Knowledge Base  

New Search
References
Support

Spoofing and Connection Management

Article Number: H007
Article Type: HowTo
Modified: December 2, 1998

SUMMARY

This article provides information on how to configure an Orbitor to perform Connection Management and Spoofing in an ISDN environment.

Spoofing is the act of making a server or workstation believe that there is still a physical path to the other, when in fact, it may be currently disconnected.

Connection Management is the process of managing the availability of this physical path.

This article is a very detailed step-by-step account of what is required to configure the Orbitor router from start to finish to operate in a Connection Managed/Spoofing environment. It covers the configuration of parameters in different scenarios offering insight into the use of these parameters in other applications. This is all with an eye towards optimizing the use of the Orbitor in your application.

Please note that the Orbitor NetWizard, a JAVA-based applet, simplifies installation of the Orbitor router significantly. It removes many of the intermediate steps detailed herein. However, this article intends to show the various features and how they are used to achieve specific functionality, and therefore contains many more additional steps than what you might need during an actual installation.

MORE INFORMATION

When should I use spoofing?

If you are using ISDN and are being charged for the time that the connection is established, you should use spoofing and connection management.

Also, spoofing is valuable when you must maintain such items as routes to ensure that a user session is maintained when an ISDN circuit disconnects.

Why should I use spoofing?

Using connection management and spoofing will serve to reduce usage charges that are otherwise unnecessary. By monitoring the traffic flow, the Orbitor can decide when to activate the ISDN call, and when to disconnect it for optimal cost-efficiencies.

Spoofing

Spoofing is a very simple concept--create the illusion that a physical connection exists when it doesn't. To accomplish this task, the Orbitor must maintain an understanding of the remote location to which it is connected. The sessions between workstations and servers, the routes that are required to reach this remote location and its resources, and any advertised services that must be replicated onto the local LAN are all examples of items that need to be maintained by the Orbitor.

It must also respond to local requests for remote services and decide whether it can service it locally, or send the request to the remote location. Of course, this occurs transparently to the user.

Connection Management

Connection Management monitors traffic over a given physical connection and decides if the connection should be disconnected, maintained, or reconnected. This process is managed by the Connection Management Control Protocol (CMCP) which can be negotiated when a connection is first established to a remote location.

The Terminology

There are various terms used to describe the states of a CMCP-managed connection and the various operations of spoofing. These terms are used throughout this article and are listed here for clarity:

  • Session - Describing the end-to-end logical connection of a workstation and server
  • Circuit - Describing the logical connection between two CMCP-participating routers
  • Call - Describing the physical ISDN connection between two routers
  • Active - Describing the current connected state of an ISDN call over a CMCP-managed circuit
  • Suspending - Describing the action of disconnecting an active ISDN call, and placing the CMCP-managed circuit into the mode of spoofing
  • Suspended - Describing the current unconnected state of an ISDN call over a CMCP-managed circuit - Spoofing active
  • Resume - Describing the action of reconnecting a currently suspended CMCP-managed circuit
  • Terminate - Describing the action of closing an ISDN call and its corresponding CMCP-managed circuit - Stop Spoofing
  • Interesting Traffic - Describing that data which will be used to determine if a circuit should be suspended (indicating the lack of Interesting Traffic), resumed (indicating the recent detection of Interesting Traffic), or maintained (indicating that Interesting Traffic is currently present).
  • Remote Site - Describes the remote location or remote router
  • Remote Site Profile - Contains the configuration required to support a remote site

CONFIGURATION

When it comes time to configure an Orbitor product to operate in an ISDN environment, and you want to use Connection Management, follow the steps outlined in the subsequent sections of this article. They will identify the key parameters to use, the parameters to consider, and the parameters to stay away from.

Network Setup

The following diagram and table depicts the network used in this configuration example.

Network Setup Diagram
ISDN NumbersValue
Router A44 1234 567 890
NET3
Router B1 416 667 9812
NI-1

Router A is a router located in the United Kingdom, while Router B is located in Canada. Obviously, this is a good example of where you'll want to reduce ISDN call charges. The international flavour of this application has been selected to demonstrate how each router would be configured to support both a typical European configuration and a typical North American configuration.

Required Configuration Elements

There are a few parameters that are required to make this application function properly. Listed below are these parameters:

  1. CMCP - This protocol must be enabled
  2. IPX DMR Enabled - Set to "Link_up_only"
  3. IP Triggered RIP - Set to "Link_up_only"
  4. PPP Authentication - To ensure proper selection of the remote site during circuit resumption

Configured on a per-remote site basis, CMCP is the control protocol that is used to control and manage the ISDN circuit between the two routers. When enabled, two CMCP-enabled routers will negotiate various circuit parameters like how to call one another during resumption activities, when to suspend, and when to terminate the call.

Step-by-Step

The procedure listed below assumes that the Orbitor has had the IP Routing, IPX Routing (if so required), and ISDN configuration completed properly. This procedure outlines the requirements to configure the Remote Site profile for use in a CMCP-enabled application.

Remote Site Profile Configuration

The steps listed below are described in detail so please follow them closely.

For the purposes of this example, the configuration has been specified for an Orbitor 500. However, the same configuration can be applied to other Orbitor products as well.

If you are not currently connected to the console of the Orbitor please do so now. You'll need to login, providing the password of the console. You should now be at the MAIN Menu.

Router B Configuration

The following steps are similar for both Router A and Router B. However, the actual ISDN numbers called are different on each, and therefore must be presented seperately.

  1. Go to the 'Configuration Menu' and choose 'WAN Setup', then choose 'Remote Site Setup', then choose 'Edit Remote Site'.

    You will be prompted for 'Remote site id or alias'.

    Enter a name that will reflect the use of the connection, such as 'LOCAL' and press 'enter'. * Remember this name (it is case sensitive), you will need it in later steps.

  2. You will be at the menu entitled 'EDIT REMOTE SITE 1 MENU'

  3. You will be immediately prompted for the 'Remote site type (interoperable or spoofing)' Enter 'spoofing' and press 'enter'.

    Selecting the 'spoofing' option changes the default values of some parameters in the Remote Site profile.

  4. Choose 'Circuit Set-up', then 'ISDN call set-up', then 'ISDN number' and enter the local ISDN number for Router A (567 890).

    This is the number that your Orbitor 500 ISDN Router will call when it needs to connect to the LOCAL Router. If you are trying to connect both B-channels in a Loadsharing configuration, you should enter the second ISDN number under 'Alternate ISDN number'. Again, do not enter spaces or dashes in the phone number.

  5. Select the 'Call you' option and enter the ISDN number prefix that Router B must dial in order to call Router A (011 44 1234)

  6. Select the 'Call me' option and enter the ISDN number prefix that Router A should use to dial back to Router B (00 1 416).

    Please note that the selection of the ISDN numbers and the Call you and Call me parameters are important to the operation of the router. For additional details on setting these values, please consult the CONSIDERATIONS section further on in this article.

  7. Tab back to the 'EDIT REMOTE SITE 1 CIRCUIT SET-UP MENU' and choose 'Inactivity timer'.

    Enter the time (in seconds) that you want the Orbitor 500 ISDN Router to wait before dropping the connection to Router A.

    This should be several minutes and should be selected based upon the nominal 'billing period' of your local telephone company. Three (3) minutes is common, although your area may charge incremental call charges at a faster rate (i.e. 1 minute).

    When traffic activity ceases over the ISDN line, the Orbitor 500 will wait the selected amount of time before disconnecting from Router A. This feature can save on connect charges depending on how your local telephone company charges for ISDN service.

  8. You may also choose to modify the Usage and Call limit parameters in this menu. For a discussion of these two parameters and their importance please read article T001 - Putting a Cap on ISDN Charges.

  9. Tab back to 'EDIT REMOTE SITE 1 SET-UP MENU' and chose 'Security Parameters' menu.

    Setting the Security parameters not only ensures a level of security for your application, but the authentication process is also used for choosing the proper remote site profile during an incoming call.

    When a call is received and authenticated, the Orbitor 'attaches' the call to a Remote Site Profile based upon the authenticated User Name received. If these parameters are not set up correctly, the resumption of the CMCP-enabled circuit may not occur correctly affecting the integrity of the active spoofed sessions.

  10. Select 'Outgoing User Name' and enter the name of Router B (this router). In this example, 'REMOTE' can be used.

    The name specified must be the same as the name given to the Remote Site Profile configured on Router A.

    For this example, we've chosen not to configure the PAP password or CHAP secret--a password is not required to complete authentication. However, you may chose to specify these paramters for additional security.

There are other parameters that must be configured in order for this application to work properly. However, these parameters are common for both Router A and Router B. As such, they are presented in a section of their own further on in this article.

Router A Configuration

The following steps are similar to Router B.

  1. Tab to the 'Configuration Menu' and choose 'WAN Setup', then choose 'Remote Site Setup', then choose 'Edit Remote Site'.

    You will be prompted for 'Remote site id or alias'.

    Enter a name that will reflect the use of the connection, such as 'REMOTE' and press 'enter'. * Remember this name (it is case sensitive), you will need it in later steps.

  2. You will be at the menu entitled 'EDIT REMOTE SITE 1 MENU'

  3. You will be immediately prompted for the 'Remote site type (interoperable or spoofing)' Enter 'spoofing' and press 'enter'.

    Selecting the 'spoofing' option changes the default values of some parameters in the Remote Site profile.

  4. Choose 'Circuit Set-up', then 'ISDN call set-up', then 'ISDN number' and enter the local ISDN number for Router B (667 9812).

    This is the number that this Orbitor 500 ISDN Router will call when it needs to connect to the REMOTE Router. If you are trying to connect both B-channels in a Loadsharing configuration, you should enter the second ISDN number under 'Alternate ISDN number'. Again, do not enter spaces or dashes in the phone number.

  5. Select the 'Call you' option and enter the ISDN number prefix that Router A must dial in order to call Router B (00 1 416)

  6. Select the 'Call me' option and enter the ISDN number prefix that Router B should use to dial back to Router A (011 44 1234).

    Please note that the selection of the ISDN numbers and the Call you and Call me parameters are important to the operation of the router. For additional details on setting these values, please consult the CONSIDERATIONS section further on in this article.

  7. Tab back to the 'EDIT REMOTE SITE 1 CIRCUIT SET-UP MENU' and choose 'Inactivity timer'.

    Enter the time (in seconds) that you want the Orbitor 500 ISDN Router to wait before dropping the connection to Router B.

    This should be several minutes and should be selected based upon the nominal 'billing period' of your local telephone company. Three (3) minutes is common, although your area may charge incremental call charges at a faster rate (i.e. 1 minute).

    When traffic activity ceases over the ISDN line, the Orbitor 500 will wait the selected amount of time before disconnecting from Router B. This feature can save on connect charges depending on how your local telephone company charges for ISDN service.

  8. You may also choose to modify the Usage and Call limit parameters. For a discussion of these two parameters and their importance please read article T001 - Putting a Cap on ISDN Charges.

  9. Tab back to 'EDIT REMOTE SITE 1 SET-UP MENU' and chose 'Security Parameters' menu.

    Setting the Security parameters not only ensures a level of security for your application, but the authentication process is also used for choosing the proper remote site profile during an incoming call.

    When a call is received and authenticated, the Orbitor 'attaches' the call to a Remote Site Profile based upon the authenticated User Name received. If these parameters are not set up correctly, the resumption of the CMCP-enabled circuit may not occur correctly affecting the integrity of the active spoofed sessions.

  10. Select 'Outgoing User Name' and enter the name of Router A (this router). In this example, 'LOCAL' can be used.

    The name specified must be the same as the name given to the Remote Site Profile configured on Router B.

    For this example, we've chosen not to configure the PAP password or CHAP secret--a password is not required to complete authentication. However, you may chose to specify these paramters for additional security.

Protocol Set-Up

This section refers to protocol specific parameters and the associated Control Protocols. The settings for these parameters are common for both Router A and Router B.

When you first created a Remote Site profile, you selected the "spoofing" option. This option automatically configures all of the parameters listed in this Protocol Set-Up section. However, the configuration of these parameters is listed here for completeness.

After you have completed the configuration listed above, you'll be located at the 'Security Parameters' menu. Tab back to the 'EDIT REMOTE SITE 1 SET-UP MENU' and select 'Protocol Set-Up'.

  1. Selecting the 'CMCP' option will take you to the CMCP menu. Ensure that CMCP is enabled. Tab back to the 'Protocol Set-Up' menu

  2. Select 'IP parameters menu'. On this menu you may define the IP Addresses for this link (if so required by your application) and other parameters that may be required for IP routing to operate in this application.

  3. Select the 'IP Routing menu' option, and select 'Triggered RIP'. Set this parameter to 'Link_up_only'.

    For additional information regarding this Routing Protocol selection, review article I005 - LAN/WAN Routing Protocols in Orbitor Networks".

    Tab back to the 'Protocol Set-Up' menu

  4. Select the 'IPX Parameters' option, and select 'IPX DMR enabled' and ensure it is set to 'Link_up_only'.

You have completed the set-up of the Protocol Set-up menu parameters. These settings should be made on both routers to ensure proper operation. Also, please refer to the section on CONSIDERATIONS for other parameters that should be considered.

Finalizing the Set-up

The only remaining step to allow the proper operations of Connection Management and Spoofing is to enable the 'Auto-call' parameter located in the 'Circuit Set-Up' menu. Auto-call must be enabled on both routers to ensure proper operations.

Once this parameter is enabled, the units will start to call each other and establish the CMCP-enabled circuit.

CONSIDERATIONS

For brevity, there are other parameters omitted from these instructions that might be necessary to configure in order to have the Orbitors operate properly in your network. Such parameters as Bandwidth on Demand, Schedules activation of the circuit, Network Address Translation and the use of the NetSafe Firewall are all examples of items not discussed here. Please review the Orbitor Reference Manual for details on these parameters.

Call you/Call me

The use or the requirement of the Call you and Call me prefixes is not always obvious but it is important to understand. These two parameters work in concert with the 'ISDN number' and 'Alternate ISDN number' parameters that are configured in the 'ISDN call Set-up' menu. Together, they form the full number to dial to reach the remote device. As well, it is used to help the remote router call back to reach 'this' router.

From our example, you may have gleened that we configured the local ISDN number of the remote router into the 'ISDN Number' parameter and configured the required long distance information into the 'Call you' parameter. The 'ISDN number' represents what is normally used as the ISDN Directory number of the unit. The Directory number is always the number that can be used to reach the unit from a local telephone/device.

The 'ISDN number' parameter should only ever contain that ISDN number that is required to contact the unit from a local telephone.

If we are using Router B as an example, to call you (Router A) Router B will dial <Call you>+<ISDN number>, which translates to 011 44 1234 567 890.

The same process is used in reverse for Router A, combining the 'Call you' fields with the 'ISDN number' to form the ISDN number of the other unit.

The Call me field is present to inform the 'other' router how to call back to 'this' router. To understand this, you must generally understand the process used to initially establish the CMCP-enabled circuit.

For simplicity, let's assume Router A calls Router B. When Router A calls Router B, Router A must inform Router B of how to call it back during a circuit resumption event. It does this by conveying both its local ISDN Directory number and the 'Call me' prefix. With this information. Router B has all the information required to call Router A back if it wanted to resume the circuit on its own.

Routing is Required

To perform spoofing the Orbitor relies on the use of the IP or IPX router to properly support the session and route management that is required to fully "spoof" the LAN environment. This implies that spoofing will not operate in a bridging-only environment.

A FINAL NOTE

As mentioned in the opening sections of this article, there are only four (4) parameters that are absolutely required to ensure that CMCP and spoofing will operate properly. We have covered many other steps and parameters that influence the operation of the session, but fundamentally do not change the basic function of these features.

Given the importance of these features to reduce on-line ISDN call charges, if you should not understand any part of this article, please contact Develcon Support Services directly.

REFERENCES

For additional details on this topic, you may wish to refer to the Orbitor Reference Manual.§
Keywords: ISDN, spoofing, CMCP, PPP, IP, IPX
Product: Orbitor
Model: All

Copyright © 1998 Develcon Electronics Ltd.  All Rights Reserved.