Manualshelf

User`s guide

ManualsBrandsCabletron Systems ManualsComputer equipmentCyberSWITCH CSX150
41424344454647484950
SFVRA Connection Manager 49
C
ONFIGURING
U
SERS
Protocols
IPX SPOOFING
NetWare was designed for the LAN environment, and assumes that there is always available
bandwidth. Because of this, NetWare protocols are not well suited to WANs. Special handling must
be given to the NetWare protocols to prevent them from causing excessive ISDN connections. The
special handling of NetWare protocols in a routing environment consists of spoofing and automatic
filters.
Spoofing is a method to prohibit excessive ISDN connections by internally generating a desired
response packet when a request packet is received that should be routed over the WAN and there
is no connection up to the remote user. The NetWare protocols that require spoofing to be
performed are the Watchdog Protocol and the Sequence Packet Exchange (SPX) Protocol.
Automatic filters are also used to prohibit excessive ISDN connections caused by the NetWare
protocols.
Watchdog Protocol
Watchdog Protocol is used by NetWare Servers to detect “dead” clients. If a server has seen no
traffic from an attached client for a configurable amount of time, the server sends a watchdog
packet to the client to determine if the client is still alive or merely inactive. If, after a few minutes,
a server does not receive a watchdog reply, it is assumed that the client is no longer alive and the
connection to the server is terminated.
If no connection exists to a user and the server sends a watchdog request to a remote client, a
connection would have to be established to deliver the watchdog request. With watchdog spoofing
enabled, a watchdog response is generated internally and delivered to the server as if the remote
client sent the packet. This satisfies the server without causing a connection to be established. To
allow a server to timeout a client that is no longer alive, the watchdog requests are forwarded over
the WAN when a connection already exists. In addition, a watchdog spoofing duration time, T, can
be specified. When the connection is down to a user and a watchdog request is received that should
be forwarded to this user, a watchdog response will be spoofed for T amount of time. After T
amount of time, the watchdog request will be filtered without generating a response. The duration
timer T starts when a user is disconnected and is reset each time a new connection is established.
This above described implementation will be followed for watchdog request packets received over
the LAN and the WAN. If a watchdog request is received over the WAN and it is determined that
a spoofed watchdog response should be generated, it will be returned over the same WAN
connection on which it was received.
The implementation of watchdog spoofing eliminates unnecessary connections while allowing
clients to be aged out and does not require any client side spoofing or end-to-end-protocol.
The parameters for watchdog spoofing are configured for each remote user. The watchdog
spoofing option can be enabled or disabled. By default the option is enabled. When disabled the
watchdog requests are routed without any special handling. If the option is enabled, the watchdog
spoofing duration time T is specified in minutes. The default is set to 120 minutes.