9-11
Cisco ONS 15600 SDH Reference Manual, Release 9.0
78-18400-01
Chapter 9 Management Network Connectivity
9.2.7 Scenario 7: Provisioning the ONS 15600 SDH Proxy Server
If multiple ONS 15600 SDH nodes and routers are connected to the same LAN in OSPF backbone area
0 and a link between two routers breaks, the backbone OSPF area 0 could divide into multiple gateway
network elements (GNEs). If this occurs, the CTC session connected to Router 1 will not be able to
communicate with the ONS 15600 SDH connected to Router 2. To resolve, you must repair the link
between the routers or provide another form of redundancy in the network. This is standard behavior for
an OSPF network.
Note
To create OSPF virtual links, OSPF must be enabled on the LAN.
Note
Cisco recommends limiting the number of link-state packets (LSPs) that will be forwarded over the DCC
interfaces.
9.2.7 Scenario 7: Provisioning the ONS 15600 SDH Proxy Server
The ONS 15600 SDH proxy server is a set of functions that allows you to configure ONS 15600 SDHs
in environments where visibility and accessibility between ONS 15600 SDHs and CTC computers must
be restricted. For example, you can set up a network so that field technicians and network operations
center (NOC) personnel can both access the same ONS 15600 SDHs while preventing the field
technicians from accessing the NOC LAN. To do this, one ONS 15600 SDH is provisioned as a GNE
and the other ONS 15600 SDHs are provisioned as ENEs. The GNE ONS 15600 SDH tunnels
connections between CTC computers and ENE ONS 15600 SDHs, providing management capability
while preventing access for purposes other than ONS 15600 SDH management.
The ONS 15600 SDH proxy server performs the following tasks:
•
Isolates DCC IP traffic from Ethernet (craft port) traffic and accepts packets based on filtering rules.
The filtering rules (see
and
) depend on whether the
packet arrives at the ONS 15600 SDH DCC or TSC Ethernet interface.
•
Processes Simple Network Time Protocol/Network Time Protocol (SNTP/NTP) requests.
ONS 15600 SDH ENEs can derive time-of-day from an SNTP/NTP LAN server through the
ONS node GNE.
•
Process SNMPv1 traps. The GNE ONS 15600 SDH receives SNMPv1 traps from the ONS node
ENEs and forwards them to all provisioned SNMPv1 trap destinations.
The ONS 15600 SDH proxy server is provisioned using the Enable SOCKS proxy on port check box on
the Provisioning > Network > General tab (see
). If checked, the ONS 15600 SDH serves as
a proxy for connections between CTC clients and ONS 15600 SDHs that are DCC-connected to the
proxy ONS 15600 SDH. The CTC client establishes connections to DCC-connected nodes through the
proxy node. The CTC client can connect to nodes that it cannot directly reach from the host on which it
runs. If not selected, the node does not proxy for any CTC clients, although any established proxy
connections continue until the CTC client exits. If set as a GNE, the CTC computer is visible to other
DCC-connected nodes and firewall is enabled. If Proxy-only is selected, the firewall is not enabled. CTC
can communicate with any other DCC-connected ONS 15600 SDHs.
Note
The ONS 15600 SDH ENE option on the Provisioning > Network > General tab behaves the same as the
GNE option.