C H A P T E R 4 F E A T U R E S
V100 Versatile Multiplexer Technical Manual Version 2.2
Page 175 of 231
some risk, but the risk is mostly mild and is of the "denial of service" nature. That is, an attacker can use
them to interfere with service on and from the network.
By blocking all ICMPs the administrator himself interferes with service on and from his own network.
Unless he also turns off path MTU discovery on his network's servers, he makes his servers unusable by
users with reduced-MTU links in their paths. Because service is affected only in relatively unusual cases, it
can be difficult to convince the administrator that a problem exists. The prevalence of such "unusual"
cases is growing rapidly though. Administrators who want to block all ICMPs should disable path MTU
discovery on their computers, especially on their servers. It makes no sense to ask for ICMP notifications
and then refuse to accept them. In addition, doing so opens the server to a special type of distributed
denial of service attack based on resource exhaustion from a large number of fully-open connections.
Clearly all of the above requires careful setup by the network administrator but it can still lead to basic
incompatibility when trying to access certain internet servers. The other disadvantage is that even if
reduced MTUs are allowed, the fragmentation potentially resulting from it causes a significant additional
overhead due to the increased number of packet headers (each typically containing 20 bytes in an IP
packet) and ultimately reduced throughput due to the burden of additional packet processing. The V100
IP Router avoids this by providing its own proprietary fragmentation over the V100 WAN network,
which uses only a 4-byte header to optimise throughput, while appearing to pass the original packets sent
by the network transparently. Setting the V100 MTU requires some care in configuration to avoid
degradation of the quality of voice channels (or other services) that are multiplexed across the same
aggregates as the IP traffic. It is recommended that a value for the V100 MTU is calculated which avoids
the creation of any packets that will take longer than 20ms on the slowest aggregate between the local
V100 and its peer. The MTU should be set according to:
MTU = LS/400
where LS is the slowest link speed (in bits per second) on the aggregate link to the peer. If the calculated
MTU exceeds the MTU for the Ethernet, then the MTU for the V100 channel should also be set to 1514. In
the case of a link running at 64Kbps, the MTU should therefore be set to (64000/400) = 160.
Note that fragmentation has an overhead in both the computation required on the V100, and the
bandwidth required to send data (each fragment carries an IP header), and you should avoid setting the
MTU below the recommended value unnecessarily.
4.13.7
Static Routes
Each V100 IP router must be configured with static routes to tell it how to reach IP networks other than
the one that it is locally attached to. An IP STATIC ROUTE TABLE menu screen is provided under the IP
sub-menu to do this. Each configured route consists of a description, a destination address, a mask for the
destination address and a next-hop. The “Description” is a text field used to identify a route in the
configuration. The “Next-hop” is either the IP address of the next-hop gateway on the local Ethernet
network, or the channel number for a unnumbered link to a peer V100 across the IP network. When a
route lookup matches more than one configured route, the one with the longest mask (i.e. the most