The main goal of the Abilis CPX BRIDGE driver is to provide a quick and reliable solution for customers with simple network topology, typically a star topology, who need to transport SNA 802.2/802.3 traffic through an IP backbone, with an alternative method to the much more complicated DLSw. Apr 03, 2020 Fixed and mobile VDSL2 35b enabled routers and integrated access devices. Duma Video Broadcast Microwave Services. Pro Co Sound, Inc. The volume of the microphone and the speaker can be manually regulated with the corresponding trimmers, all of which are externally accessible on the front.
TerminologyConfiguration of the DNS port
Statistics of the DNS port
The Domain Name System (DNS) protocol of TCP/IP networks identifies network stations through a symbolic name associated to the IP address.
When active, the Abilis CPX DNS port behaves as a DNS Resolver for all the local services and, if activated, as a DNS Relay too. The DNS Relay feature allows the system to appear as a DNS server to other IP stations while it simply forwards the requests to real DNS servers, and their responses are forwarded back to the original requesters.
The DNS port of the Abilis CPX uses the Connection Less transport service, provided by the UDP protocol, to query one or two DNS servers referred as primary and secondary.
Terminology
Why it is needed?
This method is absolutely needed when the CPX is used in a LAN as a router with NAT+PAT with a dial-up PPP connection. In this situation the address of DNS servers may not be known in advance because they are discovered at PPP connection establishment, and therefore they cannot be configured in the stations: the address of CPX is configured instead, which in turn will forward the request to the DNS servers addresses obtained by PPP. The method can also be used to simplify the configuration of the lan stations: lans are configured with the same address for both 'default gateway' and 'DNS server', CPX will forward the requests to the configured DNS which may be easily changed by CPX administrator in any moment, and for all the stations.
DNS relay service 'listens' for incoming requests on the local UDP port 53, and behaves as explained below:
- listen for requests on local UDP port 53
- receives a DNS request from DNS client
- validates the request (only formally correct ones are processed)
- relays the request to a real DNS server (PRIMARY or SECONDARY)
- receives, from the real DNS server, the response for this request
- sends the response to the DNS requester (also called DNS client)
In addition DNS relay can:
- Check the IP address of a requester (source IP in the request packet) against a list of allowed ones and discard those not allowed.
- Process several simultaneous requests from the same or different users.
- Load balance between PRIMARY and SECONDARY DNS servers.
- Validate incoming packets (requests from clients and responses from servers) against formal errors.
Configuration of the DNS port
The Domain Name System Protocol port is labelled within the Abilis CPX with the acronym 'DNS' and it is provided with the parameters described in this section.
Here is an example on how to display the DNS port parameters. Shown values are the default ones.
To activate changes made on the parameters displayed by low case characters, it is needed to restart the system; on the contrary for activating changes made on upper case parameters it is enough to execute the initialization command INIT PO:.
Changes made on LOG: parameter are immediately active.
The 'Not Saved (SAVE CONF)' message is displayed every time the port configuration is modified but not saved with the SAVE CONF command.
The 'Not Refreshed (INIT)' message is displayed every time the port configuration is modified but not refreshed with the INIT PO: command.
Detail of the DNS port parameters
LOG: | Events logging activation and generation of alarm signals |
DS | NO, D, S, A, L, T, ALL, +E |
Usually this parameter makes possible to activate/deactivate logging functionalities of meaningful events of the port as well as the detection and signalling of alarms in case of critical events.
The following table shows the available options and the related functionalities usable by the parameter:
Option | Meaning |
---|---|
D | Recording of the driver state changes and/or the meaningful events in Debug Log |
S | Recording of the driver state changes and/or the meaningful events in the System Log |
A | Periodic detection of possible alarms. The detected alarms can be displayed the command ALARM VIEW or by the analogous command available on the UTILITY of the LCD display on the front panel |
L | On alarm detection, acoustic signal generation plus a message on the LCD display. This function depends on activation of alarms detection by the 'A' option |
T | Generation by the Agent SNMP of Abilis CPX of SNMP traps corresponding to any change of the driver state and/or occurring of meaningful events |
Beside the already described options the following values are also allowed:
Option | Meaning |
---|---|
NO | It means that all the logging functionalities, alarms detection and generation, above mentioned, are disabled. |
ALL | It means that all the logging functionalities, alarms detection and generation, above mentioned, are enabled. |
+E | This option added to one or more of the previous ones, extends its (their) set of meaningful events. The value 'ALL+E' activates all the options and extends the set of meaningful events. The value 'NO+E' is meaningless so it is ignored. |
Options can be combined together.
Some examples:
- setting 'LOG:DS+E', activates the extended logging functions for Events Log and System Log
- setting 'LOG:STA', activates the extended logging functions for System Log, SNMP traps generation and periodic detection of alarm states;
By using the characters '+' and '-' as prefix of one or more options is possible to add or delete one or more functionalities without setting from the scratch the value of the parameters.
Some examples:
- Suppose the current value of the parameter is 'LOG:DSTA', by setting 'LOG:-A', the periodic detection of eventual alarm states is removed, leaving unchanged all the remaining options; in such way the final value of the parameter will be 'LOG:DST';
- Suppose the current value of the parameter is 'LOG:ST', by setting 'LOG:+DA', the logging function of the events on the Events Log and the periodic alarm detection are added to the already activated options; in such way the final value of the parameter will be 'LOG:DSTA'.
The changes made on this parameter are immediately activated, without the need of initialization commands.
lowpo: | Lower CPX port number |
NONE | NONE, 1 - 999 |
It sets the lower CPX port number. Only UDP are accepted.
Value 'NONE' isolate the DNS port.
ACT: | Runtime activation/deactivation |
NO | NO, YES |
This parameter allows to run-time activate/deactive DNS functionalities.
When it is set to 'NO', DNS port is running but its functionalities are disabled.
When it is set to 'YES', DNS port is running and its functionalities are enabled.
RELAY: | Activation/deactivation of DNS relay feature. |
NO | NO, YES |
This parameter activate/deactivate DNS relay feature for DNS port. DNS relay allows to relay external DNS requests of DNS clients from CPX to DNS server.
locport: | DNS-relay listening UDP port |
53 | 53 |
This parameter sets the UDP port on which the DNS relay will receive client's requests. As specified in RFC-1700 and RFC-1035, the only possible value is 53.
SRCADD: | Source IP address for outgoing requests |
R-ID | R-ID, OUT-IPP, 1.0.0.0-126.255.255.255, 128.0.0.0-223.255.255.255 |
It sets the IP address to be set in every outgoing DNS requests.
The 'R-ID' value makes possible to use the Router-ID IP address.
The 'OUT-IPP' value makes possible to use the IP address of the IP port through which the request is sent.
The specification of an IP address, in Dotted Decimal Notation, in the range [1.0.0.0-126.255.255.255, 128.0.0.0-223.255.255.255] is also allowed. D and E class of IP addresses are not supported.
PRIMARY: | IP address of the primary DNS Server |
# | #, 1.0.0.0-126.255.255.255, 128.0.0.0-223.255.255.255 |
This parameter sets the IP address of the primary DNS server, which the Abilis CPX port refers to for name resolution.
The allowed values are shown in the following table:
HEX: | 01000000 - 7EFFFFFF | 80000000 - DFFFFFFF |
---|---|---|
DDN: | 1.0.0.0 - 126.255.255.255 | 128.0.0.0 - 223.255.255.255 |
IP addresses of class D and E are not currently supported.
The value '#' means 'none primary DNS Server'.
SECONDARY: | IP address of the secondary DNS Server |
# | #, 1.0.0.0-126.255.255.255, 128.0.0.0-223.255.255.255 |
This parameter sets the IP address of the secondary DNS server, which the Abilis CPX port refers to for name resolution.
The allowed values are shown in the following table:
HEX: | 01000000 - 7EFFFFFF | 80000000 - DFFFFFFF |
---|---|---|
DDN: | 1.0.0.0 - 126.255.255.255 | 128.0.0.0 - 223.255.255.255 |
IP addresses of class D and E are not currently supported.
The value '#' means 'none secondary DNS Server'.
DELAY: | Time that resolvers waits for server's responses |
5 | 1..15 sec. |
This parameter sets the maximum time (in seconds) to wait for receiving a response from the DNS server (Resolver only).
RTY: | Number of attempts to perform DNS request |
1 | 1..10 |
This parameter sets how many times a request has to be sent to the DNS server if the DNS Resolver doesn't get any response in the expected time interval fixed in the DELAY: parameter (Resolver only).
RELAY-TOUT: | Timeout waiting server response for relayed requests |
5 | 5..60 sec. |
This parameter sets the time of life (in seconds) for a record in DNS relay table (Relay only).
The record in the DNS relay table is used to forward back to the client the response from the PRIMARY: or SECONDARY: server, therefore if the time elapses and record is deleted further 'late answers' cannot be passed back to the client.
IPSRC: | Client IP address from which the requests are accepted |
* | *, 1.0.0.0-126.255.255.255, 128.0.0.0-223.255.255.255 |
This parameter selects the IP address of the client from which the requests will be accepted (Relay only).
In conjunction with IPSRCLIST:, it allows to selectively grant/deny the service to stations by looking at their IP address, actually the source IP address of the requests.
If it is equal to '*', requests are accepted from any IP address. This value also makes IPSRCLIST: parameter irrelevant.
If it is equal to a specific IP address, only requests from that address are accepted. However, if an IP list is specified in IPSRCLIST:, those IP addresses will be accepted too.
The allowed IP addresses are shown in the following table:
Download Abilis Drivers
HEX: | 01000000 - 7EFFFFFF | 80000000 - DFFFFFFF |
---|---|---|
DDN: | 1.0.0.0 - 126.255.255.255 | 128.0.0.0 - 223.255.255.255 |
IP addresses of class D and E are not currently supported.
Requests coming from DNS Client, whose IP address doesn't match neither the value configured in this parameter nor satisfies the list configured in IPSRCLIST: parameter, are discarded.
IPSRCLIST: | List of additional client IP addresses from which the requests are accepted |
# | ListName, # |
The parameter sets the list of DNS Client systems enabled to use the DNS relay service.
The name of the list must be string of up to 20 characters in the range [0..9, a..z, A..Z, _]. It must correspond to the name of a list of IP addresses or the name of a list of IP addresses ranges or the name of a Rule list or the name of a Master Rule list. The referenced list must already be defined in the Elements Lists service.
The value '#' means 'no list'.
Requests coming from DNS Clients, whose IP address doesn't satisfy neither the list configured in this parameter nor matches the value configured in IPSRC: parameter, are discarded.
Statistics of the DNS port
The following example shows how to display state and statistics of the DNS port through the command D S:
The following example shows how to display extended statistics of the DNS port through the command D SE:
If DNS relay feature is not active, i.e. RELAY: parameter is set to 'NO', the 'Relay' section of the statistics will not appear.
The information 'Cleared DDD:HH:MM:SS ago, at DD/MM/YYYY HH:MM:SS', referred by the extended statistics, shows the elapsed time from the last reset of the statistics (by the format 'days:hours:minutes:seconds') and date/time of its execution (by the format 'day/month/year' and 'hours:minutes:seconds').
Detail of state fields and statistics of the DNS port
RESOLVER-STATE: | Current state of the resolver service |
INACTIVE, DOWN, READY, ERR |
It shows the actual state of the resolver service.
Driver | States | Meaning | Values shown in: | ||
---|---|---|---|---|---|
System Log | Events Log | Display LCD | |||
DNS | INACTIVE | Driver is not active because ACT: parameter is set to 'NO'. | IN | ||
DOWN | Driver is not active because not connected to the lower level UDP port, or the LOWPO: parameter is set to 'NONE'. | DN | |||
READY | Driver is successfully connected to the UDP port and properly working | RD | |||
ERR | Software Error. Contact the Abilis assistance. | NA |
RELAY-STATE: | Current state of the relay service |
INACTIVE, DOWN, READY, ERR |
It shows the actual state of the relay service.
Driver | States | Meaning | Values shown in: | ||
---|---|---|---|---|---|
System Log | Events Log | Display LCD | |||
DNS | INACTIVE | State set when the parameter RELAY: is set to 'NO' or when the parameter ACT: is set to 'NO'. | NA | ||
DOWN | Driver is not active because not connected to the lower level UDP port, or the parameter LOWPO: is set to 'NONE' | DN | |||
READY | Driver is successfully connected to the UDP port and properly working | RD | |||
ERR | Software Error. Contact the Abilis assistance | NA |
CUR: | Number of records currently occupied with pending requests. |
0 | 0 - 20000 |
It counts all the records that contains a request 'waiting for server response', not yet timed out.
PEAK: | Maximum number of simultaneously pending records ever reached. |
0 | 0 - 20000 |
This value shows the maximal use of the table, that is the maximum number of records that were simultaneously waiting for response, not yet timed out.
MAX: | Maximum number of simultaneously pending requests. |
500 | 0 - 20000 |
This is actually the number of records that the table can host. The value 500 is the size provided in Abilis CPX and cannot be changed by the user. The value has been determined in excess, however if you exeperience frequent 'table full' please contact Abilis helpdesk to get the workaround.
PRI-QUERIES | Number of queries sent to the primary DNS server |
0 - 4.294.967.295 |
The counter PRI-QUERIES (OUTPUT) shows the overall number of queries sent to the primary DNS Server.
PRI-RES | Number of responses received from the primary DNS server |
0 - 4.294.967.295 |
The counter PRI-RES (INPUT) shows the overall number of response received from the primary DNS Server.
PRI-UNK | Number of negative responses received from the primary DNS Server |
0 - 4.294.967.295 |
The counter PRI-UNK (INPUT) shows the overall number of negative responses ('Unknown Host') received from the primary DNS Server.
PRI-RTY-OVR | Number of retransmission to the primary DNS server overruns |
0 - 4.294.967.295 |
The counter PRI-RTY-OVR (INPUT) shows how many times the maximum number, configured in the parameter RTY:, of retransmission to the primary DNS Server ran over.
PRI-TOUT | Number of times the time-out of response from the primary DNS server ran over |
0 - 4.294.967.295 |
The counter PRI-TOUT (INPUT) is incremented every time the time-out, configured in the parameter DELAY:, of responses from the primary DNS Server ran over.
PRI-ERRORS | Number of bad frames received from the primary DNS server |
0 - 4.294.967.295 |
The counter PRI-ERRORS (INPUT) shows the number of invalid frames received from the primary DNS Server.
SEC-QUERIES | Number of queries sent to the secondary DNS server |
The counter SEC-QUERIES (OUTPUT) shows the overall number of queries sent to the secondary DNS Server.
SEC-RES | Number of response received from the secondary DNS server |
0 - 4.294.967.295 |
The counter SEC-RES (INPUT) shows the overall number of responses received from the secondary DNS Server.
Download Abilis Driver App
SEC-UNK | Number of negative responses received from the secondary DNS Server |
0 - 4.294.967.295 |
The counter SEC-UNK (INPUT) shows the overall number of negative responses ('Unknown Host') received from the secondary DNS Server.
SEC-RTY-OVR | Number of retransmission to the secondary DNS server overruns |
0 - 4.294.967.295 |
The counter SEC-RTY-OVR (INPUT) shows how many times the maximum number, configured in the parameter RTY:, of retransmission to the secondary DNS Server ran over.
SEC-TOUT | Number of times the time-out of response from the secondary DNS server ran over |
0 - 4.294.967.295 |
The counter SEC-TOUT (INPUT) is incremented every time the time-out, configured in the parameter DELAY:, of responses from the secondary DNS Server ran over.
SEC-ERRORS | Number of bad frames received from the secondary DNS server |
0 - 4.294.967.295 |
The counter SEC-ERRORS (INPUT) shows the number of invalid frames received from the secondary DNS Server.
REQ-TOTAL | Total number of all the client's requests that arrived to DNS relay. |
0 - 4.294.967.295 |
It counts all the requests arrived from clients, regardless whether they are later processed or discarded.
REQ-SUCC | Total number of client's DNS requests that were processed successfully. |
0 - 4.294.967.295 |
Incremented for every client's request that actually got an answer. It mean that:
- DNS relay received the client's request
- DNS relay forwarded the request
- DNS relay received the response from the DNS server
- The response is sent back to the client
OVERFLOW | Total number of DNS requests received from clients but was not processed because the DNS relay table was overflow. |
0 - 4.294.967.295 |
This counter is incremented for every client's request that passed all the checks (access validation, formal checks, etc), but could not occupy a record because the table was full, and therefore it had to be discarded.
PRI-NOMATCH | Number of responses from primary DNS for which a matching request was not found in the table. |
0 - 4.294.967.295 |
A record in the table for a response could not found when:
- DNS relay has not received a matching request for this response.
- A record for this response was in the table but it became out of date and was used for other request.
The precise distinction between timeout and missing record is not perfomed because it is an imprecise information: timed out records can be left or deleted depending on needs.
SEC-NOMATCH | Number of responses from secondary DNS for which a matching request was not found in the table. |
0 - 4.294.967.295 |
A record in the table for a response could not found when:
- DNS relay has not received a matching request for this response.
- A record for this response was in the table but it became out of date and was used for other request.
The precise distinction between timeout and missing record is not perfomed because it is an imprecise information: timed out records can be left or deleted depending on needs.
DROP-ACCESS | Total number of DNS requests received and discarded because not allowed. |
0 - 4.294.967.295 |
The counter DROP-ACCESS shows the number of DNS requests received from the clients but not processed because requester (the author of this DNS request) is not allowed. The not-allowed requester is a client whose IP address is not present in IPSRC and IPSRCLIST parameters configuration.
REQ-BAD | Number of client's requests that was malformed or contained severe formal errors. |
0 - 4.294.967.295 |
Incremented for every client's request that, after having passed the 'source IP access validation', was detected as malformed, or with error in the content, or any other serious formal error.
RSP-BAD | Number of responses that had to be discarded because they had formal errors that prevented further processing. |
0 - 4.294.967.295 |
This counter incremented in cases when:
- The source port of a response's UDP packet is not equal DNS (53) port.
- A matching request for this respons did not find in the table and the IP source address of a response's UDP packet is not equal IP address of primary DNS Server and not equal IP address of secondary DNS Server.
- other formal errors.
PRI-REQ-RSP | Number of requests and responses exchanged with primary DNS. |
0 - 4.294.967.295 |
The counter PRI-REQ-RSP (INPUT) is incremented every time that DNS receives a response from the primary DNS Server.
The counter PRI-REQ-RSP (OUTPUT) is incremented every time that DNS sends a request to the primary DNS Server.
SEC-REQ-RSP | Number of requests and responses exchanged with secondary DNS. |
0 - 4.294.967.295 |
The counter SEC-REQ-RSP (INPUT) is incremented every time that DNS receives a response from the secondary DNS server.
The counter SEC-REQ-RSP (OUTPUT) is incremented every time that DNS sends a request to the secondary DNS server.