Enterasys Networks CSX7000 User Guide
Central Site Remote Access Switch 339
C
ONFIGURING
IPX
IPX Spoofing
W
ATCHDOG
P
ROTOCOL
Watchdog Protocol is used by NetWare Servers to detect “dead” clients. If no traffic has been seen
by a server from an attached client for a configurable amount of time, the server sends a watchdog
packet to the client to determine if the client is still alive or merely inactive. If, after a few minutes,
a watchdog reply is not received by a server, it is assumed that the client is no longer alive and the
connection to the server is terminated.
by a server from an attached client for a configurable amount of time, the server sends a watchdog
packet to the client to determine if the client is still alive or merely inactive. If, after a few minutes,
a watchdog reply is not received by a server, it is assumed that the client is no longer alive and the
connection to the server is terminated.
If no connection exists to a device and the server sends a watchdog request to a remote client, a
connection would have to be established to deliver the watchdog request. With watchdog spoofing
enabled, a watchdog response is generated internally and delivered to the server as if the packet
was sent by the remote client. This satisfies the server without causing a connection to be
established. To allow a server to timeout a client that is no longer alive, the watchdog requests are
forwarded over the WAN when a connection already exists. In addition, a watchdog spoofing
duration time, T, can be specified. When the connection is down to a device and a watchdog request
is received that should be forwarded to this device, a watchdog response will be spoofed for T
amount of time. After T amount of time, the watchdog request will be filtered without generating
a response. The duration timer T starts when a device is disconnected and is reset each time a new
connection is established.
connection would have to be established to deliver the watchdog request. With watchdog spoofing
enabled, a watchdog response is generated internally and delivered to the server as if the packet
was sent by the remote client. This satisfies the server without causing a connection to be
established. To allow a server to timeout a client that is no longer alive, the watchdog requests are
forwarded over the WAN when a connection already exists. In addition, a watchdog spoofing
duration time, T, can be specified. When the connection is down to a device and a watchdog request
is received that should be forwarded to this device, a watchdog response will be spoofed for T
amount of time. After T amount of time, the watchdog request will be filtered without generating
a response. The duration timer T starts when a device is disconnected and is reset each time a new
connection is established.
This above described implementation will be followed for watchdog request packets received over
the LAN and the WAN. If a watchdog request is received over the WAN and it is determined that
a spoofed watchdog response should be generated, it will be returned over the same WAN
connection on which it was received.
the LAN and the WAN. If a watchdog request is received over the WAN and it is determined that
a spoofed watchdog response should be generated, it will be returned over the same WAN
connection on which it was received.
The implementation of watchdog spoofing eliminates unnecessary connections while allowing
clients to be aged out and does not require any client side spoofing or end-to-end-protocol.
clients to be aged out and does not require any client side spoofing or end-to-end-protocol.
The parameters for watchdog spoofing are configured for each remote device. The watchdog
spoofing option can be enabled or disabled. By default the option is enabled. When disabled the
watchdog requests are routed without any special handling. If the option is enabled, the watchdog
spoofing duration time T is specified in minutes. The default is set to 120 minutes.
spoofing option can be enabled or disabled. By default the option is enabled. When disabled the
watchdog requests are routed without any special handling. If the option is enabled, the watchdog
spoofing duration time T is specified in minutes. The default is set to 120 minutes.
SPX P
ROTOCOL
SPX Protocol is optionally used by NetWare applications requiring guaranteed, in-sequence
delivery of packets by a connection-oriented service. Each end of an SPX connection sends keep-
alive packets, identified as <SYS> packets, to monitor the status of the connection.
delivery of packets by a connection-oriented service. Each end of an SPX connection sends keep-
alive packets, identified as <SYS> packets, to monitor the status of the connection.
The SPX protocol ensures connection integrity by exchanging a keep-alive packet between the
connection end-points, once every 6 seconds. If an SPX keep-alive packet is received that is destined
for a remote device and no connection exists to the device, a connection would have to be
established to deliver the packet. The keep-alive packets are handled using the same approach
being used for server watchdog request packets. With SPX spoofing enabled, a keep-alive is
generated internally and delivered to the local endpoint as if the packet was sent by the remote
endpoint. This satisfies the local endpoint without causing a connection to be established. To allow
an SPX connection to timeout the keep-alives are forwarded over the WAN when a connection
already exists. In addition, an SPX spoofing duration time T can be specified. When the connection
is down to a device and a keep-alive is received that should be forwarded to this device, a keep-
alive will be spoofed for T amount of time. After T amount of time, the keep-alive will be filtered
without generating a keep-alive response. The duration timer T starts when a device is
disconnected and is reset each time a new connection is established.
connection end-points, once every 6 seconds. If an SPX keep-alive packet is received that is destined
for a remote device and no connection exists to the device, a connection would have to be
established to deliver the packet. The keep-alive packets are handled using the same approach
being used for server watchdog request packets. With SPX spoofing enabled, a keep-alive is
generated internally and delivered to the local endpoint as if the packet was sent by the remote
endpoint. This satisfies the local endpoint without causing a connection to be established. To allow
an SPX connection to timeout the keep-alives are forwarded over the WAN when a connection
already exists. In addition, an SPX spoofing duration time T can be specified. When the connection
is down to a device and a keep-alive is received that should be forwarded to this device, a keep-
alive will be spoofed for T amount of time. After T amount of time, the keep-alive will be filtered
without generating a keep-alive response. The duration timer T starts when a device is
disconnected and is reset each time a new connection is established.