Professional Documents
Culture Documents
Manual - 5.4 Xtera Aslenlink
Uploaded by
Jose Loza0 ratings0% found this document useful (0 votes)
276 views332 pagesXtera Communications, Inc. Assumes no responsibility for its use or for of any infringements of patents or other rights of third parties which may result from its use. All product names and services identified in this documentation are trademarks or registered trademarks of their respective companies. AscenLink is a network device that combines the features of WAN load balancing, link fault tolerance, multihoming, bandwidth management, and firewall into an integrated unit.
Original Description:
Original Title
Manual_5.4 Xtera Aslenlink
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
PDF, TXT or read online from Scribd
Share this document
Did you find this document useful?
Is this content inappropriate?
Report this DocumentXtera Communications, Inc. Assumes no responsibility for its use or for of any infringements of patents or other rights of third parties which may result from its use. All product names and services identified in this documentation are trademarks or registered trademarks of their respective companies. AscenLink is a network device that combines the features of WAN load balancing, link fault tolerance, multihoming, bandwidth management, and firewall into an integrated unit.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online from Scribd
0 ratings0% found this document useful (0 votes)
276 views332 pagesManual - 5.4 Xtera Aslenlink
Uploaded by
Jose LozaXtera Communications, Inc. Assumes no responsibility for its use or for of any infringements of patents or other rights of third parties which may result from its use. All product names and services identified in this documentation are trademarks or registered trademarks of their respective companies. AscenLink is a network device that combines the features of WAN load balancing, link fault tolerance, multihoming, bandwidth management, and firewall into an integrated unit.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online from Scribd
You are on page 1of 332
User Manual
AscenLink User Manual
I
ASCENLINK
User Manual
AscenLink
User Manual
II
Information contained in this document is believed to be accurate and reliable.
However, Xtera Communications, Inc. assumes no responsibility for its use or
for of any infringements of patents or other rights of third parties which may
result from its use. Xtera Communications, Inc. shall reserve the right that
product specifications are subject to change and update without notice.
All product names and services identified in this documentation are trademarks
or registered trademarks of their respective companies and shall be used
throughout this documentation in editorial fashion only for the benefit of such
companies. No such use, or the use of any trade name, is intended to convey
an endorsement or other affiliation with Xtera Communications, Inc.
Copyright 2008, Xtera Communications, Inc. All rights reserved worldwide.
This manual or any part of this document shall not be reproduced by any means
and translated to any electronic medium without the written consent of Xtera
Communications, Inc.
Document Number: AL-CP001-0330E
Document Revision: EN 5.4-B080509
Copyright 2008 IP Division, Xtera Communications, Inc.
www.xtera-ip.com
AscenLink User Manual
III
Preface
AscenLink is a network device that combines the features of WAN load
balancing, link fault tolerance, multihoming, bandwidth management, and
firewall into an integrated unit to maximize the performance and reliability
potentials of the broadband Internet setup.
AscenLink is a part of Xtera Network Management Product Family. The goal of
the Network Management Product Family is to provide an outstanding
environment for a well-managed network. It includes three main product lines:
AscenCache, a network cache server; AscenLink, a broadband integration
management device; and AscenGate, a content filtering device.
AscenLink is suitable for networks with multiple access lines to the internet. It
uses load balancing features as a result users can direct packets to various
routes or specified links for outbound internet traffic by means of Auto Routing.
If a link fails, AscenLink has a unique fault tolerance system that can
instantaneously detect the failure and dynamically divert packet route to prevent
traffic from using that link. However when there are public websites occupying
internal network of a corporation, fault tolerance is insufficient to maintain
uptime. This is where AscenLinks proprietary SwiftDNS technology comes in by
applying the results of DNS queries to achieve the function of multihoming.
These combined features will ensure websites maintenance, continuous
uptimes and uninterrupted services.
The flexibility of the Bandwidth Management (BM) is a key feature of AscenLink
and fulfills all management needs. It can be set to target a particular protocol
such as FTP, HTTP, or to target a particular time period (e.g., peak hours) by
variably adjusting the size of bandwidth quota, which improves the network QoS
AscenLink
User Manual
IV
(Quality of Service). AscenLink also makes provisions for network security with
the features of Firewall and DMZ (Demilitarized Zone). These features will be
able to prevent malicious attacks and invasions coming from the external
environment.
AscenLink is highly flexible and ideally suited for a wide range of businesses:
from small to mid-size businesses to schools and enterprises, ISP, etc. It can
easily fit into any environment with its easy-to-use administration interface.
AscenLink is a comprehensive set of tools that can handle even the most
demanding network environments.
AscenLink User Manual
V
How To Use This Manual
This manual consists of six chapters introducing AscenLinks essential functions
and the range of applications.
Chapter 1 is a basic overview. It introduces the user to basic network structures
and hardware installation relevant to AscenLink. It also covers basic system
configuration including the web-admin user interface and console interface.
Chapters 2 to 5 each individually explain a specific feature of the product. Each
chapter covers one featured functionality and its configuration settings.
Examples are also used for further illustrations.
Chapter 6 discusses the application range. It gives more detailed explanations
on commonly used functions.
The appendix explains the command-set available in the console. It also covers
how to update AscenLink when new firmware versions become available with a
step-by-step walk-thru for the update as well as explanations on various error
message recourse actions.
When writing this manual it is implied that the user possess sufficient
knowledge in basic network administration such as TCP/IP, Public IP, Private IP,
subnets, routers, and various common Internet services, namely SSH, POP3,
SMTP, FTP, etc.
AscenLink User Manual
I
Table of Content
Chapter 1 Quick Start ............................................................................................1-4
1.1 Preparation........................................................................................................1-4
1.2 Access to the Web-based UI.............................................................................1-6
1.3 AscenLink Web-based UI Overview..................................................................1-8
1.4 How to use AscenLink Web-based UI.............................................................1-10
1.4.1 AscenLink Operating Menu................................................................1-10
1.4.2 AscenLink Rule/Filter/Policy Table.....................................................1-12
1.4.3 Languages .........................................................................................1-14
1.5 Basic Network Settings ...................................................................................1-15
1.5.1 WAN Interface Configuration.............................................................1-15
1.5.2 LAN Interface Configuration...............................................................1-21
1.6 Typical Network Architecture with Multiple WAN Links ...................................1-24
1.7 Public IP Address Pass-Through....................................................................1-30
1.7.1 Use the Existing Firewall with AscenLink...........................................1-31
1.8 Hardware Installation.......................................................................................1-32
1.8.1 How to rack-mount your AscenLink...................................................1-32
1.8.2 Connecting AscenLink to other network devices...............................1-32
1.9 AscenLink in HA (High Availability) Mode........................................................1-33
1.9.1 Installing AscenLink in HA mode........................................................1-33
1.9.2 HA Setting..........................................................................................1-34
Chapter 2 System..................................................................................................2-5
2.1 Summary.................................................................................................... 2-6
2.2 Network Setting.................................................................................................2-8
2.2.1 DNS Server .....................................................................................2-10
2.2.2 VLAN and Port Mapping..................................................................2-12
2.2.3 WAN Setting....................................................................................2-19
2.2.4 WAN/DMZ Private Subnet...............................................................2-39
2.2.5 LAN Private Subnet.........................................................................2-49
2.3 WAN Link Health Detection.............................................................................2-56
2.4 Optimum Route Detection...............................................................................2-58
Content
II
2.5 Port Speed/Duplex Setting............................................................................. 2-61
2.6 Backup Line Setting........................................................................................ 2-63
2.7 IP Grouping..................................................................................................... 2-65
2.8 Service Grouping............................................................................................ 2-67
2.9 Busyhour Setting............................................................................................ 2-69
2.10 Diagnostic Tools............................................................................................ 2-72
2.11 Date/Time...................................................................................................... 2-76
2.12 Central Management.................................................................................... 2-77
2.13 Administration............................................................................................... 2-78
Chapter 3 Service ................................................................................................. 3-7
3.1 Firewall.............................................................................................................. 3-9
3.2 NAT. ............................................................................................................. .3-15
3.3 Persistent Routing.......................................................................................... 3-19
3.4 Auto Routing................................................................................................... 3-25
3.5 Virtual Server.................................................................................................. 3-39
3.6 Inbound BM.................................................................................................... 3-47
3.7 Outbound BM.................................................................................................. 3-56
3.8 Connection Limit............................................................................................. 3-63
3.9 Cache Redirect............................................................................................... 3-66
3.10 Tunnel Routing.............................................................................................. 3-71
3.10.1 Tunnel Routing---Setting................................................................. 3-73
3.10.2 Tunnel Routing---Benchmark.......................................................... 3-77
3.11 Multihoming................................................................................................... 3-94
3.11.1 Prerequisites for Multihoming.......................................................... 3-96
3.11.2 Multihoming Setting......................................................................... 3-97
3.12 Internal DNS ............................................................................................... 3-107
3.13 SNMP.......................................................................................................... 3-109
3.14 IP-MAC Mapping.........................................................................................3-111
Chapter 4 Statistics .............................................................................................. 4-4
4.1 Traffic................................................................................................................ 4-5
4.2 BM ................................................................................................................ 4-7
4.3 Persistent Routing............................................................................................ 4-9
4.4 WAN Link Health Detection.............................................................................4-11
AscenLink User Manual
III
4.5 Dymatic IP WAN Link......................................................................................4-13
4.6 DHCP Lease Info ............................................................................................4-15
4.7 RIP & OSPF Status .........................................................................................4-17
4.8 Tunnel Status...................................................................................................4-19
4.9 Tunnel Traffic...................................................................................................4-21
4.10 Connection Limit............................................................................................4-22
4.11 Port Information.............................................................................................4-24
4.12 Virtual Server Status......................................................................................4-25
Chapter 5 Log ........................................................................................................5-4
5.1 View .................................................................................................................5-5
5.2 Control...............................................................................................................5-7
5.3 Notification.......................................................................................................5-10
5.4 Link Report......................................................................................................5-12
Chapter 6 Deployment Scenarios........................................................................6-3
6.1 Various WAN Types and Scenarios ..................................................................6-3
6.1.1 WAN Type: Bridge Mode with One Static IP ........................................6-3
6.1.2 WAN Type: Routing Mode....................................................................6-7
6.2 Exploring Auto Routing....................................................................................6-17
6.2.1 Advantages of Auto Routing...............................................................6-18
6.2.2 AscenLink Fault Tolerance Mechanism.............................................6-20
6.2.3 Persistent Routing and Auto Routing.................................................6-23
6.3 Various Auto Routing Mechanisms .................................................................6-24
6.4 Virtual Server...................................................................................................6-26
6.5 Multihoming.....................................................................................................6-27
6.6 Introduction to DNS.........................................................................................6-30
6.7 High Availability (HA) Scenarios......................................................................6-34
6.7.1 Firmware Update Procedure in HA Deployment................................6-34
6.7.2 HA Fallback to Single Unit Deployment.............................................6-36
Appendix
Appendix A.1 Default Values.................................................................................. A-2
Appendix A.2 Console Mode Commands .............................................................. A-5
Appendix A.3 Firmware Update ........................................................................... A-10
Appendix A.4 Configuration File........................................................................... A-12
Content
IV
Figure
Figure 1.1 Cancel the Proxy Setting....................................................................... 1-7
Figure 1.2 AscenLink web-based UI Operating Menu Items................................ 1-10
Figure 1.3 Configuring the WAN Interface in a Simple Network Environment..... 1-15
Figure 1.4 VLAN Port Mapping............................................................................. 1-16
Figure 1.5 Basic Setting........................................................................................ 1-18
Figure 1.6 Basic Subnet Setting........................................................................... 1-20
Figure 1.7 Basic Subnet Settings ......................................................................... 1-23
Figure 1.8 Network Architecture with Multiple WAN Links.................................... 1-24
Figure 1.9 Multiple WAN Links Example: VLAN and Port Mapping..................... 1-25
Figure 1.10 Multiple WAN Links Example: WAN Link 1....................................... 1-26
Figure 1.11 Multiple WAN Links Example: WAN Link 2........................................ 1-27
Figure 1.12 Multiple WAN Links Example: WAN Link 2....................................... 1-28
Figure 1.13 Multiple WAN Links Example: LAN Private Subnet........................... 1-29
Figure 1.14 Public IP Address Pass-Through....................................................... 1-30
Figure 1.15 Use the Existing Firewall with AscenLink.......................................... 1-31
Figure 1.16 Racking-mount your AscenLink......................................................... 1-32
Figure 1.17 HA Console Port................................................................................ 1-33
Figure 2.1 The Location of System/Summary on the Menu Bar.......................... 2-5
Figure 2.2 The Location of System/Network Setting on the Menu Bar................ 2-8
Figure 2.3 The Location of DNS Server on the Menu Bar ................................. 2-10
Figure 2.4 The Location of VLAN and Port Mapping on the Menu Bar.............. 2-12
Figure 2.5 VLAN Switch and AscenLink............................................................... 2-13
Figure 2.6 LAN and DMZ HA Deployment Sample.............................................. 2-14
Figure 2.7 UI configuration for Redundant LAN/DMZ Port................................... 2-15
Figure 2.8 Support Switch HA.............................................................................. 2-16
Figure 2.9 Settings for Switch HA Support........................................................... 2-17
Figure 2.10 LAN Private Subnet Settings for Switch HA Support........................ 2-18
Figure 2.11 The Location of WAN Setting on the Menu Bar.............................. 2-19
Figure 2.12 WAN Setting / Basic Setting.............................................................. 2-20
Figure 2.13 Types of Basic Subnets..................................................................... 2-23
Figure 2.14 Types of Static Routing Subnet......................................................... 2-23
AscenLink User Manual
V
Figure 2.15 Subnet in WAN of Basic Subnet........................................................2-24
Figure 2.16 Subnet in WAN Setting of Basic Subnet............................................2-25
Figure 2.17 Subnet in DMZ of Basic Subnet.........................................................2-26
Figure 2.18 Subnet in DMZ Setting of Basic Subnet ............................................2-27
Figure 2.19 Subnet in WAN and DMZ of Basic Subnet........................................2-28
Figure 2.20 Subnet in WAN and DMZ Setting in Basic Subnet............................2-29
Figure 2.21 Subnet on Localhost of Basic Subnet................................................2-30
Figure 2.22 Subnet on Localhost Setting of Basic Subnet....................................2-30
Figure 2.23 Subnet in WAN of Static Routing Subnet...........................................2-31
Figure 2.24 Subnet in WAN Setting of Static Routing Subnet ..............................2-31
Figure 2.25 Subnet in DMZ of Static Routing Subnet...........................................2-32
Figure 2.26 Subnet in DMZ Setting of Static Routing Subnet...............................2-32
Figure 2.27 Bridge Mode: One Static IP................................................................2-33
Figure 2.28 Bridge Mode: One Static IP Setting...................................................2-34
Figure 2.29 Bridge Mode: Multiple Static IP..........................................................2-35
Figure 2.30 Bridge Mode: Multiple Static IP Setting..............................................2-36
Figure 2.31 Bridge Mode: PPPoE Setting.............................................................2-37
Figure 2.32 Bridge Mode: DHCP Client Setting....................................................2-38
Figure 2.33 The Location of WAN/DMZ Private Subnet on the Menu Bar.........2-39
Figure 2.34 Types of Subnets in WAN/DMZ.........................................................2-40
Figure 2.35 Types of Subnets in Static Routing Subnet........................................2-40
Figure 2.36 Subnet in WAN of Basic Subnet in WAN/DMZ..................................2-41
Figure 2.37 Subnet in WAN Setting of Basic Subnet in WAN/DMZ......................2-41
Figure 2.38 Subnet in DMZ of Basic Subnet in WAN/DMZ...................................2-42
Figure 2.39 Subnet in DMZ Setting of Basic Subnet in WAN/DMZ......................2-43
Figure 2.40 Subnet in WAN/DMZ of Basic Subnet in WAN/DMZ.........................2-44
Figure 2.41 Subnet in WAN/DMZ Setting of Basic Subnet in WAN/DMZ.............2-45
Figure 2.42 Subnet on Localhost of Basic Subnet in WAN/DMZ..........................2-46
Figure 2.43 Subnet on Localhost Setting of Basic Subnet in WAN/DMZ..............2-46
Figure 2.44 Subnet in WAN of Static Routing Subnet in WAN/DMZ.....................2-47
Figure 2.45 Subnet in WAN Setting of Static Routing Subnet in WAN/DMZ........2-47
Figure 2.46 Subnet in DMZ of Static Routing Subnet in WAN/DMZ.....................2-48
Figure 2.47 Subnet in DMZ Setting of Static Routing Subnet in WAN/DMZ.........2-48
Figure 2.48 The Location of LAN Private Subnet on the Menu Bar ...................2-49
Content
VI
Figure 2.49 LAN Private Subnet / Basic Subnet................................................... 2-50
Figure 2.50 LAN Private Subnet / Basic Subnet Setting...................................... 2-51
Figure 2.51 LAN Private Subnet/ RIP Configuration............................................ 2-52
Figure 2.52 LAN Private Subnet/ OSPF Setting................................................... 2-53
Figure 2.53 LAN Private Subnet / Static Routing Subnet..................................... 2-55
Figure 2.54 LAN Private Subnet / Static Routing Subnet Setting......................... 2-55
Figure 2.55 The Location of System/WAN Link Health Detection on Menu Bar 2-56
Figure 2.56 The Location of System/ Optimum Route Detection on Menu Bar. 2-58
Figure 2.57 The Location of System/Port Speed Duplex Setting on Menu Bar. 2-61
Figure 2.58 The Location of System/Backup Line Setting on the Menu Bar ..... 2-63
Figure 2.59 The Location of System/IP Grouping on the Menu Bar.................. 2-65
Figure 2.60 The Location of System/Service Grouping on the Menu Bar.......... 2-67
Figure 2.61 Service Grouping............................................................................... 2-68
Figure 2.62 The Location of System/Busyhour Setting on the Menu Bar.......... 2-69
Figure 2.63 A Busy-hour Setting Example............................................................ 2-70
Figure 2.64 The Location of System/Diagnostic Tools on the Menu Bar........... 2-72
Figure 2.65 The Location of System/Date/Time on the Menu Bar..................... 2-76
Figure 2.66 The Location of System/Administration on the Menu Bar............... 2-77
Figure 2.67 The Location of System/Administration on the Menu Bar............... 2-78
Figure 3.1 The Location of Service on the Menu Bar........................................... 3-8
Figure 3.2 The Location of Service/Firewall on the Menu Bar............................. 3-9
Figure 3.3 Network Architecture for Firewall Service ........................................... 3-12
Figure 3.4 Network Architecture for Firewall Service 2........................................ 3-13
Figure 3.5 The Location of Service /NAT on the Menu Bar................................ 3-15
Figure 3.6 The Settings of NAT Rules .................................................................. 3-17
Figure 3.7 NAT Setting.......................................................................................... 3-17
Figure 3.8 Network Architecture for No-NAT ........................................................ 3-18
Figure 3.9 The Location of Service /Persistent Routing on the Menu Bar......... 3-19
Figure 3.10 Network Architecture for Persistent Routing 1.................................. 3-22
Figure 3.11 Network Architecture for Persistent Routing 2................................... 3-23
Figure 3.12 The Location of Service /Auto Routing on the Menu Bar................ 3-25
Figure 3.13 Network Architecture for Auto Routing 1........................................... 3-29
Figure 3.14 Network Architecture for Auto Routing 2........................................... 3-31
Figure 3.15 Network Architecture for Auto Routing Example 3............................ 3-35
AscenLink User Manual
VII
Figure 3.16 The Location of Service/Virtual Server on the Menu Bar................3-40
Figure 3.17 Network Architecture for Virtual Server 1...........................................3-43
Figure 3.18 Network Architecture for Virtual Server 2...........................................3-45
Figure 3.19 The Location of Service/Inbound BM on the Menu Bar ..................3-47
Figure 3.20 The Screenshot of Inbound BM Classes ...........................................3-48
Figure 3.21 Network Architecture for Inbound BM 1.............................................3-51
Figure 3.22 Network Architecture for Inbound BM 2.............................................3-53
Figure 3.23 The Location of Service /Outbound BM on the Menu Bar...............3-56
Figure 3.24 Network Architecture for Outbound BM 1..........................................3-59
Figure 3.25 Network Architecture for Outbound BM 2..........................................3-61
Figure 3.26 The Location of Service /Connection Limit on the Menu Bar..........3-63
Figure 3.27 The Screenshot of Connection Limit..................................................3-64
Figure 3.28 Example of Connection Limit.............................................................3-65
Figure 3.29 The Location of Service /Cache Redirect on the Menu Bar............3-66
Figure 3.30 The Settings of Cache Redirect.........................................................3-67
Figure 3.31 Sequence of the Requests and Responses in Cache Miss Case...3-69
Figure 3.32 Sequence of the Requests and Responses in Cache Hit Case......3-70
Figure 3.33 The Location of Service /Tunnel Routing on the Menu Bar.............3-71
Figure 3.34 Example 2 of Tunnel Routing.............................................................3-82
Figure 3.35 Example 3 of Tunnel Routing.............................................................3-85
Figure 3.36 Example 4 of Tunnel Routing.............................................................3-89
Figure 3.37 The Location of Service / Multihoming on the Menu Bar ................3-95
Figure 3.38 Global Setting in Multihoming Policy.................................................3-97
Figure 3.39 The Settings of Multihoming Policy....................................................3-98
Figure 3.40 Domain Setting................................................................................3-100
Figure 3.41 Enable Relay in Multihoming Policy.................................................3-101
Figure 3.42 Multihoming Example 1: Network Architecture................................3-102
Figure 3.43 Multihoming Example 2: Network Architecture................................3-104
Figure 3.44 The Location of Service / Internal DNS on the Menu Bar .............3-107
Figure 3.45 The Location of Service / SNMPon the Menu Bar.........................3-109
Figure 3.46 The Location of Service / IP-MAC MAPPING on the Menu Bar.... 3-111
Figure 4.1 Statistics.................................................................................................4-4
Figure 4.2 Statistics/Traffic......................................................................................4-5
Figure 4.3 Statistics/BM...........................................................................................4-7
Content
VIII
Figure 4.4 Statistics/Persistent Routing.................................................................. 4-9
Figure 4.5 Statistics/WAN Link Health Detection...................................................4-11
Figure 4.6 Statistics/Dynamic IP WAN Link.......................................................... 4-13
Figure 4.7 Statistics/DHCP Lease Info................................................................ 4-15
Figure 4.8 Statistics/RIP & OSPF Status.............................................................. 4-17
Figure 4.9 Statistics/Tunnel Status ....................................................................... 4-19
Figure 4.10 Statistics/Tunnel Traffic...................................................................... 4-21
Figure 4.11 Statistics/Connection Limit................................................................. 4-22
Figure 4.12 Statistics/Port Information.................................................................. 4-24
Figure 4.13 Statistics/Virtual Server Status........................................................... 4-25
Figure 5.1 The Location of Log and its Function on the Menu Bar ........................ 5-4
Figure 5.2 The Location of Log/View Page Menu Bar............................................ 5-5
Figure 5.3 The Location of Log/Control Page on the Menu Bar............................. 5-7
Figure 5.4 The Location of Log/Notification Page on the Menu Bar..................... 5-10
Figure 5.5 Notification Setting................................................................................5-11
Figure 5.6 The Location of Log/LinkReport Page on the Menu Bar..................... 5-12
Figure 5.7 LinkReport Fields................................................................................. 5-13
Figure 6.1 Bridge Mode: One Static IP ................................................................ 6-4
Figure 6.2 WAN Type: Routing Mode .................................................................. 6-7
Figure 6.3 Private Subnet Between WAN Router and AscenLink ..................... 6-10
Figure 6.4 Multiple WAN Links in Routing Mode ............................................... 6-13
Figure 6.5 By-pass a Broken Link Manually...................................................... 6-19
Figure 6.6 By-pass a Broken Link using Auto Routing...................................... 6-20
Figure 6.7 Switch to Fail-over Policy on Fixed Routing Policy........................... 6-21
Figure 6.8 Typical Connections in a Multihoming Environment......................... 6-27
Figure 6.9 Multihoming Example ....................................................................... 6-33
AscenLink User Manual
IX
Table
Table 1.1 Buttons................................................................................................... 1-11
Table 1.2 Operating Rules.....................................................................................1-12
Table 1.3 Checkbox...............................................................................................1-13
Table 1.4 Local LAN Setting..................................................................................1-21
Table 1.5 DHCP Server Setting.............................................................................1-22
Table 1.6 The Cable Type for Connecting AscenLink to Other Network Devices.1-32
Table 2.1 System Information..................................................................................2-6
Table 2.2 Peer Information......................................................................................2-6
Table 2.3 Optional Functions Information................................................................2-7
Table 2.4 VLAN Tag and AscenLink Port Mapping................................................2-13
Table 2.5 Field description for the Redundant Port configuration.........................2-15
Table 2.6 Basic Setting Table in Routing Mode.....................................................2-22
Table 2.7 OSPF Settings Table.............................................................................2-54
Table 2.8 Static IP table setting of Optimum Route Detection...............................2-59
Table 2.9 Dynamic detection setting of Optimum Route Detection.......................2-60
Table 2.10 Port Speed/Duplex Setting..................................................................2-62
Table 2.11 Threshold Parameters .........................................................................2-64
Table 2.12 Backup Line Rules...............................................................................2-64
Table 2.13 IP Grouping..........................................................................................2-66
Table 2.14 Rules Setting of IP Grouping...............................................................2-66
Table 2.15 Busy-hour Setting................................................................................2-70
Table 2.16 Central Management Setting...............................................................2-77
Table 2.17 Administration Password Setting.........................................................2-79
Table 2.18 Monitor Password Setting....................................................................2-80
Table 3.1 The Description of the Fields on Firewall Page..................................... 3-11
Table 3.2 Firewall Settings of Example 1..............................................................3-12
Table 3.3 Firewall Settings Example 2..................................................................3-14
Table 3.4 The Description of the Fields on the NAT Page....................................3-16
Table 3.5 The Description of the Fields on the Persistent Routing Page..............3-21
Table 3.6 The Settings for Persistent Routing Example 1.....................................3-23
Table 3.7 The Settings for Persistent Routing Example 2.....................................3-24
Content
X
Table 3.8 The Description of the Fields in the Auto Routing Policy Table............ 3-27
Table 3.9 The Description of the Fields in the Auto Routing Filter Table.............. 3-28
Table 3.10 The Settings for Auto Routing Example 1: Policies ............................ 3-30
Table 3.11 The Settings for Auto Routing Example 1: Filters ............................... 3-31
Table 3.12 The Settings for Auto Routing Example 2: Policies ............................ 3-32
Table 3.13 The Settings for Auto Routing Example 2: Filters............................... 3-34
Table 3.14 WAN link information of Auto Routing Example 3............................... 3-35
Table 3.15 Auto Routing:Tunnel Routing Log Setting (San J ose Headquarters) . 3-36
Table 3.16 Auto Routing: Tunnel Group Setting (San J ose Headquarters).......... 3-36
Table 3.17 Auto Routing: Routing Rules Setting (San J ose Headquarters)......... 3-36
Table 3.18 Auto Routing:Auto Routing Policies Setting (San J ose HQs)............. 3-36
Table 3.19 Auto Routing:Auto Routing Filters Setting (San J ose Headquarters). 3-36
Table 3.20 Auto Routing:Tunnel Routing Log Setting (Shanghai Office) ............ 3-37
Table 3.21 Auto Routing Example: Tunnel Group Setting (Shanghai Office)....... 3-37
Table 3.22 Auto Routing Example: Routing Rules Setting (Shanghai Office) ...... 3-38
Table 3.23 Auto Routing:Auto Routing Policies Setting (Shanghai Office) ........ 3- 38
Table 3.24 Auto Routing:Auto Routing Filters Setting (Shanghai Office) ............. 3-38
Table 3.25 The Description of the Fields on Vitual Server Page.......................... 3-42
Table 3.26 The Settings for Virtual Server Example 1.......................................... 3-44
Table 3.27 The Settings for Virtual Server Example 2.......................................... 3-46
Table 3.28 The Description of the Fields in the Inbound BM Class Table............ 3-49
Table 3.29 The Description of the Fields in the Inbount BM Filter Table.............. 3-50
Table 3.30 The Settings for Inbound BM Example 1: Classes ............................. 3-52
Table 3.31 The Settings for Inbound BM Example 1: Filters ................................ 3-52
Table 3.32 The Settings for Inbound BM Example 2: Classes ............................. 3-54
Table 3.33 The Settings for Inbound BM Example 2: Filters ................................ 3-55
Table 3.34 The Description of the Fields in the Outbound BM Class Table......... 3-57
Table 3.35 The Description of the Fields in the Outbound BM Filter Table.......... 3-59
Table 3.36 The Settings for Outbound BM Example 1: Classes .......................... 3-60
Table 3.37 The Settings for Outbound BM Example 1: Filters ............................. 3-60
Table 3.38 The Settings for Outbound BM Example 2: Classes .......................... 3-62
Table 3.39 The Settings for Outbound BM Example 2: Filters ............................. 3-62
Table 3.40 The Settings of Connection Limit Log Interval .................................... 3-64
Table 3.41 The Settings of Connection Limit Rules.............................................. 3-65
AscenLink User Manual
XI
Table 3.42 The Description of the Fields in Cache Group....................................3-67
Table 3.43 The Description of the Fields in Redirect Rules ..................................3-68
Table 3.44 Description of Tunnel Route Log and Local Host ID...........................3-73
Table 3.45 The Description of the Fields in Tunnel Group....................................3-75
Table 3.46 The Description of the Fields in Routing Rules ...................................3-75
Table 3.47 The Description of the Fields in Persistent Rules................................3-76
Table 3.48 The Description of the Fields in Benchmark........................................3-77
Table 3.49 The Description of the Testing Page....................................................3-77
Table 3.50 Example of Tunnel Routing.................................................................3-78
Table 3.51 The Settings for Tunnel Routing Example 1: Tunnel Groups..............3-78
Table 3.52 The Settings for Tunnel Routing Example 1 : Routing Rules..............3-79
Table 3.53 The Settings for Tunnel Routing Example 2 : Tunnel Group...............3-79
Table 3.54 The Settings for Tunnel Routing Example 2 : Routing Rules..............3-79
Table 3.55 The Settings for Tunnel Routing Example 3 : Tunnel Group...............3-80
Table 3.56 The Settings for Tunnel Routing Example 3 : Routing Rules..............3-80
Table 3.57 The Settings for Tunnel Routing Example : Inbound BM Filter...........3-81
Table 3.58 The Settings for Tunnel Routing Example : Outbound BM Filter ........3-81
Table 3.59 TR Example 2: WAN LinkIinformation.................................................3-82
Table 3.60 TR Example 2: Settings of Log and Local Host ID (Beijing)................3-83
Table 3.61 TR Example 2: Tunnel Group Settings in Beijing Headquarters .........3-83
Table 3.62 TR Example 2: Routing Rules in Beijing Headquarters.......................3-83
Table 3.63 TR Example 2: Settings of Log and Local Host ID (Shanghai) ...........3-83
Table 3.64 TR Example 2: Tunnel Group Settings in Shanghai Office.................3-84
Table 3.65 TR Example 2: Routing Rules in Shanghai Office...............................3-84
Table 3.66 TR Example 3: WAN Link Information.................................................3-85
Table 3.67 TR Example 3: Settings of Log and Local Host ID (San J ose) ...........3-86
Table 3.68 TR Example 3: Tunnel Group Settings in San J ose Headquarters.....3-86
Table 3.69 TR Example 3: Routing Rules in San J ose Headquarters ..................3-87
Table 3.70 TR Example 3: Settings of Log and Local Host ID (Beijing)................3-87
Table 3.71 TR Example 3: Tunnel Group Settings in Beijing Branch Office.........3-87
Table 3.72 TR Example 3: Routing Rules in Beijing Branch Office.......................3-87
Table 3.73 TR Example 3: Settings of Log and Local Host ID (Hong Kong) ........3-88
Table 3.74 TR Example 3: Tunnel Group Settings in Hong Kong Branch Office..3-88
Table 3.75 TR Example 3: Routing Rules in Hong Kong Branch Office...............3-88
Content
XII
Table 3.76 TR Example 4: WAN Link Information................................................ 3-90
Table 3.77 TR Example 4: Settings of Log and Local Host ID (San J ose)........... 3-90
Table 3.78 TR Example 4: Tunnel Group Settings in San J ose Headquarters .... 3-90
Table 3.79 TR Example 4: Routing Rules in San J ose Headquarters.................. 3-91
Table 3.80 TR Example 4: Auto Routing policies in San J ose Headquarters....... 3-91
Table 3.81 TR Example 4: Auto Routing Filters in San J ose Headquarters......... 3-91
Table 3.82 TR Example 4: Settings of Log and Local Host ID (Beijing) ............... 3-91
Table 3.83 TR Example 4: Tunnel Group Settings in Beijing Branch Office......... 3-92
Table 3.84 TR Example 4: Routing Rules in Beijing Branch Office...................... 3-92
Table 3.85 TR Example 4: Settings of Log and Local Host ID (Hong Kong)........ 3-92
Table 3.86 TR Example 4: Tunnel Group Settings in Hong Kong Branch Office.. 3-93
Table 3.87 TR Example 4: Routing Rules in Hong Kong Branch Office............... 3-93
Table 3.88 TR Example 4: Auto Routing policies in Hong Kong Branch Office.... 3-93
Table 3.89 TR Example 4: Auto Routing Filters in Hong Kong Branch Office...... 3-93
Table 3.90 The Description of the Fields in Multihoming Global Setting.............. 3-97
Table 3.91 The Description of the Fields in Multihoming Policy........................... 3-99
Table 3.92 The Description of the Fields in Domain Setting............................... 3-100
Table 3.93 The Description of the Fields in Enable Relay.................................. 3-101
Table 3.94 Multihoming Example 1: Virtual Server Settings............................... 3-102
Table 3.95 Multihoming Example 1: Policy Settings........................................... 3-103
Table 3.96 Multihoming Example 1: Domain Settings........................................ 3-103
Table 3.97 Multihoming Example 2: Virtual Server Settings............................... 3-105
Table 3.98 Multihoming Example 2: Policy Settings........................................... 3-105
Table 3.99 Multihoming Example 2: Domain Settings........................................ 3-105
Table 3.100 The Description of the Fields in Global Setting............................... 3-107
Table 3.101 The Description of the Fields in Domain Setting............................. 3-108
Table 3.102 The Description of the Fields in SNMP V1/2................................... 3-109
Table 3.103 The Description of the Fields in SNMP V3.......................................3-110
Table 3.104 The Description of the Fields in IP-MAC MAPPING........................3-111
Table 4.1 Statistics/Traffic Field and Description.................................................... 4-6
Table 4.2 Statistics/BM Field and Description......................................................... 4-8
Table 4.3 Statistics/Persistent RoutingField and Description............................... 4-10
Table 4.4 Statistics/WAN Link Health Detection Field and Description................ 4-12
Table 4.5 Statistics/Dymatic IP WAN Link Field and Description.......................... 4-14
AscenLink User Manual
XIII
Table 4.6 Statistics/DHCP Lease InfoField and Description..................................4-16
Table 4.7 Statistics/RIP Status Field and Description............................................4-18
Table 4.8 Statistics/Tunnel Status Field and Description.......................................4-20
Table 4.9 Statistics/Tunnel Traffic Field and Description.......................................4-21
Table 4.10 Statistics/Connection Limit Field and Description................................4-23
Table 4.11 Statistics/Port Information Field and Description.................................4-24
Table 4.12 Statistics/Virtual Server Status Field and Description..........................4-26
Table 5.1 The Description of the Fields on Log/View Page. ...................................5-6
Table 5.2 The Description of the Fields on Log/Control Page.................................5-8
Table 5.3 Method: FTP ............................................................................................5-9
Table 5.4 Method: E-mai .........................................................................................5-9
Table 5.5 Notification and its Function.................................................................. 5-11
Table 5.6 SNMP Trap Setting................................................................................ 5-11
Table 5.7 Event Types to Notify............................................................................. 5-11
Table 5.8 The Description of the Fields on LinkReport Page................................5-13
Table 5.9 The Description of Events .....................................................................5-13
AscenLink
User Manual
1-1
Table of Content
Chapter 1 Quick Start .................................................................................................. 1-4
1.1 Preparation .............................................................................................................. 1-4
1.2 Access to the Web-based UI ................................................................................... 1-6
1.3 AscenLink Web-based UI Overview........................................................................ 1-8
1.4 How to use AscenLink Web-based UI ................................................................... 1-10
1.4.1 AscenLink Operating Menu...........................................................................1-10
1.4.2 AscenLink Rule/Filter/Policy Table................................................................ 1-12
1.4.3 Languages .................................................................................................... 1-14
1.5 Basic Network Settings.......................................................................................... 1-15
1.5.1 WAN Interface Configuration ........................................................................ 1-15
1.5.2 LAN Interface Configuration.......................................................................... 1-20
1.6 Typical Network Architecture with Multiple WAN Links.......................................... 1-23
1.7 Public IP Address Pass-Through........................................................................... 1-29
1.7.1 Use the Existing Firewall with AscenLink...................................................... 1-30
1.8 Hardware Installation............................................................................................. 1-31
1.8.1 How to rack-mount your AscenLink .............................................................. 1-31
1.8.2 Connecting AscenLink to other network devices .......................................... 1-31
1.9 AscenLink
in HA (High Availability) Mode .............................................................. 1-32
1.9.1 Installing AscenLink in HA mode...................................................................1-32
1.9.2 HA Setting .....................................................................................................1-33
Chapter 1 Quick Start
1-2
Figure
Figure 1.1 Cancel the Proxy Setting ............................................................................. 1-7
Figure 1.2 AscenLink web-based UI Operating Menu Items ...................................... 1-10
Figure 1.3 Configuring the WAN Interface in a Simple Network Environment ........... 1-15
Figure 1.4 VLAN Port Mapping................................................................................... 1-16
Figure 1.5 Basic Setting.............................................................................................. 1-17
Figure 1.6 Basic Subnet Setting ................................................................................. 1-19
Figure 1.7 Basic Subnet Settings................................................................................ 1-22
Figure 1.8 Network Architecture with Multiple WAN Links.......................................... 1-23
Figure 1.9 Multiple WAN Links Example: VLAN and Port Mapping............................ 1-24
Figure 1.10 Multiple WAN Links Example: WAN Link 1.............................................. 1-25
Figure 1.11 Multiple WAN Links Example: WAN Link 2.............................................. 1-26
Figure 1.12 Multiple WAN Links Example: WAN Link 2.............................................. 1-27
Figure 1.13 Multiple WAN Links Example: LAN Private Subnet................................. 1-28
Figure 1.14 Public IP Address Pass-Through............................................................. 1-29
Figure 1.15 Use the Existing Firewall with AscenLink ................................................ 1-30
Figure 1.16 Racking-mount your AscenLink............................................................... 1-31
Figure 1.17 HA Console Port ...................................................................................... 1-32
AscenLink
User Manual
1-3
Table
Table 1.1 Buttons......................................................................................................... 1-11
Table 1.2 Operating Rules........................................................................................... 1-12
Table 1.3 Checkbox..................................................................................................... 1-13
Table 1.4 Local LAN Setting ........................................................................................ 1-20
Table 1.5 DHCP Server Setting................................................................................... 1-21
Table 1.6 The Cable Type for Connecting AscenLink to Other Network Devices ....... 1-31
Chapter 1 Quick Start
1-4
Chapter 1 Quick Start
This chapter will explain the basic functions of AscenLink and how to operate and
configure the system. It will also cover related subjects in network structures and
hardware installation which will help you during initial setup of AscenLink.
1.1 Preparation
Before you get started, there are a few things you need to know:
The number and position of LAN ports are slightly different in each AscenLink
model. The AscenLink 430 for example, has five network interfaces. The second
to last interface is a LAN port and the last one is a DMZ port. But this does not
apply to other models.
The default IP address for LAN interface is 192.168.0.1
Your IP addresses for computers in the LAN should be changed to 192.168.0.2
(or 192.168.0.x) in order to avoid conflicts with the default LAN port.
Connect your computers in the LAN with AscenLink via a cross-over cable,
which is a standard attachment of the product.
Access the web-based administration UI, open https://192.168.0.1/ in your
Internet Explorer 6.0.
The default password for the administrator account is 1234, and 5678 for the
monitor account. We strongly recommend you modify the passwords at your
initial log into the web-based UI. It is also a wise idea to write down your
changed passwords and keep in a safe place for future reference.
Check your network environment carefully before installing AscenLink. A
well-designed network environment with the necessary information such as your
network structure, IP addresses allocation, and network segments information
will help you complete the setup of AscenLink parameters.
AscenLink
User Manual
1-5
AscenLink uses a web-based management user interface (Web-based UI). Due
to internal design constraints, you have to use MS Internet Explorer 6.0 (IE 6.0),
or higher to access the Web-based UI. A screen resolution of 800x600 or higher
is also recommended.
Use a cross-over cable to access AscenLink Web-based UI connecting with the
LAN port. AscenLink is shipped with two optional types of CAT-5 network cable:
a cross-over, and a straight cable. Please ensure to use the cross-over cable to
connect the computer with LAN port of AscenLink, the LED of LAN port will light
up once it is properly connected.
Chapter 1 Quick Start
1-6
1.2 Access to the Web-based UI
The Web-based UI enables you to easily perform every configuration task.
Follow the steps below to access the Web-based UI:
1. Connect your PC Ethernet LAN interface with LAN port of AscenLink by a
cross-over cable, the default management LAN port of AscenLink
is port 4
(interface indicated as 4). You can change the interface attributes when
necessary, such to WAN, LAN or DMZ.
2. After powering on AscenLink, self diagnosis provides 3 short beep noises to
indicate that AscenOS is initialized and activated, the LED of LAN port will turn to
orange.
3. Assign your PC Ethernet LAN interface with an IP - 192.168.0.2, and a subnet
mask - 255.255.255.0, for example.
4. Turn off the proxy setting of your IE browser, no proxy server is required in order to
access AscenLinks Web-based UI. Open MS IE 6.0, select Internet Option on
the menu bar of Tools, click the Connection tab, and then click LAN settings to
open Local Area Network Settings dialog box, under Proxy server, make sure
proxy server is not selected.
5. In the URL of IE 6.0, type in https://192.168.0.1 to access the Web-based UI, and
make sure it is https instead of http so you have a secure connection between
AscenLink and the host PC.
6. AscenLink provides two types of user accounts:
Administrator Has privileges to monitor and modify system parameters.
Monitor Can only monitor.
AscenLink allows up to 1 administrator and 5 monitors to access concurrently.
When the later-coming Administrator logs in, the former one will be automatically
logged out and become a Monitor.
Default password for Administrator and Monitor are 1234 and 5678, respectively.
AscenLink
User Manual
1-7
Recommendation: change the password the first time you log in for easy
management.
Figure 1.1 Cancel the Proxy Setting
Chapter 1 Quick Start
1-8
1.3 AscenLink Web-based UI Overview
After logging in, you will be able to start configuring or monitoring AscenLink
through the Web-based UI.
The Web-based UI tasks are grouped into five categories:
System
Service
Statistic
Log
Language
The categories are located at the top left corner of the Web-based UI task bar.
These categories cover all the configuration possibilities in AscenLink. A
detailed description of each category will be covered in subsequent chapters.
AscenLink
User Manual
1-9
Changing Password
Log in as an Administrator in the Web-based UI and modify the Administrator or
Monitor password by performing the following steps:
1. Log in as: Administrator. Enter the default password: 1234.
2. Click System and then Administration at the top of the window.
3. Under the field Administrator Password, select Administrator in the Select
Account field, and then type your new password in both New Password and
Password Verification fields.
4. Click Set Password to accept the new password you just set.
Note:
The change is updated instantaneously on AscenLink; there is no need to restart the
system, please use the new password next time you log in.
If you forget your administrator password, use a Terminal (VT-100 compatible)
to establish the connection between PC RS-232 series port and AscenLink
Console interface (Default User Account: Administrator, Password: ascenlink),
execute resetpasswd command to restore password back to the default setting.
Please refer to Appendix in this manual for more information about Console
commands.
Changing Language
AscenLinks Web-based UI supports multiple languages. To swap the display of
language, you can click Language on the menu; two types of languages are
available, English or Simplified Chinese.
Chapter 1 Quick Start
1-10
1.4 How to use AscenLink Web-based UI
This section describes the operations and arrangement of Web Base UI, Figure
1.2 displays the operating menu of AscenLink Web-based UI system after initial
log-in.
Figure 1.2 AscenLink web-based UI Operating Menu Items
1.4.1 AscenLink Operating Menu
The operating menu contains five categories, which are System, Service,
Statistics, Log, and Language; and each category has its own submenu.
System/Summary in Figure 1.2 indicates the current working menu, while
Administrator@192.168.0.74 indicates login account is Administrator at
system name of 192.168.0.74.
Click Logout at the top right corner of the window to exit the system.
Apply, Reload, Help/Hide Help buttons are always displayed on the operating
menu, and the functions are described as below:
Button Function
After modifying the parameters of specific menu page, click this
button to save your changes to memory, the old settings will
also be saved.
Click this button to recover the old settings which Appl y had
saved.
Click the Help button to display the online help of the current
page, the online help information will automatically swap when
AscenLink
User Manual
1-11
you change the function page or language.
Click Hide Help to hide the on-line help information.
Table 1.1 Buttons
Note:
The Apply and Reload buttons here are active only on certain pages, any parameters
modified without clicking Apply will not be saved to the memory. Remember to click Apply
when you are ready to move to the next page menu or logout.
Chapter 1 Quick Start
1-12
1.4.2 AscenLink Rule/Filter/Policy Table
Orders of Rules/Filters/Policies
When you perform tasks such as setting system parameters or defining service
policies, you are often required to add or delete rules of your own. In general,
when you have multiple rules in one table, AscenLink matches these rules from
top to bottom (top-down evaluation). That is, the rules at the top of the table are
given a higher precedence. Thus, to achieve the outcome of your desire, the
more specific rules should be placed on top of the less specific rules.
Here are a few icons you will see in these tables, and their meanings are:
Add a new rule below the current rule.
Move the current rule one row down.
Move the current rule one row up.
Delete the current rule.
Write a note for the current rule.
Table 1.2 Operating Rules
The newly added rule will be placed right below the current rule. Moving the rule
up or down will swap positions between the upper and lower rules.
Checkbox
It is quite common that the following checkboxes exist in some tables. These
checkboxes indicate whether certain functions are enabled or not. A red check
sign inside a checkbox stands for enabled, and an empty checkbox means
disabled. For example, you can enable logging for a rule by checking its
checkbox in the rule table.
AscenLink
User Manual
1-13
The function is disabled.
The function is enabled.
Table 1.3 Checkbox
So far, we have only mentioned the basic operations of the Web-based UI. In
the next section, more instructions on how to integrate AscenLink into your
present network environment will be covered.
Chapter 1 Quick Start
1-14
1.4.3 Languages
To select your preferred language, move your mouse cursor over the last item
Language on the menu bar. A list of available languages will be shown on the
sub-menu. English and Simplified Chinese are offered to select in this version.
AscenLink
User Manual
1-15
1.5 Basic Network Settings
1.5.1 WAN Interface Configuration
In this section, we will walk you through a simple example to configure
AscenLink step by step. The network architecture in this example is illustrated
as below.
Figure 1.3 Configuring the WAN Interface in a Simple Network Environment
Once the topology is set, we must define the network interfaces. Because
AscenLink provides the flexibility of configuring network interfaces individually,
you can define each port to be either a WAN, LAN, or DMZ port.
In this example, we would like to map Port2 as a WAN port, Port1 as a LAN port,
Chapter 1 Quick Start
1-16
and Port5 as a DMZ port. To achieve this, go to [System] -> [Network Settings]
-> [VLAN and port Mapping]. This is the place where the network interfaces are
defined. For the above settings, the table will display like the one below:
Figure 1.4 VLAN Port Mapping
After configuring your VLAN and Port Mapping, the next step is WAN setting
configuration. [WAN Setting] is located on the same page as [VLAN and Port
Mapping]. Click on the [WAN Setting] Tab, you will see the page for WAN
setting. Before configuring your WAN setting, make sure you know the gateway
by differentiate between public IPs from your ISP. Information like this should
have been given to you when first applied for a WAN connection with your ISP.
They are essential to make your WAN connection work properly.
AscenLink
User Manual
1-17
The procedure for configuring WAN settings is listed below:
1. Select the number of WAN links you want to configure. If you have multiple links,
you can only edit one WAN link at a time, according to priority.
2. In the [Basic Setting] table, tick the checkbox next to Enable to activate the WAN
link.
3. [WAN Type] Select your WAN type in the second field. Several options are
available in this dropdown list. The WAN type depends on how your ISP allocates
the WAN links. If you are given a sub-network with a group of public IPs, you
should choose Routing Mode; or, if you are given a single public IP, you need to
configure your WAN type as Bridge Mode: One Static IP. In this example, we
assume our WAN type is in Routing Mode.
4. [Down Stream] & [Up Stream] In the thrid and fourth field, fill in your upstream and
downstream bandwidth limits of your WAN link.
5. [Default Gateway] Fill in the gateways IP address in the fifth field. In this example,
it is 211.33.10.9 (Router Address).
6. [MTU] defines packet size in transmission, e.g. 1500.
7. [WAN Port] Fill the last field with the physical port number the WAN link is
connected to. This is the phyiscal port on AscenLink. In this example, Port2.
Figure 1.5 Basic Setting
Chapter 1 Quick Start
1-18
After finishing your [Basic Setting] table, you will then provide information on
your subnet [Basic Subnet]:
1. There are several options in [Subnet Type]. We use [Subnet in WAN and DMZ],
the most common case in network architectures.
2. [IP(s) on Localhost] Fill the IP addresses on AscenLink in the [IP(s) on Localhost]
field. These IP addresses are allocated from ISP. In this example, they are two IPs
binding with Port 2: 211.30.10.11 and 211.30.10.12. You can add a new IP
address by clicking [+] icon or add a continuous range of IP addresses by using a
hyphen - that connects the starting IP and the ending IP address, for example,
211.30.10.11-211.30.10.12.
3. [IP(s) in WAN] Fill the IP addresses of the WAN in the [IP(s) in WAN] field. In this
example, they are 211.30.10.9 and 211.30.10.13. The former is the IP address of
the gateway. The latter is the IP address of the server in the WAN.
4. [Netmask] Fill in the netmask provided by your ISP. In this example, it is
255.255.255.248.
5. [DMZ Port] Specify your DMZ port in the [DMZ port] field. In this example, port 5
on AscenLink is used as DMZ port. To specify the port for different functions (WAN,
LAN, DMZ, etc.), please setup at [VLAN and Port Mapping].
6. When machines in a WAN environment take AscenLink as DHCP Server to assign
dynamic IP address, administrators are allowed to enable DHCP and specify the
IP range of client end. When machines uses static IP, administrators are allowed
to specify the designated IP in [Static Mapping] and the MAC address of the
internet interface of these machinese as well.
7. Press [Apply] to update all the parameters you have just entered.
This is the part related to WAN settings. We will move to LAN settings in the
next section.
AscenLink
User Manual
1-19
Figure 1.6 Basic Subnet Setting
Chapter 1 Quick Start
1-20
1.5.2 LAN Interface Configuration
AscenLink provides DMZ with IP Pass Through, it can be configured at [System]
-> [Networking Setting] -> [LAN Private Subnet].
You can assign a Public IP to a machine in DMZ, now all packets will be moved
transparently to the WAN interface through AscenLink with the IP Pass Through
feature.
When a LAN client wants to access WAN IP addresses of virtual servers,
sometimes the packets may bypass AscenLink and cause connection failure.
You can enable NAT Subnet for Virtual Server to force the client's source IP
address to be translated into this LAN's IP address to assure all packets form
client will pass through AscenLink.
Local LAN Setting
Assign the IP address to a specific LAN port can be done in the Subnet Detail
table.
Field Description
IP(s) on Localhost Identify the localhost IP address of specific LAN
port.
Netmask Identify the subnet mask of specific LAN port.
LAN Port Identify the LAN port ID.
Table 1.4 Local LAN Setting
AscenLink
User Manual
1-21
DHCP Server Setting
If you would like to assign dynamic IPs to the client hosts with the same subnet,
enable the DHCP Server to perform this task. DHCP static mapping is
supported.
Field Description
Enable DHCP To enable the DHCP server on the specific LAN port interface
Starting Address Specify the range of starting addresses that the DHCP server can
assign.
Ending Address Specify the range of ending addresses that the DHCP server can
assign.
Static Mapping You can configure a client reservation to reserve a specific IP
address for use by a DHCP client host, so the client host always
has the same address.
In IP address box, type the IP address that you want to reserve for
a specific client.
In MAC Address box, type the MAC address of the hosts network
adapter. Do use colon in the MAC address.
Table 1.5 DHCP Server Setting
To configure your LAN settings, go to [System]->[Networking Setting]->[LAN
Private Subnet].
AscenLink provides DMZ with public IP pass through. In this example, we have
a public IP 211.30.10.14 in DMZ. AsecnLink will simply let all packets from the
WAN to this address pass through.
The remaining work is to setup the IP for the LAN interface. In this example,
please input 192.168.100.254 in [IP(s) on Localhost] and 255.255.255.0 in
[Netmask].
When machines in a LAN environment takes AscenLink as DHCP server, first
check the box to enable DHCP and specify DNS Server IP. Ordinarily, DNS
Chapter 1 Quick Start
1-22
Server IPs are designated in network environment for the purpose of inquiring.
DNS Server can be placed in the LAN where AscenLink is deployed. Note that
DNS Server IP must be one that can communicate with AscenLink. Then fill in
the IP addresses that are allocated to the LAN hosts. For certain hosts that use
fixed IPs, please also fill in their MAC addresses and their static IP addresses in
the [Static Mapping] field.
Click [Apply] when you finish the LAN settings. It will not update the system
parameters until you apply. The finished LAN setting for this example displays
like the figure below:
Figure 1.7 Basic Subnet Settings
AscenLink
User Manual
1-23
1.6 Typical Network Architecture with Multiple WAN
Links
AscenLink
can reveal its full power in a network with multiple WAN links. In the
next example, we will illustrate how to setup your AscenLink with multiple WAN
links (please see the figure below). Assume we have two WAN links, WAN1 and
WAN2 from different ISPs and both of them use public IPs for the WAN ports.
The LAN interface is using private IP, and configuring AscenLink as the gateway
for the LAN. The DMZ interface is configured as another gateway. All the hosts
in the LAN are connected to the Internet (WAN) using NAT/NAPT (Network
Address/Port Translation) through AscenLink.
Figure 1.8 Network Architecture with Multiple WAN Links
The above example requires you to configure settings in different tabs under
[System]->[Network Setting]:
Chapter 1 Quick Start
1-24
[VLAN and Port Mapping]: define AscenLinks interfaces (WAN, LAN or DMZ)
[WAN setting]: configure your settings for both WAN links
[WAN/DMZ Private Subnet]: configure your DMZ settings
[LAN Private Subnet]: configure your LAN settings
You may refer to the network architecture figure above; their settings for each
tab are shown below:
VLAN and Port Mapping:
Port1 WAN
Port2 WAN
Port3 LAN
Port4 DMZ
Figure 1.9 Multiple WAN Links Example: VLAN and Port Mapping
AscenLink
User Manual
1-25
WAN Setting:
The parameters for WAN link 1 are shown as below: assuming that both of its
upstream and downstream bandwidth is 512k, and the Netmask is
255.255.255.248.
Figure 1.10 Multiple WAN Links Example: WAN Link 1
WAN link 2 is configured in a similar manner:
Chapter 1 Quick Start
1-26
Figure 1.11 Multiple WAN Links Example: WAN Link 2
WAN/DMZ Private Subnet:
In this example, the sub-network connected to the DMZ interface is allocated
with a private IP address. Therefore, the DMZ interface is the gateway for the
sub-network in DMZ.
AscenLink
User Manual
1-27
Figure 1.12 Multiple WAN Links Example: WAN Link 2
LAN Private Subnet
Lastly, we configure the settings for the LAN interface. In this example,
AscenLink is the DHCP server of the LAN, which is shown as the figure below:
Chapter 1 Quick Start
1-28
Figure 1.13 Multiple WAN Links Example: LAN Private Subnet
AscenLink
User Manual
1-29
1.7 Public IP Address Pass-Through
The advantage of public IP-Address pass-through is that the efforts of
configuring network settings are minimized. You can simply move the hosts with
public IPs to DMZ and leave them as they are. They will work as well as they
were before. There is no need to configure AscenLink or the hosts themselves.
In the figure below, we place a public IP 211.21.38.43 at a host in DMZ. This
public IP is in the same network segment with WAN 1 port, so all the packets to
211.21.38.43 will be passed through from WAN 1 to DMZ. That means the DMZ
port is actually linked to the WAN 1 port (shown as a dotted line in the figure
below), and the gateway of the host in DMZ is the same as the gateway of WAN
1 Port.
Figure 1.14 Public IP Address Pass-Through
Chapter 1 Quick Start
1-30
1.7.1 Use AscenLink with the Existing Firewall
For those who have installed the firewall in their existing network, they can
simply connect the firewall to the DMZ interface of AscenLink without changing
any settings, even if the firewall is attached to the subnet with public or private
IPs.
Figure 1.15 Use the Existing Firewall with AscenLink
AscenLink
User Manual
1-31
1.8 Hardware Installation
1.8.1 How to rack-mount your AscenLink
AscenLink is shipped with screws for industrial standard rack. Please use these
screws in the box and rack-mount your machine by referring to Figure 1.16.
Figure 1.16 Racking-mount your AscenLink
1.8.2 Connecting AscenLink to other network devices
Based on the types of network devices and environment, the cable used for
connecting can differ. For some of them, it requires cross-over cables, but
others may require straight-through cables. The table below shows the cable
type used for connecting different types of network devices:
WAN or LAN device Cable Type
Router Cross-Over
Firewall Cross-Over
Server Cross-Over
Hub Straight-Through
Switch Straight-Through
Table 1.6 The Cable Type for Connecting AscenLink to Other Network Devices
Chapter 1 Quick Start
1-32
1.9 AscenLink
in HA (High Availability) Mode
1.9.1 Installing AscenLink
in HA mode
Two AscenLink units
can be linked together and work as the backup for one
another. This is called HA (High Availability) mode as it provides stronger
reliability in case any of the AscenLink units is down.
AscenLink
is designed with fault tolerance. The firmware OS (Operating System)
and programs are stored in flash memory; therefore the system will not be
damaged during a blackout. However, if you are running mission-critical or
non-stop services over your network, HA mode offers fault tolerance at the
hardware level.
When two AscenLinks
are linked together, the current active one is called
master for regular operation. The other one serves as slave for backup, and
will only be woken up when the master AscenLink
fails to function properly.
Figure 1.17 HA Console Port
You just need to connect them with a 9-pin RS-232 cable (Null Modem Cable).
Attach both ends of the cable to the HA ports of the two AscenLink units
respectively. Null Modem Cable is the standard accessory shipped with
AscenLink.
AscenLink
User Manual
1-33
1.9.2 Setting Up HA
How HA Works
When both AscenLink units are on, only the master will handle the network
traffic. The slave machine is in sleep mode during this stage. If the master is
down for some reason, the slave AscenLink will be automatically woken up and
will take over the job to ensure uninterrupted services. In addition, AscenLink
also supports circurt level HA for both LAN and DMZ connection to eliminate
single point failure in the entire deployment for 100% HA.
Activating HA Mode
Firstly, install the master AscenLink and make sure it works properly on your
present network.
Secondly, connect the slave AscenLink to the master AscenLink with the 9-pin
serial cable.
Thirdly, turn on the power of the slave AscenLink.
Next, you will see the status of the slave AscenLink on the Web-based UI under
[System] -> [Summary] -> [Peer Information].
On this stage, the HA mode is activated. Once the master is down, the slave will
take over and keep the network alive automatically.
Note:
1. If the serial cable is disconnected during the operation, it will cause unexpected errors.
Be sure the cable is plugged tightly to both machines.
2. As long as the master can find the slave, the HA mode is activated.
AscenLink User Manual
2-1
Table of Content
Chapter 2 System.......................................................................................................... 2-5
2.1 Summary .......................................................................................................... 2-6
2.2 Network Setting ....................................................................................................... 2-8
2.2.1 DNS Server ...................................................................................................... 2-10
2.2.2 VLAN and Port Mapping .................................................................................. 2-12
2.2.3 WAN Setting..................................................................................................... 2-19
2.2.4 WAN/DMZ Private Subnet ...............................................................................2-39
2.2.5 LAN Private Subnet ......................................................................................... 2-49
2.3 WAN Link Health Detection................................................................................... 2-56
2.4 Optimum Route Detection ..................................................................................... 2-58
2.5 Port Speed/Duplex Setting .................................................................................... 2-61
2.6 Backup Line Setting............................................................................................... 2-63
2.7 IP Grouping............................................................................................................ 2-65
2.8 Service Grouping................................................................................................... 2-67
2.9 Busyhour Setting ................................................................................................... 2-69
2.10 Diagnostic Tools................................................................................................... 2-72
2.11 Date/Time............................................................................................................. 2-76
2.12 Central Management ........................................................................................... 2-77
2.13 Administration...................................................................................................... 2-78
Chapter 2 System
2-2
Figure
Figure 2.1 The Location of System/Summary on the Menu Bar ............................ 2-5
Figure 2.2 The Location of System/Network Setting on the Menu Bar .................. 2-8
Figure 2.3 The Location of DNS Server on the Menu Bar.................................... 2-10
Figure 2.4 The Location of VLAN and Port Mapping on the Menu Bar................ 2-12
Figure 2.5 VLAN Switch and AscenLink ................................................................. 2-13
Figure 2.6 LAN and DMZ HA Deployment Sample................................................. 2-14
Figure 2.7 UI configuration for Redundant LAN/DMZ Port ..................................... 2-15
Figure 2.8 Support Switch HA................................................................................. 2-16
Figure 2.9 Settings for Switch HA Support.............................................................. 2-17
Figure 2.10 LAN Private Subnet Settings for Switch HA Support............................. 2-18
Figure 2.11 The Location of WAN Setting on the Menu Bar .................................. 2-19
Figure 2.12 WAN Setting / Basic Setting .................................................................. 2-20
Figure 2.13 Types of Basic Subnets ......................................................................... 2-23
Figure 2.14 Types of Static Routing Subnet.............................................................. 2-23
Figure 2.15 Subnet in WAN of Basic Subnet ............................................................ 2-24
Figure 2.16 Subnet in WAN Setting of Basic Subnet................................................ 2-25
Figure 2.17 Subnet in DMZ of Basic Subnet ............................................................ 2-26
Figure 2.18 Subnet in DMZ Setting of Basic Subnet ................................................ 2-27
Figure 2.19 Subnet in WAN and DMZ of Basic Subnet ............................................ 2-28
Figure 2.20 Subnet in WAN and DMZ Setting in Basic Subnet ................................ 2-29
Figure 2.21 Subnet on Localhost of Basic Subnet.................................................... 2-30
Figure 2.22 Subnet on Localhost Setting of Basic Subnet ....................................... 2-30
Figure 2.23 Subnet in WAN of Static Routing Subnet............................................... 2-31
Figure 2.24 Subnet in WAN Setting of Static Routing Subnet .................................. 2-31
Figure 2.25 Subnet in DMZ of Static Routing Subnet ............................................... 2-32
Figure 2.26 Subnet in DMZ Setting of Static Routing Subnet................................... 2-32
Figure 2.27 Bridge Mode: One Static IP ................................................................... 2-33
Figure 2.28 Bridge Mode: One Static IP Setting ....................................................... 2-34
Figure 2.29 Bridge Mode: Multiple Static IP.............................................................. 2-35
Figure 2.30 Bridge Mode: Multiple Static IP Setting.................................................. 2-36
Figure 2.31 Bridge Mode: PPPoE Setting................................................................. 2-37
Figure 2.32 Bridge Mode: DHCP Client Setting........................................................ 2-38
Figure 2.33 The Location of WAN/DMZ Private Subnet on the Menu Bar............. 2-39
Figure 2.34 Types of Subnets in WAN/DMZ............................................................. 2-40
AscenLink User Manual
2-3
Figure 2.35 Types of Subnets in Static Routing Subnet ............................................ 2-40
Figure 2.36 Subnet in WAN of Basic Subnet in WAN/DMZ....................................... 2-41
Figure 2.37 Subnet in WAN Setting of Basic Subnet in WAN/DMZ .......................... 2-41
Figure 2.38 Subnet in DMZ of Basic Subnet in WAN/DMZ....................................... 2-42
Figure 2.39 Subnet in DMZ Setting of Basic Subnet in WAN/DMZ........................... 2-43
Figure 2.40 Subnet in WAN/DMZ of Basic Subnet in WAN/DMZ.............................. 2-44
Figure 2.41 Subnet in WAN/DMZ Setting of Basic Subnet in WAN/DMZ ................. 2-45
Figure 2.42 Subnet on Localhost of Basic Subnet in WAN/DMZ.............................. 2-46
Figure 2.43 Subnet on Localhost Setting of Basic Subnet in WAN/DMZ.................. 2-46
Figure 2.44 Subnet in WAN of Static Routing Subnet in WAN/DMZ......................... 2-47
Figure 2.45 Subnet in WAN Setting of Static Routing Subnet in WAN/DMZ............. 2-47
Figure 2.46 Subnet in DMZ of Static Routing Subnet in WAN/DMZ.......................... 2-48
Figure 2.47 Subnet in DMZ Setting of Static Routing Subnet in WAN/DMZ ............. 2-48
Figure 2.48 The Location of LAN Private Subnet on the Menu Bar........................ 2-49
Figure 2.49 LAN Private Subnet / Basic Subnet .......................................................2-50
Figure 2.50 LAN Private Subnet / Basic Subnet Setting........................................... 2-51
Figure 2.51 LAN Private Subnet/ RIP Configuration ................................................. 2-52
Figure 2.52 LAN Private Subnet/ OSPF Setting........................................................ 2-53
Figure 2.53 LAN Private Subnet / Static Routing Subnet .......................................... 2-55
Figure 2.54 LAN Private Subnet / Static Routing Subnet Setting.............................. 2-55
Figure 2.55 The Location of System/WAN Link Health Detection on Menu Bar..... 2-56
Figure 2.56 The Location of System/ Optimum Route Detection on Menu Bar...... 2-58
Figure 2.57 The Location of System/Port Speed Duplex Setting on Menu Bar...... 2-61
Figure 2.58 The Location of System/Backup Line Setting on the Menu Bar .......... 2-63
Figure 2.59 The Location of System/IP Grouping on the Menu Bar ....................... 2-65
Figure 2.60 The Location of System/Service Grouping on the Menu Bar .............. 2-67
Figure 2.61 Service Grouping....................................................................................2-68
Figure 2.62 The Location of System/Busyhour Setting on the Menu Bar............... 2-69
Figure 2.63 A Busy-hour Setting Example ................................................................ 2-70
Figure 2.64 The Location of System/Diagnostic Tools on the Menu Bar ................ 2-72
Figure 2.65 The Location of System/Date/Time on the Menu Bar.......................... 2-76
Figure 2.66 The Location of System/Administration on the Menu Bar ................... 2-77
Figure 2.67 The Location of System/Administration on the Menu Bar ................... 2-78
Chapter 2 System
2-4
Table
Table 2.1 System Information.................................................................................. 2-6
Table 2.2 Peer Information ...................................................................................... 2-6
Table 2.3 Optional Functions Information................................................................ 2-7
Table 2.4 VLAN Tag and AscenLink Port Mapping................................................ 2-13
Table 2.5 Field description for the Redundant Port configuration ......................... 2-15
Table 2.6 Basic Setting Table in Routing Mode..................................................... 2-22
Table 2.7 OSPF Settings Table ............................................................................. 2-54
Table 2.8 Static IP table setting of Optimum Route Detection............................... 2-59
Table 2.9 Dynamic detection setting of Optimum Route Detection....................... 2-60
Table 2.10 Port Speed/Duplex Setting .................................................................... 2-62
Table 2.11 Threshold Parameters ........................................................................... 2-64
Table 2.12 Backup Line Rules................................................................................. 2-64
Table 2.13 IP Grouping............................................................................................ 2-66
Table 2.14 Rules Setting of IP Grouping ................................................................. 2-66
Table 2.15 Busy-hour Setting .................................................................................. 2-70
Table 2.16 Central Management Setting................................................................. 2-77
Table 2.17 Administration Password Setting........................................................... 2-79
Table 2.18 Monitor Password Setting...................................................................... 2-80
AscenLink User Manual
2-5
Chapter 2 System
In this chapter, you will learn how to configure the system settings. These are the
fundamental configurations of the AscenLink system and they have to be defined in order
for the system to work properly. However, most of the settings have default values so you
do not have to configure them if the default settings fit your requirements. There is one
exception: Network Setting. You have to set up your network configuration according to
your intranet network structure and the necessary information from your Internet service
providers (ISPs).
Figure 2.1 The Location of System/Summary on the Menu Bar
Chapter 2 System
2-6
2.1 Summary
System/Summary is the first page you see when logging into AscenLinks
web-based UI. It provides basic information of the system in three categories:
System Information, Peer Information, WAN Link State and Optional
Functions Information. Peer Information is available only if the AscenLink is
running in HA mode (either as a master or a slave).
Contents of System Information and Peer Information
Category Field Description
Version
Firmware Version of this
AscenLink
Serial Number Serial number of this AscenLink
Uptime Time since last reboot
Connections Number of connections
CPU Usage % CPU usage
System
Information
Packets / Second
Number of packets serviced per
second
Table 2.1 System Information
Category Field Description
Version
Firmware Version of slave
AscenLink
Serial Number Serial number of slave AscenLink
Uptime Time since slave last reboot
Peer Information
State Always be Slave
Table 2.2 Peer Information
Note:
Connections may jump up to over 100 when AscenLink is starting up. This is due to many
ICMP packets sent out from AscenLink to test the network. It will drop back to normal there
after.
AscenLink User Manual
2-7
WAN Link State
The section on WAN Link State shows the current status of each and every WAN
link. Each WAN link is color-coded representation in each block with the following
color coding scheme to indicate its status:
Green: Active WAN link
Blue: Backup WAN link
Red: Broken WAN link
Black: WAN link not in use
Different AscenLink models allow different numbers of WAN links. Therefore, the
number of status blocks indicates the maximum number of WAN links for this
AscenLink model.
Contents of Optional Functions Information
Category Field Description
Functions
Display the name of the optional
functions, e.g: "Layer 7 Bandwidth
Management" or Tunnel Routing
Note: ONLY Simplified Chinese
version has "Layer 7 Bandwidth
Management" option.
Enabled
Display if the optional function is
enabled
Optional Functions
Information
Remarks
If it is the DEMO version, the
number of days left to use this
function will be shown here;
otherwise, it will be blank.
Table 2.3 Optional Functions Information
Chapter 2 System
2-8
2.2 Network Setting
Figure 2.2 The Location of System/Network Setting on the Menu Bar
System/Network Setting is an important part of system configuration, covering
WAN, LAN, and DMZ settings.
System/Network Setting contains 5 sub-menu items. They are:
DNS Server: In this page, you can specify the IP address of a DNS server used
by AscenLink.
VLAN and Port Mapping: In this page, you can assign WAN, LAN, or DMZ links
to physical network ports or VLAN tags.
WAN Setting: In this page, you can specify the WAN type and the parameters of
each WAN link.
AscenLink User Manual
2-9
WAN/DMZ Private Subnet: In this page, you can specify private subnets in
WAN or DMZ.
LAN Private Subnet: In this page, you can specify private subnets in a LAN.
Chapter 2 System
2-10
2.2.1 DNS Server
Figure 2.3 The Location of DNS Server on the Menu Bar
In this page, you can specify the IP address of a DNS server. AscenLink will use
it to resolve machine names to obtain IP addresses. Either input the IP address
or the domain name suffix of the DNS server. Users are also allowed to define
the host name of DNS server in the network. The following is the list of five
functions using this;
System/Diagnostic Tools: Ping and Trace
Service/Cache: Cache Server setting
Log/Control: SMTP and FTP Server setting
Log/Notification: SMTP Server setting
AscenLink User Manual
2-11
Serial Console: ping and traceroute commands
Note that this DNS server is not required for AscenLink to work properly. If you
don't specify a DNS server, you can still use all the functions listed above by
entering the IP address instead of the FQDN.
Chapter 2 System
2-12
2.2.2 VLAN and Port Mapping
Figure 2.4 The Location of VLAN and Port Mapping on the Menu Bar
(1) VLAN and Port Mapping
Please plan your network structure prior to the deployment of AscenLink into the
network. For instance, you will need to plan which port tol be used for WAN1. You
can assign how to map WAN, LAN, or DMZ links to physical network ports.
Certain models of AscenLink can support 802.1q VLAN (not Ciscos ISL). This is
very handy in a big network structure with VLAN-capable switches. You can map
WAN, LAN, or DMZ links to different VLAN by specifying different VLAN tags. This
allows better traffic separation and more port assignment flexibility.
AscenLink User Manual
2-13
We use the following example to illustrate VLAN configuration:
Figure 2.5 VLAN Switch and AscenLink
In this example, Port 1 of AscenLink is connected to a VLAN switch. In the page of
[System]->[Network Setting]->[VLAN and Port Mapping], we define the following
LAN tag mapping:
Port VLAN Tag Mapping
101 WAN
102 WAN
103 LAN
Port 1
104 DMZ
Port 2 no VLAN tag None
Port 3 no VLAN tag None
Port 4 no VLAN tag None
Table 2.4 VLAN Tag and AscenLink Port Mapping
Chapter 2 System
2-14
With this configuration, Port 1 of AscenLink will no longer accept non-VLAN
packets. Network interfaces 101 and 102 on the VLAN switch are connected to
WAN links. Interface 103 is connected to LAN, and interface 104 is connected to
DMZ. This example demonstrates that by supporting VLAN, one port can become
multiple virtual links.
(2) LAN and DMZ Port High Availability (Redundancy)
AscenLink supports the LAN and DMZ port level HA to remove the single point of
failure in the entire deployment chain. To solve this problem, AscenLinks LAN and
DMZ ports have bridging function that prioritizes the spanning tree algorithm set to
the highest setting (0xffff) to avoid looping in your network.
The Figure below illustrates the HA deployment:
Figure 2.6 LAN and DMZ HA Deployment Sample
In this example, Port 1 is set to WAN, Port 2 and Port 3 are set for HA LAN port
pair, and Port 4 and 5 are HA DMZ port pair. Each of the LAN/DMZ pair is
connected to one switch (switch1 or switch2). This will remove the chance of single
AscenLink User Manual
2-15
point of failure on the switch, so the entire deployment is full HA.
Figure 2.7 UI configuration for Redundant LAN/DMZ Port
Category Field Description
Label Define a logical label for the
Redundant LAN Port for subsequent
reference. Valid form for this label
can be 0-9 a-z A-Z .-_.
Redundant LAN
Port
Mapping Select two ports for grouping as
redundant LAN port pair
Label Define a logical label for the
Redundant DMZ Port for
subsequent reference. Valid form for
this label can be 0-9 a-z A-Z .-_.
Redundant DMZ
Port
Mapping Select two ports for grouping as
redundant DMZ port pair
Table 2.5 Field description for the Redundant Port configuration
Chapter 2 System
2-16
(3) HA Deployment to ensure HA on switch
In addition to supporting AscenLink Port HA, the Port level HA can also be used to
support the HA on the switches behind the AscenLink. This is especially highly
effective for cases where extreme high availability is required, such as banking,
security exchange, etc. We use the following example to illustrate how to switch
device onto HA, i.e., Switch1 and Switch2 backup each other in the event of
hardware failure.
Figure 2.8 Support Switch HA
AscenLink User Manual
2-17
The setting of AscenLink HA deployment on switches is:
Figure 2.9 Settings for Switch HA Support
The setting of LAN Private Subnet is:
Chapter 2 System
2-18
Figure 2.10 LAN Private Subnet Settings for Switch HA Support
AscenLink User Manual
2-19
2.2.3 WAN Setting
Figure 2.11 The Location of WAN Setting on the Menu Bar
When you obtain WAN links (such as T1 leased line, ADSL, or cable modem)
from ISPs, based on the agreements between you and the ISPs, you might get
different types of links. AscenLink
needs to know about the characteristics of
these links. This page is where you can set the WAN type and the parameters
for each WAN link.
The configuration is done one WAN link at a time. However, you can apply all
the changes at once at the end. You can select a WAN link by selecting the link
number in a WAN Link drop-down box. For each WAN link, you will fill out a few
tables with correct information from its ISP.
Chapter 2 System
2-20
The initial selection is the WAN type. The rest of the settings will change based
on the WAN type you have selected. AscenLink supports the following WAN
types:
Routing Mode
Bridge mode: One Static IP
Bridge mode: Multiple Static IP
Bridge mode: PPPoE
Bridge mode: DHCP Client
Figure 2.12 WAN Setting / Basic Setting
As mentioned, different types of WAN have different interfaces. First of all, we
need to clarify one concept. To AscenLink, there are two types of subnets:
The first type is subnets that directly connect to AscenLink. For this type of
subnets, you have to fill out the Basic Subnet table to specify them. In this case,
AscenLink is the router for those subnets.
The second type is subnets that connect to AscenLink through other routers or
L3 switches. For this type of subnets, you have to fill out the Static Routing
AscenLink User Manual
2-21
Subnet table to specify them. In this case, traffic will be routed by the routers (or
L3 switches).
Chapter 2 System
2-22
2.2.3.1 Routing Mode
Basic Setting
When you select Routing Mode as the WAN Type, you need to fill the
parameters in the Basic Setting table.
Basic Setting table:
Field Description
Down Stream The down stream (inbound) bandwidth of the WAN link, for
example 512 (Kbps)
Up Stream The up stream (outbound) bandwidth of the WAN link, for
example 512 (Kbps)
Default Gateway The IP address of the default gateway for the WAN link
MTU (Maximum Transmission unit) refers to the size of the largest
packet or frame that a given layer of a communications
protocol can pass onwards. It allows dividing the datagram
into pieces, each one small enough to pass over the single
link.
WAN Port The network interface for this WAN link (for example, port 3)
Note that this interface has to be mapped to WAN. Refer to
2.2.2 for details.
Table 2.6 Basic Setting Table in Routing Mode
(1) Basic Subnet and Static Routing Subnet
The next step is to set the Basic Subnet and Static Routing Subnet tables. All
the subnets mentioned here are public subnets (i.e. subnets contain public IP).
A Basic Subnet can be further classified into one of the following types:
Subnet in WAN
Subnet in DMZ
Subnet in WAN and DMZ
AscenLink User Manual
2-23
Subnet on Localhost
Figure 2.13 Types of Basic Subnets
Later, we will explain the difference in each type with examples. In general, the
most commonly used type is Subnet in WAN and DMZ.
Similarly, a Static Routing Subnet can be further classified into one of the following
types:
Subnet in WAN
Subnet in DMZ
Figure 2.14 Types of Static Routing Subnet
Chapter 2 System
2-24
(2) Subnet in WAN of Basic Subnet
A public subnet placed between AscenLink and ISPs router is called Subnet in
WAN.
Figure 2.15 Subnet in WAN of Basic Subnet
Example: In this example, AscenLink uses port 2 as its interface to WAN 1. IP
addresses 211.21.9.1~211.21.9.5 are on AscenLink. The rest of the IP addresses
in this subnet are between AscenLink and an ISP router whose address is
211.21.9.254. The actual settings of the various tables are shown as below:
AscenLink User Manual
2-25
Figure 2.16 Subnet in WAN Setting of Basic Subnet
Note: AscenLink assumes that all the unlisted IP addresses are in WAN
(3) Subnet in DMZ of Basic Subnet
A public subnet placed in DMZ is called Subnet in DMZ.
Chapter 2 System
2-26
Figure 2.17 Subnet in DMZ of Basic Subnet
Example: In this example, AscenLink uses port 5 as its interface to DMZ with the
IP address 140.112.8.254. Therefore, the default gateway of the subnet in DMZ is
140.112.8.254.
If you want to provide DHCP service to host machines in DMZ, you need to turn it
on by checking the Enable DHCP flag. Then you have to specify an IP range in
DHCP Range (Starting Address to Ending Address) for DHCP host to use. If you
want to assign a static IP to a machine, you need to fill in the sub-fields MAC
Address and the IP Address in the Static Mapping field.
AscenLink User Manual
2-27
Figure 2.18 Subnet in DMZ Setting of Basic Subnet
Note: AscenLink
assumes that all the unlisted IP addresses are in DMZ
(4) Subnet in WAN and DMZ of Basic Subnet
A public subnet in both WAN and DMZ is called Subnet in WAN and DMZ. You
have to specify IP addresses on Localhost or in WAN. AscenLink assumes that all
the unlisted IP addresses are in DMZ.
Example: In this example, IP address 139.8.1.20~30 is on AscenLink. IP
addresses 139.8.1.10~19 and 139.8.1.254 are in WAN. The rest IP addresses of
subnet 139.8.1.X are in DMZ using the technique of Public IP Pass-Through.
In the example, port 2 and port 5 are connected by a dotted line. This means a
subnet (i.e., 139.8.1.X) resides across these two ports. AscenLink will use the
technique of Proxy ARP to bridge them.
Chapter 2 System
2-28
If you want to provide DHCP service to machines in DMZ, you need to turn it on by
checking the Enable DHCP flag. Then you have to specify an IP range (Starting
Address to Ending Address) for DHCP host to use. If you want to assign a static IP
to a machine, you need to fill in the sub-fields MAC Address and the IP Address
in the Static Mapping field.
Internet
ISP
139.8.1.254
AscenLink
139.8.1.10~139.8.1.19
Router
139.8.1.20~139.8.1.30
WAN
DMZ
139.8.1.x/24
Figure 2.19 Subnet in WAN and DMZ of Basic Subnet
AscenLink User Manual
2-29
Figure 2.20 Subnet in WAN and DMZ Setting in Basic Subnet
Most likely the IP address 139.8.1.254 has already been defined as the default
gateway for this WAN link. However, for better readability we will put it in the list as
well.
(5) Subnet on Localhost of Basic Subnet
A whole public subnet on AscenLink is called Subnet on Localhost. All the public IP
addresses in this subnet can be used for virtual servers.
Chapter 2 System
2-30
Figure 2.21 Subnet on Localhost of Basic Subnet
Figure 2.22 Subnet on Localhost Setting of Basic Subnet
Example: This example shows that the whole subnet 210.33.50.X is on AscenLink.
Fill in the IP address, and 255.255.255.0 as subnet mask.
AscenLink User Manual
2-31
(6) Subnet in WAN of Static Routing Subnet
If there are two public subnets in a WAN (one directly connected to AscenLink and
the other to AscenLink through a router), then you have to specify the second
subnet as Subnet in WAN of Static Routing Subnet. In a real world network
structure, this case is very rare.
Example: There are two subnets in the WAN. AscenLink connects to subnet
140.4.1.X directly and to subnet 139.3.1.X through a router whose IP address is
140.4.1.254.
Figure 2.23 Subnet in WAN of Static Routing Subnet
Figure 2.24 Subnet in WAN Setting of Static Routing Subnet
Chapter 2 System
2-32
(7) Subnet in DMZ of Static Routing Subnet
A public subnet in DMZ that connects to AscenLink through a router is called
Subnet in DMZ of Static Routing Subnet.
Example: AscenLink connects to subnet 140.128.8.X through router at 139.3.3.2.
Figure 2.25 Subnet in DMZ of Static Routing Subnet
Figure 2.26 Subnet in DMZ Setting of Static Routing Subnet
AscenLink User Manual
2-33
2.2.3.2 Bridge Mode: One Static IP
Bridge mode means you are not getting a whole subnet from your ISP. Instead
you are getting one or more IP addresses (static or dynamic). Therefore, a
bridging device instead of a router connects AscenLink to the ISP of the WAN.
Example: In this case, your WAN link is a 512K/512K ADSL. You receive one
static IP address 211.21.40.32 out of subnet 211.21.40.X. Therefore, the ATUR
is working in bridge mode.
Figure 2.27 Bridge Mode: One Static IP
Chapter 2 System
2-34
Figure 2.28 Bridge Mode: One Static IP Setting
2.2.3.3 Bridge Mode: Multiple Static IP
If you receive more than one static IP addresses in bridge mode from your ISP,
then you need to set the WAN Type to Bridge Mode: Multiple Static IP.
Example: In this case, you receive three static IP addresses 211.21.40.32 ~
211.21.40.34. These addresses are assigned to port 2. The gateway of ISP is
211.21.40.254.
If you want to provide DHCP service to machines in DMZ, you need to turn it on
by checking the Enable DHCP flag. Then you have to specify an IP range
(Starting Address to Ending Address) for DHCP to use. If you want to assign a
static IP to a machine in the subnet, you need to fill in the sub-fields MAC
Address and the IP Address in the Static Mapping field.
There is no public IP addresses in WAN or DMZ so the fields IP(s) in WAN and
IP(s) in DMZ are empty. Otherwise, you need to list them accordingly.
AscenLink User Manual
2-35
Figure 2.29 Bridge Mode: Multiple Static IP
Chapter 2 System
2-36
Figure 2.30 Bridge Mode: Multiple Static IP Setting
AscenLink User Manual
2-37
2.2.3.4 Bridge Mode: PPPoE
PPPoE is a very popular bridge mode protocol for ADSL. AscenLink gets a
dynamic IP address every time it logs into the ISP. Basic Setting is as follows:
Figure 2.31 Bridge Mode: PPPoE Setting
To set up PPPoE, first fill in generic parameters such as Down Stream, Up
Stream bandwidth, and WAN Port as well as PPPoE specific parameters such
as User Name and Password (from your ISP), service name, MTU value etc.
When specifying the field of [IP Adress], note that: keep the filed blank if you use
ADSL(Dynamic IP) service, whereas, type in the IP you get from ISP if you use
ADSL(Static IP) service. Then connect ADSL MODEM port to AscenLink port,
e.g. port 2. In addition, check Redial Enable to enable Redial. Since certain
ISPs automatically reconnect to the network in a certain time interval, this action
will avoid simultaneous redialing of WAN links, thus, stagger WAN redial time.
Chapter 2 System
2-38
2.2.3.5 Bridge Mode: DHCP Client
Another protocol to support the dynamic IP address is DHCP. In this case,
AscenLink is a client using DHCP host to acquire a dynamic IP address from an
ISPs DHCP server. The following is an example of how you set it up.
Figure 2.32 Bridge Mode: DHCP Client Setting
AscenLink User Manual
2-39
2.2.4 WAN/DMZ Private Subnet
DNS Server
VLAN and Port Mapping
WAN Setting
WAN / DMZ Private Subnet
LAN Private Subnet
System
Network Setting
Summary
WAN Link Health Detection
Port Speed / Duplex Setting
Diagnostic Tools
Central Management
Date / Time
Service Statistics Log Language
Backup Line Setting
IP Grouping
Service Grouping
Busyhour Setting
Optimum Route Detection
Administration
Figure 2.33 The Location of WAN/DMZ Private Subnet on the Menu Bar
In this section, we will discuss how to configure private subnets on AscenLink.
The configuration methods and the user interfaces are very similar to their
counterparts in public subnets. There are also four types of private subnet for
Basic Subnet:
Subnet in WAN
Subnet in DMZ
Subnet in WAN and DMZ
Subnet on Localhost
Chapter 2 System
2-40
Figure 2.34 Types of Subnets in WAN/DMZ
There are two types of private subnet for Static Routing Subnet:
Subnet in WAN
Subnet in DMZ
Figure 2.35 Types of Subnets in Static Routing Subnet
(1) Subnet in WAN of Basic Subnet
A private subnet placed between AscenLink and an ISPs router is called Subnet in
WAN. This type of subnets usually occurs when your servers have to be located
outside of AscenLink (in WAN).
Example: In this example, a private subnet 192.168.3.X is located between
AscenLink and a router whose IP address is 192.168.3.254. AscenLink also gets
one IP address 192.168.3.1 from this subnet. This is indicated in the field IP(s) on
Localhost.
AscenLink User Manual
2-41
Figure 2.36 Subnet in WAN of Basic Subnet in WAN/DMZ
Note: AscenLink
assumes that all the unlisted IP addresses are in WAN.
Figure 2.37 Subnet in WAN Setting of Basic Subnet in WAN/DMZ
Chapter 2 System
2-42
(2) Subnet in DMZ of Basic Subnet
A private subnet in DMZ is called Subnet in DMZ. This type of subnet is usually for
machines that have to be isolated in DMZ for security or other reasons.
Example: In this example, we have a whole private subnet 192.168.4.X in DMZ.
Port 5 of AscenLink is the interface to DMZ.
Figure 2.38 Subnet in DMZ of Basic Subnet in WAN/DMZ
AscenLink User Manual
2-43
Figure 2.39 Subnet in DMZ Setting of Basic Subnet in WAN/DMZ
If you want to provide DHCP service to host machines in DMZ, you need to turn it
on by checking the Enable DHCP flag. Then you have to specify an IP range
(Starting Address to Ending Address) for DHCP host to use. If you want to assign a
static IP to a machine, you need to fill in the sub-fields MAC Address and the IP
Address in the Static Mapping field.
Note: AscenLink assumes that all the unlisted IP addresses are in DMZ.
(3) Subnet in WAN and DMZ of Basic Subnet
A private subnet in both WAN and DMZ is called Subnet in WAN and DMZ. You
have to specify IP addresses on Localhost or in WAN. AscenLink assumes that all
the unlisted IP addresses are in DMZ.
Example: In this example, IP addresses 192.168.5.20~30 are on AscenLink. IP
addresses 192.168.5.10~19 and 192.168.5.254 are in WAN. The rest of the IP
Chapter 2 System
2-44
addresses of subnet 192.168.5.X are in DMZ.
In the example, port 2 and port 5 are connected by a dotted line, which means a
subnet (i.e., 192.168.5.X) resides across these two ports. AscenLink will use the
technique of Proxy ARP to bridge them.
Internet
ISP
192.168.5.254
AscenLink
192.168.5.10 ~ 192.168.5.19
Router
192.168.5.20~192.168.5.30
WAN
DMZ
192.168.5x / 24
Figure 2.40 Subnet in WAN/DMZ of Basic Subnet in WAN/DMZ
AscenLink User Manual
2-45
Figure 2.41 Subnet in WAN/DMZ Setting of Basic Subnet in WAN/DMZ
Chapter 2 System
2-46
(4) Subnet on Localhost of Basic Subnet
A whole private subnet on AscenLink is called Subnet on Localhost. All the IP
addresses in this subnet can be used as virtual servers.
Internet
ISP
AscenLink
Router
192.168.6.0 / 24
Figure 2.42 Subnet on Localhost of Basic Subnet in WAN/DMZ
Figure 2.43 Subnet on Localhost Setting of Basic Subnet in WAN/DMZ
AscenLink User Manual
2-47
(5) Subnet in WAN of Static Routing Subnet
You have to select this type if you have a private subnet located in WAN.
Example: There are two subnets in the WAN. AscenLink connects to subnet
140.4.1.X directly and to subnet 192.168.1.X through a router whose IP address is
140.4.1.254.
Figure 2.44 Subnet in WAN of Static Routing Subnet in WAN/DMZ
Figure 2.45 Subnet in WAN Setting of Static Routing Subnet in WAN/DMZ
The Gateway field is the IP address of the router connecting AscenLink to the
subnet 192.168.1.X.
Chapter 2 System
2-48
(6) Subnet in DMZ of Static Routing Subnet
A private subnet in DMZ that connects to AscenLink through a router is called
Subnet in DMZ of Static Routing Subnet.
Example: AscenLink connects to subnet 192.168.99.X through the router at
192.168.34.50.
Figure 2.46 Subnet in DMZ of Static Routing Subnet in WAN/DMZ
Figure 2.47 Subnet in DMZ Setting of Static Routing Subnet in WAN/DMZ
AscenLink User Manual
2-49
2.2.5 LAN Private Subnet
DNS Server
VLAN and Port Mapping
WAN Setting
WAN / DMZ Private Subnet
LAN Private Subnet
System
Network Setting
Summary
WAN Link Health Detection
Port Speed / Duplex Setting
Diagnostic Tools
Central Management
Date / Time
Service Statistics Log Language
Backup Line Setting
IP Grouping
Service Grouping
Busyhour Setting
Optimum Route Detection
Administration
Figure 2.48 The Location of LAN Private Subnet on the Menu Bar
Private subnets in LAN are very common in most network environments.
Similarly a private subnet can connect to AscenLink directly or through a router.
(1) Basic Subnet
The table of Basic Subnet allows you to specify one or more private subnets that
connect to AscenLink directly.
Example: In this example, port 3 is assigned to be the network interface to LAN. It
has a private IP address 192.168.34.254 which is specified in the IP(s) on
Localhost field. To machines of this subnet, this IP address is their gateway.
Chapter 2 System
2-50
Figure 2.49 LAN Private Subnet / Basic Subnet
If you want to provide DHCP service to machines in LAN, you need to turn it on by
checking the Enable DHCP flag. Then you have to specify an IP range (Starting
Address to Ending Address) for DHCP host to use. In this case, the DHCP range is
from 192.168.34.175 to 192.168.34.199. If you want to assign a static IP to a
machine, you need to fill in the sub-fields MAC Address and the IP Address in the
Static Mapping field.
AscenLink User Manual
2-51
Figure 2.50 LAN Private Subnet / Basic Subnet Setting
(2) RIP Settings
AscenLink supports RIP (Routing Information Protocols) for both version 1 and 2.
RIP V1 is the basic definition while V2 has some functional enhancements. Please
refer to IETFs official documents for the complete definition of RIP. If your private
LAN subnet supports RIP, you need to also enable AscenLinks RIP function, by
doing as follows:
Chapter 2 System
2-52
Figure 2.51 LAN Private Subnet/ RIP Configuration
You need to make sure the RIP version in AscenLink is the same as that used in
the private LAN subnet. In addition, if V2 is used with authentication turned on, you
need to input the password into the Authentication password field. This field
should be blank if not.
(3) OSPF Settings
AscenLink supports OSPF (Open Shortest Path First) over LAN. OSPF is an
Internal Gateway Protocol (IGP), using link-state database. Unlike RIP updates,
OSPF link-state database updates are only sent when routing changes occur,
instead of periodically, and the link-state database is updated instantly, rather than
gradually, as state information is timed out. OSPF routers exchange information
(of neighbour routers or of other routers) on a link using packets that follow a
well-defined fixed format.
AscenLink User Manual
2-53
Figure 2.52 LAN Private Subnet/ OSPF Setting
Fields Description
OSPF Interface Displays LAN interfaces in the network. Check the box
to enable OSPF protocol over this interface.
Area Setting Network is logically divided into a number of areas
based on subnets. Administrators are allowed to
configure area ID, which accepts numbers or IPs only.
Authentication Setting Routers in diffrent areas require authenticating to
communicate with each other. Authentication has
configurable types: Null, Simple Text Password, MD5.
Router Priority Specify router priority. Router that sends the highest
OSPF priority becomes DR (Designated Router). The
value of the OSPF Router Priority can be a number
between 0 and 255.
Hello Interval This value sets the interval, in seconds, that the router
sends out the OSPF keepalive packets which let other
routers know the router is up.
Dead Interval This value sets the length of time, in seconds, that
OSPF neighbours will wait without receiving an
OSPFkeepalive packet from a neighbour before
declaring this neighbour router is down.
Chapter 2 System
2-54
Retransmit Interval This value sets the interval, in seconds, between
retransmission of Link UP. When routers fail to transmit
hello packets, it will retransmit packets in the defined
interval.
Authentication Type This pull-down box will specify whether the router will
perform authentication of data passing the LAN.
Choices are: Null, Simple Text Password, MD5.
Table 2.7 OSPF Settings Table
(4) Static Routing Subnet
A private subnet in a LAN that connects to AscenLink through a router is called
Subnet in LAN of Static Routing Subnet. It is almost the same as a private subnet
in DMZ of Static Routing Subnet. The only difference is that one is in a LAN and
the other is in DMZ.
AscenLink User Manual
2-55
Example: AscenLink connects to subnet 192.168.99.X through the router at
192.168.34.50.
Figure 2.53 LAN Private Subnet / Static Routing Subnet
Figure 2.54 LAN Private Subnet / Static Routing Subnet Setting
Chapter 2 System
2-56
2.3 WAN Link Health Detection
Figure 2.55 The Location of System/WAN Link Health Detection on the Menu Bar
This function allows MIS managing personnel to configure how WAN link health
detection is performed. By fine-tuning certain parameters, MIS personnel can
adjust AscenLink to match a particular network structure and/or a particular ISP.
For WAN link health detection, AscenLink
sends out ICMP or TCP packets and
monitors responses to determine the status of those links. In the WAN Link
Health Detection page, the following parameters are available:
Ignore Inbound Traffic
When this feature is enabled, AscenLink will not use inbound WAN traffic to
assess the WAN link status. When this feature is disabled, AscenLink assumes a
AscenLink User Manual
2-57
healthy WAN link and stop monitoring ICMP and TCP packets after it detects any
WAN traffic.
Detection Period in Second
This is the period between two consecutive ICMP/TCP packets sent to a WAN link.
The shorter the period is the faster AscenLink can detect changes of link
connection status, but it will also consume more bandwidth.
Number of Hosts Picked per Detection
For each detection period, AscenLink picks a fixed number of hosts from the Ping
List and sends one test packet (ping) to each selected host. The TTL (time to live)
of the test packet is specified in the Hops field of Ping List.
Number of Retries
If AscenLink does not receive any response in a period, it will retry a number of
times. If all retries fail, then it will claim that the WAN link is down.
Ping List
Ping List contains a list of hosts and their TTL values in the Hops field. AscenLink
randomly picks hosts from this list to carry out the health detection. The normal
number of Hops is 3. This list is used when ICMP packets are being sent in the
network.
TCP Connect List
TCP Connect List contains a list of hosts and their information. AscenLink
randomly picks hosts from this list to carry out the health detection. Port numbers
can also be assigned to each host. This list is used when TCP packets are being
sent in the network.
Chapter 2 System
2-58
2.4 Optimum Route Detection
Figure 2.56 The Location of System/ Optimum Route Detection on the Menu Bar
This function is used to increase the efficiency of communication among
different ISPs. By making the proper configuration in this page, users can find
the best link so that the system efficiency is enhanced.
AscenLink makes use of ICMP and TCP packets to test the health condition of
connections, so that the best WAN link can be detected by the Optimum Route
algorithm.
AscenLink provides two detection methods which are Static IP Table and
Dynamic Detect. You can use any sequential combination of them to work out
which link is the best.
AscenLink User Manual
2-59
The Static IP Table is an IP address database developed by Xtera. The
optimum route is detected by matching the IP address in the table. You can add
or delete the IP addresses from the Static IP table, and query whether an
address is included in the table.
The table below reveals the settings of the Static IP table:
Field Value Description
Table Name
- Define a meaningful name for the Static IP-ISP
Table
Upload - Click "Browse" button to choose a static IP table
file, and then click "upload" button to upload it to
AscenLink.
Subnet Address <IP Address> Input a subnet address for action "add to" or
"remove from". The format is:
202.99.0.0/255.255.255.0 or 202.99.0.0/24.
Note: Adding a single IP address or inputting
subnet address format such as
"/255.255.255.255" and "/32" are not allowed.
Action <add to>
<remove from>
add to: Add an address to the static IP table.
remove from: Remove an address from the
static IP table.
Parameter WAN1,
WAN2...
Tick the corresponding WAN link number to
select the WAN link associated with the static IP
table.
IP Query <IP Address> Check whether a single IP address is in the
static IP table. The format is 202.99.96.68.
Table 2.8 Static IP table setting of Optimum Route Detection
Chapter 2 System
2-60
The setting of Dynamic Detect is illustrated as the table below:
Field Value Description
Optimum Route Policy Static IP Table
Dynamic Detect
Static, Dynamic
Dynamic, Static
Choose the method used for optimum route
detection. There are four options:
- Static IP Table: Upload a static IP table of ISPs
for optimum route detection.
- Dynamic Detect: Apply dynamic detection by
setting the Detection Protocol (ICMP, TCP),
Detection Period, Number of retries, and Cache
aging period.
- Static, Dynamic: Apply the static IP table first
and then apply dynamic detection mechanism.
- Dynamic, Static: Apply dynamic detection
mechanism first and then apply static IP table.
Detection Protocol <ICMP>
<TCP>
Choose the Protocol for Optimum Route
Detection from ICMP and TCP. It is ICMP by
default.
Detection period, in seconds <Seconds> If the AscenLink detection is failed, the system
will detect again after a period of time. "3" is a
good empirical number for period.
Number of retries - If AscenLink does not receive any response in a
period of time, it will retry a number of times. "3"
is a good empirical number for retries.
Cache aging period, in
minutes
<Minutes> This value is the time that Cache is kept after
the best link is detected. After this period of
time, system will detect the best link again. The
default value is 2880mins, 2days.
Weight of Round Trip Time:
Weight of Load
- This value is used for calculating the best link. It
shows the weight of the RTT and the load while
calculating the best link.
Table 2.9 Dynamic detection setting of Optimum Route Detection
AscenLink User Manual
2-61
2.5 Port Speed/Duplex Setting
Figure 2.57 The Location of System/Port Speed Duplex Setting on the Menu Bar
This function allows you to do two things. First, it allows you to set port speed
and duplex of each port on AscenLink. Second, it also shows the current port
speed and duplex setting.
Most of the network devices can auto-negotiate port speed and duplex with
AscenLink. Therefore, initially you should set all the ports to Auto. However, if
you encounter compatibility problems with other network devices and have to
manually change the port speed or duplex, you can do so in this page.
Chapter 2 System
2-62
Field Description
Port Name A list of all physical ports on your AscenLink
Status Current status of the port. It indicates whether the port can detect
any connection with the other end of the line (e.g. a hub or switch).
Speed The current speed of the port. This can be a manually set value or
an auto-negotiated value.
Duplex The current duplex of the port. This can be a manually set value or
an auto-negotiated speed.
Setting The drop-down box of this field contains all possible speed/duplex
combinations supported by this port.
MAC Address The corresponding MAC address of the network port
Table 2.10 Port Speed/Duplex Setting
AscenLink User Manual
2-63
2.6 Backup Line Setting
Figure 2.58 The Location of System/Backup Line Setting on the Menu Bar
This function allows you to configure the behavior of backup lines. Backup lines
are WAN links that are inactive by default. They become active when certain
conditions are met. They continue to be active until those conditions disappear.
One possible use of a backup line is to reduce the operational cost of a WAN
link if it is charged by bandwidth or connecting time. By marking it as a backup
line, we could effectively give preference to other WAN links. The backup line
will only be used when needed.
There are two tables in this page. One contains threshold parameters, the other
contains enabling rules for backup lines.
Chapter 2 System
2-64
Threshold parameters:
Field Unit Description
Backup Line Enable Time <seconds> The wait time between the main line going down
and the backup line becoming active.
Backup Line Disable
Time
<seconds> The wait time between the main line coming
back alive and the backup line becoming
inactive.
Table 2.11 Threshold Parameters
Backup Line Rules table:
Field Value Description
Main Line WAN1,
WAN2
One or more WAN links can be specified as the main
line(s) of this backup rule.
Backup Line WAN1,
WAN2
One WAN link should be specified as the backup line
of this backup rule.
Algorithm
- All fail
- One fails
- Inbound
bandwidth
usage reaches
- Outbound
bandwidth
usage reaches
- Total traffic
reaches
There are 5 different backup activation conditions:
All fail: when all the main lines fail.
One fails: when one of the main lines fails.
Inbound bandwidth usage reaches: when the inbound
bandwidth consumption reaches a certain level
defined as a percentage of total bandwidth.
Outbound bandwidth usage reaches: when the
outbound bandwidth consumption reaches a certain
level defined as a percentage of total bandwidth.
Total traffic reaches: when the total bandwidth
consumption reaches a certain level defined as a
percentage of total bandwidth.
Parameter <%> When Algorithm is one of the Inbound bandwidth
usage reaches, Outbound bandwidth usage reaches,
or Total bandwidth usage reaches, this parameter is
used to specify the percentage of total bandwidth.
Table 2.12 Backup Line Rules
AscenLink User Manual
2-65
2.7 IP Grouping
Figure 2.59 The Location of System/IP Grouping on the Menu Bar
AscenLink offers a variety of services. These services will be discussed in the
next chapter. In order to help MIS personnel configure services efficiently,
AscenLink provides a few management tools. IP Grouping is one of them. This
function allows you to assign a name to a group of IP addresses. Later on when
you are asked to specify one or more IP addresses, you can use the name of an
IP group instead. The name of this IP group will automatically show up in the IP
address selection list if the IP group is enabled.
Chapter 2 System
2-66
IP Grouping table:
Field Description
Group Name The name of this IP group
Enable Tick the checkbox to turn on this IP group.
Show/Hide Detail
Push the Show Detail button to show Rules Setting table.
Push the Hide Detail button to hide the Rules Setting
table.
Table 2.13 IP Grouping
Rules Setting Table:
Field Value Description
E - Rule enabling flag
IP address <IP address> One single IP address, or an IP address range
in the format of
xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy,
Or a subnet in the format of
xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy
Action belong to
not belong to
Define whether or not these IP addresses
belong to this IP group.
Table 2.14 Rules Setting of IP Grouping
AscenLink User Manual
2-67
2.8 Service Grouping
Figure 2.60 The Location of System/Service Grouping on the Menu Bar
This function allows you to assign a name to a group of TCP ports, UDP ports,
and/or ICMP. Later on when you are asked to specify a port, you can use the
name of the service group instead. The name of a service group will
automatically show up in the port selection list if the service group is enabled.
Chapter 2 System
2-68
Service Grouping table:
Field Value Description
Group Name <name> The name of the service group
Enable - Tick the checkbox to turn on this
service group.
Hide Detail - Push the Show Detail button to show
Rules Setting table.
Push the Hide Detail button to hide
Rules Setting table.
E - Rule enabling flag
Service ICMP
TCP@
UDP@
This field can contain ICMP, a set of
TCP ports, and/or a set of UDP ports.
A port range should be in the format
of xxx-yyy.
Action belong to
not belong to
Define whether or not these ports
belong to this service group.
Figure 2.61 Service Grouping
For example, you can set up a service group called MSN File Transfer. Its
ports are TCP 6891 to 6900. You need to fill TCP@6891-6900 into Service
field.
AscenLink User Manual
2-69
2.9 Busyhour Setting
Figure 2.62 The Location of System/Busyhour Setting on the Menu Bar
Busyhour Setting is very important from a MIS managers point of view. It
provides a tool for you to define two time segments: busy-hour and idle-hour. All
other rule-based services such as Bandwidth Management and Auto-Routing
can take advantage of this function. For example, you can define 9:00 am to
5:00 pm, Monday through Friday as busy-hour, then reserve bandwidth to
business-related network traffic during busy-hour and relax the rule during
idle-hour.
Chapter 2 System
2-70
Busyhour Setting Table:
Field Value Description
Default Type
Idle
Busy
Define default type to be either Idle or
Busy hour.
Rule - You set the time segment rules in this
table. They are matched in sequence
on a first-match basis. If none of the
rules matches, the default type is used.
E Rule enabling flag
Day of Week
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Any Day
Day of the week
From <Hour/Minute> The start time
To <Hour/Minute> The end time
Type Busy
Idle
If the current time matches the day of
the week and in between From and To
time, then Type field applies.
Table 2.15 Busy-hour Setting
Example:
Figure 2.63 A Busy-hour Setting Example
AscenLink User Manual
2-71
In this example, the busy-hour is defined to be between 9:00 am to 6:00 pm,
Monday through Saturday. The rest is idle-hour.
Chapter 2 System
2-72
2.10 Diagnostic Tools
Figure 2.64 The Location of System/Diagnostic Tools on the Menu Bar
ARP Enforcement: ARP Enforcement updates ARP tables of servers and
network devices around AscenLink.
When the Enforce button is pushed, AscenLink will sends out ARP packets to
the surrounding servers or network devices to update their ARP tables. This is
necessary only if certain equipments in DMZ cannot connect to the Internet
properly after initial setup of AscenLink.
IP Conflict Test: IP Conflict Test will help you detect if the location of any
machines on the network conflicts with the DMZ/WAN settings of Network
Setting category on AscenLink.
AscenLink User Manual
2-73
Push Test button to begin the test. The result of the test is one of the followings:
Everything is ok.
AscenLink discovers that a machine in DMZ conflicts with Network Setting on
AscenLink. For example, a public IP address should be in WAN but is
discovered in DMZ. Then an error message with the conflicting IP address and
MAC address of the machine will be displayed.
AscenLink discovers that a machine in WAN conflicts with Network Setting on
AscenLink. For example, a public IP address should be in DMZ but is
discovered in WAN. Then an error message with the conflicting IP address and
MAC address of the machine will be displayed.
Clean Session Table (Only Non-TCP Sessions): Clean Session Table can
eliminate non-TCP sessions in AscenLinks internal session table. AscenLink
uses the timing method to manage some of the protocols. In this case, each
session only ends when it reaches the timeout value. If the session doesnt
reach the timeout value, new configurations wont take effect unless the
administrator execute Clean to remove the old session and make the new
configurations work immediately.
Ping: Ping is used to detect network conditions by sending ICMP packets to a
target device.
You may specify a target device in the Target IP field. It accepts either an IP
address or a host name. Select a network interface (WAN, LAN, or DMZ). If it is
WAN, assign WAN link number in Index field.
Chapter 2 System
2-74
Details on ICMP error message and ping are outside the scope of this manual.
Please refer to other associated documents for more information.
Note:
If a host name is used in the Target IP field, then a DNS server has to be specified in
[System] -> [Network Setting]->[DNS Server].
Trace Route: Trace Route is used to detect network conditions by showing the
routing path from AscenLink to the target device.
You may specify a target device in the Target IP field. It accepts either an IP
address or a host name. Select a network interface (WAN, LAN, or DMZ). If it is
WAN, select WAN link number in the Index field.
Note:
If a host name is used in Target IP field, then a DNS server has to be specified in [System]
-> [Network Setting]->[DNS Server].
Arping: Arping is used to detect the MAC address of a computer.
You may specify a target device in the Target IP field. It accepts either an IP
address or a host name. Select a network interface (WAN, LAN, or DMZ). If it is
WAN, select WAN link number in the Index field. For ARP related error
messages, please refer to other materials.
Note:
If a host name is used in Target IP field, then a DNS server has to be specified in
[System]->[Network Setting]->[DNS Server].
ARP Table Show & ClearARP Table Show & Clear can show or clear the
associated ARP information of the selected port.
You can select the port number from the drop-down menu and click the button
"Show" to display the associated ARP information of the selected port.
AscenLink User Manual
2-75
Select the port number from the drop-down menu and click the button "Clear" to
clean up the associated ARP information of the selected port. There will be a
confirmation message popping up to make sure your operation is correct.
Nslookup Tool: Nslookup is used to inquire domain names. Enter host in
Target Domain and then select one from Type drop-down list. Choices are: Any,
A, CNAME, HINFO, MX, NS, PTR, SOA. And select from Server drop-down list
as: Internal DNS, Multihoming, Other Servers.
Click NSlookup to start inquiring session. Domain name of this host will show in
the box. Click Stop to hault the session.
Chapter 2 System
2-76
2.11 Date/Time
Figure 2.65 The Location of System/Date/Time on the Menu Bar
In this page, you can set up time related configurations. You can set the date in
the format of year/month/day, the local time in the format of hour:minute:second,
24-hour system.
The second part is time zone information. You should select the region first and
then the city you are located in (or a city of the same time zone).
AscenLink can use the NTP protocol to get time from the Internet. You can
select a time server from the list or add your preferred time servers to the list.
With NTP, AscenLink automatically adjusts its time when necessary. Besides,
you can push the Synchronize Time button to adjust the time immediately.
AscenLink User Manual
2-77
2.12 Central Management
It enables users to configure whether to perform central management over
AscenLink. Central management is to manage multiple units of AscenLink on a
single CMT server, to decrease work load of administrators. This page requires
registry information of AscenLink on CMT server.
Figure 2.66 The Location of System/Administration on the Menu Bar
Field Description
Enable CMT Check the box to enable central management.
CMT IP Specify CMT IP.
Key Specify the key. This will enable CMT server to
authenticate AscenLink.
Key Verification Confirm the key above.
Group Specify the group to which AscenLink belongs on CMT.
Table 2.16 Central Management Setting
Chapter 2 System
2-78
2.13 Administration
Figure 2.67 The Location of System/Administration on the Menu Bar
In this page, you can do a few administrative tasks. First, you can change the
password of Administrator and Monitor accounts. Every AscenLink comes with
the same default password. To avoid any security risks, it is strongly
recommended to change the password before putting your AscenLink online.
From time to time, you might receive the AscenLink firmware update/downgrade
from Xtera or your system integrator. Just push the Update/Downgrade button
on the screen and follow the instructions to update.
You can save your current configurations to a file and restore it later. We
recommend that you save your working configuration before modifying the
AscenLink User Manual
2-79
configuration. In case of configuration error (such as rules that block you from
accessing AscenLink anymore), you can always reset the machine to the factory
default state using the console command and quickly restore to your original
configuration.
You can reset AscenLink to its factory default state. After doing this, you will
lose your entire customized configuration.
Finally, you can reboot AscenLink in Maintenance part. Due to web interface
limitations, there will not be any messages after you have rebooted the system.
Wait two minutes or so and try to re-connect to AscenLink by using the browser.
Administrator Password:
Here, you can add, delete, or modify administrators account and password.
Field Value Description
Select Account <New Administrator
Group>
For configuration of old and new
accounts. If the account selected is
one that is currently used, the field
Add Account will become Set
Account.
New Account To add a new user, please insert the
new user ID here.
New Password To change passwords of old and
new accounts, enter the new
passwords here.
Password Verification Please re-enter the new password
for verification.
Table 2.17 Administration Password Setting
Chapter 2 System
2-80
Monitor Password:
Here, you can add, delete, or modify Monitors account and password.
Field Value Description
Select Account <New Monitor Group> For configuration of old and new
accounts. If the account selected is
one that is currently used, the field
Add Account will become Set
Account.
New Account To add a new user, please insert the
new user ID here.
New Password To change passwords of old and
new accounts, enter the new
passwords here.
Password Verification Please re-enter the new password
for verification.
Table 2.18 Monitor Password Setting
Firmware Update:
Click Update/Downgrade to start the firmware update/downgrade process.
Follow the onscreen instructions as mentioned in Appendix 2.
Configuration File:
Click Save to save current configuration into a file. Click Restore to restore the
configuration back from the saved configuration file. See Appendix 2 for more
information.
Maintenance:
Click Factory Default to reset AscenLink configuration to its factory default. You
can do the same operation using resetconfig command in console. Click
Reboot to reboot AscenLink. See Appendix 1 for more information on console.
Optional Function:
AscenLink User Manual
2-81
AscenLink supports optional functions:"Layer 7 Bandwidth Management" and
"Tunnel Routing". Check box(es), enter licence key, and then click "Enable" to
enable this function.
Note: ONLY Simplified Chinese version has "Layer 7 Bandwidth Management"
option.
The upgrade will take effect after rebooting the system. In [Optional Fuction], users
will find function name and whether this function is enabled.
"Layer 7 Bandwidth Management" option enables AscenLink to manage network
traffic and bandwidth based on Layer 7 protocol. Whereas, Tunnel Routing option
enables to establish a number of tunnels based on AscenLink patented technology
TR (Tunnel Routing). TR allows packets of particular groups to pass over these
tunnels from one device to another, delivering nonstop transmission of packets.
AscenLink offers trial edition. Enter Demo License Key to get 30-day trial of Layer
7 Bandwidth Management or Tunnel Routing.
AscenLink
User Manual
3-1
Table of Content
Chapter 3 Service ........................................................................................................ 3-7
3.1 Firewall ....................................................................................................................3-9
3.2 NAT........................................................................................................................3-15
3.3 Persistent Routing .................................................................................................3-19
3.4 Auto Routing ..........................................................................................................3-25
3.5 Virtual Server .........................................................................................................3-39
3.6 Inbound BM...........................................................................................................3-47
3.7 Outbound BM.........................................................................................................3-56
3.8 Connection Limit ....................................................................................................3-63
3.9 Cache Redirect ......................................................................................................3-66
3.10 Tunnel Routing.....................................................................................................3-71
3.10.1 Tunnel Routing---Setting ............................................................................. 3-73
3.10.2 Tunnel Routing---Benchmark ...................................................................... 3-77
3.11 Multihoming..........................................................................................................3-94
3.11.1 Prerequisites for Multihoming...................................................................... 3-96
3.11.2 Multihoming Setting..................................................................................... 3-97
3.12 Internal DNS......................................................................................................3-107
3.13 SNMP ................................................................................................................3-109
3.14 IP-MAC Mapping ............................................................................................... 3-111
Chapter 3 Service
3-2
Figure
Figure 3.1 The Location of Service on the Menu Bar........................................... 3-8
Figure 3.2 The Location of Service/Firewall on the Menu Bar ............................. 3-9
Figure 3.3 Network Architecture for Firewall Service............................................ 3-12
Figure 3.4 Network Architecture for Firewall Service 2......................................... 3-13
Figure 3.5 The Location of Service /NAT on the Menu Bar................................ 3-15
Figure 3.6 The Settings of NAT Rules .................................................................. 3-17
Figure 3.7 NAT Setting.......................................................................................... 3-17
Figure 3.8 Network Architecture for No-NAT ........................................................ 3-18
Figure 3.9 The Location of Service /Persistent Routing on the Menu Bar ......... 3-19
Figure 3.10 Network Architecture for Persistent Routing 1..................................... 3-22
Figure 3.11 Network Architecture for Persistent Routing 2..................................... 3-23
Figure 3.12 The Location of Service /Auto Routing on the Menu Bar.................. 3-25
Figure 3.13 Network Architecture for Auto Routing 1.............................................. 3-29
Figure 3.14 Network Architecture for Auto Routing 2.............................................. 3-31
Figure 3.15 Network Architecture for Auto Routing Example 3 .............................. 3-35
Figure 3.16 The Location of Service/Virtual Server on the Menu Bar.................. 3-40
Figure 3.17 Network Architecture for Virtual Server 1 ............................................ 3-43
Figure 3.18 Network Architecture for Virtual Server 2 ............................................ 3-45
Figure 3.19 The Location of Service/Inbound BM on the Menu Bar .................... 3-47
Figure 3.20 The Screenshot of Inbound BM Classes............................................. 3-48
Figure 3.21 Network Architecture for Inbound BM 1............................................... 3-51
Figure 3.22 Network Architecture for Inbound BM 2............................................... 3-53
Figure 3.23 The Location of Service /Outbound BM on the Menu Bar ................ 3-56
Figure 3.24 Network Architecture for Outbound BM 1............................................ 3-59
Figure 3.25 Network Architecture for Outbound BM 2............................................ 3-61
Figure 3.26 The Location of Service /Connection Limit on the Menu Bar............ 3-63
Figure 3.27 The Screenshot of Connection Limit ................................................... 3-64
Figure 3.28 Example of Connection Limit ............................................................... 3-65
Figure 3.29 The Location of Service /Cache Redirect on the Menu Bar.............. 3-66
Figure 3.30 The Settings of Cache Redirect........................................................... 3-67
Figure 3.31 Sequence of the Requests and Responses in Cache Miss Case .... 3-69
Figure 3.32 The Sequence of the Requests and Responses in Cache Hit Case 3-70
Figure 3.33 The Location of Service /Tunnel Routing on the Menu Bar .............. 3-71
Figure 3.34 Example 2 of Tunnel Routing .............................................................. 3-82
AscenLink
User Manual
3-3
Figure 3.35 Example 3 of Tunnel Routing............................................................... 3-85
Figure 3.36 Example 4 of Tunnel Routing............................................................... 3-89
Figure 3.37 The Location of Service / Multihoming on the Menu Bar................... 3-95
Figure 3.38 Global Setting in Multihoming Policy.................................................... 3-97
Figure 3.39 The Settings of Multihoming Policy...................................................... 3-98
Figure 3.40 Domain Setting................................................................................... 3-100
Figure 3.41 Enable Relay in Multihoming Policy................................................... 3-101
Figure 3.42 Multihoming Example 1: Network Architecture .................................. 3-102
Figure 3.43 Multihoming Example 2: Network Architecture .................................. 3-104
Figure 3.44 The Location of Service / Internal DNS on the Menu Bar ............... 3-107
Figure 3.45 The Location of Service / SNMPon the Menu Bar........................... 3-109
Figure 3.46 The Location of Service / IP-MAC MAPPING on the Menu Bar...... 3-111
Chapter 3 Service
3-4
Table
Table 3.1 The Description of the Fields on Firewall Page....................................3-11
Table 3.2 Firewall Settings of Example 1 ............................................................ 3-12
Table 3.3 Firewall Settings Example 2 ................................................................ 3-14
Table 3.4 The Description of the Fields on the NAT Page .................................. 3-16
Table 3.5 The Description of the Fields on the Persistent Routing Page............ 3-21
Table 3.6 The Settings for Persistent Routing Example 1................................... 3-23
Table 3.7 The Settings for Persistent Routing Example 2................................... 3-24
Table 3.8 The Description of the Fields in the Auto Routing Policy Table........... 3-27
Table 3.9 The Description of the Fields in the Auto Routing Filter Table............. 3-28
Table 3.10 The Settings for Auto Routing Example 1: Policies............................. 3-30
Table 3.11 The Settings for Auto Routing Example 1: Filters................................ 3-31
Table 3.12 The Settings for Auto Routing Example 2: Policies............................. 3-32
Table 3.13 The Settings for Auto Routing Example 2: Filters................................ 3-34
Table 3.14 WAN link information of Auto Routing Example 3 ............................... 3-35
Table 3.15 Auto RoutingTunnel Routing Log Setting (San Jose Headquarters) 3-36
Table 3.16 Auto Routing: Tunnel Group Setting (San Jose Headquarters) .......... 3-36
Table 3.17 Auto Routing: Routing Rules Setting (San Jose Headquarters) ......... 3-36
Table 3.18 Auto Routing:Auto Routing Policies Setting (San Jose HQs)............. 3-36
Table 3.19 Auto Routing:Auto Routing Filters Setting (San Jose Headquarters) . 3-36
Table 3.20 Auto Routing:Tunnel Routing Log Setting (Shanghai Office) 3-37
Table 3.21 Auto Routing Example: Tunnel Group Setting (Shanghai Office)........ 3-37
Table 3.22 Auto Routing Example: Routing Rules Setting (Shanghai Office)....... 3-38
Table 3.23 Auto Routing:Auto Routing Policies Setting (Shanghai Office) 3- 38
Table 3.24 Auto Routing:Auto Routing Filters Setting (Shanghai Office).............. 3-38
Table 3.25 The Description of the Fields on Vitual Server Page........................... 3-42
Table 3.26 The Settings for Virtual Server Example 1 .......................................... 3-44
Table 3.27 The Settings for Virtual Server Example 2 .......................................... 3-46
Table 3.28 The Description of the Fields in the Inbound BM Class Table............. 3-49
Table 3.29 The Description of the Fields in the Inbount BM Filter Table............... 3-50
Table 3.30 The Settings for Inbound BM Example 1: Classes.............................. 3-52
Table 3.31 The Settings for Inbound BM Example 1: Filters................................. 3-52
Table 3.32 The Settings for Inbound BM Example 2: Classes.............................. 3-54
Table 3.33 The Settings for Inbound BM Example 2: Filters................................. 3-55
Table 3.34 The Description of the Fields in the Outbound BM Class Table.......... 3-57
AscenLink
User Manual
3-5
Table 3.35 The Description of the Fields in the Outbound BM Filter Table ........... 3-59
Table 3.36 The Settings for Outbound BM Example 1: Classes............................ 3-60
Table 3.37 The Settings for Outbound BM Example 1: Filters............................... 3-60
Table 3.38 The Settings for Outbound BM Example 2: Classes............................ 3-62
Table 3.39 The Settings for Outbound BM Example 2: Filters............................... 3-62
Table 3.40 The Settings of Connection Limit Log Interval ..................................... 3-64
Table 3.41 The Settings of Connection Limit Rules............................................... 3-65
Table 3.42 The Description of the Fields in Cache Group..................................... 3-67
Table 3.43 The Description of the Fields in Redirect Rules................................... 3-68
Table 3.44 Description of Tunnel Route Log and Local Host ID............................ 3-73
Table 3.45 The Description of the Fields in Tunnel Group..................................... 3-75
Table 3.46 The Description of the Fields in Routing Rules.................................... 3-75
Table 3.47 The Description of the Fields in Persistent Rules ................................ 3-76
Table 3.48 The Description of the Fields in Benchmark ........................................ 3-77
Table 3.49 The Description of the Testing Page....................................................3-77
Table 3.50 Example of Tunnel Routing.................................................................. 3-78
Table 3.51 The Settings for Tunnel Routing Example 1: Tunnel Groups............... 3-78
Table 3.52 The Settings for Tunnel Routing Example 1 : Routing Rules............... 3-79
Table 3.53 The Settings for Tunnel Routing Example 2 : Tunnel Group ............... 3-79
Table 3.54 The Settings for Tunnel Routing Example 2 : Routing Rules............... 3-79
Table 3.55 The Settings for Tunnel Routing Example 3 : Tunnel Group ............... 3-80
Table 3.56 The Settings for Tunnel Routing Example 3 : Routing Rules............... 3-80
Table 3.57 The Settings for Tunnel Routing Example : Inbound BM Filter............ 3-81
Table 3.58 The Settings for Tunnel Routing Example : Outbound BM Filter ......... 3-81
Table 3.59 TR Example 2: WAN LinkIinformation.................................................. 3-82
Table 3.60 TR Example 2: Settings of Log and Local Host ID (Beijing) ................ 3-83
Table 3.61 TR Example 2: Tunnel Group Settings in Beijing Headquarters.......... 3-83
Table 3.62 TR Example 2: Routing Rules in Beijing Headquarters....................... 3-83
Table 3.63 TR Example 2: Settings of Log and Local Host ID (Shanghai)............ 3-83
Table 3.64 TR Example 2: Tunnel Group Settings in Shanghai Office.................. 3-84
Table 3.65 TR Example 2: Routing Rules in Shanghai Office ............................... 3-84
Table 3.66 TR Example 3: WAN Link Information ................................................. 3-85
Table 3.67 TR Example 3: Settings of Log and Local Host ID (San Jose) ............ 3-86
Table 3.68 TR Example 3: Tunnel Group Settings in San Jose Headquarters...... 3-86
Table 3.69 TR Example 3: Routing Rules in San Jose Headquarters................... 3-87
Chapter 3 Service
3-6
Table 3.70 TR Example 3: Settings of Log and Local Host ID (Beijing)................ 3-87
Table 3.71 TR Example 3: Tunnel Group Settings in Beijing Branch Office ......... 3-87
Table 3.72 TR Example 3: Routing Rules in Beijing Branch Office....................... 3-87
Table 3.73 TR Example 3: Settings of Log and Local Host ID (Hong Kong) ........ 3-88
Table 3.74 TR Example 3: Tunnel Group Settings in Hong Kong Branch Office.. 3-88
Table 3.75 TR Example 3: Routing Rules in Hong Kong Branch Office ............... 3-88
Table 3.76 TR Example 4: WAN Link Information................................................. 3-90
Table 3.77 TR Example 4: Settings of Log and Local Host ID (San Jose) ........... 3-90
Table 3.78 TR Example 4: Tunnel Group Settings in San Jose Headquarters..... 3-90
Table 3.79 TR Example 4: Routing Rules in San Jose Headquarters .................. 3-91
Table 3.80 TR Example 4: Auto Routing policies in San Jose Headquarters ....... 3-91
Table 3.81 TR Example 4: Auto Routing Filters in San Jose Headquarters ......... 3-91
Table 3.82 TR Example 4: Settings of Log and Local Host ID (Beijing)................ 3-91
Table 3.83 TR Example 4: Tunnel Group Settings in Beijing Branch Office ......... 3-92
Table 3.84 TR Example 4: Routing Rules in Beijing Branch Office....................... 3-92
Table 3.85 TR Example 4: Settings of Log and Local Host ID (Hong Kong) ........ 3-92
Table 3.86 TR Example 4: Tunnel Group Settings in Hong Kong Branch Office.. 3-93
Table 3.87 TR Example 4: Routing Rules in Hong Kong Branch Office ............... 3-93
Table 3.88 TR Example 4: Auto Routing policies in Hong Kong Branch Office .... 3-93
Table 3.89 TR Example 4: Auto Routing Filters in Hong Kong Branch Office....... 3-93
Table 3.90 The Description of the Fields in Multihoming Global Setting............... 3-97
Table 3.91 The Description of the Fields in Multihoming Policy............................ 3-99
Table 3.92 The Description of the Fields in Domain Setting ............................... 3-100
Table 3.93 The Description of the Fields in Enable Relay .................................. 3-101
Table 3.94 Multihoming Example 1: Virtual Server Settings ............................... 3-102
Table 3.95 Multihoming Example 1: Policy Settings............................................ 3-103
Table 3.96 Multihoming Example 1: Domain Settings......................................... 3-103
Table 3.97 Multihoming Example 2: Virtual Server Settings ............................... 3-105
Table 3.98 Multihoming Example 2: Policy Settings............................................ 3-105
Table 3.99 Multihoming Example 2: Domain Settings......................................... 3-105
Table 3.100 The Description of the Fields in Global Setting ................................. 3-107
Table 3.101 The Description of the Fields in Domain Setting ............................... 3-108
Table 3.102 The Description of the Fields in SNMP V1/2 ..................................... 3-109
Table 3.103 The Description of the Fields in SNMP V3 .........................................3-110
Table 3.104 The Description of the Fields in IP-MAC MAPPING........................... 3-111
AscenLink
User Manual
3-7
Chapter 3 Service
This chapter explains services on AscenLink. These services help users manage
network more efficiently and effectively. In Figure 3.1, users will find a list of functions of
AscenLink. These services are significant in regular network administration. Firewall
prevents network from hacker/network attacks. It also improves network security by
filtering out unwanted services. Routing policies maximizes the utilization of network
resources and assign routing paths accordingly based on the status of the network.
Bandwidth management is another feature that users can set up to manage the traffic limit
for a given TCP/UDP service (e.g. HTTP, FTP). This feature helps users allocate
available bandwidth for each type of service and maximize the efficiency of network.
Multihoming provides a safeguard against the failure in WAN links. Requests to the
internal servers (e.g. WWW server) will be dispatched evenly on every live WAN link. If
one of them fails, the internal servers can still be reached via other live links.
Chapter 3 Service
3-8
Figure 3.1 The Location of Service on the Menu Bar
AscenLink
User Manual
3-9
3.1 Firewall
This section introduces how to setup the firewall. Because setting the firewall
can be a complex job for the first-time user, we have included a table to explain
the meaning of every field that appears on the screen to get users familiarized
with the user interface as quickly as possible. In addition, we also give examples
on how to apply those features to real scenarios when necessary.
Figure 3.2 The Location of Service/Firewall on the Menu Bar
Users can add as many rules as users like in the list. Users can enable or
disable each rule individually. The rules are matched from top to down, that is,
the rules listed at the top of the list are given higher precedence.
Chapter 3 Service
3-10
Field Value Description
E Enable (checked)
Disable (unchecked)
When the box is checked, the rule will be
applied, on the contrary, it will be disabled if the
box is unchecked.
When Busy
Idle
All-Time
There are three options available: Busy hour,
Idle hour, and All-Time. Please refer to Chapter
2 [System]->[Date/Time] for setting up the
definition of busy or idle hours.
Source
IP Address
IP Range
Subnet
WAN
LAN
DMZ
Tunnel
Any Address
FQDN
< IP Grouping
Name>
Packets sent from the specified source will be
matched:
- IP Address: match packets from a single IP
address. e.g. 192.168.1.4
- IP Range: match packets from a continuous
range of IP addresses. e.g.
192.168.1.10-192.168.1.20
- Subnet: match packets that come from a
subnet. e.g.: 192.168.1.0/255.255.255.0
- WAN: match all packets that come from the
WAN.
- LAN: match all packets that come from the
LAN.
- DMZ: match all packets that come from DMZ.
- Tunnel: match all packets from any tunnel
- Any Address: match all packets regardless of
its source.
- FQDN: match connections established from
FQDN
Apart from the options listed above, predefined
IP groups will be shown in the list as well.
Please See [System]->[IP Grouping] for setting
up own IP groups.
Destination
IP Address
IP Range
Subnet
WAN
LAN
DMZ
Localhost
Any address
FQDN
< IP Grouping
Name>
Packets sent to specified destination will be
matched. This field is the same as the Source
field, except it matches packets with specified
destination. Likewise, All IP groups setup in
[System]->[IP Grouping] will be shown here.
Service FTP21
SSH (22)
TELNET(23)
SMTP(25)
DNS(53)
HTTP80
POP3(110)
H323 (1720)
ICMP
TCP@
UDP@
The TCP/UDP service type to be matched.
Users can select the matching criteria from the
publicly known service types (e.g. FTP), or
users can choose the port number in TCP/UDP
packets. To specify a range of port numbers,
type the starting port number plus hyphen
- and then the ending port number. e.g.
TCP@123-234.
AscenLink
User Manual
3-11
Any
MSN
Edonkey
BitTorrent
< Service Grouping
Name>
Action Accept
Deny
What actions to take when the rule is matched:
Accept: The firewall will let the matched
packets pass through.
Deny: The firewall will drop all the matched
packets.
L Enable
Disable
Enable logging or not:
If the box is checked, the logging will be
enabled. Whenever the rule is matched, the
system will write the event to the log file.
Table 3.1 The Description of the Fields on Firewall Page
Note: By default, all firewall services will pass all packets through.
Example 1: AscenLink Firewall
Network Architecture:
Chapter 3 Service
3-12
Figure 3.3 Network Architecture for Firewall Service
Rules for Filtering Packets:
The users from the Internet (WAN) can only access FTP Server 211.21.48.195
through port 21.
The users from LAN can access all servers and hosts on the Internet (WAN)
through port 25 (SMTP), port 80 (HTTP), port 21 (FTP), and port 110 (POP3).
All the rest packets are banned.
The rules table for this example will look like this:
Source Destination Service Action
WAN 211.21.48.195 FTP (21) Accept
WAN DMZ Any Deny
LAN WAN HTTP (80) Accept
LAN WAN SMTP (25) Accept
LAN WAN FTP (21) Accept
LAN WAN POP3 (110) Accept
LAN WAN Any Deny
Table 3.2 Firewall Settings of Example 1
Example 2: AscenLink Firewall
Network Architecture:
AscenLink
User Manual
3-13
Figure 3.4 Network Architecture for Firewall Service 2
Rules for Filtering Packets:
The users from the Internet can access DMZ Server 211.21.48.195 in DMZ
through TCP port 7000.
The hosts 192.168.0.100-192.168.0.150 in the LAN can access to the Internet
(WAN) but the rest cannot.
Users from the Internet (WAN) cannot connect to the port 443 on AscenLink (i.e.
Web Administration on AscenLink).
Note: Localhost represents the addresss of AscenLink host machine.
Users from the LAN can access FTP server 192.168.10.1 through port 21.
Users from the Internet cannot send ping messages to AscenLink .
Note:
Chapter 3 Service
3-14
To intercept ping messages, users can deny ICMP protocol in service type because ping
is a type of ICMP.
Users from the LAN cannot access DMZ.
Users from the Internet (WAN) cannot accessLAN and DMZ.
The rules table for this example will look like this:
Source Destination Service Action
WAN 211.21.48.195 TCP@7000 Accept
192.168.0.100-192.168.0.150 WAN Any Accept
AN Localhost TCP@443 Deny
LAN 192.192.10.1 FTP (21) Accept
WAN Localhost ICMP Deny
LAN DMZ Any Deny
WAN DMZ Any Deny
WAN LAN Any Deny
Table 3.3 Firewall Settings Example 2
AscenLink
User Manual
3-15
3.2 NAT
AscenLink is an edge server normally located on the boundary between the
Intranet (LAN) and the Internet (WAN). When a connection is established from a
private IP address (in LAN or DMZ) to the Internet (WAN), it is necessary to
translate the private IP address into one of the public IP addresses assigned to
AscenLink. This process is called NAT (Network Address Translation).
NAT configuration in AscenLink achieves the flexibility of setting up NAT rules.
By default, NAT service will translate any private IP address to a fixed public IP
address assigned to a given WAN link. Please keep in mind that rules are
matched in order. The NAT rules placed at the top of the table are matched first.
No-NAT is especially used for Private Network and MPLS network so that the
host in WAN can directly access to the host in DMZ. Then AscenLink can be
used for VPN load balancing and line backup.
Figure 3.5 The Location of Service /NAT on the Menu Bar
Chapter 3 Service
3-16
Field Value Description
Enable NAT Enable the function, NAT service will translate
any private IP address to a fixed public IP
address assigned to a given WAN link. If not,
AscenLink will be a general router so that the
host in WAN can directly access to the host in
DMZ.
WAN The WAN link users want the NAT rules to apply.
Check the box to enable NAT rules over this
WAN link.
NAT Rules customized rules for NAT
L Enable
Disable
Enable logging or not:
If the box is checked, the logging will be
enabled. Whenever the rule is matched, the
system will write the event to the log file.
When Busy
Idle
All-time
The predefined time periods in which the rules
will apply. Possible options are
Busy/Idle/All-Times. The time period of Busy/Idle
hours can be defined under
[System]->[Busyhour Setting]. Please refer to
Chapter 2.
Source IP Address
IP Range
Any
Address
<IP
Grouping
Name>
The packets sent from the source will be
matched:
- IP Address: all packets from this IP address
- IP Range: all packets from a continuous range
of IP addresses.
- Any Address: all packets no matter where it
comes from.
Apart from the options listed above, predefined
IP groups will be shown in the list as well. Please
See [System]->[IP Grouping] for setting up
own IP groups.
Note: The source IP to be translated must be the
IP address assigned to the LAN or DMZ.
Service FTP (21),
etc
<Service
Grouping
Name>
The packets with the service port number which
users would like a NAT rule to apply. It can be
the TCP or UDP port, or ICMP. Users may also
like to use predefined service groups from
[System]->[Service Grouping]. Please refer to
Chapter 2 for how to set up own service
groups. The predefined service groups are
available in the list, too.
Translated IP Address
IP Range
The public IP address, or a range of public IP
addresses users would like the private
addresses to be translated to.
Table 3.4 The Description of the Fields on the NAT Page
AscenLink
User Manual
3-17
Enable NAT:
Example: If users want all packets sent from the local machine
192.168.123.100 to be translated to the public IP address 172.31.5.51, click the
box in front of Enable NAT, select WAN Link #1, and check E. The following
NAT rules settings will look like this:
Figure 3.6 The Settings of NAT Rules
Disable NAT:
If NAT is disabled, AscenLink will be of No-NAT mode. Then all the host from
WAN can directly access to the host in DMZ. If so, AscenLink is equal to a
router connecting different subnets.
Figure 3.7 NAT Setting
Note: If NAT is not enabled, all WAN Links will disable NAT either.
Example: No-NAT Setting
Network Architecture:
Chapter 3 Service
3-18
Figure 3.8 Network Architecture for No-NAT
From the above figure we can see that No-NAT is especially used for Private
Network and MPLS network, which makes it possible for the host of the branch
office to directly access to the headquarters. If ISP 1 is broken down, AscenLink
will automatically route the link to ISP 2. Moreover, AscenLink can also serve as
the load balancer for VPN according to the condition of each link.
AscenLink
User Manual
3-19
3.3 Persistent Routing
When an Intranet host first establishes connections to the Internet through
AscenLink, the device will decide which WAN link the connections should use.
This is done by looking up the rules in the auto-routing table introduced in the
section 3.4. After the route to Internet is determined, AscenLink will apply the
persistent routing rules to subsequent connections from the same source and
destination, keeping all subsequent connections flowing through the same WAN
link. Persistent routing is particularly useful when the user visits a website
through secure connections because a secure server wont accept connections
from different source IP addresses during a certified session.
Figure 3.9 The Location of Service /Persistent Routing on the Menu Bar
Chapter 3 Service
3-20
Field Value Description
Timeout <second> If there is no connection for this timeout
period, the next coming connection will be
routed by the auto-routing rules.
E Enable (checked)
Disable (unchecked)
When the box is checked, the rule will be
applied, on the contrary, it will be disabled if
the box is unchecked.
When Busy
Idle
All-Time
There are three options available: Busy hour,
Idle hour, and All-Time. Please refer to
Chapter 2 [System]->[Busyhour Setting] for
setting up the definition of busy or idle hours.
Source IP Address
IP Range
Subnet
LAN
DMZ
Localhost
Any Address
FQDN
< IP Grouping Name>
Connections established from the specified
source will be matched:
- IP Address: match connections established
from a single IP address. e.g.: 192.168.1.4
- IP Range: match connections established
from a continuous range of IP addresses. e.g.:
192.168.1.10-192.168.1.20
- Subnet: match connections that come from a
subnet. e.g.:192.168.1.0/255.255.255.0
- LAN: match connections established from
the LAN
- DMZ : match connections established from
DMZ.
- Localhost: match connections established
from AscenLink.
- Any Address: match all connections
regardless of its source.
- FQDN: match connections established from
FQDN
Apart from the options listed above,
predefined IP groups will be shown in the list
as well. Please See [System]->[IP Grouping]
for setting up own IP groups.
Destination IP Address
IP Range
Subnet
WAN
FQDN
<IP Grouping Name>
Connections to the specified destination will
be matched. This field is the same as the
Source field, except it matches packets with
the specified destination.
- IP address: match connections to a single IP
address. e.g.: 211.21.33.88
- IP Range: match connections to a
continuous range of IP addresses.
- Subnet: match connections to the IPs in a
subnet.
- WAN: match connections to the WAN.
- FQDN: match connections established from
FQDN
Apart from the options listed above,
predefined IP groups will be shown in the list
as well. Please See [System]->[IP Grouping]
for setting up own IP groups.
Action
Do PR
No PR
Do PR: the matched connections will be
routed persistently.
AscenLink
User Manual
3-21
No PR: the matched connections will NOT be
routed persistently.
L Enable
Disable
Enable logging or not:
If the box is checked, the logging will be
enabled. Whenever the rule is matched, the
system will write the event to the log file.
Table 3.5 The Description of the Fields on the Persistent Routing Page
Persistent routing is necessary in situations when the destination servers
always check the IP address of the source. Most of the secure connections such
as HTTPS and SSH will do so. To prevent the connections from being
dispatched on different WAN links based on the auto-routing rules, persistent
routing is a remedy for keeping connections with a fixed WAN link.
It is essential to understand the relationship between auto-routing rules and
persistent routing rules. The sequence of routing policy is listed as follows:
When a connection is first established, AscenLink
will determine which WAN link
to use for the connection. This is done by looking up the rules in the auto-routing
table.
Subsequent connections with the same destination and source pair will obey the
rules formulated in the persistent routing table. Please note that a connection to
a different destination will result in looking up the rules in the auto-routing table
again and will be not considered as a subsequent connection to the previous
one.
There is a timeout for persistent routing. If the interval between two successive
connections is longer than timeout period, the second connection is considered
as a new connection. Therefore, auto-routing service will be activiated again,
which may cause the connection establishment through a different WAN link.
Example 1: Simple Persistent Routing
Network Architecture:
Chapter 3 Service
3-22
Figure 3.10 Network Architecture for Persistent Routing 1
The persistent routing policies we want to establish:
In the LAN, we want the connection from IP address 192.168.0.100 to
192.168.10.100 NOT to be routed persistently.
All the connections from DMZ to LAN are NOT routed persistently.
All the connections established from LAN to the host IP ranging from 10.10.1.1 ~
10.10.1.10 are NOT routed persistently.
Since the default value is Do PR, if users dont add any rules, all connections will
use persistent routing.
The settings for the above scenario will look like this in the persistent routing
table:
Source Destination Action
192.168.0.100 192.192.10.100 No PR
DMZ WAN No PR
LAN 10.10.1.1-10.10.1.10 No PR
AscenLink
User Manual
3-23
Table 3.6 The Settings for Persistent Routing Example 1
Example 2: Advanced Persistent Routing
Network Architecture:
Figure 3.11 Network Architecture for Persistent Routing 2
The persistent routing policies we want to establish:
All the connections from the hosts in the LAN, with IP addresses ranging from
192.168.0.10~192.168.0.20 are NOT routed persistently, except the host with IP
address 192.168.0.15.
All the connections from the sub-network IPs 192.168.10.0/24 to the IP
192.192.10.100 are NOT routed persistently.
All the connections established from the IP 211.21.48.196 to the sub-network
10.10.1.0/24 on the WAN are NOT routed persistently.
Chapter 3 Service
3-24
Since the default value is Do PR, if users dont add any rules, all connections will
use persistent routing.
The settings for the above scenario will look like this in the persistent routing
table:
Source Destination Action
192.168.0.15 WAN Do PR
192.168.0.10-192.168.0.20 WAN No PR
192.168.10.0/255.255.255.0 192.192.10.100 No PR
211.21.48.196 10.10.1.0/255.255.255.0 No PR
Table 3.7 The Settings for Persistent Routing Example 2
Note:
All rules are matched from top to bottom. Once a rule is matched, the rest will be ignored. In
this case, even though the connections from 192.168.0.15 meet the conditions specified in
the first and the second rule, only the first rule is applied.
A useful tip is to always place more specific rules on top of the less specific rules.
AscenLink
User Manual
3-25
3.4 Auto Routing
Auto Routing service allows administrators to specify how traffic is routed to
WAN links. If users have only one WAN link, users do not need to consider Auto
Routing. If users have multiple WAN links, however, users may setup routing
rules in many situations. For example, an administrator can reserve a WAN link
to a group of private IP addresses, or an administrator can force an application
to take a particular WAN link depending on the traffic loads in each WAN link.
Figure 3.12 The Location of Service /Auto Routing on the Menu Bar
Auto Routing is composed of two parts. The first part involves the design of
routing policies, and the second part is to set up filters which will activate their
corresponding policies. The internal working mechanism of Auto Routing is to
look up the filter table and monitor if the connection to be established matches
any filter in the table. If the connection matches the conditions specified in the
filter, the routing policy assigned to that filter will decide which WAN link the
Chapter 3 Service
3-26
connection should take. Thus, when users want to set up own routing rules,
the first step is to design the routing policies. Routing policies define the routing
algorithm and a selection of WAN links to which the algorithm will apply. Users
can give each routing policy a name so that users are able to assign them to the
filter later on. The second step is to add own filters which will determine the
routing policy to use when a type of connection is matched. Just like all other
services, the filters are matched from top to bottom. The filters appearing at the
top of the table are given higher precedence.
Field Value Description
Label
< name for the Policy>
The label for this auto routing policy. This label
will be displayed in the filter table when users
choose the routing policy.
Algorithm Fixed
Round-Robin
By Connection
By Upstream Traffic
By Downstream Traffic
By Total Traffic
By Optimum Route
Algorithm for Auto Routing:
- Fixed: only route the connections on a fixed
WAN link.
- By Round-Robin: route the connections on
every WAN link by weight.
- By Connection: compares the number of
connections on each WAN link and routes data
based on the specified connection ratio in WAN
- By Downstream Traffic: always route the
connections on the WAN link that has the lightest
downstream traffic.
- By Upstream Traffic: always route the
connections on the WAN link that has the lightest
upstream traffic.
- By Total Traffic: always route the connection on
the WAN link that has the lightest total traffic.
- By Optimum Route: Always route the
connections on the best WAN link according to
the evaluation of Optimum Route Detection.
Parameter <Select WAN link(s)
for the algorithm, or
put a weight on each
WAN link>
The type of parameter depends on the algorithm
users choose. For Fixed, By Upstream traffic,
By Downstream traffic, and By Total Traffic
algorithm, users can select WAN links to which
the algorithm will apply. For Round-Robin
algorithm, users give a weight on each WAN link.
Here is an example:
In the policy table below, we see the first four
policies use the Fixed algorithm (see the figure
below). The number represents the number of
the WAN link. Users can checked the box under
the number, telling AscenLink to apply the
algorithm to this WAN link.
AscenLink
User Manual
3-27
The fifth policy uses Round-Robin algorithm,
with weight 1 on WAN1, weight 1 on WAN2,
and weight 3 on WAN3. It means if there are
five connections to be established, the first one
will be established through WAN1, the second
one will be established through WAN2, and the
last three will be established through WAN3.
Table 3.8 The Description of the Fields in the Auto Routing Policy Table
Field Value Description
E
Enable (checked)
Disable (unchecked)
When the box is checked, the rule will be applied,
on the contrary, it will be disabled if the box is
unchecked.
When
Busy
Idle
All-Time
There are there options available: Busy hour, idle
hour, and All-times. Please refer to Chapter 2
[System]->[Busyhour Setting] for setting up the
definition of busy or idle hours.
Source IP Address
IP Range
Subnet
LAN
DMZ
Localhost
Any Address
FQDN
<IP Grouping
Name>
Connections established from the specified source
will be matched:
- IP Address: match connections established from a
single IP address. e.g.: 192.168.1.4
- IP Range: match connections established from a
continuous range of IP addresses. e.g.:
192.168.1.10-192.168.1.20
- Subnet: match connections that come from a
subnet. e.g.: 192.168.1.0/255.255.255.0
- LAN: match connections established from the
LAN
- DMZ : match connections established from DMZ.
- Localhost: match connections established from
AscenLink.
- Any Address: match all connections regardless of
its source.
- FQDN: match connections established from
FQDN.
Apart from the options listed above, predefined IP
groups will be shown in the list as well. Please See
[System]->[IP Grouping] for setting up own IP
groups.
Destination
IP Address
IP Range
Subnet
WAN
Connections to the specified destination will be
matched. This field is the same as the Source
field, except it matches packets with the specified
destination.
Chapter 3 Service
3-28
FQDN
<IP Grouping
Name>
- IP Address: match connections to a single IP
address. e.g.: 211.21.33.88
- IP Range: match connections to a continuous
range of IP addresses.
- Subnet: match connections to the IPs in a subnet.
- WAN: match connections to the WAN.
- FQDN: match connections established from
FQDN.
Apart from the options listed above, predefined IP
groups will be shown in the list as well. Please See
[System]->[IP Grouping] for setting up own IP
groups.
Service
FTP(21)
SSH(22)
TELNET(23)
SMTP(25)
DNS(53)
HTTP(80)
POP3(110)
H323(1720)
ICMP
TCP@
UDP@
Any
The TCP/UDP service type to be matched. Users
can select the matching criteria from the publicly
known service types (e.g. FTP), or users can
choose the port number in TCP/UDP packets. To
specify a range of port numbers, type the starting
port number plus hyphen - and the ending port
number. e.g.: TCP@123-234
Routing
Policy
<Select a policy
from policy table>
The routing policy which determines how the
connections are routed. The policies shown here
are the policies defined in policy table.
Fail-over
Policy
< Select a policy
from policy table>
When all the WAN links associated with the routing
policy fail, this fail-over routing policy will take over.
The policies shown here are the policies defined in
policy table.
L Enable
Disable
Enable logging or not:
If the box is checked, the logging will be enabled.
Whenever the rule is matched, the system will write
the event to the log file.
Table 3.9 The Description of the Fields in the Auto Routing Filter Table
Example 1: Simple Auto Routing
Network Architecture:
AscenLink
User Manual
3-29
Figure 3.13 Network Architecture for Auto Routing 1
Setting up auto routing policies to meet the following needs:
A policy that always route connections on WAN #1, which is an ADSL WAN link
with 512k downstream / 512k upstream.
A policy that always routes connections on WAN #2, which is an ADSL WAN link
with 1.5M downstream / 384k upstream.
Route connections by Optimum Route, choosing the better one from WAN1
and WAN2.
Route connections depending on the current downstream traffic on each WAN
links.
Chapter 3 Service
3-30
Route connections depending on the total traffic on each WAN links.
policy table will look like this:
Label Algorithm Parameter
WAN1 (512/512) Fixed Check WAN #1
WAN2 (1536/384) Fixed Check WAN #2
by Optimum Route by Optimum Route Check both WAN #1 and WAN #2
by Downstream By Downstream traffic Check both WAN #1 and WAN #2
by Total By Total traffic Check both WAN #1 and WAN #2
Table 3.10 The Settings for Auto Routing Example 1: Policies
Note:
Labelling the first policy with the bandwidth of the WAN link (512/512) does not mean
anything, it is just to make policy name self-explanatory. The same applies to the second
policy. If users want to set up the bandwidth of WAN links, please adjust settings on the
[System] -> [Network Setting] page.
Defining filters to meet the following needs:
When the users from LAN access the web server on the Internet, we want to use
policy By Optimum Route to route the connections to the better link.
When the users from LAN access the FTP server on the Internet, we want to use
policy WAN1(512/512) to route the connections. If WAN #1 fails, we want the
connections to be routed By Optimum Route.
Note:
In this situation, By Optimum Route will only route the connections through WAN #2
because WAN #1 has already failed.
The connections established from 211.21.48.195 in DMZ to any smtp server on
the Internet will be routed by the policy WAN1 (512/512). If WAN #1 fails, they
will be routed by the policy WAN2 (1536/384).
The connections established from 211.21.48.195 in DMZ to any POP3 server on
the Internet will be routed by the policy WAN1 (512/512). If WAN #1 fails, no
action will be taken.
Note: When WAN #1 disconnects, connection to the external POP server will also fail.
AscenLink
User Manual
3-31
filter table will look like this:
Source Destination Service Routing Policy Fail-Over Policy
LAN WAN HTTP(80) By Optimum Route No Action
LAN WAN FTP(21) WAN1(512/512) Round-Robin 1:1
211.21.48.195 WAN SMTP(25) WAN1(512/512) WAN2 (1536/384)
211.21.48.195 WAN POP3(110) WAN1(512/512) No Action
Table 3.11 The Settings for Auto Routing Example 1: Filters
Example 2: Auto Routing
Network Architecture:
ClientSide
ISP1
Internet
192.168.0.0/24
211.21.48.195
ISP2
FTPserver
210.10.10.11
60.200.10.1-60.200.10.20
192.192.0.0/24
211.21.48.196
192.168.10.0/24
192.168.0.100
ISP3
Figure 3.14 Network Architecture for Auto Routing 2
Chapter 3 Service
3-32
Setting up auto routing policies to meet the following needs:
A policy that always route connections through WAN #1 (fixed algorithm).
A policy that always route connections through WAN #2 (fixed algorithm).
A policy that always route connections through WAN #3 (fixed algorithm).
A policy to route connections evenly through WAN #1, WAN #2, and WAN #3
using Round-Robin algorithm.
A policy to route connections through WAN #1, WAN #2, and WAN #3 using
Round-Robin algorithm with weight ratio WAN #1 : WAN #2 : WAN #3 = 1:2:3.
Be aware that if there are six connections to be established, the first connection
will be routed through WAN #1, the second and third will be routed through WAN
#2, and the last three will be routed through WAN #3.
A policy to route connections through WAN #1 and WAN #2 depending on the
bandwidth left in the downstream traffic over each WAN link.
A policy to route connections through WAN #2 and WAN #3 depending on the
bandwidth left in the total traffic over each WAN link.
Label Algorithm Parameter
WAN1 Fixed Check WAN #1
WAN2 Fixed Check WAN #2
WAN3 Fixed Check WAN #3
Round-Robin1:1:1 Round-Robin Enter 1 for WAN #1, WAN #2, and WAN #3.
Round-Robin1:2:3 Round-Robin
Enter 1 for WAN #1, 2 for WAN #2, and 3 for
WAN #3.
by Downstream By Downstream Check both WAN #1 and WAN #2.
by Total By Total Traffic Check both WAN #2 and WAN #3.
Table 3.12 The Settings for Auto Routing Example 2: Policies
Defining filters to meet the following needs:
The connections established from 192.168.0.100 to FTP server at 210.10.10.11
are routed by the policy WAN3. If WAN #3 fails, they will be routed by the policy
by Downstream.
The connections established from the sub-network 192.168.10.0/24 to web
servers on the Internet are routed by the policy Round-Robin1:1:1.
AscenLink
User Manual
3-33
The connections established from 192.168.0.100~192.168.0.200 to the
sub-network 192.192.0.0/24 on TCP port 8000 are routed by the policy WAN2.
If WAN #2 fails, they are routed by the policy WAN3.
The connections from the LAN to the Internet are routed by the policy by
Downstream. If both WAN #1 and WAN #2 fail, they will be routed by the policy
WAN3.
The connections established from 211.21.48.196 to FTP server at 210.10.10.11
are routed by the policy Round-Robin1:2:3.
The connections established from 211.21.48.195 to any SMTP server on the
Internet are routed by the policy WAN3. If WAN #3 fails, they are routed by the
policy WAN3.
Note:
In this case, the host at 211.21.48.195 will not be able to establish connections to any
SMTP server on the Internet when WAN #3 fails, even though users still have other live
WAN links. Therefore, users must use the fail-over policy very carefully.
The connections established from DMZ to the Internet are routed by the policy
by Downstream. If both WAN #1 and WAN #2 fail, they will be routed by the
policy by Total.
Note:
Only if both WAN #1 and WAN #2 fail, the fail-over policy will take over. However, in this
case, if both of them fail, they are routed through WAN #3 because WAN #1 and WAN #2
are already dead.
The connections established from an arbitrary host to the hosts
60.200.10.1~60.200.10.10 will be routed by the policy WAN2. If WAN #2 fails,
they will be routed by WAN1.
The connections established from an arbitrary host to any host on the Internet
will be routed by the policy by Downstream.
filter table will look like this:
Source Destination Service Routing Policies Fail-Over Policies
192.168.0.100 210.10.10.11 FTP(21) WAN3 By Downstream
192.168.10.0/ WAN HTTP(80) Round-Robin No Action
Chapter 3 Service
3-34
255.255.255.0 1:1:1
192.168.0.100-
192.168.0.200
192.192.0.0/
255.255.255.0
TCP@8000 WAN2 WAN3
LAN WAN Any By Downstream WAN3
211.21.48.196 210.10.10.11 FTP(21)
Round-Robin
1:2:3
No Action
211.21.48.195 WAN SMTP(25) WAN3 WAN3
DMZ WAN Any By Downstream by Total
Any
60.200.10.1-
60.200.10.10
Any WAN2 WAN1
Any WAN Any By Downstream No Action
Table 3.13 The Settings for Auto Routing Example 2: Filters
Example 3: TR as ARs backup
A firm is headquartered in San Jose and has a branch office in Shanghai. Each
office uses a public WAN link to access to the Internet, and an Intranet is
established to transfer internal materials between the two offices. If the WAN
link in Shanghai office is failed, a backup VPN tunnel between the headquarters
in San Jose and the branch office in Shanghai will be activated to ensure
uninterrupted communication.
Network Architechture:
AscenLink
User Manual
3-35
Figure 3.15 Network Architecture for Auto Routing Example 3
WAN link deployment details are:
San Jose Shanghai
WAN 2 2.2.2.2
WAN 3 3.3.3.3
WAN 4 4.4.4.4
WAN 5 5.5.5.5
LAN 192.168.1.0/24 192.168.2.0/24
Table 3.14 WAN link information of Auto Routing Example 3
The settings for the headquarters in San Jose is as follows:
Settings in Tunnel Routing page are:
Chapter 3 Service
3-36
Tunnel Routing Log setting:
Tunnel Route Log
Enabled
Localhost ID
San Jose
Table 3.15 Auto Routing Example 3: Tunnel Routing Log Setting (San Jose Headquarters)
Tunnel Group Setting:
+ Group Name Remote
Host ID
Tunnels
+ - San Jose to
Shanghai
Shanghai
+ Local IP Remote IP Weigh
t
+ - 3.3.3.3 2.2.2.2 1
Table 3.16 Auto Routing Example 3: Tunnel Group Setting (San Jose Headquarters)
Routing Rules Setting:
+ Source Destination Use Group Fail-Over
+ - Any Address 192.168.2.0/255.255.255.0 San Jose to Shanghai No-ACTION
Table 3.17 Auto Routing Example 3: Routing Rules Setting (San Jose Headquarters)
Settings in Auto Routing page are:
Policies
Label Algorithm Parameter
WAN4 Fixed Tick WAN link number 4
Default Policy By Downstream Traffic Tick all available WAN links
Table 3.18 Auto Routing Example 3:Auto Routing Policies Setting (San Jose Headquarters)
Filters
Source Destination Service Routing Policy Fail-Over Policy
Tunnel WAN ANY WAN4 Default Policy
Any Address WAN ANY Default Policy No-ACTION
Table 3.19 Auto Routing Example 3:Auto Routing Filters Setting (San Jose Headquarters)
AscenLink
User Manual
3-37
The settings for Shanghai branch office is as follows:
Settings in Tunnel Routing page are:
Tunnel Routing Log setting:
Tunnel Route Log
Enabled
Localhost ID
Shanghai
Table 3.20 Auto Routing Example 3: Tunnel Routing Log Setting (Shanghai Office)
Tunnel Group Setting:
+ Group Name Remote
Host ID
Tunnels
+ - Shanghai to
San Jose
San Jose
+ Local IP Remote IP Weight
+ - 2.2.2.2 3.3.3.3 1
Table 3.21 Auto Routing Example 3: Tunnel Group Setting (Shanghai Office)
Chapter 3 Service
3-38
Routing Rules Setting:
+ Source Destination Use Group Fail-Over
+ - Any Address 192.168.1.0/255.255.255.0 Shanghai to San Jose No-ACTION
Table 3.22 Auto Routing Example 3: Routing Rules Setting (Shanghai Office)
Settings in Auto Routing page are:
Policies
Label Algorithm Parameter
WAN5 Fixed Tick WAN link number 5
Default Policy By Downstream Traffic Tick all available WAN links
Table 3.23 Auto Routing Example 3:Auto Routing Policies Setting (Shanghai Office)
Filters
Source Destination Service Routing Policy Fail-Over Policy
Any Address WAN Any WAN5
Tunnel: Shanghai to
San Jose
Any Address WAN Any Default Policy No-ACTION
Table 3.24 Auto Routing Example 3:Auto Routing Filters Setting (Shanghai Office)
AscenLink
User Manual
3-39
3.5 Virtual Server
Virtual Server is a feature to make the intranet (LAN) servers available to the
Internet (WAN). The private IP addresses assigned to the intranet servers are
invisible to the external environment. If users wish to make these services
(provided on the servers) accessible to outsiders, users must use AscenLink to
redirect these external requests to the right servers in the LAN or DMZ.
Whenever an external request arrives at AscenLink, the device
will look up the
Virtual Server table and redirect the packet right to the corresponding server in
the LAN or DMZ. Same as before, the service mapping in the virtual server table
is matched from top to bottom. If users accidentally set up two or more
mappings with the same WAN IP and service type, only the early configured one
matched is effective. The rest with the same WAN IP and service are ignored.
In addition, AscenLinks Virtual Server function also allows the user to perform
load balancing on multiple servers, which is to distribute traffic over a group of
servers (server cluster) to achieve highly accessible and fast web services.
AscenLink directs the incoming requests to particular servers in the server
cluster according to the preset weight on each server. Meanwhile, AscenLink
can achieve real-time monitor to the status of each server to ensure all incoming
requests are directed to the health servers.
Chapter 3 Service
3-40
Figure 3.16 The Location of Service/Virtual Server on the Menu Bar
AscenLink
User Manual
3-41
Virtual Server :
Field Value Description
E Enable (checked)
Disable (unchecked)
When the box is checked, the rule will be applied;
on the contrary, it will be disabled if the box is
unchecked.
When Busy
Idle
All-Time
There are there options available: Busy hour, Idle
hour, and All-Time. Please refer to Chapter 2
[System]->[ Busyhour Setting] for setting up the
definition of busy or idle hours.
WAN IP <WAN IP> To the users from the Internet, your virtual server is
visible as a public IP on the WAN port. This WAN IP
is the "visible" IP for your virtual server in the
external environment (Internet). Select a public IP.
Or in "Routing Mode", either enter the IP manually
or select the IP obtained by AscenLink from WAN
link. Or in "Bridge Mode One Static IP", insert WAN
IP, the public IP assigned from ISP. Or, if WAN type
is none of the above, then choose "dynamic IP at
WAN#".
Service FTP(21)
SSH(22)
TELNET(23)
SMTP(25)
DNS(53)
HTTP(80)
POP3(110)
H323(1720)
ICMP
TCP@
UDP@
Any...
The TCP/UDP service type to be matched. Users
can select the matching criteria from the publicly
known service types (e.g. FTP), or users can
choose the port number in TCP/UDP packets. To
specify a range of port numbers, type starting port
number plus hyphen - and ending port number.
e.g. TCP@123-234
Keep Session <Seconds> Tick or untick the box to decide whether to keep the
session after a connection is successfully
established. If users want to keep the session, then
input a time period as users wish. The default time
period is 30s.
Server IP <IP Address> The real IP address of the server, probably in LAN
or DMZ.
Detect <ICMP>
<TCP@>
No-Detect
Choose the protocol used for the detection of server
status. Available choices are ICMP, TCP@, and
No-Detect.
Note: If users choose TCP@, users have to
specify the associated port number.
Service FTP(21)
SSH(22)
TELNET(23)
SMTP(25)
DNS(53)
HTTP(80)
POP3(110)
The TCP/UDP service type to be matched. Users
can select the matching criteria from the publicly
known service types (e.g. FTP), or users can
choose the port number in TCP/UDP packet. To
specify a range of port numbers, type starting port
number plus hyphen - and ending port number.
e.g. TCP@123-234
Chapter 3 Service
3-42
H323(1720)
ICMP
TCP@
UDP@
Any...
Weight 1, 2, 3... A measure of heaviness. The weight with which to
determine which server is used to respond the
incoming requests. The higher the weight is, the
greater chance the corresponding server is used.
L Enable
Disable
Enable logging or not:
If the box is checked, the logging will be enabled.
Whenever the rule is matched, the system will write
the event to the log file.
Table 3.25 The Description of the Fields on Vitual Server Page
AscenLink
User Manual
3-43
Example 1: Virtual Server
Network Architecture:
Figure 3.17 Network Architecture for Virtual Server 1
The settings for virtual servers are listed below:
IP address assigned to WAN1 is 211.21.48.194. (Please refer to [System] ->
[Network Settings] -> [WAN Setting] for configurating WAN IPs.)
IP address assigned to WAN2 is 211.21.33.186.
Forward all HTTP requests (port 80) through WAN1 or WAN2 to two HTTP
servers 192.168.0.100 and 192.168.0.101 in the LAN.
Chapter 3 Service
3-44
Forward all FTP requests (port 21) through WAN1 or WAN2 to two FTP servers
192.168.0.200 and 192.168.0.201 in the LAN.
Assign 211.21.48.195 and 211.21.48.189 to WAN 1 and forward all the requests
to 211.21.48.195 or 211.21.48.189 to two SMTP servers 192.168.0.200 and
192.168.0.201 in the LAN.
Forward all the requests to 211.21.48.197 to 192.168.0.15 in the LAN.
Note:
1. AscenLink
can auto-detect both active and passive FTP servers; users dont need to
worry about this.
2. All public IPs must be assigned to WAN 1. Please configure these IPs in the field IP(s)
on Localhost of the Basic Subnet table on the [System] -> [Network Settings] -> [WAN
Setting] -> [WAN Link 1] page.
3. Because 211.21.48.197 does not belong to a physical host, users must assign this IP to
the WAN port.
virtual server table for the above settings will look like this:
WAN IP Service Server IP Detect Service Weight
192.168.0.100 TCP@80 HTTP(80) 1
211.21.48.194
HTTP (80)
192.168.0.101 ICMP HTTP(80) 1
192.168.0.100 ICMP HTTP(80) 1
211.21.33.186
HTTP (80)
192.168.0.101 TCP@80 HTTP(80) 2
192.168.0.200 ICMP FTP(21) 1
211.21.48.194
FTP (21)
192.168.0.201 TCP@21 FTP(21) 1
192.168.0.200 ICMP FTP(21) 1
211.21.48.186
FTP (21)
192.168.0.201 TCP@21 FTP(21) 1
192.168.0.200 ICMP SMTP(25) 1
211.21.48.195
SMTP (25)
192.168.0.201 TCP@25 SMTP(25) 1
192.168.0.200 ICMP SMTP(25) 1
211.21.48.189
SMTP (25)
192.168.0.201 TCP@25 SMTP(25) 1
211.21.48.197 Any 192.168.0.15 ICMP Any 1
Table 3.26 The Settings for Virtual Server Example 1
AscenLink
User Manual
3-45
Example 2: Virtual Server
Network Architecture:
Figure 3.18 Network Architecture for Virtual Server 2
The settings for the virtual servers are listed below:
Forward all the requests to 211.21.48.194 on TCP port 21 to the FTP Server
192.168.0.100.
Chapter 3 Service
3-46
Let PcAnywhere from any place be able to control to the host 192.168.0.15
through the public IP 211.21.33.186.
Note:
PcAnywhere uses TCP port 5631 and UDP port 5632. Please refer to the PcAnywhere
software manual.
Forward all the requests to 211.21.48.194 on TCP port 2000~3000 to the host
192.168.0.15 in the LAN.
Note: Port range redirection is also supported.
virtual server table for the above settings will look like this:
WAN IP Service Server IP Detect Service Weight
192.168.0.100 ICMP TCP@1999 1
211.21.48.194
TCP@1999
192.168.0.101 TCP@1999 TCP@1999 1
211.21.33.186 TCP@5631 192.168.0.15 ICMP TCP@5631 1
211.21.33.186 UDP@5632 192.168.0.15 TCP@5632 UDP@5632 1
211.21.48.194 TCP@2000-3000 192.168.0.15 ICMP TCP@2000-3000 1
211.21.48.194 UDP@2000-3000 192.168.0.15 ICMP UDP@2000-3000 1
Table 3.27 The Settings for Virtual Server Example 2
AscenLink
User Manual
3-47
3.6 Inbound BM
Bandwidth management (BM) is a useful feature that helps the administrator
allocate bandwidth for different types of service. Given that the bandwidth of
WAN links is usually a limited resource, it becomes a crucial issue deciding how
we can ensure enough bandwidth for mission critical applications to provide
satisfactory quality. To address issues like this, users need a BM tool to adjust
bandwidth utilization. Bandwidth Management (BM) in AscenLink
is separated
by the direction of traffic flow - either inbound (from WAN to LAN) or outbound
(from LAN to WAN). This section will only focus on the inbound BM, however,
the configuration for outbound BM is similar and will be discussed in the next
section.
Figure 3.19 The Location of Service/Inbound BM on the Menu Bar
Chapter 3 Service
3-48
Inbound BM is consisted of two parts: Classes and Filters. The class table
looks like this:
Figure 3.20 The Screenshot of Inbound BM Classes
By clicking the button to the right of a class name, users can expand or collapse
link settings and configure own bandwidth limit for each WAN link.
Class:
Field Description
Name
<input a
name>
The name for this bandwidth class. We
recommend users using a self-explanatory name
so users can understand it easily when it is used
later in the filter table. For example, users can
name bandwidth class HTTP to manage the
bandwidth of HTTP services.
Link - The WAN link which users want bandwidth limit
to apply.
Guaranteed
Kbps
The guaranteed bandwidth for this class.
This makes sure the connections through the WAN
link will at least be allocated with the specified
bandwidth. It is particularly useful when users want
to ensure the quality of a certain type of service
(e.g. VoIP).
Max Kbps This defines the maximum bandwidth allowed for
the connections on the WAN link. Normally, we will
set up maximum bandwidth for services like WWW
or SMTP that have a high volume of traffic and may
affect the quality of other services.
Busy Hour Settings
Note: Please see
[System]->[Busyhour Setting] in
chapter 2.
Priority The priority of the connections on the WAN link. It
can be High, Normal, or Low. The connections with
higher priority are allocated with available
bandwidth first.
AscenLink
User Manual
3-49
Guaranteed
Kbps
The guaranteed bandwidth for this class.
This makes sure the connections through the WAN
link will at least be allocated with the specified
bandwidth. It is particularly useful when users want
to ensure the quality of a certain type of service
(e.g. VoIP).
Max Kbps This defines the maximum bandwidth allowed for
the connections on the WAN link. Normally, we will
set up maximum bandwidth for services like WWW
or SMTP that have high volume of traffic and may
affect the quality of other services.
Idle Hour Settings
Note: Please see
[System]->[Busyhour Setting] in
chapter 2.
Priority
The priority of the connections on the WAN link. It
can be High, Normal, or Low. The connections with
higher priority are allocated with available
bandwidth first.
Table 3.28 The Description of the Fields in the Inbound BM Class Table
Filter:
In the filter table, users can set up the rules for filtering outside connections with
a specific set of characteristics, and assign a BM class that will limit the
bandwidth resources on these connections.
Field Value Description
E Enable (checked)
Disable (unchecked)
When the box is checked, the rule will be applied,
on the contrary, it will be disabled if the box is
unchecked.
Source IP Address
IP Range
Subnet
WAN
FQDN
<IP Grouping
Name>
Connections established from the specified source
will be matched:
- IP Address: match connections established from a
single IP address. e.:g. 192.168.1.4
- IP Range: match connections established from a
continuous range of IP addresses. e.g.
192.168.1.10-192.168.1.20
- Subnet: match connections that come from a
subnet. e.g.: 192.168.1.0/255.255.255.0
- WAN: match connections established from the
WAN
- FQDN: match connections established from
FQDN.
Apart from the options listed above, predefined IP
groups will be shown in the list as well. Please See
[System]->[IP Grouping] for setting up own IP
groups.
Chapter 3 Service
3-50
Destination IP Address
IP Range
Subnet
WAN
LAN
DMZ
Localhost
Any address
FQDN
<IP Grouping
Name>
Connections to the specified destination will be
matched. This field is the same as the Source
field, except it matches packets with the specified
destination.
In addition, the predefined IP groups will be shown
in the list as well. Please See [System]->[IP
Grouping] for setting up own IP groups.
Service FTP21
SSH (22)
TELNET(23)
SMTP(25)
DNS(53)
HTTP80
POP3(110)
H323 (1720)
ICMP
TCP@
UDP@
Any...
The TCP/UDP service type to be matched. Users
can select the matching criteria from the publicly
known service types (e.g. FTP), or users can
choose the port number in the TCP/UDP packet.
To specify a range of port numbers, type the
starting port number plus hyphen - and the ending
port number. e.g. TCP@123-234.
Service At WAN
Non WAN
Specify the location of the server that provides the
service.
- Non WAN: the server is located in the LAN or
DMZ
- WAN: the server is located in the WAN (Internet)
Classes
<Name> The bandwidth class to be imposed. These classes
are defined in the bandwidth class table we
mentioned earlier..
L Enable
Disable
Enable logging or not:
If the box is checked, the logging will be enabled.
Whenever the rule is matched, the system will write
the event to the log file.
Table 3.29 The Description of the Fields in the Inbount BM Filter Table
AscenLink
User Manual
3-51
Example 1: Inbound BM
Network Architecture:
Figure 3.21 Network Architecture for Inbound BM 1
The requirements for inbound bandwidth management:
The maximum bandwidth reserved for mail server 211.21.48.197 to download
emails are 128K on WAN1, 64K on WAN2, and 128K on WAN3.
The maximum bandwidth reserved for localhosts to download data from web
servers on the Internet are 128K on WAN1, 64K on WAN2, and 64K on WAN3.
The maximum bandwidth reserved for 192.168.0.100 to download data from
FTP server on the Internet are 50K on WAN1, 30K on WAN2, and 30K on WAN3
with high priority in peak hours. See the table below for the remaining details in
this BM class.
See the table below for the BM details on the FTP server 211.21.48.198 in DMZ.
Chapter 3 Service
3-52
class table for the above BM rules will look like this:
Busy Hour Settings Idle Hour Settings
Name Link Guaranteed
Kbps
Max
bps
Priority
Guaranteed
Kbps
Max
Kbps
Priority
WAN1 0 128 Normal 0 128 Normal
WAN2 0 64 Normal 0 64 Normal Mail Server
WAN3 0 128 Normal 0 128 Normal
WAN1 0 128 Normal 0 128 Normal
WAN2 0 64 Normal 0 64 Normal to LAN zone
WAN3 0 64 Normal 0 64 Normal
WAN1 20 50 High 20 50 High
WAN2 0 30 High 100 200 High
for
192.168.0.100
WAN3 0 30 High 100 200 High
WAN1 200 500 Low 200 500 Low
WAN2 0 512 Low 200 300 Low for DMZ zone
WAN3 0 256 Low 200 300 Low
Table 3.30 The Settings for Inbound BM Example 1: Classes
filter table will look like this:
Source Destination Service Service At Classes
WAN 211.21.48.197 SMTP(25) Non WAN Mail Server
WAN LAN HTTP(80) WAN to LAN zone
WAN 192.168.0.100 FTP(21) WAN for 192.168.0.100
WAN 211.21.48.198 FTP(21) Non WAN for DMZ zone
Table 3.31 The Settings for Inbound BM Example 1: Filters
Downstream data can be considered for one of two scenarios. Take FTP as an
example, the first scenario is that a local host downloads data from a remote
FTP server in the WAN. The other one is that a remote user in the WAN uploads
data to a FTP server in the LAN. Both of the scenarios are sending data from
the WAN to the LAN. Thus, users need to configure BM rules for these two
scenarios on the inbound BM page.
AscenLink
User Manual
3-53
Example 2: Inbound BM
Network Architecture:
Client Side
ISP 1
Internet
192.168.0.0/24
ISP 3
Mail server
211.21.48.197
ISP 2
FTP server
192.192.10.10
10.10.10.0/24
FTP server
211.21.48.198
192.168.100.0/24
192.168.0.100
512/64
512/64
1536/384
Figure 3.22 Network Architecture for Inbound BM 2
Chapter 3 Service
3-54
The requirements for the inbound bandwidth management:
Set up a BM class for limiting bandwidth usage from FTP server 192.192.10.10
to the LAN.
Set up a BM class for limiting bandwidth usage from any web server on the
Internet to the hosts in the LAN with IPs ranging from 192.168.0.10 ~
192.168.0.50.
Set up a BM class for limiting bandwidth usage from any FTP server on the
Internet to sub-network 192.168.100.0/24 in the LAN.
Set up a BM class for limiting bandwidth usage from any WAN user to FTP
server 211.21.48.198.
class table for inbound BM:
Busy Hour Settings Idle Hour Settings
Name Link Guaranteed
Kbps
Max
Kbps
Priority
Guaranteed
Kbps
Max
Kbps
Priority
WAN1 0 128 Normal 0 512 Normal
WAN2 0 128 Normal 0 512 Normal for LAN user
WAN3 0 64 Normal 0 512 Normal
WAN1 0 128 Normal 0 128 Normal
WAN2 128 256 Low 0 512 Low
for
192.168.0.10-192.168.0.50
WAN3 64 256 Low 0 512 Low
WAN1 20 50 High 20 50 High
WAN2 0 64 High 32 128 High for 192.168.100.0 FTP
WAN3 0 64 High 32 128 High
WAN1 200 500 Low 200 500 Low
WAN2 0 512 Low 0 512 Low for WAN user upload
WAN3 128 256 Low 256 512 Low
Table 3.32 The Settings for Inbound BM Example 2: Classes
AscenLink
User Manual
3-55
filter table will look like this:
Source Destination Service
Service
At
Classes
192.192.10.10 LAN FTP(21) WAN for LAN user
WAN 192.168.0.10-192.168.0.50 HTTP(80) WAN for 192.168.0.10- 192.168.0.50
WAN 192.168.100.0/255.255.255.0 FTP(21) WAN
for
192.168.100.0 FTP
WAN 211.21.48.198 FTP(21) Non WAN for WAN user upload
Table 3.33 The Settings for Inbound BM Example 2: Filters
Note:
During HTTP communication, clients send requests to the server, and vice versa, the
server responds to clients. Usually, the bandwidth is hugely affected by the responses from
the server to the client because they contain graphics or multimedia data. Thus, we only set
up BM rules for managing HTTP responses in most cases.
Chapter 3 Service
3-56
3.7 Outbound BM
In contrast to inbound BM, outbound BM controls network streams that flow
from the Intranet (LAN) to the Internet (WAN). The settings for the outbound BM
are the same as inbound BM.
Figure 3.23 The Location of Service /Outbound BM on the Menu Bar
Class:
Field Description
Name
<input a name>
The name for this bandwidth class. We recommend
users use a self-explanatory name so users can
understand it easily when it is being used later in the
filter table. For example, users can name
bandwidth class HTTP to manage the bandwidth of
HTTP services.
Link - The WAN link which users want bandwidth limit to
apply.
Busy Hour Settings
Guaranteed
Kbps
The guaranteed bandwidth for this class.
This makes sure the connections through the WAN
link will at least be allocated with the specified
AscenLink
User Manual
3-57
bandwidth. It is particularly useful when users want
to ensure the quality of a certain type of services
(e.g. VoIP).
Max Kbps This defines the maximum bandwidth allowed for the
connections on the WAN link. Normally, we set up
maximum bandwidth for services like WWW or
SMTP that have a high volume of traffic and may
affect the quality of other services.
Note: Please see
[System]->[Busyho
ur Setting] in
chapter 2.
Priority The priority of the connections on the WAN link. It
can be High, Normal, or Low. The connections with
higher priority are allocated with available bandwidth
first.
Guaranteed
Kbps
The guaranteed bandwidth for this class.
This makes sure the connections through the WAN
link will be at least allocated with the specified
bandwidth. It is particularly useful when users want
to ensure the quality of a certain type of services
(e.g. VoIP).
Max Kbps This defines the maximum bandwidth allowed for the
connections on the WAN link. Normally, we setup
maximum bandwidth for services like WWW or
SMTP that have high volume of traffic and may affect
the quality of other services.
Idle Hour Settings
Note: Please see
[System]->[ Busyho
ur Setting] in
chapter 2.
Priority
The priority of the connections on the WAN link. It
can be High, Normal, or Low. The connections with
higher priority are allocated with available bandwidth
first.
Table 3.34 The Description of the Fields in the Outbound BM Class Table
Chapter 3 Service
3-58
Filter:
In the filter table, users can set up the rules for filtering outside connections with
a specific set of characteristics, and assign a BM class that will limit the
bandwidth resources on these connections.
Field Value Description
E Enable (checked)
Disable (unchecked)
When the box is checked, the rule will be applied, on the
contrary, it will be disabled if the box is unchecked.
Source IP Address
IP Range
Subnet
LAN
DMZ
Localhost
Any
FQDN
<IP Grouping Name>
Connections established from the specified source will be
matched:
- IP Address: match connections established from a single IP
address. e.g.: 192.168.1.4
- IP Range: match connections established from a
continuous range of IP addresses.
e.g.: 192.168.1.10-192.168.1.20
- Subnet: match connections that come from a subnet.
e.g.: 192.168.1.0/255.255.255.0
- LAN: match connections established from the LAN
- DMZ : match connections established from DMZ.
- Localhost: match connections established from AscenLink.
- Any Address: match all connections regardless of its
source.
- FQDN: match connections established from FQDN.
Apart from the options listed above, predefined IP groups will
be shown in the list as well. Please See [System]->[IP
Grouping] for setting up own IP groups.
Destination IP Address
IP Range
Subnet
WAN
FQDN
<IP Grouping Name>
Connections to the specified destination will be matched.
This field is the same as the Source field, except it matches
packets with the specified destination.
In addition, the predefined IP groups will be shown in the list
as well. Please See [System]->[IP Grouping] for setting up
own IP groups.
Service FTP21
SSH (22)
TELNET(23)
SMTP(25)
DNS(53)
HTTP80
POP3(110)
H323 (1720)
ICMP
TCP@
UDP@
Any...
The TCP/UDP service type to be matched. Users can select
the matching criteria from the publicly known service types
(e.g. FTP), or users can choose the port number in
TCP/UDP packet. To specify a range of port numbers, type
the starting port number plus hyphen - and the ending port
number. e.g. TCP@123-234.
Service At WAN
Non WAN
Specify the location of the server that provides the service.
- Non WAN: the server is located in the LAN or DMZ
- WAN: the server is located in the WAN (Internet)
AscenLink
User Manual
3-59
Classes <Name> The bandwidth class to be imposed. These classes are
defined in the bandwidth class table we mentioned earlier.
L Enable
Disable
Enable logging or not:
If the box is checked, the logging will be enabled. Whenever
the rule is matched, the system will write the event to the log
file.
Table 3.35 The Description of the Fields in the Outbound BM Filter Table
Example 1: Outbound BM
Network Architecture:
Figure 3.24 Network Architecture for Outbound BM 1
Chapter 3 Service
3-60
The requirements for the outbound bandwidth management:
Set up a BM class for limiting bandwidth usage from FTP server 211.21.48.198
in DMZ to any users in the WAN.
Set up a BM class for limiting bandwidth usage from POP3 server 211.21.48.197
in DMZ to any users in the WAN.
class table for outbound BM:
Busy Hour Settings Idle Hour Setting
Name Link Guarante
ed Kbps
Max
Kbps
Priority
Guarante
ed Kbps
Max
Kbps
Priority
WAN1 0 128 Normal 0 512 Normal
WAN2 0 128 Normal 0 512 Normal
for FTP
upload
WAN3 0 64 Normal 0 512 Normal
WAN1 0 128 Low 0 128 Low
WAN2 0 128 Low 0 128 Low
for mail
server
(POP3) WAN3 0 256 Low 0 512 Low
Table 3.36 The Settings for Outbound BM Example 1: Classes
And, filter table will look like this :
Source Destination Service Service At Classes
211.21.48.198 WAN FTP(21) Non WAN for FTP upload
211.21.48.197 WAN POP3(110) Non WAN for mail server (POP3)
Table 3.37 The Settings for Outbound BM Example 1: Filters
Upstream data can be considered for one of two scenarios as well. Again, take
FTP as an example, the first scenario is that a local host uploads data to a
remote FTP server in the WAN. The other one is that a remote user in the WAN
downloads data from a FTP server in the LAN. Both of the scenarios are
sending data from the LAN to the WAN. Thus, users need to configure BM
rules for these two scenarios on the outbound BM page.
AscenLink
User Manual
3-61
Example 2: Outbound BM
Network Architecture:
Figure 3.25 Network Architecture for Outbound BM 2
The requirements for the outbound bandwidth management:
Set up a BM class for limiting bandwidth usage from virtual FTP server
192.168.0.100 in the LAN to any users in the WAN.
Note:
When configuring filters on virtual servers, users must specify the private IP assigned to
the virtual server, not the translated public IP.
Chapter 3 Service
3-62
Set up a BM class for limiting bandwidth usage from host 211.21.48.198 in DMZ
to sub-network 10.10.10.0/24 in the WAN.
class table for the above BM rules will look like this:
Busy Hour Setting Idle Hour Setting
Name Link
Guaranteed Kbps
Max
Kbps
Priority Guaranteed Kbps Max Kbps Priority
WAN1 100 200 Normal 0 512 Normal
WAN2 50 100 Normal 0 512 Normal for FTP
WAN3 50 100 Normal 0 512 Normal
WAN1 0 128 Low 0 256 Low
WAN2 0 128 Low 0 256 Low for 10.10.10.0
WAN3 0 256 Low 0 512 Low
Table 3.38 The Settings for Outbound BM Example 2: Classes
And, filter table will look like this:
Source Destination Service Service At Classes
192.168.0.100 WAN FTP non-WAN for FTP
211.21.48.198 10.10.10.0/255.255.255.0 Any non-WAN for 10.10.10.0
Table 3.39 The Settings for Outbound BM Example 2: Filters
AscenLink
User Manual
3-63
3.8 Connection Limit
Connection Limit is a useful feature to restrict the number of connections to
remain less than a threshold. When the number of connections exceeds the limit,
the system will automatically log the event to a file (when logging is enabled).
One application to connection limit is to detect exceptionally high volumes of
traffic caused by malicious attacks. In this case, AscenLink
can protect the
network from jamming up by rejecting additional connections above a threshold.
Figure 3.26 The Location of Service /Connection Limit on the Menu Bar
Chapter 3 Service
3-64
Available fields in connection limit function:
Figure 3.27 The Screenshot of Connection Limit
1. Log Interval:
Table 3.40 The Settings of Connection Limit Log Interval
2. Rules:
Field Value Description
Source IP Address
IP Range
Subnet
WAN
LAN
DMZ
Connections established from the specified source will be
matched:
- IP Address: match connections established from a single
IP address. e.g.: 192.168.1.4
- IP Range: match connections established from a
continuous range of IP addresses.
Field Value Description
Log Interval <second>
The log interval determines how often the system will write to
the log file when the number of the connections exceeds the
limit defined in the rules table. For example, if users set the
log interval to 5 seconds, the system will log the event every 5
seconds when the number of the connections exceeds the
limit. Of course, shorter interval will result in more records in
the log.
AscenLink
User Manual
3-65
Any Address
FQDN
<IP Grouping
Name>
e.g.: 192.168.1.10-192.168.1.20
- Subnet: match connections that come from a subnet.
e.g.: 192.168.1.0/255.255.255.0
- LAN: match connections established from the LAN
- DMZ: match connections established from DMZ.
- Localhost: match connections established from AscenLink.
- Any Address: match all connections regardless of its
source.
- FQDN: match connections established from FQDN.
Apart from the options listed above, predefined IP groups
will be shown in the list as well. Please See [System]->[IP
Grouping] for setting up own IP groups.
Limit <The number of
connections>
The maximum number of the connections
L Enable
Disable
Enable logging or not:
If the box is checked, the logging will be enabled. Whenever
the rule is matched, the system will write the event to the log
file.
Table 3.41 The Settings of Connection Limit Rules
Example:
In this example, the number of connections cannot exceed 500 for every host in
sub-network 192.168.1.1-192.168.1.254. If any of them has more than 500
connections, the system will record an event to the log file every 5 seconds.
Figure 3.28 Example of Connection Limit
Chapter 3 Service
3-66
3.9 Cache Redirect
AscenLink
is capable of working seamlessly with external cache servers. When
a user wants to request a page from a web server on the Internet, AscenLink
will
redirect the request to the cache server. If the requested web page is already on
the cache server, the cache server will return the page to the user, saving a lot
of time in retrieving data on the Internet.
Note: Cache Server can be located in DMZ.
Figure 3.29 The Location of Service /Cache Redirect on the Menu Bar
AscenLink
User Manual
3-67
In this page, users can set up own cache servers. However, cache servers
have to support caching in transparent mode. The settings for cache redirect will
look like the screenshot below, divided into two parts:
Figure 3.30 The Settings of Cache Redirect
1. Cache Group
Users can configure cache server group in the first table. Multiple groups are
allowed to have different sets of rules which users will then create on the second
table. In addition, the number of cache servers is not limited to one. Users can
have multiple cache servers with different weights in the cache server group.
Field Value Description
Group Name < Group Name> own name for this cache server
group
IP <IP address> The IP address of the cache
server
Port Eg: 80 The port number of the cache
server
Weight Eg: 1,2 The weight for redirecting the
requests to this cache server. A
higher value means a greater the
chance.
Associated WAN NO, 1, 2 The WAN link this cache server
uses. To let the Auto-routing
service decide the WAN link used,
please choose NO.
Table 3.42 The Description of the Fields in Cache Group
Chapter 3 Service
3-68
2. Redirect Rule
Table 3.43 The Description of the Fields in Redirect Rules
Users can set up redirect rules so that matched requests will be redirected to
the specific cache server group.
Field Value Description
Source
IP Address
IP Range
Subnet
LAN
DMZ
Any Address
<IP Grouping
Name>
The source where the request originates. The
request with this source will be redirected to the
cache server. Users need to specify the IP or IPs
when choosing IP Address or IP Range or
subnet.
Destination
IP Address
IP Range
Subnet
WAN
<IP Grouping
Name>
The destination where the request is sent to. The
requests with this destination will be redirect to the
cache server. Users need to specify the IP or IPs
when choosing IP Address or IP Range or
subnet.
Port Eg: 80
The service port number. The request with this
service port number will be redirected to the cache
server.
Group
NO REDIRECT
or
<Group Name>
Select NO REDIRECT if users do not want the
requests to be redirected. Or, users can tell
AscenLink to redirect the requests to a group of
cache server(s) by its group name.
L
Enable
Disable
Enable logging or not:
If the box is checked, the logging will be enabled.
Whenever the rule is matched, the system will write
the event to the log file.
AscenLink
User Manual
3-69
Example 1: The Requested Web Page is NOT on the Cache Server
Client Side
ISP
Internet
192.168.0.0/24
WAN
LAN DMZ
Cache Server
Server
192.192.10.100
211.21.48.194
Client
1
2
3
4
5
Figure 3.31 The Sequence of the Requests and Responses in Cache Miss Case
When AscenLink
receives a request from a client, the request will be redirected
to the cache server. The cache server will see if the data requested already
exists. If not, the cache server will request the data on behalf of the client and
return the data from the web server to the client. Please refer to the figure
shown above.
Chapter 3 Service
3-70
Example 2: The Requested Web Page is on the Cache Server
Figure 3.32 The Sequence of the Requests and Responses in Cache Hit Case
When AscenLink
receives a request from a client, the request will be redirected
to the cache server. In this case, the data requested already exists on the cache
server. It will return the data requested to the client without passing the request
to the web server on the Internet.
AscenLink
User Manual
3-71
3.10 Tunnel Routing
Figure 3.33 The Location of Service /Tunnel Routing on the Menu Bar
The term Tunnel Routing (abbreviated as TR) refers to building a special
connection between two AscenLink machines, which only designated groups
are allowed to use.
The advantage of TR is that when a WAN link fails in one of the AscenLink
machines, the packets sent from the designated groups can still be routed to
other AscenLink machines so that the transfer can be continued. Since Release
version 5.1, AscenLink can support tunnels with dynamic IPs, further benefiting
customers with dynamic IP ADSL connections. In addition, the TR also supports
the notion of central routing, for supporting branch offices accessing the
Internet via headquarters WAN links.
Chapter 3 Service
3-72
Another enhancement of TR is TR/AR backup. In other words, when TR failed
(possibly due to all of the WAN links in the TR failed), then the traffic can fall
back to the remaining WAN links using the Auto Routing configuration. For a set
of branch offices all connecting to the HQ, AscenLinks TR function can further
support routing of traffic among branch offices via the HQ.
The page features two tabs: setting and benchmark.
1. Setting: This page allows administrators to configure tunnel routing policies.
2. Benchmark: After establishing tounel routing, administrators can test
packets dropping and latency of two ends.
AscenLink
User Manual
3-73
3.10.1 Tunnel Routing---Setting
In the tunnel routing configuration page, the three main settings are:
Tunnel Route Log, Local Host ID, and Key
In this fields, users can select whether to enable or disable the Tunnel Route
logging. Users can also define a logical name as the Local Host ID, i.e., the Name
for this machine in the Tunnel Group definition. The Local Host ID is particularly
important in the case of Dynamic IP since we do not have a fixed IP to be
referenced by the other side in the Tunnel. To encrypt the established tunnel, key
is required.
Field Value Description
Tunnel Route Log Enable
Disable
Turn on Tunnel Route logging
Turn off Tunnel Route logging
Local Host ID e.g.: 12xyz.b_d-xxx Input the logical name for this unit
Key e.g.: 1234 Enter the key.
Confirm e.g.: 1234 Confirm the key above.
Table 3.44 Description of Tunnel Route Log and Local Host ID
Chapter 3 Service
3-74
Tunnel Group
In this table, the designated group allowed to use the tunnel can be set by entering
source or destination IP addresses. A group may be assigned to multiple tunnels.
Field Value Description
Group Name <group name> Enter the name of the group.
Remote Host ID Eg:11xyz.b_d-yyy Input the Host ID of the Remote
machine in the Tunnel
Algorithm Round-Robin
By Traffic
Round-Robin: Route the connection
on every tunnel by weight.
By Traffic: Route the connection on
the tunnel with lightest traffic flows.
Note: Please specify the weight
value in the Weight field of Group
Tunnels if users select
Round-Robin algorithm.
Local IP IP Address
(NAT)IP Address
Dynamic IP
(NAT) Dynamic IP
Enter the local/source address if the
WAN link has a fixed IP.
(NAT)IP Address: Static IP
translated via NAT.
Select <Dynamic IP> if the WAN
link is of Dynamic IP.
(NAT) Dynamic IP: Dynamic IP
translated via NAT.
Remote IP IP Address
Dynamic IP
Enter the remote/destination IP
addres if the WAN link has a fixed
IP.
Select <Dynamic IP> if the WAN
link is of Dynamic IP.
Weight Eg: 1,2 The weight/priority of the tunnel.
The higher the weight, the more
likely the it can use the tunnels.
Group
Tunnels
Encrypt Check the box to enable
encryption.
Check the box to enable encryption
over this tounnel routing.
When new tunnel has not yet been established, it will perform two default rules:
one rule from LAN, the other from DMZ. Administrators are able to configure on
two units to build up the tunnel.When certain default rule is enabled, all the
tunnels whose rules are not configured will perform this default rule.
E Check the box to enable
Default Rule.
Check to enable the rule.
Default Rule
Source IP Address
IP Range
Subnet
LAN
DMZ
The source of the connection:
-IP Address format of a single IP on
one server: xxx.xxx.xxx.xxx
-IP Range format of a range of IP
addresses on several servers:
xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy
-Subnet format of a subnet address:
xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy
-LAN format of the LAN address
-DMZ format of the DMZ address
-Any address
AscenLink
User Manual
3-75
Fail-over No Action
Auto Routing
Tunnel: New Group
Select a policy from the drop-down
list. When WAN failure occurs,
traffic will be diverted to back up
tunnels based on Fail-over policies.
Table 3.45 The Description of the Fields in Tunnel Group
Routing Rules
Field Value Description
Source
IP Address
IP Range
Subnet
LAN
DMZ
Any Address
The source of the connection:
-IP Address format of a single IP on one server is: 192.168.1.4
-IP Range format of a range of IP addresses on several servers are:
192.168.1.10-192.168.1.20
-Subnet format of a subnet address, for example:
192.168.1.0/255.255.255.0
-LAN format of the LAN address
-DMZ format of theDMZ address
-Any address
Destination IP Address
IP Range
Subnet
WAN
The destination of the connection:
-IP Address format for a single IP address on one server is:
192.168.1.4
-IP Range format of a range of IP address on several servers are:
192.168.1.10-192.168.1.20
-Subnet format of a subnet address, for example:
192.168.1.0/255.255.255.0
-WAN format of WAN address
Service FTP
SSH
TELNET
SMTP
DNS
HTTP
POP3
H323
ICMP
...
TCP@
UDP@
Protocol#
Any
The TCP/UDP service type to be matched. The default is "Any".
Users can select the matching criteria from the publicly known
service types (e.g. FTP), or users can choose the port number in
TCP/UDP packet. To specify a range of port numbers, type starting
port number plus hyphen "-" and then end port number. e.g.
"TCP@123-234".
Group No action
Group
The group permitted to use the tunnel.
Fail-Over No action
Auto Routing
Group..
This field defines the fail-over policy hhen the WAN links in the
Group for the Routing Rules fail. Possible options are:
- NO-ACTION: do nothing
- Auto-Routing: Packet will fall back to the defined Auto Routing
policies
- Tunnel Group: Packets will fal back to the selected tunnel groups.
Notice selecting the original tunnel group is the same as
NO-ACTION
Table 3.46 The Description of the Fields in Routing Rules
Chapter 3 Service
3-76
Persistent Rules
Field Value Description
Source
IP Address
IP Range
Subnet
LAN
DMZ
Any Address
The source of the connection:
-IP Address format of a single IP on one server is: 192.168.1.4
-IP Range format of a range of IP addresses on several servers are:
192.168.1.10-192.168.1.20
-Subnet format of a subnet address, for example:
192.168.1.0/255.255.255.0
-LAN format of LAN address
-DMZ format of DMZ address
-Any address
Destination IP Address
IP Range
Subnet
WAN
The destination of the connection:
-IP Address format for a single IP address on one server is:
192.168.1.4
-IP Range format of a range of IP addresses on several servers are:
192.168.1.10-192.168.1.20
-Subnet format of a subnet address, for example:
192.168.1.0/255.255.255.0
-WAN format of WAN address
Service FTP
SSH
TELNET
SMTP
DNS
HTTP
POP3
H323
ICMP
...
TCP@
UDP@
Protocol#
Any
The TCP/UDP service type to be matched. The default is "Any".
Users can select the matching criteria from the publicly known
service types (e.g. FTP), or users can choose the port number in
TCP/UDP packet. To specify a range of port numbers, type starting
port number plus hyphen "-" and then end port number. e.g.
"TCP@123-234".
Table 3.47 The Description of the Fields in Persistent Rules
AscenLink
User Manual
3-77
3.10.2 Tunnel Routing---Benchmark
In testing, set one AscenLink as server end, and the other servers as client end
by default. Simply click Start Test Server on one device to set it as server end.
Testing over tunel groups is conducted on client end. Click the button to start or
stop test. Users are able to choose one or all tunnels to perform test. Click Stop
to stop the test.
Field Value Description
Test Port e.g.: 65535 Defines test port number for the device.
Start Test
Server
click it to set the device as server end.
Test Click to start test.
Show Test
Result
Click the button to view test results.
Table 3.48 The Description of the Fields in Benchmark
DO NOT SWITCH THE PAGE OR TURN OFF THE WINDOW when AscenLink
is running test. Refer to the testing page table below.
Field Description
Tunnel Group Displays name of testing group.
Tunnel Displays all tunnels in this tunnel group.
Administrators are allowed to test one or all tunnels in this group.
Status
Test is not started or test is complete.
Waiting for test.
Testing.
Test is failed.
RTT
Displays RTT value of both ends of tunnel. This value is tested with
zero traffic load. Without
Traffic Packet
Loss
Displays packet loss percentage. This percentage is tested with zero
traffic load.
Bandwidth Displays bandwidth of test result of this tunnel.
RTT
Displays RTT value of both ends of tunnel. This value is tested with
full traffic load. With Traffic
Packet
Loss
Displays packet loss percentage. This percentage is tested with full
traffic load.
Table 3.49 The Description of the Testing Page
Chapter 3 Service
3-78
Example 1:
A companys headquarters is located in Taichung, and has branch offices in
Taipei and Kaohsiung. Each office has a LAN, two WAN links and a DMZ with
VPN gateway. The details are as follows:
Taichung Taipei Kaohsiung
WAN 1 1.1.1.1 2.2.2.2 6.6.6.6
WAN 2 3.3.3.3 4.4.4.4 8.8.8.8
WAN 3 Dynamic IP N/A 10.10.10.10
VPN Gateway 1.1.1.11 2.2.2.22 6.6.6.66
LAN 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24
Table 3.50 Example of Tunnel Routing
The setting for the Taichung headquarters is as follows:
Set the Localhost ID as T1, and decide whether to turn on Tunnel Route Log of
choice.
Tunnel Group
+ Group Name Remote
Host ID
Algorithm Tunnels
+ Local IP Remote IP Weight
+ - 1.1.1.1 2.2.2.2 1
+ - Taipei T2 Round-Robin
+ - 1.1.1.1 4.4.4.4 1
+ - 3.3.3.3 2.2.2.2 1
+ - 3.3.3.3 4.4.4.4 1
+ - Taibei
Backup
T2 Round-Robin
+ Local IP Remote IP Weight
+ - Kaohsiung K3 Round-Robin
+ - 1.1.1.1 6.6.6.6 1
+ - 3.3.3.3 8.8.8.8 1
+ - 5.5.5.5 10.10.10.10 1
+ -
Kaohsiung
Backup
K3 Round-Robin
Table 3.51 The Settings for Tunnel Routing Example 1: Tunnel Groups
AscenLink
User Manual
3-79
Routing Rules
+ Source Destination Use Group Fail-over
+ - 1.1.1.11 2.2.2.22 Taipei Backup Taipei
+ - 1.1.1.11 6.6.6.66 Kaohsiung Backup Kaohsiung
+ - 192.168.1.1-192.168.1.10 192.168.2.1-192.168.2.10 Taipei AR
+ - 192.168.1.1-192.168.1.10 192.168.2.1-192.168.2.10 Kaohsiung No-Action
Table 3.52 The Settings for Tunnel Routing Example 1 : Routing Rules
The setting for the Taipei branch office is as follows:
Set the Localhost ID as T2, and decide whether to turn on Tunnel Route
Logging of choice.
Tunnel Group
+ Group Name Remote ID Algorithm Tunnels
+ Local IP Remote IP Weight
+ - 2.2.2.2 1.1.1.1 1
+ - 2.2.2.2 3.3.3.3 1
+ - 4.4.4.4 1.1.1.1 1
+ - 4.4.4.4 3.3.3.3 1
+ - Taichung T1 Round-Robin
Table 3.53 The Settings for Tunnel Routing Example 2 : Tunnel Group
Routing Rules
+ Source Destination Use Group Fail-over
+ - 192.168.2.1-192.168.2.10 192.168.1.1-192.168.1.10 Taichung No-Action
+ - 2.2.2.22 1.1.1.11 Taichung AR
Table 3.54 The Settings for Tunnel Routing Example 2 : Routing Rules
Chapter 3 Service
3-80
The setting for the Kaohsiung branch office is as follows:
Set the Localhost ID as K3, and decide whether to turn on Tunnel Route
Logging of choice.
Tunnel Group
+ Group Name Remote ID Algorithm Tunnels
+ Local IP Remote IP Weight
+ - 6.6.6.6 1.1.1.1 1
+ - 6.6.6.6 3.3.3.3 1
+ - 8.8.8.8 1.1.1.1 1
+ - 8.8.8.8 3.3.3.3 1
+ - 10.10.10.10 Dynamic 1
+ - Taichung T1 Round-Robin
Table 3.55 The Settings for Tunnel Routing Example 3 : Tunnel Group
Routing Rules
+ Source Destination Use Group Fail-over
+ - 192.168.3.1-192.168.3.10 192.168.1.1-192.168.1.10 Taichung No-Action
+ - 6.6.6.66 1.1.1.11 Taichung AR
Table 3.56 The Settings for Tunnel Routing Example 3 : Routing Rules
According to the above description, any data sent from 1.1.1.11 (or
192.168.1.1-192.168.1.10) to 2.2.2.22 will be wrapped and sent as a GRE
packet. If 1.1.1.1 experiences a failed WAN link, the packet will still be sent from
3.3.3.3 to continue the transfer.
AscenLink
User Manual
3-81
NOTE:
When using tunnel routing in AscenLink, the settings must correspond to each other or else
tunnel routing will not function properly. For example, if AscenLink in Taipei has removed
the values 2.2.2.2 to 3.3.3.3 in its routing rule settings, then the AscenLink in Taichung
cannot use this rule even if it has included it in its settings.
To assign the bandwidth for each tunnel, select [Service]->[Inbound BM] and
[Outbound BM], and assign the maximum and minimum bandwidth for GRE
packets. The following is an example using the AscenLink in Taipei:
Filter (For Inbound BM)
Source Destination Service Service Location Service Type
1.1.1.1 2.2.2.2 GRE WAN Taichung-VPN
1.1.1.1 4.4.4.4 GRE WAN Taichung-VPN
3.3.3.3 2.2.2.2 GRE WAN Taichung-VPN
3.3.3.3 4.4.4.4 GRE WAN Taichung-VPN
Table 3.57 The Settings for Tunnel Routing Example : Inbound BM Filter
Filter (Outbound BM)
Source Destination Service Service Location Service Type
2.2.2.2 1.1.1.1 GRE WAN Taichung-VPN
2.2.2.2 3.3.3.3 GRE WAN Taichung-VPN
4.4.4.4 1.1.1.1 GRE WAN Taichung-VPN
4.4.4.4 3.3.3.3 GRE WAN Taichung-VPN
Table 3.58 The Settings for Tunnel Routing Example : Outbound BM Filter
Example 2: Tunnel Routing with Dynamic IP
A firm headquartered in Beijing has a branch office in Shanghai. In the
headquarters, two WAN links are deployed: one fixed IP WAN link and one
dynamic IP WAN link; in the Shanghai office, two dynamic IP WAN links are
deployed.
Requirements
Chapter 3 Service
3-82
As illustrated in the diagram below, a tunnel is established through AscenLink
between LAN1 and LAN2. Packets are transferred via two WAN links evenly.
Figure 3.34 Example 2 of Tunnel Routing
The detailed information is as follows:
Beijing Shanghai
WAN 1 211.21.33.186 Dynamic IP
WAN 2 Dynamic IP Dynamic IP
LAN 192.168.1.0/24 192.168.2.0/24
Table 3.59 TR Example 2: WAN LinkIinformation
Settings for Beijing Headquarters
AscenLink
User Manual
3-83
Log and Local Host ID:
Tunnel Route Log
Enabled
Local Host ID
Beijing
Table 3.60 TR Example 2: Settings of Log and Local Host ID (Beijing)
Tunnel Group
+ Group
Name
Remote
Host ID
Algorithm Tunnels
+ Local IP Remote IP Weight
+ - 211.21.33.186 Dynamic IP
at WAN1
1
+ - Dynamic IP at
WAN2
Dynamic IP
at WAN2
1
+ - Beijing to
Shanghai
Shanghai Round-Robin
Table 3.61 TR Example 2: Tunnel Group Settings in Beijing Headquarters
Routing Rules
+ Source Destination Use Group Fail-Over
+ - 192.168.1.0/255.255.25
5.0
192.168.2.0/255.255.25
5.0
Beijing to
Shanghai
No-ACTION
Table 3.62 TR Example 2: Routing Rules in Beijing Headquarters
Settings for Shanghai Office
Log and Local Host ID:
Tunnel Route Log
Enabled
Local Host ID
Shanghai
Table 3.63 TR Example 2: Settings of Log and Local Host ID (Shanghai)
Tunnel Group
+ Group
Name
Remote
Host ID
Algorithm Tunnels
Chapter 3 Service
3-84
+ Local IP Remote IP Weight
+ - Dynamic IP
at WAN1
211.21.33.186 1
+ - Dynamic
IP at
WAN2
Dynamic IP at
WAN2
1
+ - Shanghai
to Beijing
Beijing Round-Robin
Table 3.64 TR Example 2: Tunnel Group Settings in Shanghai Office
Routing Rules
+ Source Destination Use Group Fail-Over
+ - 192.168.2.0/255.255.25
5.0
192.168.1.0/255.255.25
5.0
Shanghai
to Beijing
No-ACTION
Table 3.65 TR Example 2: Routing Rules in Shanghai Office
Example 3: Forwarding of Tunnel Routing
A firm is headquartered in San Jose and has two branch offices in Beijing and
Hong Kong respectively. Each office deploys a public line to access to the
Internet. Each branch office sets up an individual tunnel with the headquarters
office to access to the corporate network information.
Requirement
The LAN in Beijing and Hong Kong office can communicate with each other via
the tunnel established with San Jose.
AscenLink
User Manual
3-85
Figure 3.35 Example 3 of Tunnel Routing
The detailed WAN link information is as follows:
San Jose Beijing Hong Kong
WAN 1 1.1.1.1
WAN 2 2.2.2.2
WAN 3 3.3.3.3
LAN 192.168.1.0/24 192.168.2.0/24
Table 3.66 TR Example 3: WAN Link Information
Settings for the headquarters in San Jose:
Log and Local Host ID:
Chapter 3 Service
3-86
Tunnel Route Log
Enabled
Local Host ID
SanJose
Table 3.67 TR Example 3: Settings of Log and Local Host ID (San Jose)
Tunnel Group
+ Group
Name
Remote
Host ID
Algorithm Group Tunnels
+ Local IP Remote IP Weight
+ - 3.3.3.3 1.1.1.1 1
+ - San Jose to
Beijing
Beijing Round-Robin
+ Local IP Remote IP Weight
+ - 3.3.3.3 2.2.2.2 1
+ - San Jose to
Hong Kong
Hong Kong Round-Robin
Table 3.68 TR Example 3: Tunnel Group Settings in San Jose Headquarters
AscenLink
User Manual
3-87
Routing Rules
+ Source Destination Group Fail-Over
+ - 192.168.1.0/255.255.25
5.0
192.168.2.0/255.255.25
5.0
San Jose
to Beijing
No-ACTION
+ - 192.168.2.0/255.255.25
5.0
192.168.1.0/255.255.25
5.0
San Jose
to Hong
Kong
No-ACTION
Table 3.69 TR Example 3: Routing Rules in San Jose Headquarters
Settings for the branch office in Beijing:
Log and Local Host ID:
Tunnel Route Log
Enabled
Local Host ID
Beijing
Table 3.70 TR Example 3: Settings of Log and Local Host ID (Beijing)
Tunnel Group
+ Group
Name
Remote
Host ID
Algorithm Group Tunnels
+ Local IP Remote IP Weight
+ - 1.1.1.1 3.3.3.3 1
+ - Beijing to
San Jose
San Jose Round-Robin
Table 3.71 TR Example 3: Tunnel Group Settings in Beijing Branch Office
Routing Rules
+ Source Destination Group Fail-Over
+ - 192.168.1.0/255.255.25
5.0
192.168.2.0/255.255.25
5.0
Beijing to
San Jose
No-ACTION
Table 3.72 TR Example 3: Routing Rules in Beijing Branch Office
Chapter 3 Service
3-88
Settings for the branch office in Hong Kong:
Log and Local Host ID:
Tunnel Route Log
Enabled
Local Host ID
Hong Kong
Table 3.73 TR Example 3: Settings of Log and Local Host ID (Hong Kong)
Tunnel Group
+ Group
Name
Remote
Host ID
Algorithm Group Tunnels
+ Local IP Remote IP Weight
+ - 2.2.2.2 3.3.3.3 1
+ - Hong Kong to
San Jose
Hong Kong Round-Robin
Table 3.74 TR Example 3: Tunnel Group Settings in Hong Kong Branch Office
Routing Rules
+ Source Destination Group Fail-Over
+ - 192.168.2.0/255.255.25
5.0
192.168.1.0/255.255.25
5.0
Hong Kong
to San
Jose
No-ACTION
Table 3.75 TR Example 3: Routing Rules in Hong Kong Branch Office
AscenLink
User Manual
3-89
Example 4: Central Routing of Tunnel Routing
A firm is headquartered in San Jose and has two branch offices in Beijing and
Hong Kong respectively. An Intranet is established throughout the three
locations. The branch office in Hong Kong does not deploy any public link to visit
the Internet but use the tunnel established with the headquarters to access to
the Internet via the WAN link in San Jose. The Beijing branch office deploys a
public WAN link to access to the Internet. In the event of failure on this WAN link,
the tunnel between Beijing office and San Jose office will be the backup line for
the Internet service.
Figure 3.36 Example 4 of Tunnel Routing
Chapter 3 Service
3-90
The detailed WAN link information is as follows:
San Jose
AscenLink 3
Beijing
AscenLink 1
Hong Kong
AscenLink 2
WAN 1 1.1.1.1
WAN 2 2.2.2.2
WAN 3 3.3.3.3
WAN 4 4.4.4.4
WAN 5 5.5.5.5
LAN 192.168.1.0/24 192.168.2.0/24
Table 3.76 TR Example 4: WAN Link Information
Settings for the headquarters in San Jose:
Tunnel Routing Setting:
Log and Local Host ID:
Tunnel Route Log
Enabled
Local Host ID
SanJose
Table 3.77 TR Example 4: Settings of Log and Local Host ID (San Jose)
Tunnel Group
+ Group
Name
Remote
Host ID
Algorithm Group Tunnels
+ Local IP Remote IP Weight
+ - 3.3.3.3 1.1.1.1 1
+ - San Jose to
Beijing
Beijing Round-Robin
+ Local IP Remote IP Weight
+ - 3.3.3.3 2.2.2.2 1
+ - San Jose to
Hong Kong
Hong Kong Round-Robin
Table 3.78 TR Example 4: Tunnel Group Settings in San Jose Headquarters
AscenLink
User Manual
3-91
Routing Rules
+ Source Destination Group Fail-Over
+ - Any Address 192.168.2.0/255.255.25
5.0
San Jose
to Hong
Kong
No-ACTION
+ - Any Address 192.168.1.0/255.255.25
5.0
San Jose
to Beijing
No-ACTION
Table 3.79 TR Example 4: Routing Rules in San Jose Headquarters
Auto Routing Setting:
Policies
Label Algorithm Parameter
WAN4 Fixed Tick the box 4
Default Policy By Downstream Traffic Tick all boxes 1, 2, 3, 4...
Table 3.80 TR Example 4: Auto Routing policies in San Jose Headquarters
Filters
Source Destination Service Routing Policy Fail-Over Policy
Tunnel WAN Any WAN4 Default Policy
Any Address WAN Any Default Policy No-ACTION
Table 3.81 TR Example 4: Auto Routing Filters in San Jose Headquarters
Settings for the branch office in Beijing:
Log and Local Host ID:
Tunnel Route Log
Enabled
Local Host ID
Beijing
Table 3.82 TR Example 4: Settings of Log and Local Host ID (Beijing)
Tunnel Group
+ Group
Name
Remote
Host ID
Algorithm Group Tunnels
+ - Beijing to San Jose Round-Robin
Chapter 3 Service
3-92
+ Local IP Remote IP Weight
+ - 1.1.1.1 3.3.3.3 1
San Jose
Table 3.83 TR Example 4: Tunnel Group Settings in Beijing Branch Office
Routing Rules
+ Source Destination Group Fail-Over
+ - Any Address WAN Beijing to
San Jose
No-ACTION
Table 3.84 TR Example 4: Routing Rules in Beijing Branch Office
Settings for the branch office in Hong Kong:
Tunnel Routing Setting:
Log and Local Host ID:
Tunnel Route Log
Enabled
Local Host ID
Hong Kong
Table 3.85 TR Example 4: Settings of Log and Local Host ID (Hong Kong)
AscenLink
User Manual
3-93
Tunnel Group
+ Group
Name
Remote
Host ID
Algorithm Group Tunnels
+ Local IP Remote IP Weight
+ - 2.2.2.2 3.3.3.3 1
+ - Hong Kong to
San Jose
Hong Kong Round-Robin
Table 3.86 TR Example 4: Tunnel Group Settings in Hong Kong Branch Office
Routing Rules
+ Source Destination Group Fail-Over
+ - 192.168.2.0/255.255.25
5.0
192.168.1.0/255.255.25
5.0
Hong Kong
to San
Jose
No-ACTION
Table 3.87 TR Example 4: Routing Rules in Hong Kong Branch Office
Auto Routing Setting:
Policies
Label Algorithm Parameter
WAN5 Fixed Tick the box 5
Default Policy By Downstream Traffic Tick all boxes 1, 2, 3, 4...
Table 3.88 TR Example 4: Auto Routing policies in Hong Kong Branch Office
Filters
Source Destination Service Routing Policy Fail-Over Policy
Any Address WAN Any WAN5
Tunnel: Hong Kong
to San Jose
Any Address WAN Any Default Policy No-ACTION
Table 3.89 TR Example 4: Auto Routing Filters in Hong Kong Branch Office
Chapter 3 Service
3-94
3.11 Multihoming
AscenLinks auto-routing service is a trunking technology that provides load
balancing and fault tolerance for all outbound requests. But it does not apply to
inbound requests. Based on a unique technology called SwiftDNS, AscenLink
offers a multihoming service of load balancing and fault tolerance for inbound
requests. The minimum requirements for multihoming is that users must have
multiple WAN links and registered domain names for publicly accessible
servers.
Whenever AscenLink receives a DNS query, it will answer with a public IP
address assigned to one of the WAN links according to the settings of
answering policies. Therefore, subsequent requests to server will be sent to a
public IP of the WAN link based on AscenLinks previous response. Users can
configure the answering policies with a weight for each WAN link so the returned
public IPs will be distributed evenly by weight. Also the device can automatically
detect the links by Optimum Route Algorithm to return a better link to WAN
visitors. If one of WAN links fails, AscenLink will not return the public IP
assigned to that failed link nevertheless publicly accessible servers are still
reachable via other live WAN links.
AscenLink
User Manual
3-95
Figure 3.37 The Location of Service / Multihoming on the Menu Bar
AscenLink offers two mechanisms for Multihoming: Internal DNS and DNS
Relay. The details of these mechanisms are explained in this section.
Chapter 3 Service
3-96
3.11.1 Prerequisites for Multihoming
In order to let multihoming function properly, please make sure that the
requirements listed below are met.
Prerequisites for Multihoming:
Mulitple WAN links (at least two).
Registered domain names for publicly accessible servers.
Publicly accessible servers must be configured as virtual servers, or have public
IP addresses.
AscenLink
User Manual
3-97
3.11.2 Multihoming Setting
Check the box to enable Multihoming . AscenLinks multihoming supports
backup. Administrators can check Enable Backup and specify the backup
device IP to enable the function.
Unlike Enable Relay, Enable Multihoming will conduct DNS analysis on local
host. There are three tables for configuring multihoming settings. The first table
defines global settings. The second is for policies setting, telling AscenLink
which WAN links IP address to return for DNS queries. The third is used to
configure domain name settings.
Global Settings
Figure 3.38 Global Setting in Multihoming Policy
Field Value Description
TTL <TTL> Set DNS query response time. TTL (Time To
Live) Specifies the amount of time other DNS
servers and applications are allowed to cache the
record.vvv
IP Address <IP Address> Enter the reverse loopup IP address
Host Name <Link Number> Enter the corresponding FQDN to the reverse IP.
Table 3.90 The Description of the Fields in Multihoming Global Setting
Chapter 3 Service
3-98
Policy Setting
Figure 3.39 The Settings of Multihoming Policy
Field Value Description
Enable Multihoming Enable
Disable
Enable or disable multihoming service.
Ploicy Name
<Policy Name>
The name of the policy. It is recommended that users
name each policy with a descriptive name. It will be
displayed in the domain setting later on.
Algorithm By Weight
By Downstream
By Upstream
By Total Traffic
By Optimum Route
The algorithm for selecting WAN links. This is done by
answering DNS queries.
- By Weight: answer DNS queries by the weight given
to each link.
- By Downstream: answer DNS queries by selecting
the WAN link with the lightest downstream traffic.
- By Upstream: answer DNS queries by selecting the
WAN link with the lightest upstream traffic.
- By Total Traffic: answer DNS queries by selecting the
WAN link with the lightest total traffic.
- By Optimum Route: answer DNS queries by selecting
the best WAN link according to the configurantion in
Optimum Route Detection.
WAN Link <Link Number> The WAN link to be answered by DNS resolver.
IP Address <IP Address> The public IP addresses on this WAN link.
Weight Weight The weight of each WAN link
AscenLink
User Manual
3-99
Table 3.91 The Description of the Fields in Multihoming Policy
Domain Setting
In this table, users should configure domain settings, including multihoming
domain names (can be more than one), the DNS servers for querying domain
names, and the answering policy to apply to a given prefix of the domain name.
Chapter 3 Service
3-100
Figure 3.40 Domain Setting
Field Description
Domain Name
Enter the domain names for multihoming. To enter additional
domain names, press +.
TTL Assign DNS query response time.
Responible Mail Enter the domain administrators email.
Primary Name Server Enter the primary server name.
Source IP The query IP address, can be Any IP, IP, IP range, subnet, or
prfedefined IP groups.
NS Record
Name Server Enter the prefix of the server name. For example, if a
servers FQDN is nsl.abc.com, please enter nsl.
IP Address Enter the IP address corresponding to the name server.
A Record
Host Name Enter the prefix of the primary workstations name. For
example, if the name is www.abc.com, enter www.
When Available options are: All-Time/Busy/Idle
IP Address Enter the IP address of the primary workstation.
To Policy Select the domain setting policy to be used.
TTL TTL (Time To Live) specifies the amount of time A Record is
allowed to cache the record.
CName Record
Alias Enter the alias of the domain name.
For example, if users wish to use www1.abc.com as the aliais
of www.abc.com, (domain name), enter www1 in this field.
Target Enter the real domain name.
For example, if users wish to use www1.abc.com as the alias
for www.abc.com, enter www.
TTL TTL (Time To Live) specifies the amount of time CName
Record is allowed to cache the record.
DName Record
Alias Enter the alias of the domain name. For example, if users
wish to use www.a.abc.com as the alias of www.abc.com
(domain name), enter a in this field.
Target Enter the prefix of the domain name. For example, if users
wish to use www.a.abc.com as the alias of www.abc.com,
enter abc.com" as the prefix.
TTL TTL (Time To Live) specifies the amount of time DName
Record is allowed to cache the record.
MX Record
TTL TTL (Time To Live) specifies the amount of time MX Record
is allowed to cache the record.
Host Name Enter the prefix of the mail servers domain name.
For example, if the domain name is mail.abc.com, enter
mail.
Priority Enter the priority of the mail servers. The higher the priority,
the lower the number
Mail Server Enter the IP address of the mail server.
Table 3.92 The Description of the Fields in Domain Setting
AscenLink
User Manual
3-101
Enable Relay
Relay means AscenLink will not conduct DNS over inbound requests on itself
but relay the requests to other hosts for DNS analysis and transmit the
analysis results to client end. Global Setting will hide after Relay is enabled.
Domain settings will change as below.
Figure 3.41 Enable Relay in Multihoming Policy
Field Description
Domain Name
Enter the domain names for multihoming. To enter additional
domain names, press +.
TTL
TTL (Time To Live) specifies the amount of time other DNS
servers and applications are allowed to cache the record.
Name Servers Enter the domain administrators email.
A Record
Host Name Enter the prefix of the primary workstations name. For
example, if the name is www.abc.com, enter www.
When Options available are "Busy", "Idle", and "All-Time". Please
refer to [System]->[Date/Time] to do the time setting.
Source IP The source of the DNS queries. All DNS queries with this
source IP will be responsed.
To Policy Select the domain setting policy to be used.
TTL TTL (Time To Live) specifies the amount of time A Record is
allowed to cache the record.
Table 3.93 The Description of the Fields in Enable Relay
Configuration File
This function allows users to Import or Export the configuration files. The files will
Chapter 3 Service
3-102
be stored as .ini file.
Note: Only Administrator is authorized to perform this function.
Example 1:
Network Architecture:
Figure 3.42 Multihoming Example 1: Network Architecture
In the Intranet, we want to install a web server that is open to the Internet. To do
so, we have to configure this web server as a virtual server. The settings in the
virtual server table looks like this (Please refer to Section 3.5):
WAN IP Server IP Service
211.21.33.186 192.168.0.100 HTTP (80)
61.64.195.150 192.168.0.100 HTTP (80)
Table 3.94 Multihoming Example 1: Virtual Server Settings
AscenLink
User Manual
3-103
This web server is bound to two WAN ports. Please refer to Chapter 2
[System]->[Networking setting]->[WAN Setting].
The settings for multihoming in this case are illustrated below:
Policy Setting
Field Value
Enable Multihoming Enable (Ticked)
Policy Name web
Algorithm By Upstream
WAN Link 1
IP Address 211.21.33.186
WAN Link 2
Policy Advance
Setting
IP Address 61.64.195.150
Table 3.95 Multihoming Example 1: Policy Settings
Domain Setting
Field Value
Domain Name xtera-ip.com
TTL 30
Responible Mail Abc.xtera-ip.com
Primary Name Server ns1
IP Address 192.168.0.10
NS Record
Name Server ns1
IP Address 192.168.0.10
A Record
Host Name www
When All-Time
IP Address 192.168.0.100
To Policy web
TTL 30
Table 3.96 Multihoming Example 1: Domain Settings
Note:
1. The IPs for the DNS servers are not necessarily public IPs. They can be private IPs as
well, as long as AscenLink knows where to send DNS queries. In this example, both two
DNS servers are placed in DMZ.
2. In this example, we setup multihoming for our virtual server www.xtera-ip.com
Chapter 3 Service
3-104
Example 2:
Network Architecture:
Figure 3.43 Multihoming Example 2: Network Architecture
AscenLink
User Manual
3-105
Before setting up multihoming, users should first configure virtual server. The
configuration for the virtual server in this example is illustrated below:
WAN IP Server IP Service
211.21.33.186 192.168.0.200 SMTP(25)
61.64.195.150 192.168.0.200 SMTP(25)
Table 3.97 Multihoming Example 2: Virtual Server Settings
Policy Setting
Field Value
Enable Multihoming Enable
Policy Name mail
Algorithm By Weight
WAN Link 1
IP Address 211.21.33.186
WAN Link 2
Policy Advance Setting
IP Address 61.64.195.150
Table 3.98 Multihoming Example 2: Policy Settings
Domain Setting
Field Value
Domain Name xtera-ip.com
TTL 30
Responible Mail abc.xtera-ip.com
Primary Name Server ns1
Source IP 192.168.0.10
NS Record
Name Server ns1
IP Address 192.168.0.10
A Record
Host Name mail
When All-TIme
Source IP 192.168.0.200
TTL 30
MX Record
TTL 30
Host Name
Priority 1
Mail Server mail
TTL 30
Table 3.99 Multihoming Example 2: Domain Settings
Chapter 3 Service
3-106
Note:
1. Please refer to Chapter 2 [System]->[Networking setting]->[WAN Setting] for how to
assigned public IPs to WAN ports.
2. In this example, we have completed the multihoming setup for our virtual server
mail.xtera-ip.com.
AscenLink
User Manual
3-107
3.12 Internal DNS
Figure 3.44 The Location of Service / Internal DNS on the Menu Bar
To eliminate the cost and effort of setting up DNS servers, AscenLink has a
built-in DNS server function which can be activated by completing the fields in
this page.
Global Setting
Field Value
Enable InternalDNS Turn on/off internal DNS server.
PTR Record
TTL Set DNS query response time.
IP Address Enter the reverse loopup IP address
Host Name Enter the corresponding FQDN to the reverse IP.
Table 3.100 The Description of the Fields in Global Setting
Chapter 3 Service
3-108
Domain Settings
Field Description
Domain Name
Enter the domain names for multihoming. To enter
additional domain names, press +.
TTL Assign DNS query response time
Responible Mail Enter the domain administrators email.
Primary NameServer Enter the primary server name.
IP Address Enter the IP address of the primary server.
NS Record
Name Server Enter the prefix of the server name.
For example, if a servers FQDN is nsl.abc.com, please
enter nsl.
IP Address Enter the IP address corresponding to the name server.
A Record
Host Name Enter the prefix of the primary workstations name.
For example, if the name is www.abc.com, enter www.
IP Address Enter the IP address of the primary workstation.
To Policy Select the policy to be used.
CName Record
Alias Enter the alias of the domain name.
For example, if users wish to use www1.abc.com as the
alias of www.abc.com, (domain name), enter www1 in this
field.
Target Enter the real domain name.
For example, if users wish to use www1.abc.com as the
alias for www.abc.com, enter www.
MX Record
Host Name Enter the prefix of the mail servers domain name.
For example, if the domain name is mail.abc.com, enter
mail.
Priority Enter the priority of the mail servers.
The lower the number, the higher the priority.
Mail Server Enter the IP address of the mail server.
Table 3.101 The Description of the Fields in Domain Setting
AscenLink
User Manual
3-109
3.13 SNMP
Figure 3.45 The Location of Service / SNMPon the Menu Bar
SNMP (Simple Network Management Protocol) can be used to manage
networks by providing statistical data regarding network performance and
security. It is often used in the management of TCP/IP networks. AscenLink
supports SNMP v1 to v3 protocols.
SNMP v1/2
Field Value Description
Community Enter the community which the SNMP belongs to.
System Name Fill in a string to represent this system.
System Contact Fill in a string to represent a person in charge of this system.
System Location Fill in a string to represent the location of this system.
Table 3.102 The Description of the Fields in SNMP V1/2
Chapter 3 Service
3-110
SNMP v3
Field Value Description
Community Enter the community which the SNMP belongs to.
System Name Fill in a string to represent this system.
System Contact Fill in a string to represent a person in charge of this system.
System Location Fill in a string to represent the location of this system.
Username Enter user name usd for authentication.
Password Enter the password used for authentication.
Privacy Key Enter the privacy key code. Eg: 12345678
ABCDEFGHUI.etc.
AuthProtocol MD5
SHA
Select the authentication protocol used when transferring
the authenticated password, either MD5 or SHA.
PrivProtocol DES Select the authentication protocol used when transferring
the authenticated privacy key.
Authentication Auth No Priv
Auth with Priv
Select the authentication method for user and privacy key,
either authentication with privacy or authentication with no
privacy.
Table 3.103 The Description of the Fields in SNMP V3
AscenLink
User Manual
3-111
3.14 IP-MAC Mapping
Figure 3.46 The Location of Service / IP-MAC MAPPING on the Menu Bar
Users can specify the IP-MAC table based on different time periods such as
Busy-hour and Idle-hour. When the IP-MAC table is set, a packet sent from an
IP address will only pass through AscenLink if its MAC address (also) matches
the one listed in the table.
Field Value Description
E Enable/Disable
When Busy.
Idle
All-Time
Select the time period: busy hour, idle hour and all times.
All time periods are sepcified using a 24hour system. For
details regarding busy and idle hours, refer to chapter 2,
[System]->[Busyhour Setting] configurations.
IP Address Enter the IP address of the network interface card.
MAC Address Enter the MAC address of the network interface card.
L Enable
Disable
When this box is checked, it means the rule is activated
and the result will be recorded in a log file. If the box is not
checked, the rule is not activated and data will not be
stored in a log file.
Table 3.104 The Description of the Fields in IP-MAC MAPPING
AscenLink User Manual
4-1
Table of Content
Chapter 4 Statistics.......................................................................................................4-4
4.1 Traffic.......................................................................................................................4-5
4.2 BM...........................................................................................................................4-7
4.3 Persistent Routing...................................................................................................4-9
4.4 WAN Link Health Detection................................................................................... 4-11
4.5 Dymatic IP WAN Link............................................................................................4-13
4.6 DHCP Lease Info...................................................................................................4-15
4.7 RIP & OSPF Status................................................................................................4-17
4.8 Tunnel Status.........................................................................................................4-19
4.9 Tunnel Traffic.........................................................................................................4-21
4.10 Connection Limit..................................................................................................4-22
4.11 Port Information...................................................................................................4-24
4.12 Virtual Server Status............................................................................................4-25
Chapter 4 Statistics
4-2
Figure
Figure 4.1 Statistics................................................................................................... 4-4
Figure 4.2 Statistics/Traffic........................................................................................ 4-5
Figure 4.3 Statistics/BM............................................................................................ 4-7
Figure 4.4 Statistics/Persistent Routing.................................................................... 4-9
Figure 4.5 Statistics/WAN Link Health Detection.....................................................4-11
Figure 4.6 Statistics/Dynamic IP WAN Link............................................................ 4-13
Figure 4.7 Statistics/DHCP Lease Info.................................................................. 4-15
Figure 4.8 Statistics/RIP & OSPF Status ................................................................ 4-17
Figure 4.9 Statistics/Tunnel Status.......................................................................... 4-19
Figure 4.10 Statistics/Tunnel Traffic.......................................................................... 4-21
Figure 4.11 Statistics/Connection Limit..................................................................... 4-22
Figure 4.12 Statistics/Port Information...................................................................... 4-24
Figure 4.13 Statistics/Virtual Server Status............................................................... 4-25
AscenLink User Manual
4-3
Table
Table 4.1 Statistics/Traffic Field and Description.....................................................4-6
Table 4.2 Statistics/BM Field and Description..........................................................4-8
Table 4.3 Statistics/Persistent RoutingField and Description.................................4-10
Table 4.4 Statistics/WAN Link Health Detection Field and Description.................4-12
Table 4.5 Statistics/Dymatic IP WAN Link Field and Description...........................4-14
Table 4.6 Statistics/DHCP Lease InfoField and Description..................................4-16
Table 4.7 Statistics/RIP Status Field and Description............................................4-18
Table 4.8 Statistics/Tunnel Status Field and Description.......................................4-20
Table 4.9 Statistics/Tunnel Traffic Field and Description.......................................4-21
Table 4.10 Statistics/Connection Limit Field and Description..................................4-23
Table 4.11 Statistics/Port Information Field and Description...................................4-24
Table 4.12 Statistics/Virtual Server Status Field and Description............................4-26
Chapter 4 Statistics
4-4
Chapter 4 Statistics
In this chapter, users will learn how to use information to monitor network status based on
each traffic class, bandwidth, and dynamic IP WAN link in real-time through the statistics
provided by AscenLink. The information shown on the statistics pages enables the
administrator to get a full understanding of the network status. It also becomes useful
when users want to find out the cause for a failed link or an unexpected situation. These
statistics will save the user a lot of time and efforts in problem solving.
Figure 4.1 Statistics
AscenLink User Manual
4-5
4.1 Traffic
In the traffic statistics page, it can help the user inspect real-time traffic
information sorted by the traffic class over each WAN link. The statistics of
traffic classes in the table is adjusted accordingly by the selection of the traffic
type - either inbound or outbound.
Figure 4.2 Statistics/Traffic
In the table, users can see three kinds of statistics regarding each traffic class:
1. Maximum/Minimum bandwidth allocation and priority
2. Traffic statistics for the last 3 seconds
3. Traffic statistics for the last 1 minute
Chapter 4 Statistics
4-6
The statistics are analyzed by each one WAN connection and the direction of
the traffic flows. To change the statistics users wish to see, select the direction
of traffic flow - Inbound or Outbound from Traffic Type, and the index number
of WAN Link users wish to inspect.
Field Value(s) Description
Traffic Type Inbound
Outbound
The direction of traffic flow either inbound traffic or
outbound traffic
WAN Link 1, 2... The number of WAN links users want to inspect
Automatic Refresh
Every 3 Seconds
Every 6 Seconds
Seconds...
Time interval for refreshing the statistics table
Traffic Class - The name of the traffic class defined on the
Inbound/Outbound BM page. The rest of unclassified
information is labelled as Default Class.
Min. ~Max.(Priority) Kbps ~Kbps The maximun/minimum traffic volume allowed for a
specific traffic class and its priority.
3-Second Statistics
Packets, Kbps
It displays the number of the packets or the volume of
traffic flows in Kilobyte/sec for the last 3 seconds.
1-Minute Statistics
Packets, Kbps
It displays the number of the packets or the volume of
traffic flows in Kilobyte/sec for the last 1 minute.
Top 10 By selecting show button, the data flow for the next five
seconds will be gathered, along with the corresponding IP
address. The statistics can be ranked by the following
categories: By Connection, By Source, By Destination,
and By Service.
Table 4.1 Statistics/Traffic Field and Description
AscenLink User Manual
4-7
4.2 BM
The traffic statistics obtained on the previous item focus more on the real-time
monitoring of network status. However, the statistics shown on the BM page is
intended for long-term analysis. The network administrator can view bandwidth
usage shown in bar graphs for a specific traffic class of a given traffic direction
over a WAN link. The user may see the result reflecting the bandwidth usage in
past one hour, day, month, or year.
Figure 4.3 Statistics/BM
Field Value Description
Traffic Type
Inbound
Outbound
The direction of traffic flow either inbound traffic or outbound traffic
Traffic Class
Either the name of the traffic class defined on the Inbound/Outbound BM page,
or the sum of all traffic classes.
WAN Link 1, 2... The number of WAN links users wish to inspect
Chapter 4 Statistics
4-8
Table 4.2 Statistics/BM Field and Description
AscenLink User Manual
4-9
4.3 Persistent Routing
The information concerning the status of persistent routing is shown on this
page. Instead of only viewing all the connections via persistent routing, the
administrators can also manually reset these connections.
Figure 4.4 Statistics/Persistent Routing
Chapter 4 Statistics
4-10
Field Value Description
Clear All - Clear all the connections via persistent routing.
Automatic Refresh Every 3 Seconds
Every 6 Seconds
Seconds...
Time interval for refreshing information about
persistent routing
Source IP
-
Source IP of the current persistent routing
connection
Destination IP
-
Destination IP of the current persistent routing
connection
Count
-
The number of the connections that the current
persistent routing rule applies
Timeout
-
The length of time that needs to elapse before
the current connection times out
WAN
-
The WAN link through which the current
persistent routing connection travels
Table 4.3 Statistics/Persistent RoutingField and Description
AscenLink User Manual
4-11
4.4 WAN Link Health Detection
This page shows the results of WAN link health detection. The statistics on this
page indicates the reliability of a specific WAN connection. The ping results are
based on the destination IP list setup on [System] ->[WAN Link Health
Detection] page. In the table, administrators can observe the number of the
requests sent, number of responses received, and the success ratio for a given
destination. These statistics can assist administrators to further analyze the
network status and behavior.
Figure 4.5 Statistics/WAN Link Health Detection
Chapter 4 Statistics
4-12
Field Value Description
WAN Link <WAN Link #> The WAN link users wish to monitor
Automatic Refresh Every 3 Seconds
Every 6 Seconds
Seconds...
Time interval for refreshing the result table
Destination IP - The destination IP address to which the ping
requests will be sent
Number of Requests - The number of requests sent to the
destination IP so far
Number of Replies - The number of ICMP responses received
from the destination in the WAN so far
Success Ratio (%) - The percentage of the number of responses
divided by the number of the requests. A
higher ratio means a more reliable WAN link.
Table 4.4 Statistics/WAN Link Health Detection Field and Description
AscenLink User Manual
4-13
4.5 Dymatic IP WAN Link
This page contains information about dynamic IP WAN links. It shows the WAN
links during their IP addresses through PPPoE or DHCP. The network
administrator can also get new IPs by re-establishing connections to the WAN
from this page.
Figure 4.6 Statistics/Dynamic IP WAN Link
Chapter 4 Statistics
4-14
Field Value Description
WAN - How a WAN is connected: either PPPoE or
DHCP
Automatic Refresh Disabled
Every 10 Seconds
Every 30 Seconds
Seconds...
Time interval for refreshing the result table
IP Address - IP allocated for the current WAN link
Gateway - Gateways IP address for the current WAN
link
Netmask - Sub-network mask
Reconnect - Reconnect a WAN link through PPPoE or
DHCP
Re-Connect All - Reconnect all WAN links through PPPoE or
DHCP
Table 4.5 Statistics/Dymatic IP WAN Link Field and Description
AscenLink User Manual
4-15
4.6 DHCP Lease Information
This page shows information regarding data assigned through a DHCP lease,
such as lease IP address and its corresponding MAC address, client-hostname,
and expiration time. By selecting the DHCP server, a list of all current DHCP
servers in the network will be displayed. The option Automatic Refresh sets
the time interval in which the list of DHCP servers regularly updated.
Figure 4.7 Statistics/DHCP Lease Information
Chapter 4 Statistics
4-16
Field Value Description
DHCP Server <WAN Link #> Displays the DHCP server and range of IP
addresses which can be assigned
Automatic Refresh Disabled
Every 10 Seconds
Every 30 Seconds...
The time interval after which the list of
client-hostname is updated.
Lease IP - Shows the IP address assigned to the client
machine
MAC Address - Shows the MAC address of the client
machine
Client-Hostname - Shows the name of the client machine
Expiration Time - Shows the time period during which the IP
address is valid
Table 4.6 Statistics/DHCP Lease InfoField and Description
AscenLink User Manual
4-17
4.7 RIP & OSPF Status
This page shows the RIP status on the basis of RIP and OSPF setting in the
[System] ->[Network Setting] ->[LAN Private Subnet] page. MIS personnel can
inspect the private subnets Network IP, Netmask, and gateway list. Users can
select from the Automatic Refresh menu to enable or disable the automatic
refresh.
Figure 4.8 Statistics/RIP & OSPF Status
Field Value Description
Type RIP
OSPF
Select from the drop-down list to view the
RIP or OSPF routing.
Automatic Refresh Disabled
Every 10 Seconds
Every 30 Seconds
...
Select the desired auto-refresh interval, or
disable it
Chapter 4 Statistics
4-18
Network IP - Display the Network IP of the private subnet
Netmask - Display the Netmask of the private subnet
Gateway - Display the Gateway of the private subnet
Table 4.7 Statistics/RIP Status Field and Description
AscenLink User Manual
4-19
4.8 Tunnel Status
This page shows the tunnel status from the setting in the page of [Service] ->
[Tunnel Routing]. Administrators can monitor the health condition of each tunnel
and select groups from 3-Second Statistics, 1-Minute Statistics, Status, etc..
Administrators can select Automatic Refresh pull-down menu to
enable/disable the function while choosing a suitable time interval of the
automatic refresh.
Figure 4.9 Statistics/Tunnel Status
Chapter 4 Statistics
4-20
Field Value Description
Tunnel Group - Select the tunnel group from the
drop-down menu as users want.
Automatic Refresh Disabled
Every 10 Seconds
Every 30 Seconds
...
Select the desired auto-refresh interval, or
disable it
Tunnel Status - OK
Failed
Tunnel - Displays all tunnels in the selected tunnel
group
3-Second Statistics Kbps Displays the statistics information for the
last 3 seconds
1-Minute Statistics Kbps Displays the statistics information for the
last one minute
Status - Displays the status of the tunnel
Table 4.8 Statistics/Tunnel Status Field and Description
AscenLink User Manual
4-21
4.9 Tunnel Traffic
It collects inbound/outbound traffic statistics of tunnel routing groups in 60
minutes, 24 hours, and 30 days. All the statistics are displayed on the chart.
Figure 4.10 Statistics/Tunnel Traffic
Field Value Description
Traffic Type Outbound
Inbound
Traffic flow direction.
Time 60 Mins
24 Hours
30 Days
Collect statistics in 60 minutes, 24 hours,
and 30 days.
Tunnel Routing Group <Group Name> Select one group from drop-down list.
Suppose the group happens to get N
tunnels, N statistical charts will show below.
Table 4.9 Statistics/Tunnel Traffic Field and Description
Chapter 4 Statistics
4-22
4.10 Connection Limit
In this page, administrators can inspect the number of connections established
in real-time to justify the maximum connection number allowed in [Service] ->
[Connection Limit] page accordingly to avoid network congestion.
Figure 4.11 Statistics/Connection Limit
Field Value Description
Automatic Refresh Disabled
Every 10 Seconds
Every 30 Seconds
...
Select the desired auto-refresh interval, or
disable it
No. 1, 2, 3... Numbering of IP addresses based on the
number of connections established.
IP <IP Address> Display the source IP of the connection
Connections 1, 2, 3... Display the number of connections established
AscenLink User Manual
4-23
Table 4.10 Statistics/Connection Limit Field and Description
Chapter 4 Statistics
4-24
4.11 Port Information
This page is used to display detailed information of each AscenLink port.
Figure 4.12 Statistics/Port Information
Field Value Description
Automatic Refresh Disabled
Every 3 Seconds
Every 6 Seconds
...
Select the desired auto-refresh interval, or
disable it
Port 1,2,3 Display every port on AscenLink
RX/TX <number> Display information including Errors, Dropped,
Overruns, Frame (RX), Carrier (TX), and
Collisions
Collisions <number> Display the number of collisions
Table 4.11 Statistics/Port Information Field and Description
AscenLink User Manual
4-25
4.12 Virtual Server Status
This page displays statistics of detect status of virtual servers defined on
Service/Virtual Server.
Figure 4.13 Statistics/Virtual Server Status
Field Value Description
Automatic Refresh Disabled
Every 10 Seconds
Every 30
Second
Select interval from drop-down list to refresh
statistical table. By default, Automatic Refresh is
disabled.
Virtual Server Status OK
Failed
OK
Failed
WAN IP -<IP Address> Displays WAN IPs defined in the rules on
Service/Virtual Server page.
Service <Service Name> Displays services defined in the rules on
Service/Virtual Server page. The services are
those available for virtual servers.
Chapter 4 Statistics
4-26
Server IP <IP Address> Displays server IPs defined in the rules on
Service/Virtual Server page.The server IPs
denote those in real network usages.
Detect TCP
ICMP
Displays detect methods.
Status OK
Failed
Displays the detect result.
Table 4.12 Statistics/Virtual Server Status Field and Description
AscenLink User Manual
5-1
Table of Content
Chapter 5 Log...............................................................................................................5-4
5.1 View......................................................................................................................5-5
5.2 Control...................................................................................................................5-7
5.3 Notification..........................................................................................................5-10
5.4 Link Report..........................................................................................................5-12
Chapter 5 Log
5-2
Figure
Figure 5.1 The Location of Log and its Function on the Menu Bar..................... 5-4
Figure 5.2 The Location of Log/View Page Menu Bar........................................ 5-5
Figure 5.3 The Location of Log/Control Page on the Menu Bar......................... 5-7
Figure 5.4 The Location of Log/Notification Page on the Menu Bar................. 5-10
Figure 5.5 Notification Setting.......................................................................... 5-11
Figure 5.6 The Location of Log/LinkReport Page on the Menu Bar................. 5-12
Figure 5.7 LinkReport Fields............................................................................ 5-13
AscenLink User Manual
5-3
Table
Table 5.1 The Description of the Fields on Log/View Page. ..............................5-6
Table 5.2 The Description of the Fields on Log/Control Page...........................5-8
Table 5.3 Method: FTP......................................................................................5-9
Table 5.4 Method: E-mai ...................................................................................5-9
Table 5.5 Notification and its Function.............................................................5-11
Table 5.6 SNMP Trap Setting..........................................................................5-11
Table 5.7 Event Types to Notify.......................................................................5-11
Table 5.8 The Description of the Fields on LinkReport Page...........................5-13
Table 5.9 The Description of Events................................................................5-13
Chapter 5 Log
5-4
Chapter 5 Log
In this Chapter, you can control AscenLinks logging activities with respect to various
functions such as the System, Firewall, Routing, BM, etc. Administrators can also either
set up the log transmission methods to another server for purposes of archiving and
further analysis, or to control the event notifications settings via emails.
In addition to the log pushing and email notifications features, Xtera also offers a
companion poweful reporting and analysis tool---LinkReport. It is a web-based analysis
tool running on an independent machine enabling administrators to gain insights on
network traffic without manually filtering through large volumes of log data.
Figure 5.1 The Location of Log and its Function on the Menu Bar
AscenLink User Manual
5-5
5.1 View
In the sub-menu View, AscenLink provides 13 types of compehensive log
records (see the table below). Administrators can pick the desired log type, and
the corresponding events for that type will be displayed on the windows below.
Click the Refresh button to get a copy of the latest log. Please be aware that
this page is for online view of current events. For log data pushing and archiving,
see the Control sub-menu in next section.
Control
Notification
View
LinkReport
System Service Statistics Log Language
Figure 5.2 The Location of Log/View Page Menu Bar
Chapter 5 Log
5-6
Field Value Description
Log Type
System Log
Firewall Log
NAT Log
Auto & Persistent Routing Log
Virtual Server Log
BM Log
Connection Limit Log
Cache Redirect Log
Multihoming Log
Backup Line Log
Dynamic IP Log
IP-MAC Mapping Log
Tunnel Routing Log
You can pick the log type of your
preferred events to be shown in the
log viewing window.
Recent Event - Event log listed by order of timestamp
Refresh - Refresh to get the latest event log
Table 5.1 The Description of the Fields on Log/View Page.
AscenLink User Manual
5-7
5.2 Control
With this sub-menu, you can set up how to transmit log data to other servers
(from AscenLink) for archiving and further analyses. Transmission methods
include FTP and E-mail; and each log type can have its own transmission
method setting. If individual log type setting is too complex, you can just use the
Copy Setting to All Other Log Types button to duplicate the setting across all
log types.
Figure 5.3 The Location of Log/Control Page on the Menu Bar
Chapter 5 Log
5-8
Field Value Description
Log Type
System Log
Firewall Log
NAT Log
Auto & Persistent Routing Log
Virtual Server Log
BM Log
Connection Limit Log
Cache Redirect Log
Multihome Log
Backup Line Log
Dynamic IP Log
IP-MAC Mapping Log
Select the type of log file to
be sent.
Copy Settings to All Other Log
Types
-
Copy the setting for the
current log type to all log
types
Method E-Mail
FTP
See below
Note <Note > For your own reference
Push Now
Use this button to get
immediate log pushing
Push Log When Out of Space
Enable
Disable
Check Enable to avoid loss
of log data due to out of
space
Enable Scheduled Push Turn on scheduled push
Initial Time
<Year/Month/Day/Hour/Minute/Second>
Start time for the scheduled
push
Period <Day/Hour/Minute> Scheduled push duration
Table 5.2 The Description of the Fields on Log/Control Page
AscenLink User Manual
5-9
Method
AscenLink offers two types of log transmission: FTP out to an external FTP
server, Emails via SMTP to the administrators mailbox.
1. FTP
Field Value Description
Server <IP>or <Domain Name> FTP Servers IP or domain name
Account <FTP Account> FTP user account
Password <Accounts Password> FTP user password
Path <Path> FTP server path
Table 5.3 Method: FTP
2. E-mail
Field Value Description
SMTP Server <IP>or <Domain Name> SMTP server for the log
Account
<SMTP Account>
Authenticated account for the mail
server
Password
<Accounts Password>
Authenticated password for the mail
server
Mail From <e-Mail address> Sender
Mail To
<e-Mail address>
Receiver(s). Seperate receivers with
, or ..
Table 5.4 Method: E-mai
Chapter 5 Log
5-10
5.3 Notification
This sub-menu sets up how email notifications are sent out for important system
events. The setup is similar to previous sections email account settings. Press
the Send Test E-Mail Now button to test if the setting is operational.
Figure 5.4 The Location of Log/Notification Page on the Menu Bar
As illustrated in the sample page below, there are three steps for the
configuration:
AscenLink User Manual
5-11
Figure 5.5 Notification Setting
1. E-Mail Settings
The table below summarizes the event notification mail setup.
Field Description
SMTP Server SMTP Server
Account Authenticated account for the mail server
Password Authenticated password forthe mail server
Mail From Sender
Mail To Receiver(s). Seperate receivers with , or ..
Send Test E-mail Now Click the button for immediate test.
Table 5.5 Notification and its Function
2. SNMP Trap Settings
Event notification can also be sent via SNMP traps. Notice you need an SNMP
managing device to receive the AscenLink SNMP traps.
Field Value Description
Destination IP <IP Address> The SNMP managing device IP
Community Name <Community Name> Community name
Table 5.6 SNMP Trap Setting
3. Event Types to Notify
Field Value Description
Event Types to Notify Hardware failure and recovery
Link failure and recovery
Service failure and recovery
Administrator password change
HA slave failure and recovery
HA takeover
Select (multiple OK) the
events to be notified.
Select All -
Clear All -
Table 5.7 Event Types to Notify
Chapter 5 Log
5-12
5.4 Link Report
This section controls how the AscenLink log communicates with the LinkReport
server. The original log file produced by AscenLink contains raw information
which is yet to be analyzed. LinkReport can organize this information into
readable statistics, so that the administrator can easily manage the network.
First, the administrator needs to create a connection to be used for log files to be
sent to a computer where LinkReport is installed. Analysis of the log files will
be performed on this computer, instead of the Web UI.
Figure 5.6 The Location of Log/LinkReport Page on the Menu Bar
The setup is simple, as illustrated in the figure below:
AscenLink User Manual
5-13
Figure 5.7 LinkReport Fields
Field explained:
Field Description
Enable Link Report Enable log pushing to specific LinkReport Server.
Recipient IP Address The IP address of the LinkReport server receiving the log data
from AscenLink
Table 5.8 The Description of the Fields on LinkReport Page
The description of Events Table:
Field Value Description
Events
Firewall
Virtual Server
Bandwidth Usage
Connection Limit
Multihoming
Tunnel Routing
Select the log type
that you want
AscenLink to send to
LinkReport
Table 5.9 The Description of Events
AscenLink User Manual
6-1
Table of Content
Chapter 6 Deployment Scenarios ..............................................................................6-3
6.1 Various WAN Types and Scenarios.........................................................................6-3
6.1.1 WAN Type: Bridge Mode with One Static IP...................................................6-3
6.1.2 WAN Type: Routing Mode...............................................................................6-7
6.2 Exploring Auto Routing..........................................................................................6-17
6.2.1 Advantages of Auto Routing..........................................................................6-18
6.2.2 AscenLink Fault Tolerance Mechanism.........................................................6-20
6.2.3 Persistent Routing and Auto Routing............................................................6-23
6.3 Various Auto Routing Mechanisms........................................................................6-24
6.4 Virtual Server .........................................................................................................6-26
6.5 Multihoming ...........................................................................................................6-27
6.6 Introduction to DNS...............................................................................................6-30
6.7 High Availability (HA) Scenarios............................................................................6-34
6.7.1 Firmware Update Procedure in HA Deployment ...........................................6-34
6.7.2 HA Fallback to Single Unit Deployment ........................................................6-36
Chapter 6 Deployment Scenarios
6-2
Figure
Figure 6.1 Bridge Mode: One Static IP....................................................................... 6-4
Figure 6.2 WAN Type: Routing Mode......................................................................... 6-7
Figure 6.3 Private Subnet Between WAN Router and AscenLink............................ 6-10
Figure 6.4 Multiple WAN Links in Routing Mode...................................................... 6-13
Figure 6.5 By-pass a Broken Link Manually............................................................. 6-19
Figure 6.6 By-pass a Broken Link using Auto Routing............................................. 6-20
Figure 6.7 Switch to Fail-over Policy on Fixed Routing Policy................................. 6-21
Figure 6.8 Typical Connections in a Multihoming Environment ............................... 6-27
Figure 6.9 Multihoming Example.............................................................................. 6-33
AscenLink User Manual
6-3
Chapter 6 Deployment Scenarios
6.1 Various WAN Types and Scenarios
This Section provides various WAN types and network scenarios and explains
how AscenLink can be easily integrated into any existing networks. You can get
familiar with the AscenLink deployment concepts and get familiar with the actual
Web UI configuration. As it is illustrated in these scenarios, you will find
AscenLink to be an excellent fit in any networks.
6.1.1 WAN Type: Bridge Mode with One Static IP
One Static IP is a simple WAN network scenario, defined as the case where the
ISP will only provide one public static (fixed) IP for the WAN link.
Note:
ISP often times provides ATU-R, the so-called ADSL Modems with bridge model.
Chapter 6 Deployment Scenarios
6-4
One Static IPs network topology is:
ISP
Internet
DSLAM
211.100.3.254/24
ATU-R
(Bridge Mode)
Port 1
Port 2
AscenLink
LAN/DMZ
211.100.3.35/24
Client Side
Figure 6.1 Bridge Mode: One Static IP
Sample configuration as follows:
In this example we assume WAN port 1 is connected to the bridge-mode
ATU-R.
ISP network settings are:
ISP provides one ATU-R with bridge mode setup, the assigned public IP is
211.100.3.35, gateway is 211.100.3.254, netmask is 255.255.255.0.
AscenLink User Manual
6-5
Hardware configuration:
Please refer to the ATU-R User manual provided by your ISP to connect the
ATU-R to AscenLinks WAN #1.
Note:
AscenLink is treated as a normal PC when connecting the other networking equipments.
WAN configuration:
Get into the AscenLink Web-based UI.
Go to [System] [Network Setting] [WAN setting].
In the WAN LINK pull-down menu, select 1, and pick Enable in the Basic
Setting.
In the WAN type pull-down menu, select [Bridge Mode: One static IP].
Put in the up/down stream bandwidth associated with this WAN link. If the
ADSL Line you have on WAN1 is 512/64, for example, then put in [64] and
[512] in the Up Stream and Down Stream fields respectively.
Note:
The up/down stream values you put in will ONLY affect the BM and statistics reporting. You
will NOT get a bigger pipe by putting in values greater than the actual bandwidth
Put [255.255.255.0] in the Net Localhost field.
Put [255.255.255.0] in the Net Mask field.
Put [211.100.3.254] in the Gateway IP field.
Select [Port 1] in the WAN Port field.
Complete the bridge mode configuration.
Chapter 6 Deployment Scenarios
6-6
If the configuration above is correctly set, in the [System] [ Summary] page
you will see a Green status color on the WAN Link State for WAN Link #1.
Virtual Server Configuration:
Assume we have an SMTP server with IP as 192.168.1.1 provide SMTP
services to the outside via the virtual server mechanism, AscenLink will perform
NAT on this machine so that the outside clients can get SMTP services via the
AscenLink public IP on WAN1. The configuration steps to achieve such a goal
are in the [Service] [Virtual Server] page.
Select [+] to create a new rule.
Select [E] to enable this rule.
Select [All-Time] in the When field.
Put [211.100.3.35] in the WAN IP field.
Put [192.168.1.1] in the Server IP field.
Select [SMTP(25)] in the Service field.
Selection of the L field is optional. (If an Administrator wishes to log Virtual
Server activities, please select L).
Configuration complete.
Administrators can set up different types of services inside the LAN and expose
these services to the outside world via the Virtual Server. Once the configuration
is done (as shown in the previous example), services can then be made public.
This improves overall flexibility and manageability.
AscenLink User Manual
6-7
6.1.2 WAN Type: Routing Mode
Routing Mode Configuration Example 1
This is a typical example where ISP provides a network segment (a class C
segment for example) to the user.
Under such a condition, AscenLink itself will take up one or more IP addresses,
while the rest of the public IP addresses (from the assigned segment) will be
under DMZ.
Servers with public IP addresses can be deployed two places in the network (as
illustrated in the figure below)
1. Between the ATU-R and AscenLink, i.e., behind the ATU-R but in front
AscenLink
or
2. Inside the AscenLink DMZ segment.
Figure 6.2 WAN Type: Routing Mode
Chapter 6 Deployment Scenarios
6-8
Configuration Example:
In this example, we assume the router is connected to the AscenLinks WAN
port #1.
Network Info from ISP:
Client side IP segment is 211.102.30.0/24, Gateway (i.e. the IP for the router)
is 211.102.30.254, while the netmask is 255.255.255.0.
We further assume AscenLink IP is 211.102.30.253.
Servers in between ATU-R and AscenLink occupy IP ranges between
211.102.30.70-100.102.30.99.
WAN port is on port #1.
DMZ port is on port #2.
ISP supplies the router.
Hardware Configuration
Connect the router with AscenLink in WAN1 by referring to routers user
manual.
Note: AscenLink is viewed as a normal PC when connected to a network
equipment.
Configuration Steps
Log into the AscenLink Web UI.
Go to [System] [Network Setting] [WAN setting].
Under the WAN Link function menu, select 1 and select Enable in the Basic
Setting field.
AscenLink User Manual
6-9
In the WAN Type pull-down menu, select [Routing Mode].
Put in the corresponding up/down stream bandwidth. For example, if you
have 512/64K type of ADSL, then put [64] and [512] in the Up Stream and
Down Stream parameter fields respectively.
Note:
The Up and Down Stream parameters will not affect the physical bandwidth provided by the
ISP. It will only affect the BM and Statistic function pages.
Set the gateway to 211.21.30.254.
Set WAN port to port #1.
Since WAN and DMZ each has its own subnet, therefore in the Basic Subnet
section you should select the Subnet Type as Subnet in WAN and DMZ, as
follows:
For IP(s) in Localhost field, put in [211.102.30.253].
For the IP(s) in WAN field, put in [211.102.30.70-211.102.30.99].
In the Netmask field, put in [255.255.255.0].
In the DMZ Port field, put in [Port 2].
Configuration complete.
Note:
This example shows all addresses are in DMZ
(211.102.30.1-211.102.30.69,211.102.30.100-211.102.30.252), except those specified in
the IP(s) in WAN field.
Chapter 6 Deployment Scenarios
6-10
Routing Mode Configuration Example 2
This example shows the scenario where there is a private subnet between the
WAN router and AscenLink
.
In addition, the public IP subnet inside the
AscenLink DMZ port requires a router.
Figure 6.3 Private Subnet Between WAN Router and AscenLink
Internet
ISP
1
AscenLink
192.168.0.254
Router
192.168.0.253
DMZ
3
211.20.104.0
211.20.103.254
211.20.103.253
AscenLink User Manual
6-11
Sample Configuration:
Assume the private IP subnet (192.168.0.0/24) is between the WAN link
router and AscenLink WAN port.
AscenLinks port 1 IP (192.168.0.253) is connected to the WAN link router
(192.168.0.254).
AscenLinks Port 3 is DMZ with a public IP subnet (211.20.103.254/24).
The LAN part behind AscenLink has another public IP subnet
(211.20.104.0/24 behind a router (211.20.103.253).
Configuration Steps:
From AscenLinks UI, go to [System] [Network Setting] [WAN setting]
sub-function.
Select 1 on the WAN Link pull-down menu and select the checkbox in the
Enable field.
Enter the corresponding up and down stream bandwidths.
In the Default Gateway field, put in [192.168.0.254].
In the WAN Port field, put in [Port 1].
In the Basic Subnet function, pick + to create a new rule, and select subnet
in DMZ] in the Subnet Type field.
In the IP(s) in Localhost field, put in 211.20.103.254
In the Netmask field, put in [255.255.255.0].
In the DMZ Port field, put in [Port 3].
In the static routing subnet field, use [+] to add a new rule with Subnet Type
Chapter 6 Deployment Scenarios
6-12
as subnet in DMZ. In this example, there is a router in the DMZ port for the
public IP subnet and the subnet does not connect to the AscenLink directly.
Therefore the subnet info should be filled in the static routing subnet field.
In the Network IP field, put in [211.20.104.0].
In the Netmask field, put in [255.255.255.0].
In the gateway IP field, put in [211.20.103.253].
Go to [WAN/DMZ private subnet] sub-function page and select [+] in the Basic
Subnet field to add a new rule, with the following
Set the Subnet Type as subnet in WAN.
In the IP(s) in Localhost field, put in [192.168.0.253].
In the Netmask field, put in [255.255.255.0].
In the WAN Port field, select [Port 1].
Configuration complete.
AscenLink User Manual
6-13
Routing Mode Configuration Example 3
In this example the deployment scenario is that both WAN links have their own
routers and AscenLink is connected to these two routers using private IP
addresses, as illustrated in the figure below. In addition, AscenLink Port 3 is
assigned another private IP connecting to the LAN Core Switch (L3 switch),
therefore there is a public IP subnet connected behind the Core Switch inside
the LAN.
Figure 6.4 Multiple WAN Links in Routing Mode
Chapter 6 Deployment Scenarios
6-14
Configuration Example:
AscenLink Port 1 (192.168.0.253) is connected to WAN1s router
(192.168.0.254/24).
AscenLink Port 2 (192.168.1.253) is connected to WAN2s router
(192.168.1.254/24).
AscenLink Port 3 (192.168.2.253) is connected to the LAN Core Switch
(192.168.2.254/24).
WAN1s Public IP subnet is placed behind the Core Switch as
(211.70.3.0/24).
WAN2s Public IP subnet is also placed behind the Core Switch as
(53.244.43.0/24).
Configuration Steps:
Go to AscenLink Web UI. Go to [System] [Network Setting] [WAN
setting] management page.
Select (1) in the WAN Link pull down menu.
Click Enable to activate the WAN link.
Select [Routing Mode] in the WAN Type pull down menu.
Enter the corresponding up/down-stream bandwidth.
In the Default Gateway IP field, put in [192.168.0.254].
Select [Port 1] in the WAN Port field.
In the static routing subnet field, use [+] to add a new rule with Subnet Type
as subnet in DMZ. In this example, there is a Core Switch in the DMZ port for
AscenLink User Manual
6-15
the public IP subnet and the subnet does not connect to the AscenLink directly.
Therefore the subnet info should be filled in the static routing subnet field.
In the Network IP field, put in [211.70.3.0].
In the Netmask field, put in [255.255.255.0].
In the gateway IP field, put in [192.168.2.253].
In the WAN Link pull down menu, select 2 to switch to WAN2.
Click on Basic Setting to enable the WAN link.
In the WAN type pull down menu, select [Routing Mode].
Enter the corresponding up and down stream bandwidth parameters.
In the Default gateway IP field, put in [192.168.1.254].
In the WAN Port field select [Port 2].
In the static routing subnet field, click on [+] to add a new rule with the Subnet
Type field as subnet in DMZ.
In the Network IP field, put in [53.244.43.0].
In the Netmask field, put in [255.255.255.0].
In the Gateway IP field, put in [192.168.2.253].
Enter the [WAN/DMZ Private Subnet] Management Page
We need to put, in the WAN and DMZ port, all three subnets as follows:
In the basic subnet field, click [+] to add a new rule with 192.168.0.0/24 as the
IP, and subnet in WAN value in the Subnet Type field.
Chapter 6 Deployment Scenarios
6-16
In the IP(s) on Localhost field, put in [192.168.0.253].
In the Netmask field, put in [255.255.255.0].
In the WAN port field, select [Port 1].
WAN Port 1 setting is done, now we move on to WAN Port 2:
In the basic subnet field, pick [+] to add a new rule, with 192.168.1.0/24 as the
subnet IP addresses, and select subnet in WAN as the Subnet Type.
In the IP(s) on Localhost field, put in [192.168.1.253].
In the Netmask field, put in [255.255.255.0].
In the WAN port field, select [Port 2].
The WAN Port2 setting is complete, and proceed on to the DMZ port:
In the basic subnet field, pick [+] to add a new rule. Select subnet in DMZ as
the value of the Subnet Type field.
In the IP(s) on Localhost field, put in [192.168.2.253].
In the Netmask field, put in [255.255.255.0].
In the DMZ Port field, select [Port3].
Configuration complete.
The example above illustrates a very common and powerful AscenLink
deployment scenario where a private IP subnet is placed inside a WAN and
DMZ and a public IP subnet is connected to AscenLink DMZ via a Core Switch.
AscenLink User Manual
6-17
6.2 Exploring Auto Routing
Auto Routing
Auto Routing is a mechanism for load balancing for outbound traffic, i.e., traffic
originating from the LAN side. Multihoming, on the other hand, covers the traffic
originating from the WAN side inbound into the LAN.
WAN Link Fault Tolerance
With the rapid proliferation and decreasing prices of broadband solutions, more
and more business large and small are opting for the use of multiple WAN links
from different ISPs. The benefits of such are:
With multiple WAN links, failure of individual lines do not imply total loss of
connectivity to the Internet, thus they increase WAN reliability.
Traffic can be evenly spread across multiple WAN links for optimal use of the
WAN bandwidth.
WAN connectivity is vital to todays business activities. Having multiple WAN
links for fault tolerance and load balancing has two advantages:
The outbound traffic, i.e., traffic originating from LAN going outside, can be
load-balanced across multiple WAN links. This is called Auto Routing.
Traffic from the WAN side, e.g., outside customers or partners requesting
services, can be load-balanced across multiple WAN links into various
services provided by your company. This is called Multihoming.
Chapter 6 Deployment Scenarios
6-18
6.2.1 Advantages of Auto Routing
Auto Routing Mechanism
Auto Routing is the mechanism of automatically load-balancing the outbound
traffic across multiple WAN links according to a pre-defined set of routing
policies. At the time of WAN link failure, auto routing will also adjust the routing
mechanism to distribute the outbound traffic ONLY among the WAN links in
good working conditions, bypassing the failed link(s).
The traditional way of WAN link backup takes the approach of having a WAN
link PURELY for backup purposes. That is, there is one main line and one
backup line. With the help of routers backup policy, minimum fault tolerance
can be achieved. With such an approach, however, one of the lines is idle most
of the time and it is a waste of valuable resources. In addition, the router
configuration steps are very tedious.
Another traditional approach for business with multiple WAN links is essentially
dividing the LAN into multiple segments, each going its own way outside
through independent WAN link.
Under normal situations, each segment has its own way using separate routers.
When one of the WAN links fails, MIS has to change the router configuration to
bypass the failed link. The obvious drawback to this approach is the MIS
management overhead. Whenever there is a WAN link status change, the LAN
environment settings (such as gateway, netmask, router policies, proxy settings,
etc) need to be adjusted.
AscenLink User Manual
6-19
ISP 1 ISP 2
Breaks
HTTP : PORT 80
POP3 : PORT 110
Subnet 1 Subnet 2
Figure 6.5 By-pass a Broken Link Manually
Chapter 6 Deployment Scenarios
6-20
6.2.2 AscenLink Fault Tolerance Mechanism
As stated previously, without WAN load-balancer such as AscenLink
,
the
traditional way of using multiple WAN links always involves human intervention
should the WAN link status changes.
AscenLink maintains an internal Virtual Trunk circuit, which is essentially a
combination of the multiple physical WAN links. The AscenLink auto routing
mechanism is the ability to adjust the Virtual Trunk to include only those
normally functioning WAN links and to direct outbound traffic through the
Virtual Trunk circuit without human intervention. Users therefore will not notice
a change of status for the individual WAN links.
ISP 1 ISP 2
Fail
Breaks
ISDN T1
AscenLink
LAN
WAN1 WAN2
LAN
Figure 6.6 By-pass a Broken Link Using Auto Routing
AscenLink User Manual
6-21
Figure 6.6 illustrates such auto routing mechanism where the LAN users will
view the WAN link as an interrupted connection to the Internet without even
noticing the individual WAN link failures.
More importantly, as compared with the traditional multiple WAN link usage,
auto routing can effectively use all the available WAN links to balance the
outbound traffic even when all the WAN links are in perfect working condition.
Notice that auto routing cannot avoid an on-going session on a certain WAN link
to fail when one of the physical line break. However, a new and working WAN
link will be automatically selected for newly established sessions.
With AscenLinks six different types of auto routing policies, MIS personnel can
easily find the optimal auto routing policies to fit their environment.
ISP 1 ISP 2 ISP 3
Destination WAN/IP
Routing Policy Fixed
Link-1
Fail-Over Policy Fixed
Link-2 or Link-3
Breaks
LAN
AscenLink
Figure 6.7 Switch to Fail-over Policy on Fixed Routing Policy
Chapter 6 Deployment Scenarios
6-22
Auto Routing Mechanism
Field Explanation
Fixed Direct the traffic to a specific WAN link
Round-Robin Evenly distribute the traffic over all WORKING
WAN links according to the specified weights
By Connection Compares the number of connections on each
WAN link and routes data based on the specified
connection ratio in WAN.
By Downstream Traffic Direct the new traffic to the WAN link with the
lowest inbound (also called down stream) traffic
By Upstream Traffic Direct the new traffic to the WAN link with the
lowest outbound (also called up stream) traffic
By Total Traffic Direct the new traffic to the WAN link with the
lowest combined (up and down stream) traffic
Note:
All the routing policies (except the fixed one) will ONLY pick the properly working WAN links
and by-pass the failed ones. In Round-Robin policy, for example, if the weights for
WAN1:WAN2:WAN3 is 6:3:1, when WAN3 failed, the Round-Robin policy will be
automatically adjusted to be among WAN1 and WAN2, at the ratio of 6:3.
AscenLink User Manual
6-23
6.2.3 Persistent Routing and Auto Routing
Persistent Routing and Auto Routing are related. If persistent routing and auto
routing policies are set on the same server (or LAN IP), AscenLinks behavior
will be as follows:
The first outbound traffic from the said server/IP will be determined via the
auto routing policy on this server/IP.
Once the route is decided (e.g. through WAN link 3), subsequent traffic will
follow the Persistent Routing rule.
If there is a need to clear the existing persistent routing effects, go to
[Statistics] [Persistent Routing] and click on [Clear All] to clear all persistent
routing sessions.
When AscenLink discovers WAN link failure(s), the proper actions with respect
to persistent routing and auto routing will be:
Auto Routing will automatically remove the failed link, even if there is a fixed
routing policy on this link. In other words, regardless of the auto routing policy,
backup procedure will always be invoked.
Multihoming mechanism will also remove the failed link as a response to the
DNS request so that no inbound traffic will use the failed link.
Chapter 6 Deployment Scenarios
6-24
6.3 Various Auto Routing Mechanisms
As discussed previously, AscenLink has five different mechanisms for
deployment flexibility by using multiple WAN links to achieve high availability
(HA) and faster response time for both inbound and outbound requests.
AscenLink uses two key aspects in calculating the best auto routing decisions:
The auto routing algorithm calculation
The WAN link status checking and health detection
The five different algorithms will be discussed in more details to solve this
complex issue :
Fixed
Select a fixed WAN link.
By Round Robin
Distribute connections to several WAN links based on their weights.
By Connection
Compare the number of connections on each WAN link and routes data based
on the specified connection ratio in WAN.
By Downstream Traffic
Dynamically select the WAN link with the least downstream traffic.
AscenLink User Manual
6-25
By Upstream Traffic
Dynamically select the WAN link with the least upstream traffic.
By Total Traffic
Dynamically select the WAN link with the least total traffic.
In order to accomplish fault tolerance, AscenLink uses a special algorithm to
detect the health of WAN links. This algorithm combines results from ICMP and
TCP queries and actual traffic flow on a link to determine if the link is working
properly.
Chapter 6 Deployment Scenarios
6-26
6.4 Virtual Server
Virtual Server is a mechanism for a single gateway machine to act as many
separate servers. The real servers sit inside corporate network to process
requests passed in from the gateway machine. Users do not have to know
where the real servers are, or whether there is just one server or many servers.
This mechanism prevents direct access by users and hence increases security
and flexibility.
AscenLink provides virtual server capability by supporting various virtual server
mapping methods. For example, you can map different public IP addresses to
different real servers in LAN or DMZ. Or you can map different ports of one
public IP address to different servers.
The way to configure virtual server on AscenLink is to provide virtual server
rules. Each rule specifies a mapping condition. It maps WAN IP address and a
service (port or ports) to an internal server IP address. The order of virtual
server rules on AscenLink is important. It employs a first match scheme. The
rule that first matches a request is to take effect.
For example, you have a public IP address 211.21.48.196 and you want a web
server on 192.168.123.16 to handle all the web page requests coming to this
public IP address. To do this you should create a virtual server rule with
211.21.48.196 to be its WAN IP, 192.168.123.16 to be its Server IP, and
HTTP(80) to be its Service.
AscenLink User Manual
6-27
6.5 Multihoming
Most of the previous discussions concentrate on how AscenLink helps fault
tolerance and load balancing on the outbound traffic, i.e., traffic going from
inside the LAN to the WAN. For enterprises, however, Internet connectivity
means both ways. In other words, providing services to the Internet users
(customers or partners alike) is as important and providing connectivity to
facilitate employee to perform their daily work.
Enterprises with web services to Internet users can equally benefit from using
multiple WAN links for inbound traffic fault tolerance and load balancing, via the
technology called Multihoming, as illustrated in the Figure below with ISP1 and
ISP2.
Figure 6.8 Typical Connections in a Multihoming Environment
Chapter 6 Deployment Scenarios
6-28
The topic discussed in this chapter is how to simultaneously use multiple IP
address provided by the ISP connections. Usually, such connections can cause
problems with inbound traffic. For example, if the network is currently using an
IP address provided by ISP1, and a problem occurs with this ISP, then the
inbound query will not be received properly because the external traffic only
knows the IP address provided by ISP1. Also, by using the IP address provided
ISP1, ISP2 cannot manage the inbound traffic of ISP1. So, the main concern
with multiple ISP connections is how to effectively display IP address to the
external environment.
AscenLinks Multihoming uses DNS fault-tolerance technique to resolve the
problems with simultaneous use of multiple ISP connections. For example, if the
web server used for external traffic uses only one ISP connection, then any
problems with that connection will affect the network. However, if DNS
periodically assigns different IP addresses provided by different ISP
connections, then the external traffic will always have a valid IP address to
connect to. The actual implementation is assigned to a name of different IP
addresses, and any query to this name will receive an IP address. As a result,
different users can access the web server through different IP addresses, which
is the purpose of Multihoming.
Assuming, for example, there are three WAN links (therefore three different IP
addresses) for the web site of www.example.com, the DNS record has three
entries as:
www IN A 211.21.10.3
www IN A 63.98.110.123
www IN A 192.136.1.243
AscenLink User Manual
6-29
All DNS requests to www.example.com will be sent to AscenLink
.
The
AscenLink Multihoming mechanism will constantly measure the health
conditions as well as the state of each WAN links and compute the optimal
return answer to the DNS queries, defined as the SwiftDNS technology. The
SwiftDNS technology will not only ensure fault tolerance for inbound traffic, it
also supports powerful and flexible load balancing algorithms as in the Auto
Routing mechanism to enable users with heavy web presence to maximize the
reliability and efficiency of their web services.
The SwiftDNS Multihoming mechanism requires MIS personnel to understand
the details of the system behaviors. The fundamental concept of the DNS
mechanism is shown in the next section.A step by step deployment tutorial is
also provided.
Chapter 6 Deployment Scenarios
6-30
6.6 Introduction to DNS
DNS server is different from host file based on name resolution. Host file
contains information of IP address mapping information. It is only useful for an
intranet where the information of host machines is relatively static. Name
resolution by DNS server is more dynamic becauset it can adapt to changes
easily. The way it works is based on DNS server hierarchy on the Internet. If a
DNS server cannot resolve a name (the information is not in its cache), it will
ask other DNS servers. There is a protocol on how and where to ask other DNS
servers. Basically it follows the DNS hierarchy to be covered below.
A name resolution request may go through a number of DNS servers. When an
answer is found, it will be saved in their cache so that the same request can be
answered immediately without asking other DNS servers again. Each name
resolution result saved in cache has a TTL (Time To Live). After the period of
TTL, it will be discarded in order to avoid stale information.
The whole internet has a large DNS hierarchy. The top of the hierarchy is called
Root. It consists of a set of Root DNS servers coordinated by ICANN. The next
level below Root is Top Level Domain (TLD). TLD registration database
contains information about top level domains such as CA, COM, EDU, GOV,
NET, etc. The next level below TLD is Second Level Domain (such as
whitehouse.gov, Microsoft.com, inforamp.net, etc.) followed by Third Level
Domain, and so on.
You can apply for domains for your organization. First, go to Internets Network
Information Center (InterNIC) to find out if the domain you have in mind has
been registered already. You can also look up their ICANN-accredited registrar
database for a registrar. Second, you need to register your domain with a
AscenLink User Manual
6-31
registrar. You have to provide at least two DNS servers to serve DNS requests.
If your registration has been approved, then any DNS request to your domain
will be forwarded to the DNS servers you are registered with. For example, we
have registered xtera-ip.com. InterNIC has put the name xtera into the COM
DNS servers and pointed it to the two DNS servers we specified.
Once you have your domain, you can have any number of sub-domains. For
instance, you can name one of your computers sales.xtera-ip.com. You dont
need InterNICs approval for creating sub-domains. However, it is important to
put DNS information about sales.xtera-ip.com into the DNS servers of
xtera-ip.com.
Here is an example of how DNS hierarchy works. A user at a university sees a
link to sales.xtera-ip.com on a web page and clicks it. Her browser will ask the
local DNS server dns.utexas.edu about sales.xtera-ip.com. Suppose it is not in
the cache of dns.utexas.edu. The DNS server goes to a Root DNS server and
finds out the DNS server for COM TLD. The DNS server for COM TLD tells
dns.utexas.edu to go to dns1.xtera-ip.com. Finally dns.utexas.edu is given the
IP address of sales.xtera-ip.com by dns1.xtera-ip.com.
The most famous DNS server software is BIND (Berkeley Internet Name
Domain). BIND provides name resolution service as well as auxiliary services
such as primary/secondary backup and caching.
SwiftDNS
One of the problems with traditional DNS servers is TTL. A long TTL means a
long update time when IP addresses have been changed. Before the update
time is up (i.e. TTL is expired), DNS requests may be answered with incorrect
information.
Chapter 6 Deployment Scenarios
6-32
AscenLink employs a technology called SwiftDNS for multihoming based on link
health state and a traffic re-direct algorithm. SwiftDNS dynamically answers
DNS requests to prevent broken or congested links. In order to solve the TTL
issue stated above, SwiftDNS maintains a very short TTL and actively sends out
updates to internal DNS in case of link status changes.
How does SwiftDNS work?
Figure 6.9 is an example to illustrate how SwiftDNS works. When you turn on
Multihoming, SwiftDNS will become effective automatically. In this case, the
upper level DNS server for xtera-ip.com has two NS records. They are for
Primary DNS server at 210.58.100.1 and Secondary DNS server at
215.59.100.1. Both of them are pointing to AscenLink.
Two additional public IP addresses 210.58.100.2 and 215.59.100.2 are
designated for Multihoming. In this case, a web site at 192.168.100.1 in LAN is
exposed to these two IP addresses. When both ISP links are working properly,
AscenLink replies to DNS requests for www.xtera-ip.com with 210.58.100.2 and
215.59.100.2 at ratio of 1:2 (weight ratio).
AscenLink User Manual
6-33
Figure 6.9 A Multihoming Example
Assuming ISP1 is down and a DNS request for www.xtera-ip.com comes in, it
would not be able to go through 210.58.100.1. But it will be able to reach
215.59.100.1. Multihoming mechanism in AscenLink detects the link status of
WAN1 and answer the request with 215.59.100.2.
Chapter 6 Deployment Scenarios
6-34
6.7 High Availability (HA) Scenarios
6.7.1 Firmware Update Procedure in HA Deployment
The firmware update procedure in HA deployment is different from the non-HA
(single unit) procedure, as follows:
Log onto the Master AscenLink as Administrator, go to [System][Summary]
and double check the peer device is under normal condition.
Select [Synchronize Configuration] to ensure the configuration file on the
Slave device is the same as that on the Master.
Execute the firmware update. Please wait as this may take a while.
When the update is done successfully, the web UI will show end of update
message. If there are other problems while updating, PLEASE DO NOT
TURN OFF the AscenLink
.
Repeat this until the firmware is updated to the
latest version.
Make sure when the Master device firmware update is done, turn off the
Master power line, and wait for Slave to replace the Master device.
Note: The slave will beep 3 times
Log on to AscenLink Web UI. Make sure Peer Info data is none. Then
duplicate the firmware update action again.
Make sure the firmware update steps are done. Switch off the system.
Switch on the Master system, wait for five (5) seconds, and then power on the
Slave system.
Get on the Masters Web UI, go to [System] [Summary], and make sure the
system firmware is the latest version. Also make sure the peer machine
AscenLink User Manual
6-35
firmware is up to date.
If there are abnormal behaviors in the DMZ or public IP servers, go to [System]
[Diagnostic Tools] [ARP Enforcement] and do the [Enforce] action.
Note:
In all the steps above, the HA serial cable between the Master and Slave CANNOT be
removed.
Any abnormal behaviors implies firmware update issues. The action then is to power off
any one of the dual systems. Remove the network and HA serial cables, and perform the
firmware update procedure in a stand-alone scenario for both systems. Then reconnect the
network as well as HA serial cables.
If repetitive errors occur during the firmware update process, DO NOT power off the system
and contact your dealer for technical support.
Chapter 6 Deployment Scenarios
6-36
6.7.2 HA Fallback to Single Unit Deployment
The steps to change from HA to single machine deployment are:
Get on Web UI using Administrator account. Go to [System] [Summary],
select [Synchronize Configuration] to ensure the configuration for Master and
Slave are in Sync.
Power off the system not in use. I.e., if the Master machine is to be removed,
power the Master system off and the network will be in normal function when
the Slave system takes over. If the Slave is to be removed, then simply power
the Slave system off.
Once the machine is powered off, remove the HA serial cable.
Remove the powered-off system and the associated cables.
If there are abnormal behaviors in the DMZ or public IP servers, go to [System]
[Diagnostic Tools] [ARP Enforcement] and do the [Enforce] action.
Steps of the Slave Take Over are:
When Master is in trouble for whatever reason (Hardware failure, Power
failure, HA cable failure, etc), Slave will detect the failure and perform the
take-over actions. The Slave machine will beep three times when its ready.
The take-over action is a permanent one, i.e., if the Master failed and the
Slave takes over. Then the Slave becomes the Master. The previous Master,
after repair and put back on line, will be the Slave in the HA deployment.
If it is desired to make the Slave become the Master then simply power cycle
the Master system.
AscenLink
User Manual
A-1
Table of Content
Appendix A.1 Default Values ........................................................................................ A-2
Appendix A.2 Console Mode Commands..................................................................... A-5
Appendix A.3 Firmware Update.................................................................................. A-10
Appendix A.4 Configuration File ................................................................................. A-12
Appendix
A-2
Appendix A.1 Default Values
In the console model, enter command resetconfig, or on the WebUI select Factory
Default will force AscenLink to do a hard reset and restore all settings to system default.
Users cannot change the Consoles account and password. The default username and
password are Administrator and ascenlink. They are case sensitive.
The hard reset will restore the WebUI account and password to factory default:
Administrator/1234, and Monitor/5678.
AscenLink also supports SSH logins. The interface for SSH login is the same as that of
the console; the username and password are also the same.
WAN Link Health Detection Default Values:
System default values contain the fixed 13 server IPs for health detection.
Reset the system with default values for all PortSpeed, Duplix Settings.
All ports are restored back to the AUTO state.
Network Setting Default Values:
port 1 : WAN1
IP : 192.168.1.1
netmask : 255.255.255.0
IP in DMZ 192.168.1.2~192.168.1.253
Default Gateway 192.168.1.254
DMZ at port 5
port 2 : WAN2
IP : 192.168.2.1
netmask : 255.255.255.0
AscenLink
User Manual
A-3
IP in DMZ 192.168.2.2~192.168.2.253
Default Gateway 192.168.2.254
DMZ at port 5
port 3 : WAN3
IP : 192.168.3.1
netmask : 255.255.255.0
IP in DMZ 192.168.3.2~192.168.3.253
Default Gateway 192.168.3.254
DMZ at port 5
port 4 : LAN
IP : 192.168.0.1
netmask : 255.255.255.0
DHCP Server is off
port 5 : DMZ
Fields such as Domain Name Server, VLAN and Port Mapping, WAN/DMZ Subnet
Setting are all cleared.
Appendix
A-4
Service Category Default Values:
Firewall : default security rules apply
Persistent Routing : no Persistent Routing Rule
Auto Routing : By Downstream Traffic as default
Virtual Server : no Virtual Server
Inbound BM : no BM rule
Outbound BM : no BM rule
Cache : No redirection
Multihome : Disabled
All fields in the Log/Control Category are cleared
AscenLink
User Manual
A-5
Appendix A.2 Console mode commands
This section gives further details on the Console mode commands. Before users log into
serial console via HyperTerminal, please complete following setting: Bits per second:
9600, Data bits: 8, Parity: None, Stop bits: 1, Flow control: None. The default username
and password is Administrator and ascenlink.
help: show the help message
Type help [COMMAND] will show a detailed message on the usage of a
command.
eg: help logout [Enter] will show the usage of the logout command.
arping: Find the corresponding MAC address of an IP address
Type arping [HOST] [LINK] [INDEX] [Enter] will show the MAC address of an IP
address. Host is the IP of the machine or domain name whose MAC address is
of interest. Link is the type of interface used, i.e. WAN, LAN and DMZ. If WAN is
selected, please indicate the WAN port number.
eg: arping 192.168.2.100 lan [enter] will send out an ARP packet from LAN port
to query the MAC address of the machine whose IP address is 192.168.2.100.
Note:
If domain name is to be used in the HOST parameter, the DNS Server must be set in the
Web UI function [System]->[Network Setting]->[DNS Server].
For ARP related error messages, please refer to the corresponding ARP reference
materials.
enforcearp: Force AscenLinks surrounding machines to update their ARP
tables
Type enforcearp [Enter] and the sytem will send ARP packets to machines
which are connected to AscenLink in order to update their ARP tables. This is
Appendix
A-6
particularly useful for cases where after the initial installation of AscenLink,
machines or servers sitting in the DMZ segment cease to be able to connect to
the Internet.
eg: enforcearp [Enter]
logout: exit Console mode
Type logout [Enter] will exit users out of the Console mode. The system will ask
users to re-confirm, enter [y] to proceed or [n] to cancel the logout action.
eg: logout[Enter]
y [Enter] to exit out of the Console mode.
ping : test network connectivity
Type ping [HOST] [LINK] [IDX] [Enter] to ping a [HOST] machine for the
purpose of detecting the current WAN link health status. HOST is the
machine/device users are trying to ping to. The LINK parameter can be
wan/lan/dmz. If the LINK parameter is wan then users also need to specify the
wan port number.
eg: ping www.hinet.net wan 1 [Enter] forces the system to issue the ping
command to www.hinet.net via WAN #1.
Note:
If domain name is to be used in the HOST parameter, the DNS Server must be set in the
Web UI function [System]->[Network Setting]->[DNS Server].
For ICMP related error messages, please refer to the corresponding ICMP/PING reference
materials.
reboot : restart AscenLink
AscenLink
User Manual
A-7
Type reboot [Enter] to restart AscenLink. Type reboot -t TIME [Enter] to restart
the AscenLink in TIME seconds.
eg: reboot -t 5[Enter] to restart the system in 5 seconds.
resetconfig : restore to factory defaults
Type resetconfig [Enter] then the system will ask users to re-confirm. Enter y/n
to confirm or cancel the command.
eg: resetconfig [Enter] y [Enter] will reset the system to factory default and
reboot.
resetpasswd : reset AscenLinks Administrator and Monitor passwords to
factory default
Type resetpasswd [Enter] and the system will ask users to re-confirm. Enter y/n
to confirm or cancel the command.
eg: resetpasswd [Enter]
y [Enter] to reset the passwords to factory default.
disablefw : disable firewall
Type disablefw [Enter] and the system will re-confirm the command. Then type
y [Enter] to disable firewall or n [Enter] to return to the Console.
eg : disablefw[Enter]
y [Enter] to disable firewall
setupport : configure the transmission mode for all the AscenLink network
port(s)
Type setupport show [Enter] will show the current transmission modes for all
the network ports.
Appendix
A-8
Type setupport change [INDEX] auto [Enter] will change the (INDEX) network
port into AUTO mode.
Type port-config change [INDEX] [SPEED] [MODE] [Enter] will set the
(INDEX) network port into a specific transmission mode.
INDEX: 1, 2, 3...
SPEED: 10, 100, 1000
MODE: half, full
eg: setupport show [Enter]
setupport change 1 auto [Enter]
setupport change 2 100 full [Enter]
Note:
1. Not all network devices support full 100M speed.
2. This command has no effect on Fiber interface.
3. The INDEX is the port number of the AscenLink port interface; exact number varies
according to various models.
shownetwork : show the current status of all the WAN links available
Type shownetwork [Enter] to display WAN Type, Bandwidth, IP(s) On
Local/WAN/DMZ, Netmask, Gateway, and WAN/DMZ Port.
eg: shownetwork [Enter]
Note:
This Console mode command can only show the current network status. Use Web UI to
change the network settings should users so desire.
AscenLink
User Manual
A-9
sysinfo: display information regarding AscenLinks CPU and memory
Type sysinfo [Enter] to display AscenLinks CPU, memory and disk space
status.
eg: sysinfo [Enter]
traceroute : show the packet routes between AscenLinks specific port to the
destination
Type traceroute [HOST] [TYPE] [INDEX] [Enter] will show the packet routes
between the [INDEX] WAN ports to the [HOST] destination. [HOST] can be
based on IP or domain name. The LINK parameter can be WAN/LAN/DMZ. If
the TYPE parameter is WAN then users also need to specify the WAN port
number.
eg: traceroute www.hinet.net wan 1 [Enter] will show the trace routes from
WAN link1 to www.hinet.net.
NOTE:
If the domain name is to be used in the HOST parameter, then the DNS Server must be set
in the Web UI function [System]->[Network Setting]->[DNS Server].
Appendix
A-10
Appendix A.3 Firmware Update
Steps to Update the AscenLink Firmware:
Before proceeding with the firmware update, ALWAYS back up user system
configurations.
Obtain the latest firmware pack from user SI or VAR.
Log on to Web UI as the Administrator and go to function [System] [Administration].
Click on Update to get into the UI page of firmware update.
Use [Browse...] to select the path to the new firmware image, then select [Upload].
The firmware update will take a while so be patient. During the update process BE
SURE not to turn off the system or pull the power plug. DO NOT click on the [Upload]
button.
Update is completed when the Update succeeded message appears. At this time
please power off and then on again the system to restart AscenLink with the new
firmware.
If errors occur during the update process, it could be due to one (or more) of the following:
General error Please contact your dealer if this happens more than once.
Invalid update file Please make sure the new image was updated correctly.
MD5 checksum error Image file is corrupted. Please reload and retry.
Incompatible version/build Firmware version in-compatible. Check with usersr
reseller for the correct version.
Incompatible model/feature Firmware image does not match the AscenLink system.
Check with your dealer for the correct model and version.
Incompatible platform Firmware image does not match the current AscenLink
platform. Check with your dealer for the correct model and version.
AscenLink
User Manual
A-11
Incompatible region - Firmware image does not match the current AscenLink product
for the specific geographic region. Check with your dealer for the correct model and
version.
Update error Please NOTE: if this error message recurrs during firmware update,
please do not turn off the machine and contact your dealer immediately.
Unknown error Contact your dealer.
Appendix
A-12
Appendix A.4 Configuration File
Configuration File Backup and Restore:
Log into AscenLink as Administrator. In the Web UI, go to [System] [Administration]
and select [Configuration File] [Save] to backup the Config File to local
machine/notebook.
To restore to the previously saved config file, go to [Configuration File] [Restore],
select [Browse...] to pick the saved config file and select [Upload]. Notice NOT to turn
off the power during the config file upload process, or repetitively select the [Upload]
button.
Restart AscenLink to effect the restored configuration.
During the config file restored process, if error occurs, most likely it is because of the
following conditions:
The total WAN bandwidth setting in the restored config file exceeds the max
bandwidth defined for the current system. The bandwidth can be either upload stream
and download stream.
The restored config file contains port # exceeding the current port # defined by the
system.
The restored config file contains VLAN parameters not supported by the machine.
The total # of WAN links in the restored config file exceeds the current system
definition.
Incompatible versions and systems.
Note:
1. The Configuration File is in binary format and should NOT be editted outside of
AscenLink tools and systems.
2. AscenLink Configuration File is backward compatible for the compatible model lines.
However for different models (for example model 1200 and 3000) full compatibility
among config files for different models is NOT guranteed.
3. After the firmware upgrade, users are encouraged to backup the config file
AC-MENU-AL-E5.3
You might also like
- ProtocolDocument14 pagesProtocolThamsanqa LuckyNo ratings yet
- Routing and Switching Technology Student Guide VolumeDocument312 pagesRouting and Switching Technology Student Guide VolumeGoitom HaileNo ratings yet
- Proposal for a personalized Internet connection packageDocument23 pagesProposal for a personalized Internet connection packageMaina KaniaruNo ratings yet
- Hospital Network Design GuideDocument16 pagesHospital Network Design GuideAbreham MekonnenNo ratings yet
- Tarantella Secure Global Desktop Enterprise Edition SoftwareDocument11 pagesTarantella Secure Global Desktop Enterprise Edition SoftwareHector DavidNo ratings yet
- Virtual Private NetworkDocument12 pagesVirtual Private NetworkLucille BallaresNo ratings yet
- Ethernet Network Services Whitepaper enDocument4 pagesEthernet Network Services Whitepaper encixef59641No ratings yet
- Term Paper Project-Design A Secure Network PDFDocument22 pagesTerm Paper Project-Design A Secure Network PDFpeterNo ratings yet
- Exinda Product GuideDocument8 pagesExinda Product GuideUriel Yesid Garzon CastroNo ratings yet
- 07 Eth-Trunk Istack and CSSDocument29 pages07 Eth-Trunk Istack and CSSJasonNo ratings yet
- Quick Heal Terminator (UTM) : Data SheetDocument9 pagesQuick Heal Terminator (UTM) : Data SheetAr Rahail AlamNo ratings yet
- Netsmart: Network Management SolutionsDocument7 pagesNetsmart: Network Management SolutionsthaihaqnNo ratings yet
- Huawei Esight Brief Product Brochure (05-Sept-2013)Document8 pagesHuawei Esight Brief Product Brochure (05-Sept-2013)Tahitii ObiohaNo ratings yet
- Elfiq White Paper - SitePathMTPX Multiplexing For VPNsDocument9 pagesElfiq White Paper - SitePathMTPX Multiplexing For VPNsElfiq NetworksNo ratings yet
- IS3220 Final ProjectDocument12 pagesIS3220 Final Projectjacob klineNo ratings yet
- Serial Server Installation GuideDocument72 pagesSerial Server Installation GuideTri Mulyono Jr.No ratings yet
- Acceleration Technologies of The Cisco Avs 3110 Application Velocity SystemDocument14 pagesAcceleration Technologies of The Cisco Avs 3110 Application Velocity SystemjeffgrantinctNo ratings yet
- ProtocolDocument10 pagesProtocolanujadyanthayaNo ratings yet
- Aws Architecture GuideDocument76 pagesAws Architecture GuideNapster King100% (2)
- Mak Ing VPN Client Modules Platform IndependentDocument56 pagesMak Ing VPN Client Modules Platform IndependentAtinus VadayNo ratings yet
- SOL PROJECT REPORT 15062021 083527pmDocument11 pagesSOL PROJECT REPORT 15062021 083527pmEiman WahabNo ratings yet
- CVD ApplicationOptimizationUsingCiscoWAASDesignGuide AUG13Document48 pagesCVD ApplicationOptimizationUsingCiscoWAASDesignGuide AUG13hulikul22No ratings yet
- SD Wan Architecture Guide PDFDocument65 pagesSD Wan Architecture Guide PDFTawakalNo ratings yet
- QualNet 5.0.2 InstallationGuideDocument15 pagesQualNet 5.0.2 InstallationGuideHưng Ngô0% (1)
- R2.0 CEM Command ReferenceDocument486 pagesR2.0 CEM Command ReferenceAndrew DavisNo ratings yet
- Pulse 4.0 TrainingDocument466 pagesPulse 4.0 TrainingJUAN CARLOS GARCIA RUBIONo ratings yet
- System Architecture Guide - Alcatel-Lucent 5620 SAMDocument22 pagesSystem Architecture Guide - Alcatel-Lucent 5620 SAMnur0% (1)
- Device Servers TutorialDocument24 pagesDevice Servers TutorialHithesh ReddyNo ratings yet
- Unit 4 E-Commerce InfrastructureDocument20 pagesUnit 4 E-Commerce InfrastructureAnonymous bTh744z7E6No ratings yet
- Panorama On Aws Deployment GuideDocument54 pagesPanorama On Aws Deployment GuidePartha DashNo ratings yet
- EMC Data Domain Boost and Dynamic Interface GroupsDocument9 pagesEMC Data Domain Boost and Dynamic Interface GroupsemcviltNo ratings yet
- Openenterprise: New Capability of Integrating Dcs and Scada Client / Server ArchitectureDocument20 pagesOpenenterprise: New Capability of Integrating Dcs and Scada Client / Server Architectureilie_vlassaNo ratings yet
- Homework 6 116Document3 pagesHomework 6 116LuIs I. GuTiNo ratings yet
- Netact For Cisco Application NoteDocument6 pagesNetact For Cisco Application Notejitendra_engNo ratings yet
- School Wireless Network Design GuideDocument12 pagesSchool Wireless Network Design GuideNasir UddinNo ratings yet
- IOSrv WWRSLinxDocument76 pagesIOSrv WWRSLinxantonio_carvalhoNo ratings yet
- Architecture Guide For VMware NSX - Rel 2 - Oct 2018Document24 pagesArchitecture Guide For VMware NSX - Rel 2 - Oct 2018Andres Felipe LorzaNo ratings yet
- Information For Hardening Supported Operating Systems: ConnectivityDocument17 pagesInformation For Hardening Supported Operating Systems: ConnectivityHTMNo ratings yet
- CablesDocument13 pagesCableslahiruaioitNo ratings yet
- 07+eth Trunk+IStack+and+CSSDocument25 pages07+eth Trunk+IStack+and+CSSyakehoj932No ratings yet
- HCNA-HNTD Entry Lab Guide V2.2Document108 pagesHCNA-HNTD Entry Lab Guide V2.2Ahmed ElseliniNo ratings yet
- It-Mgmt-Checklist Golden Rules 071311Document3 pagesIt-Mgmt-Checklist Golden Rules 071311Raúl TriveñoNo ratings yet
- Device Server TutorialDocument14 pagesDevice Server TutorialAl VinNo ratings yet
- Azure Transit Vnet Deployment Guide PDFDocument117 pagesAzure Transit Vnet Deployment Guide PDFGary TownsendNo ratings yet
- 03 - SCCP. 1pdfDocument54 pages03 - SCCP. 1pdfChandan KumarNo ratings yet
- Design and Operation of a Large Enterprise CDNDocument6 pagesDesign and Operation of a Large Enterprise CDNIrfan AhmedNo ratings yet
- FEB-14-19-Implementation and Porting of Light Weight TCPIP For Embedded Web Server - EWSDocument6 pagesFEB-14-19-Implementation and Porting of Light Weight TCPIP For Embedded Web Server - EWSKumar Goud.KNo ratings yet
- XenMobile Deployment Guide PDFDocument144 pagesXenMobile Deployment Guide PDFkiranumbareNo ratings yet
- System Center Configuration ManagerDocument16 pagesSystem Center Configuration Managera_d_s_k_india4831No ratings yet
- Checklist Wireless Lan ManagementDocument6 pagesChecklist Wireless Lan ManagementRammanokar SubburajNo ratings yet
- 1.huawei CloudWAN Solution BrochureDocument6 pages1.huawei CloudWAN Solution Brochuremarcoant2287No ratings yet
- Huawei Esight Full Product DatasheetDocument50 pagesHuawei Esight Full Product DatasheetLópez Ezequiel AndrésNo ratings yet
- NSX T Deployment GuideDocument81 pagesNSX T Deployment Guideninodjukic100% (3)
- HCNA Entry v2.0 PDFDocument416 pagesHCNA Entry v2.0 PDFCrimildo MoisesNo ratings yet
- Implement Windows Deployment Services in IntranetDocument154 pagesImplement Windows Deployment Services in IntranetAkwinderKaurNo ratings yet
- Network Programmability and Automation: Open TranscriptDocument9 pagesNetwork Programmability and Automation: Open TranscriptcasrilalsiNo ratings yet
- Beginning Jakarta EE: Enterprise Edition for Java: From Novice to ProfessionalFrom EverandBeginning Jakarta EE: Enterprise Edition for Java: From Novice to ProfessionalNo ratings yet
- InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System SecurityFrom EverandInduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System SecurityNo ratings yet
- Computer Science Self Management: Fundamentals and ApplicationsFrom EverandComputer Science Self Management: Fundamentals and ApplicationsNo ratings yet
- Learning SD-WAN with Cisco: Transform Your Existing WAN Into a Cost-effective NetworkFrom EverandLearning SD-WAN with Cisco: Transform Your Existing WAN Into a Cost-effective NetworkNo ratings yet
- Avaya Etisalat SIPDocument29 pagesAvaya Etisalat SIPNoorul Haque0% (1)
- Employee Internet Use Monitoring and Filtering PolicyDocument2 pagesEmployee Internet Use Monitoring and Filtering PolicybartNo ratings yet
- Evolution of the Web: Generations of the World Wide WebDocument1 pageEvolution of the Web: Generations of the World Wide Weby2klakNo ratings yet
- Simegnew YihunieDocument80 pagesSimegnew YihunieWubieNo ratings yet
- Siemens Simatic S5 PDFDocument396 pagesSiemens Simatic S5 PDFembasianNo ratings yet
- Studio One Reference ManualDocument236 pagesStudio One Reference ManualWabwabit AmunNo ratings yet
- 10-Port Outdoor Waterproof PoE Switch with 8 PoE Ports Data SheetDocument6 pages10-Port Outdoor Waterproof PoE Switch with 8 PoE Ports Data SheetJesus Emmanuel Martinez JimenezNo ratings yet
- Bascom 8051Document4 pagesBascom 8051Akshay RogeNo ratings yet
- Maharishi Arvind College of Engineering & Research Centre, JaipurDocument29 pagesMaharishi Arvind College of Engineering & Research Centre, JaipurNikhil Bhuta DhariyawadNo ratings yet
- Basic 11 ManualDocument106 pagesBasic 11 ManualsegsaniNo ratings yet
- Test Inside CCNP 642-892 CompositeDocument81 pagesTest Inside CCNP 642-892 CompositeThulani TshakaNo ratings yet
- Maintop DTP v5 3 Crack 4 857 PDFDocument4 pagesMaintop DTP v5 3 Crack 4 857 PDFPhillipNo ratings yet
- User's Manual of Haiwell C Series Ethernet HMIDocument5 pagesUser's Manual of Haiwell C Series Ethernet HMIEmmy-HaiwellNo ratings yet
- Tagging AVI Files ManuallyDocument1 pageTagging AVI Files ManuallyKatherine KielbickiNo ratings yet
- Container Firewall GuideDocument10 pagesContainer Firewall Guideashokvardhn100% (1)
- Whats New in SD WAN Release 17 - 6 20 - 6 - 20211026 1500 1Document42 pagesWhats New in SD WAN Release 17 - 6 20 - 6 - 20211026 1500 1Jose RosasNo ratings yet
- Troubleshoot KPI DegradationDocument27 pagesTroubleshoot KPI DegradationAbraham KraNo ratings yet
- Fedora 17 Installation With ScreenshotDocument29 pagesFedora 17 Installation With Screenshotmanoj1212No ratings yet
- Sujan Computer AssignmentDocument10 pagesSujan Computer Assignmentakyadav123No ratings yet
- Oracle.1Z0 1067 20.v2020 07 20.q22Document17 pagesOracle.1Z0 1067 20.v2020 07 20.q22sherif adf0% (1)
- HP Sonos 2000 Imaging System: Technical DataDocument6 pagesHP Sonos 2000 Imaging System: Technical Datarbensm1No ratings yet
- Profile Gen IssueDocument2 pagesProfile Gen IssueHRajNo ratings yet
- EE241 MT 1 Solution ManualDocument5 pagesEE241 MT 1 Solution ManualkdrdNo ratings yet
- Lab 4 - Configuring Multi-Area OSPFv2Document7 pagesLab 4 - Configuring Multi-Area OSPFv2Alex TienNo ratings yet
- AIX ODM For MPIO User Guide 12Document47 pagesAIX ODM For MPIO User Guide 12stimyl_471631114No ratings yet
- P8H61-M LX2Document61 pagesP8H61-M LX2Robb RobinsonNo ratings yet
- Computer Memory: Short Term Memory Long Term MemoryDocument5 pagesComputer Memory: Short Term Memory Long Term MemoryAkashNo ratings yet
- B.Tech ECE 028 05 DEC12Document407 pagesB.Tech ECE 028 05 DEC12Prateek GuptaNo ratings yet
- 8086/8088 Assembly ProgrammingDocument4 pages8086/8088 Assembly ProgrammingJohn Brix Balisteros0% (1)
- GPRS Architecture and GTP Protocol OverviewDocument57 pagesGPRS Architecture and GTP Protocol OverviewShriraj07No ratings yet
