of 0.0.0.0 and a subnet mask of 0.0.0.0. Figure 4-6 shows an example.

The IP address of router interface B is entered as the next hop, and the cost (number of hops from source to destination) is 2.


Figure 4-6   Scenario 5: Static route with multiple LAN destinations


Procedure: Create a Static Route

Purpose

Use this procedure to create a static route. Static routes are used for two purposes:

  • To connect ONS 15454 SDH nodes to CTC sessions on one subnet connected by a router to ONS 15454 SDH nodes residing on another subnet.
  • To enable multiple CTC sessions among ONS 15454 SDH nodes residing on the same subnet.

Onsite/Remote

Onsite or remote


Step 1   Start CTC for an ONS 15454 SDH node and choose the Provisioning > Network tabs.

Step 2   Click the Static Routing tab. Click Create.


Figure 4-7   Create Static Route dialog box


Step 3   In the Create Static Route dialog box enter the following:

  • Destination—Enter the IP address of the computer running CTC. To limit access to one computer, enter the full IP address (in the example, 192.168.1.100). To allow access to all computers on the 192.168.1.0 subnet, enter 192.168.1.0 and a subnet mask of 255.255.255.0. You can enter a destination of 0.0.0.0 to allow access to all CTC computers that connect to the router.
  • Mask—Enter a subnet mask. If the destination is a host route (i.e., one CTC computer), enter a 32-bit subnet mask (255.255.255.255). If the destination is a subnet, adjust the subnet mask accordingly, for example, 255.255.255.0. If the destination is 0.0.0.0, enter a subnet mask of 0.0.0.0 to provide access to all CTC computers.
  • Next Hop—Enter the IP address of the router port (in this example, 192.168.90.1) or the node IP address if the CTC computer is connected to the node directly.
  • Cost—Enter the number of hops between the ONS 15454 SDH and the computer. In this example, the cost is two: one hop from the ONS 15454 SDH to the router and a second hop from the router to the CTC workstation.

Step 4   Click OK. Verify that the static route displays in the Static Route window, or ping the node.





4.7 Scenario 6: Static Route for Multiple CTCs

Scenario 6 shows a static route used when multiple CTC computers need to access ONS 15454 SDH nodes residing on the same subnet (Figure 4-8). In this scenario, CTC 1 and 2 and all ONS 15454 SDH nodes are on the same IP subnet; ONS 15454 SDH 1 and CTC 1 are attached to LAN A. ONS 15454 SDH 2 and CTC 2 are attached to LAN B. Static routes are added to ONS 15454 SDH 1 pointing to CTC 1, and to ONS 15454 SDH 2 pointing to CTC 2. The static route is entered from the node's perspective.


Figure 4-8   Scenario 6: Static route for multiple CTCs


4.8 Scenario 7: Using OSPF

Open Shortest Path First (OSPF) is a link state Internet routing protocol. Link state protocols use a "hello protocol" to monitor their links with adjacent routers and to test the status of their links to their neighbors. Link state protocols advertise their directly connected networks and their active links. Each link state router captures the link state "advertisements" and puts them together to create a topology of the entire network or area. From this database, the router calculates a routing table by constructing a shortest path tree. Routes are continuously recalculated to capture ongoing topology changes.

ONS 15454 SDH nodes use the OSPF protocol in internal ONS 15454 SDH networks for node discovery, circuit routing, and node management. You can enable OSPF on the ONS 15454 SDH nodes so that the ONS 15454 SDH topology is sent to OSPF routers on a LAN. Advertising the ONS 15454 SDH network topology to LAN routers eliminates the need to manually enter static routes for ONS 15454 SDH subnetworks. Figure 4-9 shows the same network enabled for OSPF. Figure 4-10 shows the same network without OSPF. Static routes must be manually added to the router in order for CTC computers on LAN A to communicate with ONS 15454 SDH 2 and 3 because these nodes reside on different subnets.

OSPF divides networks into smaller regions, called areas. An area is a collection of networked end systems, routers, and transmission facilities organized by traffic patterns. Each OSPF area has a unique ID number, known as the area ID, that can range from 0 to 4,294,967,295. Every OSPF network has one backbone area called "area 0." All other OSPF areas must connect to area 0.

When you enable ONS 15454 SDH OSPF topology for advertising to an OSPF network, you must assign an OSPF Area ID to the ONS 15454 SDH network. Coordinate the area ID number assignment with your LAN administrator. In general, all DCC-connected ONS 15454 SDH nodes are assigned the same OSPF Area ID.


Figure 4-9   Scenario 7: OSPF enabled



Figure 4-10   Scenario 7: OSPF not enabled


Procedure: Set Up OSPF

Purpose

Use the following procedure to enable OSPF on each ONS 15454 SDH node that you want included in the OSPF network topology.

Prerequisite Information

ONS 15454 SDH OSPF settings must match the router OSPF settings, so you will need to get the OSPF Area ID, Hello and Dead intervals, and authentication key (if OSPF authentication is enabled) from the router to which the ONS 15454 SDH network is connected before enabling OSPF.

Onsite/Remote

Onsite or remote


Step 1   Start CTC for an ONS 15454 SDH node.

Step 2   In node view, choose the Provisioning > Network > OSPF tabs. The OSPF pane has several options (Figure 4-11).


Figure 4-11   Enabling OSPF on the ONS 15454 SDH


Step 3   Complete the following:

  • DCC OSPF Area ID—Click the Area ID next to the slot and port field. Enter the number that identifies the ONS 15454 SDH nodes as a unique OSPF area. The OSPF area number can be an integer between 0 and 4294967295, and it can take a form similar to an IP address. The number must be unique to the LAN OSPF area.
  • DCC Metric—This value is normally unchanged. It sets a "cost" for sending packets across the DCC, which is used by OSPF routers to calculate the shortest path. This value should always be higher than the LAN metric. The default DCC metric is 100.

Step 4   In the OSPF on LAN area, complete the following:

  • OSPF active on LAN—When checked, enables ONS 15454 SDH OSPF topology to be advertised to OSPF routers on the LAN. Enable this field on ONS 15454 SDH nodes that directly connect to OSPF routers.
  • LAN Port Area ID—Enter the OSPF Area ID for the router port where the ONS 15454 SDH is connected. (This number is different from the DCC Area ID.)

Step 5   In the Authentication Type area, click the button that says No Athentication or Simple Password and complete the following:

  • Authentication Type—Use the menu to select Simple Password or No Authentication. (The button name depends on the options selected.) If the router where the ONS 15454 SDH is connected uses authentication, choose Simple Password. Otherwise, choose No Authentication.
  • Enter Authentication KeyIf authentication is enabled, enter the OSPF key (password).
  • Confirm Authentication KeyEnter the OSPF key again for confirmation purposes.

Step 6   Complete the following (Figure 4-12):


Note    The OSPF priority and intervals default to values most commonly used by OSPF routers. In the Priority and Invervals area, verify that these values match those used by the OSPF router where the ONS 15454 SDH is connected.

  • Router Priority—Select the designated router for a subnet.
  • Hello Interval (sec)—Set the number of seconds between OSPF hello packet advertisements sent by OSPF routers. Ten seconds is the default.
  • Dead Interval—Set the number of seconds that will pass while an OSPF router's packets are not visible before its neighbors declare the router down. Forty seconds is the default.
  • Transit Delay (sec)—Indicate the service speed. One second is the default.
  • Retransmit Interval (sec)—Set the time that will elapse before a packet is resent. Five seconds is the default.
  • LAN MetricSet a "cost" for sending packets across the LAN. This value should always be lower than the DCC metric. Ten is the default.

Figure 4-12   The OSPF area range table and virtual link table


Step 7   In the OSPF Area Range Table area, complete the following:


Note    Area range tables consolidate the information that is propagated outside an OSPF Area border. One ONS 15454 SDH in the ONS 15454 SDH OSPF area is connected to the OSPF router. An area range table on this node points the router to the other nodes that reside within the ONS 15454 SDH OSPF area.

a. Under OSPF Area Range Table, click Create.

b. In the Create Area Range dialog box, enter the following:

  • Range Address—Enter the area IP address for the ONS 15454 SDH nodes that reside within the OSPF area. For example, if the ONS 15454 SDH OSPF area includes nodes with IP addresses 10.10.20.100, 10.10.30.150, 10.10.40.200, and 10.10.50.250, the range address would be 10.10.0.0.
  • Range Area ID—Enter the OSPF Area ID for the ONS 15454 SDH nodes. This is either the ID in the DCC OSPF Area ID field or the ID in the Area ID for LAN Port field.
  • Mask Length—Enter the subnet mask length. In the Range Address example, this is 16.
  • Mask—Displays the subnet mask used to reach the destination host or network.
  • Advertise—Check if you want to advertise the OSPF range table.

c. Click OK.

Step 8   All OSPF areas must be connected to Area 0. If the ONS 15454 SDH OSPF area is not physically connected to Area 0, use the following steps to create a virtual link table that will provide the disconnected area with a logical path to Area 0:

a. Under OSPF Virtual Link Table, click Create.

b. In the Create Virtual Link dialog box, complete the following fields. (The OSPF settings must match OSPF settings for the ONS 15454 SDH OSPF area.)

  • Neighbor—Enter the router ID of the Area 0 router.
  • Transit Delay (sec)—The service speed. One second is the default.
  • Retransmit Int (sec)—Sets the time that will elapse before a packet is resent. Five seconds is the default.
  • Hello Int (sec)—The number of seconds between OSPF hello packet advertisements sent by OSPF routers. Ten seconds is the default.
  • Dead Int (sec)—Sets the number of seconds that will pass while an OSPF router's packets are not visible before its neighbors declare the router down. Forty seconds is the default.
  • Auth Type—If the router where the ONS 15454 SDH is connected uses authentication, choose Simple Password. Otherwise, set it to No Authentication.

c. Click OK.

Step 9   After entering ONS 15454 SDH OSPF area data, click Apply.

If you changed the Area ID, the TCC-I cards will reset, one at a time.





4.9 Scenario 8: Using RIP

The Routing Information Protocol (RIP) is widely used for routing traffic in the global Internet. RIP is an interior gateway protocol, which means that it performs routing within a single autonomous system. Exterior gateway protocols, such as the Border Gateway Protocol (BGP), perform routing between different autonomous systems.

RIP sends routing-update messages at regular intervals and when the network topology changes. When a router receives a routing update that includes changes to an entry, it updates its routing table to reflect the new route. The metric value for the path is increased by one, and the sender is indicated as the next hop. RIP routers maintain only the best route (the route with the lowest metric value) to a destination. After updating its routing table, the router immediately begins transmitting routing updates to inform other network routers of the change. These updates are sent independently of the regularly scheduled updates that RIP routers send. To configure the ONS 15454 SDH for RIP, see the "Set Up or Change Routing Information Protocol" procedure.

Procedure: Set Up or Change Routing Information Protocol

Purpose

Use this procedure to enable RIP on the ONS 15454 SDH. Perform this task if you want to include the ONS 15454 SDH in RIP-enabled networks.

Prerequisite Procedures

"Log Into CTC" procedure

You will need to create a static route to the router adjacent to the ONS 15454 SDH in order for the ONS 15454 SDH to send its routing information out to the network. See the "Create a Static Route" procedure for more information.

Onsite/Remote

Onsite or remote


Step 1   Display the node view.

Step 2   Click the Provisioning > Network > RIP tabs.

Step 3   Check the RIP Active? check box if you are activating RIP.

Step 4   Choose either RIP Version 1 or RIP Version 2 from the drop-down menu, depending on which version is supported in your network.

Step 5   Set the RIP metric. The RIP metric can be set to a number between 1 and 15 and represents the number of hops.

Step 6   Under Authentication, select the authentication type. If the router where the ONS 15454 SDH is connected requires authentication, choose Simple Password. Otherwise, choose No Authentication. (default). You must click the No Authentication button to choose the Simple Password option.





4.10 Scenario 9: Using the Proxy Server Features

The ONS 15454 proxy server is a set of functions that allows you to network ONS 15454 SDH nodes in environments where visibility and accessibility between ONS 15454s and CTC computers must be restricted. For example, you can set up a network so that field technicians and network operation center (NOC) personnel can both access the same ONS 15454 SDH nodes while preventing the field technicians from accessing the NOC LAN. To do this, one ONS 15454 SDH is provisioned as a gateway NE (GNE) and the other ONS 15454 SDH nodes are provisioned as element NEs (ENEs). The GNE ONS 15454 SDH tunnels connections between CTC computers and ENE ONS 15454 SDH nodes, providing management capability while preventing access for non-ONS 15454 SDH management purposes.

The ONS 15454 SDH proxy server performs the following tasks:

  • Isolates DCC IP traffic from Ethernet (craft port) traffic and accepts packets based on filtering rules. The filtering rules (see Table 4-5 and Table 4-6) depend on whether the packet arrives at the ONS 15454 SDH DCC interface or the TCC-I Ethernet interface.
  • Monitors ARP request packets on its Ethernet port. If the ARP request is from an address that is not on the current subnet, the ONS 15454 SDH creates an entry in its ARP table. The ARP entry allows the ONS 15454 SDH to reply to an address over the local Ethernet so craft technicians can connect to ONS 15454 SDH nodes without changing the IP addresses of their computers.
  • Processes SNTP/NTP requests. Element ONS 15454 SDH NEs can derive time of day from an SNTP/NTP LAN server through the GNE ONS 15454 SDH.
  • Process SNMPv1 traps. The GNE ONS 15454 SDH receives SNMPv1 traps from the ENE ONS 15454 SDH nodes and forwards them to all provisioned SNMPv1 trap destinations.

The ONS 15454 SDH proxy server is provisioned using the following three check boxes in the Provisioning > Network > General tab (see Figure 4-13):

  • Craft Access Only—When this option is enabled, the ONS 15454 SDH neither installs nor advertises default or static routes. CTC computers can communicate with the ONS 15454 SDH, but they cannot communicate directly with any other DCC-connected ONS 15454 SDH.
  • Enable Proxy—When this option is enabled, the ONS 15454 SDH serves as a proxy for connections between CTC clients and ONS 15454 SDH nodes that are DCC-connected to the proxy ONS 15454 SDH. The CTC client establishes connections to DCC-connected nodes through the proxy node. The CTC client can connect to nodes that it cannot directly reach from the host on which it runs. If Enable Proxy is off, the node does not establish proxy connections for any CTC clients, although any established proxy connections will continue until the CTC client exits.
  • Enable Firewall—If this option is selected, the node prevents IP traffic from being routed between the DCC and the LAN port. The ONS 15454 SDH can communicate with machines connected to the LAN port or connected through the DCC. However, the DCC-connected machines cannot communicate with the LAN-connected machines, and the LAN-connected machines cannot communicate with the DCC-connected machines. A CTC client using the LAN to connect to the firewall-enabled node can use the proxy capability to manage the DCC-connected nodes that would otherwise be unreachable. A CTC client connected to a DCC-connected node can only manage other DCC-connected nodes and the firewall itself.

Figure 4-13   Proxy server gateway settings


Figure 4-14 shows an ONS 15454 SDH proxy server implementation. A GNE ONS 15454 SDH is connected to a central office LAN and to ENE ONS 15454 SDH nodes. The central office LAN is connected to a NOC LAN, which has CTC computers. The NOC CTC computer and craft technicians must both be able to access the ONS 15454 SDH ENEs. However, the craft technicians must be prevented from accessing or seeing the NOC or central office LANs.

In the example, the ONS 15454 SDH GNE is assigned an IP address within the central office LAN and is physically connected to the LAN through its LAN port. ONS 15454 SDH ENEs are assigned IP addresses that are outside the central office LAN and given private network IP addresses. If the ONS 15454 SDH ENEs are co-located, the craft LAN ports could be connected to a hub. However, the hub should have no other network connections.


Figure 4-14   Scenario 9: ONS 15454 SDH Proxy Server with GNE and ENEs on the same subnet


Table 4-4 shows recommended settings for ONS 15454 SDH GNEs and ENEs in the configuration shown in Figure 4-14.

Table 4-4   ONS 15454 SDH Gateway and Element NE Settings

Setting  ONS 15454 SDH Gateway NE  ONS 15454 SDH Element NE 

Craft Access Only

Off

On

Enable Proxy

On

On

Enable Firewall

On

On

OSPF

Off

Off

SNTP Server (if used)

SNTP server IP address

ONS 15454 SDH GNE IP address

SNMP (if used)

SNMPv1 trap destinations

Set SNMPv1 trap destinations to ONS 15454 SDH GNE

Figure 4-15 shows the same proxy server implementation with ONS 15454 SDH ENEs on different subnets. Figure 4-16 shows the implementation with ONS 15454 SDH ENEs in multiple rings. In each example, ONS 15454 SDH GNEs and ENEs are provisioned with the settings shown in Table 4-4.


Figure 4-15   Scenario 9: ONS 15454 SDH Proxy Server with GNE and ENEs on different subnets



Figure 4-16   Scenario 9: ONS 15454 SDH Proxy Server with ENEs on multiple rings


Table 4-5 shows the rules the ONS 15454 SDH follows to filter packets when Enable Firewall is enabled. If the packet is addressed to the ONS 15454 SDH, additional rules, shown in Table 4-6, are applied. Rejected packets are silently discarded.

Table 4-5   Proxy Server Firewall Filtering Rules

Packets Arrive At  Accepted 

TCC-I Ethernet Interface

  • The ONS 15454 SDH itself
  • The ONS 15454 SDH's subnet broadcast address
  • Within the 224.0.0.0/8 network (reserved network used for standard multicast messages)
  • 255.255.255.255

DCC Interface

  • The ONS 15454 SDH itself
  • An OSPF peer (another DCC-connected ONS 15454 SDH)
  • Within the 224.0.0.0/8 network

Table 4-6   Proxy Server Firewall Filtering Rules When Packet Addressed to ONS 15454 SDH

Packets Arrive At  Accepted  Rejected 

TCC-I Ethernet Interface

  • All UDP packets except those in the Rejected column
  • UDP packets addressed to the SNMP trap relay port (391) are rejected.

DCC Interface

  • All UDP packets
  • All TCP packets except those in the Rejected column
  • OSPF packets
  • ICMP packets
  • TCP packets addressed to the Telnet port are rejected.
  • TCP packets addressed to the IO card Telnet ports are rejected.
  • TCP packets addressed to the proxy server port are rejected.
  • All other packets are rejected.

If you implement the proxy server, keep the following rules in mind:

1. All DCC-connected ONS 15454 SDH nodes on the same Ethernet segment must have the same Craft Access Only setting. Mixed values will produce unpredictable results, and may leave some nodes unreachable through the shared Ethernet segment.

2. All DCC-connected ONS 15454 SDH nodes on the same Ethernet segment must have the same Enable Firewall setting. Mixed values will produce unpredictable results. Some nodes may become unreachable.

3. All DCC-connected ONS 15454 SDH nodes in the same SDCC area must have the same Enable Firewall setting. Mixed values will produce unpredictable results. Some nodes may become unreachable.

4. If you check Enable Firewall, always check Enable Proxy. If Enable Proxy is not checked, CTC will not be able to see nodes on the DCC side of the ONS 15454 SDH.

5. If Craft Access Only is checked, check Enable Proxy. If Enable Proxy is not checked, CTC will not be able to see nodes on the DCC side of the ONS 15454 SDH.

If nodes become unreachable in cases 1 and 2, you can correct the setting by performing one of the following:

  • Disconnect the craft computer from the unreachable ONS 15454 SDH. Connect to the ONS 15454 SDH through another ONS 15454 SDH in the network that has a DCC connection to the unreachable ONS 15454 SDH.
  • Disconnect the Ethernet cable from the unreachable ONS 15454 SDH. Connect a CTC computer directly to the ONS 15454 SDH.

4.11 Viewing the ONS 15454 SDH Routing Table

ONS 15454 SDH routing information is displayed on the Maintenance > Routing Table tabs (Figure 4-17). The routing table provides the following information:

  • Destination—Displays the IP address of the destination network or host.
  • Mask—Displays the subnet mask used to reach the destination host or network.
  • Gateway—Displays the IP address of the gateway used to reach the destination network or host.
  • Usage—Shows the number of times this route has been used.
  • Interface—Shows the ONS 15454 SDH interface used to access the destination. Values are:
    • cpm0—The ONS 15454 SDH Ethernet interface, that is, the RJ-45 jack on the TCC-I and the LAN connectors on the MIC-C/T/P FMEC.
    • pdcc0—An SDCC interface, that is, an STM-N trunk card identified as the SDCC termination.
    • lo0—A loopback interface.

Figure 4-17   Viewing the ONS 15454 SDH routing table


Table 4-7 shows sample routing entries for an ONS 15454 SDH.

Table 4-7   Sample Routing Table Entries

Entry  Destination  Mask  Gateway  Interface 

1

0.0.0.0

0.0.0.0

172.20.214.1

cpm0

2

172.20.214.0

255.255.255.0

172.20.214.92

cpm0

3

172.20.214.92

255.255.255.255

127.0.0.1

lo0

4

172.20.214.93

255.255.255.255

0.0.0.0

pdcc0

5

172.20.214.94

255.255.255.255

172.20.214.93

pdcc0

Entry 1 shows the following:

  • Destination (0.0.0.0) is the default route entry. All undefined destination network or host entries on this routing table will be mapped to the default route entry.
  • Mask (0.0.0.0) is always 0 for the default route.
  • Gateway (172.20.214.1) is the default gateway address. All outbound traffic that cannot be found in this routing table or is not on the node's local subnet will be sent to this gateway.
  • Interface (cpm0) indicates that the ONS 15454 SDH Ethernet interface is used to reach the gateway.

Entry 2 shows the following:

  • Destination (172.20.214.0) is the destination network IP address.
  • Mask (255.255.255.0) is a 24-bit mask, meaning that all addresses within the 172.20.214.0 subnet can be a destination.
  • Gateway (172.20.214.92) is the gateway address. All outbound traffic belonging to this network is sent to this gateway.
  • Interface (cpm0) indicates that the ONS 15454 SDH Ethernet interface is used to reach the gateway.

Entry 3 shows the following:

  • Destination (172.20.214.92) is the destination host IP address.
  • Mask (255.255.255.255) is a 32 bit mask, meaning that only the 172.20.214.92 address is a destination.
  • Gateway (127.0.0.1) is a loopback address. The host directs network traffic to itself using this address.
  • Interface (lo0) indicates that the local loopback interface is used to reach the gateway.

Entry 4 shows the following:

  • Destination (172.20.214.93) is the destination host IP address.
  • Mask (255.255.255.255) is a 32 bit mask, meaning that only the 172.20.214.93 address is a destination.
  • Gateway (0.0.0.0) means the destination host is directly attached to the node.
  • Interface (pdcc0) indicates that an SDH SDCC interface is used to reach the destination host.

Entry 5 shows a DCC-connected node that is accessible through a node that is not directly connected:

  • Destination (172.20.214.94) is the destination host IP address.
  • Mask (255.255.255.255) is a 32-bit mask, meaning only the 172.20.214.94 address is a destination.
  • Gateway (172.20.214.93) indicates that the destination host is accessed through a node with IP address 172.20.214.93.
  • Interface (pdcc0) indicates that an SDH SDCC interface is used to reach the gateway.