The Abilis supports two types of virtual tunneling, which can be applied to different level 2 links:
Both virtual tunnels support several operation modes:
Tunnelling Mode
Table 38.1. Tunnelling modes
Mode | Description | Note |
---|---|---|
STD | Standard | No out-of-sequence packet reordering! Use
STD only for tunnels through LAN and high
quality WAN. |
EXT | Extended | EXT supports out-of-sequence packet
reordering, extended statistics and diagnostics. Use
EXT for PV or AIPT tunnels through WAN,
when both linked Abilis have a static IP Address. |
EXT-SERVER | Extended Server | Use the combination of EXT-SERVER
and EXT-CLIENT, for PV or AIPT tunnels, when
one side has a dynamic IP address (client) and the other side
has a static address (the server must have a static IP
address). |
EXT-CLIENT | Extended Client | EXT client is also to be used in
PV or AIPT tunnels when
Abilis is placed behind a router doing NAT/PAT |
ART Protocol: “Abilis Redundant Tunneling” sends the same information on two different lines. The receiving Abilis discards the packet which arrives second (out-of sequence). The probability that the same packet is lost on both links equals the product of the original probabilities. Example: two links with 10% failure rate (a very high one!) ends up with 1%, which is normally negligible
Tip | |
---|---|
It's advisable to use ART ONLY with lines with the same speed. In case of lines with different speeds, the packets are sent with the maximum speed of the slower line. |
Backup over ISDN: in case of failure of the permanent VPN connection, the Abilis PV or AIPT tunnels may be instantaneously switched onto ISDN backup lines.
Link Check: it's a procedure used to detect end-to-end link (or emulated p-link) real functioning, regardless of the lower protocol layer states.
Encryption: it activates the cryptography of the data sent on the virtual VPN and define up to 63 256 bit cryptography key (exist also a default cryptography key that can be used in configuration).
MPX (Multiplexing): this owner protocol allows to share the same link (VPN) for transmission of data and packetized voice (also Link Check, if enabled).
VRED Protocol: Abilis “Voice Redundancy” duplicates VOICE and/or FAX packets by repeating a packet when the subsequent one has to be sent. This method is similar to the redundancy used in SIP for T38 packets. The receiving Abilis discards the packet which arrives second (out-of sequence). The probability that the same packet is lost in two different moments is therefore reduced.
LOG: activates/deactivates logging functionalities of meaningful events of the VPNs. These functionalities can be applied to IP tunnel or Link Level.
Link check allows to automatically manage an eventual “True link backup” (onto ISDN line) in case of failure of the permanent VPN connection. When activating a packet voice or IP tunnel, Abilis checks continuously the link using the parameters below:
LLOG
Link Check logging activation/deactivation.
LMPX
Activates the multiplexing of DATA,
“Link-Check”, VOICE frames type
[NO
: Abilis MPX multiplexing isn't active;
YES
: Abilis MPX multiplexing is active only for
the data protocols LAPB and LINK-FR; EXT
:
Abilis MPX multiplexing is active for ANY data protocol]. The
default value is YES;
LC
Enables/disables the use of the “Link-Check” protocol, and consequently the transmission of “Link-check” frames. The link-check protocol is automatically disabled when MPX:NO. Note:with LC:NO the “true link backup” is disabled. The default value is YES;
LCR
Enables and selects the cryptography to be applied on the
frames passing through the resource. Cryptography can be
selectively applied to the different traffic types (VOICE and
DATA). [NO
: no cryptography is applied;
DATA
: cryptography is applied only on DATA
traffic type; VOICE
: cryptography is applied
only on VOICE traffic type; ALL
: cryptography
is always in use, whatever is the traffic data type].
LCRKEY
Selects the key to be used for cryptography operations.
Users can choose either the default key supplied by the system
(LCRKEY:DFT), or one of the keys defined in the cryptography keys
table, in which case the numeric value (from 1 to 63)
corresponding to the desired LCRKEY has to be specified. If the
configured value refers to a missing LCRKEY it will be shown
inside square brackets (e.g.
CRKEY
:[5]
means that the key
number 5 isn't present in the table). If the parameter LCR is set
to NO
, the value of LCRKEY is useless.
LT1
Maximum time to wait for a Link-Check “probe” acknowledge. If this time elapses without receiving the acknowledge the “probe” is immediately repeated, as a result “not acknowldged probes” are repeated every LT1 milliseconds. The default is 3000;
LT3
This is the time interval between a correctly sent and acknowledged Link-Check “probe” and the next one to send while the link is regularly working (e.g. P-LINK state is READY). It has relationships with the parameter LT1: and it has to satisfy the simple rule: LT3 > LT1 * 2. The default is 9000;
LN2
Sets the maximum number of Link-Check “probes” retransmission. The default is 3.
Tip | |
---|---|
Refer to chapter Section 38.5, “Appendix - LN2 parameter” to have more information about LN2 parameter. |
LCOMP
Set the compression type to use for an ip resource with subtype AIPT[-BCK], DL[-BCK], ML, BCH. Data Compression is available only under licence.[NO: compression not active, LZO1X: is often the best choice of all, LZO1B: is good with a large blocksize or with very redundant data, LZO1F: s good with a small blocksize or with binary data]
These parameters are in the link section:
[10:42:48] ABILIS_CPX:d p ip-5
RES:Ip-5 - Not Saved (SAVE CONF), Not Refreshed (INIT) ------------------------
- IP over IP (Abilis tunnel) (AIPT) ------------------------------------
New DESCR:
OPSTATE:UP LOG:NO STATE-DETECT:NORMAL
FRAG:NO
IPADD:000.000.000.000 MASK:255.255.255.255 NEIGH:000.000.000.000
REDIS:YES HIDE:NO RP:NONE IPSEC:NO VRRP:NO
NAT:NO DIFFSERV:NO DDNS:NO
OUTBUF:100 OUTQUEUE:FAIR MTU:1500
OUTSPL:NO
INBUF:0 mru:1500 SRCV:NO
- TRFA section ---------------------------------------------------------
TRFA:NO
- Link -----------------------------------------------------------------
LLOG:DS LMPX:YES LC:YES LCOMP:NO LCR:NO
LT1:3000 LT3:9000 LN2:3 LCRKEY:DFT
- IP Tunnel ------------------------------------------------------------
TLOG:NO MODE:STD D-TOS:0-N V-TOS:0-D C-TOS:0-D
MPX:NO
LOCPORT:2105 REMPORT:2100 CR:NO CRKEY:DFT
OUT-IP:AUTO
LOCIPADD:R-ID (192.168.000.201) REMIPADD:#
The Abilis sends a link-check every LT3 msec. If there's no response, Abilis sends it again every LT1 msec for LN2 times. Using the default values it can take from 9 to 18 seconds to consider the link down.
The default values can be changed using the syntax:
s p pv-<id> par:<value> for a PV tunnel
s p ip-<id> par:<value> for an AIPT tunnel.
Tip | |
---|---|
LT1 parameter has relationships with the parameter T1: and it has to satisfy the simple rule: T3 > T1 * 2. |