[Top][Contents][Prev][Next][Last]Search

Ascend Tunnel Management Protocol

This chapter contains the following sections:
Introduction to ATMP
Network settings for ATMP
Configuring ATMP Foreign Agents
Configuring ATMP Home Agents
Configuring an ATMP Home-and-Foreign-Agent

Introduction to ATMP

The MAX TNT supports Ascend Tunnel Management Protocol (ATMP) for Virtual Private Network (VPN) connectivity. A VPN provides low-cost remote access to private LANs across the Internet.

ATMP is a UDP/IP-based protocol for tunneling between two Ascend units across an IP network. Data is transported through the tunnel in Generic Routing Encapsulation (GRE), as described in RFC 1701. For a complete description of ATMP, see RFC 2107, K. Hamzeh, Ascend Tunnel Management Protocol - ATMP.

Figure 7-1 shows one use for ATMP tunneling: Mobile Clients dial into a local ISP to log into a distant LAN across the Internet. ATMP creates and tears down a cross-Internet tunnel between the two Ascend units. In effect, the tunnel collapses the IP cloud and provides what looks like direct access to a Home Network.

Figure 7-1. ATMP tunnel from an ISP to a corporate Home Network

A Mobile Client dials into the Foreign Agent, which authenticates the Connection profile (or RADIUS profile) and brings up an IP connection to the specified Home Agent.

The Foreign Agent then requests a tunnel for the connected Mobile Client. The Home Agent authenticates the tunnel request (by password), and then registers the tunnel and assigns it an ID. If the Home Agent refuses the tunnel, the Foreign Agent disconnects the Mobile Client.

If the tunnel is successfully established, the Home Agent forwards or routes tunneled data to the Home Network. The Home Agent must be able to access the Home Network, either as a gateway (forwarding the packets it receives through a tunnel across a WAN connection) or by routing the packets.

Network settings for ATMP

This section describes settings related to the IP connection between Ascend units, settings related to the UDP communication required to establish tunnels, and settings related to packet fragmentation and reassembly.

System reset requirement

When you change the setting of the UDP-Port parameter in the ATMP profile of a Home Agent, a system reset is required for the ATMP subsystem to recognize the new UDP port number.

When you change the Agent-Mode parameter from its default Tunnel-Disabled setting to any other setting, a system reset is required for the new value to take effect.

All other parameter settings in the ATMP profile take effect as soon as possible after writing the profile.

System IP address recommendation

Ascend recommends that you set the System-IP-Addr parameter in a MAX TNT that is operating as an ATMP agent, particularly if the unit has multiple interfaces into the IP cloud that separates it from other ATMP agents. There are two aspects to this recommendation:

Figure 7-2 shows a Home Agent and Foreign Agent, with two Ethernet interfaces connecting them. (The principle is the same if there were two WAN connections between the units.)

Figure 7-2. System IP addresses and routes between ATMP agents

When RIP is enabled on the IP interfaces between the two units, it advertises the system address on both ports. In this example, the Foreign Agent has the following system IP address and interface IP configuration for an Ethernet card installed in shelf-1, slot-1:

The Home Agent has the following system IP address and interface IP configuration for an Ethernet card installed in shelf-1, slot-7:

With this configuration, the Foreign Agent advertises a route on both of its Ethernet ports to its own system address, 10.100.100.100. Similarly, the Home Agent advertises a route on both of its Ethernet ports to its own system address, 10.100.100.101.

When the Home Agent receives the advertisements for 10.100.100.100, it selects one of the ports advertising the route and adds that route to its routing table. The next time the Home Agent establishes a connection with the Foreign Agent, it uses the port indicated in the routing table. If that port becomes unavailable (for example, if the cable is disconnected), the Home Agent soon updates its routing table to use the other port to connect to the Foreign Agent.

Setting the UDP port

By default, ATMP agents use UDP port 5150 to exchange control information while establishing a tunnel. If the Home Agent ATMP profile specifies a different UDP port number, all tunnel requests to that Home Agent must specify the same UDP port.

Note: A system reset is required for the ATMP subsystem to recognize the new UDP port number.

Specifying tunnel retry limits

The Retry-Timeout and Retry-Limit parameters in the ATMP profile work together to limit how many tunnel RegisterRequest messages (to open a tunnel) and DeregisterRequest messages (to close a tunnel) are sent and the number of seconds between each message. If a tunnel request fails, the Foreign Agent times out, logs a message, and disconnects the Mobile Client. If a tunnel request succeeds, the Home Agent assigns a tunnel ID and then the UDP port is no longer used for that tunnel. Data is transferred across the IP connection, using the GRE protocol.

The Retry-Timeout and Retry-Limit parameters have default settings that are appropriate for most sites, but you might want to increase or decrease the values based on the link between the Foreign Agent and Home Agent. For example, if the link is a dial-up connection, you might want to increase the values to allow sufficient time to establish the connection. Or, if the Foreign Agent and the Home Agent are on the same Ethernet segment, you might want to reduce the values to provide a quicker response to the Mobile Client when the Home Agent is unavailable.

If you increase the Retry-Timeout and Retry-Limit values, keep in mind that the values determine response time to Mobile Clients when the Home Agent is unavailable. If a tunnel is attempted via a secondary Home Agent and the secondary agent is also unavailable, the Mobile Client will wait for twice the specified period before being informed that the connection failed.

Setting an MTU limit

The Maximum Transmission Unit (MTU) of a link between a Foreign Agent and Home Agent is determined by the type of connection. The link may be a dial-up connection, a Frame Relay connection, or an Ethernet link, and it may be a local network or routed through multiple hops. If the link between devices is multi-hop (if it traverses more than one network segment), the path MTU is the minimum of the intervening segments.

Figure 7-1 shows an ATMP setup across a 100-BaseT Ethernet segment, which limits the path MTU to 1500 bytes.

Figure 7-3. Path MTU on an Ethernet segment

If any segment of the link between the agents has an MTU smaller than 1528, some packet fragmentation and reassembly will occur. Typically, it is desirable to push fragmentation and reassembly tasks to connection end-points: a Mobile Client and a device on the Home Network. When the MTU-Limit is specified, client software uses MTU discovery mechanisms to determine the maximum packet size, and then fragments packets before sending them.

How link compression affects the MTU

Compression affects which packets must be fragmented, because compressed packets are shorter than their original counterparts. If any kind of compression is on (such as VJ header or link compression), the connection can transfer larger packets due to link Maximum Receive Unit (MRU) requirements. If compressing a packet makes it smaller than the MRU, it may be sent across the connection whereas the same packet without compression would not.

How ATMP tunneling causes fragmentation

To transmit packets through an ATMP tunnel, the MAX TNT adds an 8-byte GRE header and a 20-byte IP header to the frames it receives. This can make the packet size larger than the MTU of the tunneled link, in which case the MAX TNT must either fragment the packet after encapsulating it, or reject the packet.

Fragmenting packets after encapsulating them has several disadvantages for the Foreign Agent and Home Agent. For example, it causes a performance degradation due to the extra overhead in both agents. It also means that the Home Agent device cannot be a GRF switch. (To maintain its very high aggregate throughput, a GRF switch does not perform reassembly.)

Pushing the fragmentation task to connection end-points

To avoid having ATMP agents fragment packets, you can either set up a link between the two units that has an MTU greater than 1528 (which means it cannot include Ethernet segments), or you can set the MTU-Limit parameter in the ATMP profile to a value that is 28 bytes less than the path MTU.

If MTU-Limit is set to zero (the default), the MAX TNT may have to fragment encapsulated packets before transmission. The other ATMP agent must then reassemble the packets.

If MTU-Limit is set to a non-zero value, the MAX TNT reports that value to the client software as the path MTU, causing the client to send packets at the specified size. This pushes the task of fragmentation and reassembly out to the connection end-points, lowering the overhead on the ATMP agents.

For example, if the MAX TNT is communicating with another ATMP agent across an Ethernet segment, you can set the MTU-Limit parameter to a value 28 bytes smaller than 1500 bytes, to enable the unit to send full-size packets that include the 8-byte GRE header and a 20-byte IP header without fragmenting them first. This is shown in the following example:

With this setting, the connection end-point sends packets with a maximum size of 1472 bytes. When the MAX TNT encapsulates them, adding 28 bytes to the size, the packets still do not violate the 1500-byte Ethernet MTU.

Forcing fragmentation to interoperate with outdated clients

Some clients normally send packets that are larger than the negotiated Maximum Receive Unit (MRU) with the Don't Fragment (DF) bit set in order to discover the path MTU. Those packets are normally returned to the client with an ICMP message that informs the client that the host is unreachable without fragmentation. This standard, expected behavior improves end-to-end performance by enabling the connection end-points to perform any required fragmentation and reassembly.

However, some outdated client software does not handle this process correctly and continues to send packets that are larger than the specified MTU-Limit. To enable the MAX TNT to interoperate with these clients, you can set the Force-Fragmentation parameter in the ATMP profile to Yes. The MTU-Limit parameter must also be set to a non-zero value for Force-Fragmentation to work.

When the MTU-Limit parameter is set to a non-zero value, you can set the Force-Fragmentation parameter to Yes to enable the MAX TNT to prefragment packets it receives that are larger than the negotiated MRU with the DF bit set. That is, when these two parameters are set, the MAX TNT ignores the DF bit and performs the fragmentation that normally should be performed by the client. It prefragments those packets, and then adds the GRE and IP headers.

Note: Setting the Force-Fragmentation parameter to Yes causes the MAX TNT to bypass the standard MTU discovery mechanism and fragment larger packets before encapsulating them in GRE. Because this changes expected behavior, it is not recommended except for ATMP interoperation with outdated client software that does not handle fragmentation properly.

Configuring ATMP Foreign Agents

To configure an ATMP Foreign Agent, you must set parameters in the ATMP profile, verify that the Foreign Agent can communicate across an IP link with the Home Agent, and configure Mobile-Client Connection profiles.

The link to the Home Agent may be any kind of connection (dial-up, nailed, Frame Relay, and so forth) or an Ethernet link, and it may be a local network or routed through multiple hops. The only requirement is that the two units can communicate over an IP network.

Configuring the Foreign Agent ATMP profile

The ATMP profile contains the following parameters related to a Foreign Agent configuration, which are shown with sample values:

Following is an example of configuring a minimal ATMP profile on a Foreign Agent:

Note: When you change the Agent-Mode parameter from its default Tunnel-Disabled setting to any other setting, you must reset the system for the new value to take effect.

If you see the following message when you read the ATMP profile:

create the profile by using this command:

Configuring Mobile-Client Connection profiles

 All Mobile-Client Connection profiles reside on the Foreign Agent side of the ATMP tunnel. A Foreign Agent can authenticate a Mobile Client locally in a Connection profile or externally in a RADIUS profile. This section describes how to configure local Connection profiles. For details about configuring Mobile-Client connections in RADIUS, see the MAX TNT RADIUS Guide. The Tunnel-Options subprofile of a local Connection profile contains the following parameters related to a Mobile-Client connection, which are shown with sample values:

Specifying Home Agent addresses and port numbers

 The Foreign Agent uses the IP address specified for the Primary-Home-Agent to locate the Connection profile to the Home Agent. If the connection is not already active, the Foreign Agent brings it up, and then requests a tunnel for the Mobile-Client on top of that connection. If it receives no response to its tunnel requests, it times out, logs a message, and, unless the Secondary-Home-Agent parameter also specifies an IP address, disconnects the Mobile Client. If the Foreign Agent finds a Secondary-Home-Agent address, it repeats the connection and tunneling process using that address.

The Primary-Home-Agent and Secondary-Home-Agent parameters should specify the Home Agents' System-IP-Addr rather than the address of the interface on which the Home Agents receive tunneled data (see System IP address recommendation). If you specify a hostname instead, the Foreign Agent uses DNS to obtain the IP address before locating the Connection profile.

If the Home Agent ATMP profile specifies a UDP port number other than the default 5150, you can specify that port number as part of the Primary-Home-Agent and Secondary-Home-Agent address by appending a colon character (:) followed by the port number. For example:

In this case, the Foreign Agent brings up the connection to the Primary-Home-Agent and requests a tunnel on port 8877. If that attempt fails, it brings up the connection to the Secondary-Home-Agent and requests a tunnel on port 4000.

If the Primary-Home-Agent or Secondary-Home-Agent settings do not include a port number, the Foreign Agent uses the value of the UDP-Port parameter in the Mobile-Client Connection profile. For example, with the following settings:

In this case, the Foreign Agent brings up the connection to the Primary-Home-Agent and requests a tunnel on port 8877. If that attempt fails, it brings up the connection to the Secondary-Home-Agent and requests a tunnel on port 6789.

Specifying the Home Network name

For a Mobile-Client tunnel to a Gateway Home Agent (which accesses the Home Network across a nailed WAN connection without routing the packets), you must also specify the name of the Home Agent's Gateway-Profile to the Home Network. This is the name specified in the Station parameter of that Connection profile on the Home Agent. For example:

Note: If the Mobile-Client tunnels to a Router Home Agent (a Home Agent that routes packets to the Home Network), you must leave the Home-Network parameter blank.

Example of a Foreign Agent with multiple Mobile Clients

Figure 7-4 shows a Foreign Agent that connects to two Home Agents across IP WAN connections. One is a Gateway Home Agent and the other is a Router Home Agent. The illustration also shows two Mobile-Client connections, one to each of the Home Agents.

In this example, the WAN connections are multi-channel PPP connections, which typically negotiate a path MTU of 1500 bytes. The agents set the MTU-Limit to 1472, to enable the connection end-points to fragment packets at that size. For background information, see Setting an MTU limit.

Figure 7-4. Foreign Agent tunneling to two Home Agents

Following is an example that shows how to configure the Foreign Agent shown in Figure 7-4.

Configuring the ATMP profile

The following set of commands configures a minimal ATMP profile:

Configuring connections to the Home Agents

 The Gateway Home Agent has the following System-IP-Addr setting:

The next set of commands configures a Connection profile to the Gateway Home Agent:

The Router Home Agent has the following System-IP-Addr setting:

The following set of commands configures a Connection profile to the Router Home Agent:

Configuring a Mobile-Client connection to the Gateway Home Agent

 For the purposes of this example, the Gateway Home Agent has a nailed Connection profile named Home-Router to the Home Network. It also has the following settings in its ATMP profile:

The next commands configure a Mobile-Client connection on the Foreign Agent to the Gateway Home Agent:

Configuring a Mobile-Client connection to the Router Home Agent

 For the purposes of this example, the Router Home Agent has the following settings in its ATMP profile:

The next commands configure a Mobile-Client connection on the Foreign Agent to the Router Home Agent:

Example of a Foreign Agent that tunnels to a GRF switch

 When the MAX TNT is operating as a Foreign Agent tunneling to a GRF switch Home Agent, setting the MTU-Limit becomes a requirement rather than a recommendation. To maintain its very high throughput, the GRF does not perform packet reassembly. If MTU-Limit is not specified, the clients send full-size 1500-byte packets, which the Foreign Agent fragments before sending to the Home Agent. The GRF switch acting as Home Agent drops those packets.

Figure 7-5 shows a Foreign Agent tunneling to a GRF Home Agent across a 100-BaseT Ethernet segment:

Figure 7-5. Foreign Agent tunneling to a GRF switch

The following set of commands configures the Foreign Agent ATMP profile for the MAX TNT in Figure 7-5:

Note: The GRF switch ATMP configuration should specify the same MTU-Limit.

Configuring ATMP Home Agents

To configure an ATMP Home Agent, you must set parameters in the ATMP profile, verify that the Home Agent can communicate across an IP link with the Foreign Agent, and configure the connection to the Home Network.

The link to the Foreign Agent may be any kind of connection (dial-up, nailed, Frame Relay, and so forth) or an Ethernet link, and it may be a local network or routed through multiple hops. The only requirement is that the two units can communicate over an IP network.

The link to the Home Network cannot be a regular switched dial-up connection, because the Home Agent does not bring up a connection on receipt of tunneled data. The link to the Home Network may be a nailed connection, a switched incoming connection from the Home Network, or a routing connection.

Configuring the Home Agent ATMP profile

The ATMP profile contains the following parameters related to a Home Agent, which are shown with sample values:

Specifying a Gateway or Router Home Agent

 A Gateway Home Agent delivers tunneled data to the Home Network without routing. When it receives tunneled data, it removes the GRE header and forwards the packets to the Home Router, as shown in Figure 7-6:

Figure 7-6. How a Gateway Home Agent works

Following is an example of specifying a Gateway Home Agent:

A Router Home Agent relies on packet routing to reach the Home Network.

Figure 7-7. How a Router Home Agent works

When the Router Home Agent receives tunneled data, it removes the GRE encapsulation and passes the packets to its router software. It also adds a route to the Mobile Client to its routing table. Following is an example of specifying a Router Home Agent:

Note: When you change the Agent-Mode parameter from its default Tunnel-Disabled setting to any other setting, you must reset the system for the new value to take effect.

If you see the following message when you read the ATMP profile:

create the profile by using this command:

Specifying a Home Agent password

 The Home Agent typically requests a password before establishing a tunnel. The Foreign Agent returns an encrypted version of the Home-Agent-Password found in the Mobile-Client Connection profile, which must match the Home-Agent-Password value specified in the ATMP profile.

If the password sent by the Foreign Agent matches this value, the Home Agent returns a RegisterReply with a number that identifies the tunnel, and the Mobile Client's tunnel is established. If it does not match, the Home Agent rejects the tunnel, and the Foreign Agent logs a message and disconnects the Mobile Client.

Setting an idle timer for unused tunnels

When a Mobile Client disconnects normally, the Foreign Agent sends a request to the Home Agent to close down the tunnel. However, when a Foreign Agent restarts, tunnels that were established to a Home Agent are not normally cleared, because the Home Agent is not informed that the Mobile Clients are no longer connected. The unused tunnels continue to hold memory on the Home Agent. To enable the Home Agent to reclaim the memory held by unused tunnels, ATMP Home Agents can now set an inactivity timer using the following parameter, which is shown with its default value:

The inactivity timer runs only on the Home Agent side. Its value specifies the number of minutes-from 0 to 65535- that the Home Agent maintains an idle tunnel before disconnecting it. A value of 0 disables the timer, which means that idle tunnels remain connected forever. The setting affects only tunnels created after the timer was set. Tunnels that existed before setting the timer are not affected by it.

Configuring a gateway connection to the Home Network

When a Gateway Home Agent receives a tunnel RegisterRequest from the Foreign Agent, it checks the status of the connection to the Home Network. If the gateway connection is down, the tunnel is rejected. The Home Agent does not attempt to bring up the gateway connection. In addition, if the gateway connection goes down after a tunnel is established, all Mobile Clients that were using it are disconnected.

The gateway connection to the Home Router can be a nailed connection, or a regular dial-in switched connection. Using an incoming connection from the Home Router enables the administrator of the Home Network to regulate when Mobile-Clients can access that network. For example, the administrator of the Home Network could configure an access router to dial the Home Agent every weekday at 8:00 AM and disconnect at 5:00 PM, limiting Mobile-Client access to those hours. In that case, the gateway connection must be up before Mobile Clients dial in, or their tunnel requests will fail.

To configure a Gateway-Profile, you set up a regular nailed or dial-in connection to the Home Network and specify the following parameters (which are shown with sample settings) in the Tunnel-Options subprofile of the Connection profile:

If you decide to limit the maximum number of tunnels a gateway will support, you should consider the expected traffic per Mobile-Client connection, the bandwidth of the connection to the Home Network, and the availability of alternate Home Agents (if any).

For example, if you know that the traffic generated by each Mobile-Client connection will be low, a gateway connection may handle more tunnels than if each Mobile Client will generate a lot of traffic.

Example of a Gateway Home Agent configuration

Figure 7-8 shows a Gateway Home Agent with a fractional T1 connection to the Home Network. For details about configuring fractional T1, see the MAX TNT Hardware Installation Guide.

Figure 7-8. Gateway Home Agent with leased line to Home Network

Note: In this example, the ATMP Foreign Agent and Home Agent are on the same Ethernet segment, so Connection profiles are not needed between the two units.

Home Router requirements

If the MAX TNT is configured as a Gateway Home Agent, the router at the far end of the Gateway-Profile must be configured with static routes to the Mobile Clients. This is required.

A static route to a Mobile Client can be specific to the client, where the route's destination is the Mobile Client IP address and the next-hop router is the Home Agent address. For example, in the following route the Mobile Client is a router (this is not a host route), and the Home Agent address is 10.1.2.3:

Or, if the Mobile Clients have addresses allocated from the same address block (including router Mobile Client addresses with subnet masks less than 32) and no addresses from that block are assigned to other hosts, the Home Network administrator can specify a single static route that encompass all Mobile Clients that use the same Home Agent. For example, in the following route all Mobile Clients are allocated addresses from the 10.4.n.n block (and no other hosts are allocated addresses from that block), and the Home Agent address is 10.1.2.3:

Note: Because of its special use as an ATMP gateway connection, the Home Agent cannot Ping or otherwise communicate with the Home Router. The same applies in the other direction.

Setting the system IP address

The following set of commands sets the Home Agent's system IP address:

Configuring the ATMP profile

 The next set of commands configures the Home Agent ATMP profile, with the default Agent-Type setting of Gateway-Home-Agent:

The Foreign Agent has an ATMP profile such as this:

Configuring a Gateway-Profile to the Home Network

 In the next set of commands, the Call-Type is set to FT1 (nailed) using the nailed channels of a fractional T1 or E1 connection and assigned the group number 7. The Max-Tunnels is set to 120 (optional). The next commands configure the nailed connection to the Home Network:

Example of a Mobile-Client connection to this Home Agent

 Mobile-Client connections on the Foreign Agent will require a tunnel configuration such as the following:

Example of a Router Home Agent configuration

 Figure 7-9 shows a Router Home Agent with an Ethernet connection to the Home Network. The ATMP Foreign Agent and Home Agent connect across a multichannel PPP link.

Figure 7-9. Router Home Agent with multichannel PPP link to Home Network

The following examples show how to configure the Home Agent shown in Figure 7-8.

Setting the system IP address

The following set of commands sets the Router Home Agent's system IP address:

Configuring the IP-Interface profile

 When the Router Home Agent receives tunneled packets, it passes them to its router software and adds a route to the Mobile Client to its routing table. If the Mobile Client is a PPP client, it adds a host route. If the Mobile Client is a router, such as a Pipeline unit, it adds regular route to the subnet addresses assigned to that router.

If you enable RIP on the IP interface that leads to the Home Network, other hosts and networks can route to the Mobile Client. Enabling RIP is particularly useful if the Home Network is one or more hops away. If RIP is turned off, intervening routers require static routes that specify the Home Agent as the route to Mobile Clients.

You can also allow hosts on a local interface to ARP for the Mobile Client by turning on proxy ARP. In the following example, the Home Network is an Ethernet segment connected to the Router Home Agent via an Ethernet card in shelf-1, slot-10, port-1:

Configuring the ATMP profile

 The next set of commands configures the Home Agent's ATMP profile:

The Foreign Agent has an ATMP profile such as this:

Example of a Mobile-Client connection to this Home Agent

 Mobile-Client connections on the Foreign Agent will require a tunnel configuration such as the following:

Configuring a connection to the Foreign Agent

 The next set of commands configures an IP connection to the Foreign Agent. The Home Agent uses this profile to authenticate the Foreign Agent dialing in.

Configuring an ATMP Home-and-Foreign-Agent

In some configurations, the MAX TNT acts as a Home Agent for some Mobile-Clients and as a Foreign Agent for others. The two configurations operate side-by-side without any conflict, provided that all requirements are met for each type of configuration.

Configuring the ATMP profile

The ATMP profile contains the following parameters related to the Home-and-Foreign-Agent configuration, which are shown with sample values:

The Agent-Mode parameter must specify Home-and-Foreign-Agent. For details about all of the other settings, see Configuring ATMP Home Agents or Configuring ATMP Foreign Agents.

Example of a Home-and-Foreign-Agent configuration

Figure 7-10 shows a MAX TNT operating as Home Agent for Home Network B and as Foreign Agent for Mobile Clients tunneling into Home Network A:

Figure 7-10. MAX TNT acting as both Home Agent and Foreign Agent

Following is an example that shows how to configure the Home-and-Foreign Agent shown in Figure 7-10. For details about the link between Foreign and Home Agents, and for information about all of the setting requirements, see the preceding sections in this chapter.

Setting the system IP address

The following set of commands sets the unit's system IP address:

Configuring the ATMP profile for Home and Foreign Agent

 The next set of commands configures the ATMP profile:

The Foreign Agent for Network B has an ATMP profile such as this:

The Home Agent for Network A has an ATMP profile such as this:

Configuring a Mobile-Client Connection profile

 The next set of commands configures a Connection profile for Mobile-Client-A. For this profile, the MAX TNT is operating as Foreign Agent to enable the Mobile Client to tunnel to Home Network A:

Another example of a Home-and-Foreign-Agent configuration

 Figure 7-11 shows another configuration that makes use of the Home-and-Foreign-Agent setup. In this example, all three Mobile Clients want to tunnel to the Home Network, using TNT-2 as their Home Agent. The two ATMP units are geographically distant.

Figure 7-11. Enabling a Mobile-Client to bypass the Foreign Agent connection

Mobile-Client-1 and Mobile-Client-2 dial into the Foreign Agent (TNT-1) using a local call, and then tunnel to the Home Agent. However, Mobile-Client-3 is geographically closer to TNT-2, and would prefer to dial directly into TNT-2. In this case, TNT-2 is configured to provide both the Home Agent and Foreign Agent functionality to Mobile-Client-3. There is no need to encapsulate data to and from Mobile-Client-3 in GRE. The data comes in on one of TNT-2's interfaces and it is sent to another interface without encapsulation processing.

Following is an example that shows how to configure the Home-and-Foreign Agent shown in Figure 7-11. For details about the link between Foreign and Home Agents, and for information about all of the setting requirements, see the preceding sections in this chapter.

Setting the system IP address

The following set of commands sets the unit's system IP address:

Configuring the ATMP profile for Home and Foreign Agent

 The next set of commands configures the ATMP profile in TNT-2:

TNT-1 has an ATMP profile such as this:

Configuring a Connection profile for Mobile-Client-3

 The next set of commands configures a Connection profile for Mobile-Client-3. For this profile, the MAX TNT is operating as both Foreign Agent and Home Agent:


[Top][Contents][Prev][Next][Last]Search

techpubs@eng.ascend.com

Copyright © 1998, Ascend Communications, Inc. All rights reserved.