ZyXEL VMG9827-B50A Users Manual

Chapter 10 Quality of Service (QoS)

Token Bucket

The token bucket algorithm uses tokens in a bucket to control when traffic can be transmitted. The bucket stores tokens, each of which represents one byte. The algorithm allows bursts of up to b bytes which is also the bucket size, so the bucket can hold up to b tokens. Tokens are generated and added into the bucket at a constant rate. The following shows how tokens work with packets:

• A packet can be transmitted if the number of tokens in the bucket is equal to or greater than the size of the packet (in bytes).

• After a packet is transmitted, a number of tokens corresponding to the packet size is removed from the bucket.

• If there are no tokens in the bucket, the EMG stops transmitting until enough tokens are generated.

• If not enough tokens are available, the EMG treats the packet in either one of the following ways: In traffic shaping:

• Holds it in the queue until enough tokens are available in the bucket.

In traffic policing:

• Drops it.

• Transmits it but adds a DSCP mark. The EMG may drop these marked packets if the network is overloaded.

Configure the bucket size to be equal to or less than the amount of the bandwidth that the interface can support. It does not help if you set it to a bucket size over the interface’s capability. The smaller the bucket size, the lower the data transmission rate and that may cause outgoing packets to be dropped. A larger transmission rate requires a big bucket size. For example, use a bucket size of 10 kbytes to get the transmission rate up to 10 Mbps.

Single Rate Three Color Marker

The Single Rate Three Color Marker (srTCM, defined in RFC 2697) is a type of traffic policing that identifies packets by comparing them to one user-defined rate, the Committed Information Rate (CIR), and two burst sizes: the Committed Burst Size (CBS) and Excess Burst Size (EBS).

The srTCM evaluates incoming packets and marks them with one of three colors which refer to packet loss priority levels. High packet loss priority level is referred to as red, medium is referred to as yellow and low is referred to as green.

The srTCM is based on the token bucket filter and has two token buckets (CBS and EBS). Tokens are generated and added into the bucket at a constant rate, called Committed Information Rate (CIR). When the first bucket (CBS) is full, new tokens overflow into the second bucket (EBS).

All packets are evaluated against the CBS. If a packet does not exceed the CBS it is marked green. Otherwise it is evaluated against the EBS. If it is below the EBS then it is marked yellow. If it exceeds the EBS then it is marked red.

The following shows how tokens work with incoming packets in srTCM:

• A packet arrives. The packet is marked green and can be transmitted if the number of tokens in the CBS bucket is equal to or greater than the size of the packet (in bytes).

• After a packet is transmitted, a number of tokens corresponding to the packet size is removed from the CBS bucket.

EMG6726/8726-B10A User’s Guide

151

Chapter 10 Quality of Service (QoS)

• If there are not enough tokens in the CBS bucket, the EMG checks the EBS bucket. The packet is marked yellow if there are sufficient tokens in the EBS bucket. Otherwise, the packet is marked red. No tokens are removed if the packet is dropped.

Two Rate Three Color Marker

The Two Rate Three Color Marker (trTCM, defined in RFC 2698) is a type of traffic policing that identifies packets by comparing them to two user-defined rates: the Committed Information Rate (CIR) and the Peak Information Rate (PIR). The CIR specifies the average rate at which packets are admitted to the network. The PIR is greater than or equal to the CIR. CIR and PIR values are based on the guaranteed and maximum bandwidth respectively as negotiated between a service provider and client.

The trTCM evaluates incoming packets and marks them with one of three colors which refer to packet loss priority levels. High packet loss priority level is referred to as red, medium is referred to as yellow and low is referred to as green.

The trTCM is based on the token bucket filter and has two token buckets (Committed Burst Size (CBS) and Peak Burst Size (PBS)). Tokens are generated and added into the two buckets at the CIR and PIR respectively.

All packets are evaluated against the PIR. If a packet exceeds the PIR it is marked red. Otherwise it is evaluated against the CIR. If it exceeds the CIR then it is marked yellow. Finally, if it is below the CIR then it is marked green.

The following shows how tokens work with incoming packets in trTCM:

• A packet arrives. If the number of tokens in the PBS bucket is less than the size of the packet (in bytes), the packet is marked red and may be dropped regardless of the CBS bucket. No tokens are removed if the packet is dropped.

• If the PBS bucket has enough tokens, the EMG checks the CBS bucket. The packet is marked green and can be transmitted if the number of tokens in the CBS bucket is equal to or greater than the size of the packet (in bytes). Otherwise, the packet is marked yellow.

EMG6726/8726-B10A User’s Guide

152

CHAPTER 11

Network Address Translation

(NAT)

11.1 Overview

This chapter discusses how to configure NAT on the EMG. NAT (Network Address Translation - NAT, RFC

1631) is the translation of the IP address of a host in a packet, for example, the source address of an

outgoing packet, used within one network to a different IP address known within another network.

11.1.1 What You Can Do in this Chapter

• Use the Port Forwarding screen to configure forward incoming service requests to the server(s) on your local network (Section 11.2 on page 154).

• Use the Applications screen to forward incoming service requests to the server(s) on your local network (Section 11.3 on page 157).

• Use the Port Triggering screen to add and configure the EMG’s trigger port settings (Section 11.4 on

page 159).

• Use the DMZ screen to configure a default server (Section 11.5 on page 161).

• Use the ALG screen to enable and disable the NAT and SIP (VoIP) ALG in the EMG (Section 11.6 on

page 162).

• Use the Address Mapping screen to configure the EMG's address mapping settings (Section 11.7 on

page 163).

• Use the Sessions screen to configure the EMG's maximum number of NAT sessions (Section 11.8 on

page 165).

11.1.2 What You Need To Know

Inside/Outside

Inside/outside denotes where a host is located relative to the EMG, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.

Global/Local

Global/local denotes the IP address of a host in a packet as the packet traverses a router, for example, the local address refers to the IP address of a host when the packet is in the local network, while the global address refers to the IP address of the host when the same packet is traveling in the WAN side.

EMG6726/8726-B10A User’s Guide

153

Chapter 11 Network Address Translation (NAT)

NAT

In the simplest form, NAT changes the source IP address in a packet received from a subscriber (the inside local address) to another (the inside global address) before forwarding the packet to the WAN side. When the response comes back, NAT translates the destination address (the inside global address) back to the inside local address before forwarding it to the original inside host.

Port Forwarding

A port forwarding set is a list of inside (behind NAT on the LAN) servers, for example, web or FTP, that you can make visible to the outside world even though NAT makes your whole inside network appear as a single computer to the outside world.

Finding Out More

See Section 11.9 on page 165 for advanced technical information on NAT.

11.2 The Port Forwarding Screen

Use the Port Forwarding screen to forward incoming service requests to the server(s) on your local network.

You may enter a single port number or a range of port numbers to be forwarded, and the local IP address of the desired server. The port number identifies a service; for example, web service is on port 80 and FTP on port 21. In some cases, such as for unknown services or where one server can support more than one service (for example both FTP and web service), it might be better to specify a range of port numbers. You can allocate a server IP address that corresponds to a port or a range of ports.

The most often used port numbers and services are shown in Appendix D on page 304. Please refer to RFC 1700 for further information about port numbers.

Note: Many residential broadband ISP accounts do not allow you to run any server processes

(such as a Web or FTP server) from your location. Your ISP may periodically check for servers and may suspend your account if it discovers any active services at your location. If you are unsure, refer to your ISP.

Configuring Servers Behind Port Forwarding (Example)

Let's say you want to assign ports 21-25 to one FTP, Telnet and SMTP server (A in the example), port 80 to another (B in the example) and assign a default server IP address of 192.168.1.35 to a third (C in the example). You assign the LAN IP addresses and the ISP assigns the WAN IP address. The NAT network appears as a single host on the Internet.

EMG6726/8726-B10A User’s Guide

154

Chapter 11 Network Address Translation (NAT)

Figure 91 Multiple Servers Behind NAT Example

Click Network Setting > NAT > Port Forwarding to open the following screen.

See Appendix D on page 304 for port numbers commonly used for particular services.

Figure 92 Network Setting > NAT > Port Forwarding

The following table describes the fields in this screen. Table 51 Network Setting > NAT > Port Forwarding

LABEL DESCRIPTION

Add New Rule Click this to add a new rule. # This is the index number of the entry. Status This field displays whether the NAT rule is active or not. A yellow bulb signifies that this rule is

active. A gray bulb signifies that this rule is not active. Service Name This shows the service’s name. Originating IP This field displays the source IP address from the WAN interface. WAN Interface This shows the WAN interface through which the service is forwarded. Server IP

Address Start Port This is the first external port number that identifies a service. End Port This is the last external port number that identifies a service. Translation Start

Port Translation End

Port

This is the server’s IP address.

This is the first internal port number that identifies a service.

This is the last internal port number that identifies a service.

EMG6726/8726-B10A User’s Guide

155

Chapter 11 Network Address Translation (NAT)

Table 51 Network Setting > NAT > Port Forwarding (continued)

LABEL DESCRIPTION

Protocol This shows the IP protocol supported by this virtual server, whether it is TCP, UDP, or TCP/UDP. Modify Click the Edit icon to edit this rule.

Click the Delete icon to delete an existing rule.

11.2.1 Add/Edit Port Forwarding

Click Add New Rule in the Port Forwarding screen or click the Edit icon next to an existing rule to open the following screen.

Figure 93 Port Forwarding: Add/Edit

The following table describes the labels in this screen. Table 52 Port Forwarding: Add/Edit

LABEL DESCRIPTION

Active Select Enable or Disable to activate or deactivate the rule. Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on). Obtain WAN IP

Automatically WAN IP If you’re using multi-to-multi NAT, enter a WAN IP address provided by your ISP.

Select this option to obtain the WAN IP address of the EMG.

EMG6726/8726-B10A User’s Guide

156

Chapter 11 Network Address Translation (NAT)

Table 52 Port Forwarding: Add/Edit (continued)

LABEL DESCRIPTION

Start Port Enter the original destination port for the packets.

To forward only one port, enter the port number again in the End Port field.

To forward a series of ports, enter the start port number here and the end port number in the End

Port field. End Port Enter the last port of the original destination port range.

To forward only one port, enter the port number in the Start Port field above and then enter it

again in this field.

To forward a series of ports, enter the last port number in a series that begins with the port

number in the Start Port field above. Translation Start

Port

Translation End Port

Server IP Address

Configure Originating IP

Originating IPEnter the source IP address of WAN interface.

This shows the port number to which you want the EMG to translate the incoming port. For a

range of ports, enter the first number of the range to which you want the incoming ports

translated.

This shows the last port of the translated port range.

Enter the inside IP address of the virtual server here.

Select Enable to enter the source IP address of WAN interface.

Protocol Select the protocol supported by this virtual server. Choices are TCP, UDP, or TCP/UDP. OK Click OK to save your changes. Cancel Click Cancel to exit this screen without saving.

11.3 The Applications Screen

This screen provides a summary of all NAT applications and their configuration. In addition, this screen allows you to create new applications and/or remove existing ones.

To access this screen, click Network Setting > NAT > Applications. The following screen appears.

Figure 94 Network Setting > NAT > Applications

EMG6726/8726-B10A User’s Guide

157

Chapter 11 Network Address Translation (NAT)

The following table describes the labels in this screen. Table 53 Network Setting > NAT > Applications

LABEL DESCRIPTION

Add New Application

Application Forwarded

WAN Interface This field shows the WAN interface through which the service is forwarded. Server IP

Address Modify Click the Delete icon to delete the rule.

Click this to add a new NAT application rule.

This field shows the type of application that the service forwards.

This field displays the destination IP address for the service.

11.3.1 Add New Application

This screen lets you create new NAT application rules. Click Add New Application in the Applications screen to open the following screen.

Figure 95 Network Setting > NAT > Applications: Add

The following table describes the labels in this screen. Table 54 Network Setting > NAT > Applications: Add

LABEL DESCRIPTION

WAN Interface Select the WAN interface that you want to apply this NAT rule to. Server IP

Address Application

Category Application

Forwarded View Rules Click this to display the configuration of the service that you have chosen in Application

OK Click OK to save your changes. Cancel Click Cancel to exit this screen without saving.

Enter the inside IP address of the application here.

Select the category of the application from the drop-down list box.

Select a service from the drop-down list box and the EMG automatically configures the

protocol, start, end, and map port number that define the service.

Fowarded.

EMG6726/8726-B10A User’s Guide

158

Chapter 11 Network Address Translation (NAT)

11.4 The Port Triggering Screen

Some services use a dedicated range of ports on the client side and a dedicated range of ports on the server side. With regular port forwarding you set a forwarding port in NAT to forward a service (coming in from the server on the WAN) to the IP address of a computer on the client side (LAN). The problem is that port forwarding only forwards a service to a single LAN IP address. In order to use the same service on a different LAN computer, you have to manually replace the LAN computer's IP address in the forwarding port with another LAN computer's IP address.

Trigger port forwarding solves this problem by allowing computers on the LAN to dynamically take turns using the service. The EMG records the IP address of a LAN computer that sends traffic to the WAN to request a service with a specific port number and protocol (a "trigger" port). When the EMG's WAN port receives a response with a specific port number and protocol ("open" port), the EMG forwards the traffic to the LAN IP address of the computer that sent the request. After that computer’s connection for that service closes, another computer on the LAN can use the service in the same manner. This way you do not need to configure a new IP address each time you want a different LAN computer to use the application.

For example:

Figure 96 Trigger Port Forwarding Process: Example

1 Jane requests a file from the Real Audio server (port 7070).

2 Port 7070 is a “trigger” port and causes the EMG to record Jane’s computer IP address. The EMG

associates Jane's computer IP address with the "open" port range of 6970-7170.

3 The Real Audio server responds using a port number ranging between 6970-7170.

4 The EMG forwards the traffic to Jane’s computer IP address.

5 Only Jane can connect to the Real Audio server until the connection is closed or times out. The EMG

times out in three minutes with UDP (User Datagram Protocol) or two hours with TCP/IP (Transfer Control Protocol/Internet Protocol).

Click Network Setting > NAT > Port Triggering to open the following screen. Use this screen to view your EMG’s trigger port settings.

EMG6726/8726-B10A User’s Guide

159

Chapter 11 Network Address Translation (NAT)

Figure 97 Network Setting > NAT > Port Triggering

The following table describes the labels in this screen. Table 55 Network Setting > NAT > Port Triggering

LABEL DESCRIPTION

Add New Rule Click this to create a new rule. # This is the index number of the entry. Status This field displays whether the port triggering rule is active or not. A yellow bulb signifies that this

rule is active. A gray bulb signifies that this rule is not active. Service Name This field displays the name of the service used by this rule. WAN Interface This field shows the WAN interface through which the service is forwarded. Trigger Start Port The trigger port is a port (or a range of ports) that causes (or triggers) the EMG to record the IP

address of the LAN computer that sent the traffic to a server on the WAN.

This is the first port number that identifies a service. Trigger End Port This is the last port number that identifies a service. Trigger Proto. This is the trigger transport layer protocol. Open Start Port The open port is a port (or a range of ports) that a server on the WAN uses when it sends out a

particular service. The EMG forwards the traffic with this port (or range of ports) to the client

computer on the LAN that requested the service.

This is the first port number that identifies a service. Open End Port This is the last port number that identifies a service. Open Protocol This is the open transport layer protocol. Modify Click the Edit icon to edit this rule.

Click the Delete icon to remove an existing rule.

11.4.1 Add/Edit Port Triggering Rule

This screen lets you create new port triggering rules. Click Add new rule in the Port Triggering screen or click a rule’s Edit icon to open the following screen.

EMG6726/8726-B10A User’s Guide

160

Chapter 11 Network Address Translation (NAT)

Figure 98 Port Triggering: Add/Edit

The following table describes the labels in this screen. Table 56 Port Triggering: Configuration Add/Edit

LABEL DESCRIPTION

Active Select to enable or disable this rule. Service Name Enter a name to identify this rule using keyboard characters (A-Z, a-z, 1-2 and so on). WAN Interface Select a WAN interface for which you want to configure port triggering rules. Trigger Start Port The trigger port is a port (or a range of ports) that causes (or triggers) the EMG to record the IP

address of the LAN computer that sent the traffic to a server on the WAN.

Type a port number or the starting port number in a range of port numbers. Trigger End Port Type a port number or the ending port number in a range of port numbers. Trigger Protocol Select the transport layer protocol from TCP, or UDP. Open Start Port The open port is a port (or a range of ports) that a server on the WAN uses when it sends out a

particular service. The EMG forwards the traffic with this port (or range of ports) to the client

computer on the LAN that requested the service.

Type a port number or the starting port number in a range of port numbers. Open End Port Type a port number or the ending port number in a range of port numbers. Open Protocol Select the transport layer protocol from TCP, or UDP. OK Click OK to save your changes. Cancel Click Cancel to exit this screen without saving.

11.5 The DMZ Screen

In addition to the servers for specified services, NAT supports a default server IP address. A default server receives packets from ports that are not specified in the NAT Port Forwarding Setup screen.

EMG6726/8726-B10A User’s Guide

161

Chapter 11 Network Address Translation (NAT)

Figure 99 Network Setting > NAT > DMZ

The following table describes the fields in this screen. Table 57 Network Setting > NAT > DMZ

LABEL DESCRIPTION

Default Server Address

Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings.

Enter the IP address of the default server which receives packets from ports that are not

specified in the NAT Port Forwarding screen.

Note: If you do not assign a Default Server Address, the EMG discards all packets

received for ports that are not specified in the NAT Port Forwarding screen.

11.6 The ALG Screen

Some NAT routers may include a SIP Application Layer Gateway (ALG). A SIP ALG allows SIP calls to pass through NAT by examining and translating IP addresses embedded in the data stream. When the EMG registers with the SIP register server, the SIP ALG translates the EMG’s private IP address inside the SIP data stream to a public IP address. You do not need to use STUN or an outbound proxy if your EMG is behind a SIP ALG.

Use this screen to enable and disable the ALGs in the EMG. To access this screen, click Network Setting >

NAT > ALG.

Figure 100 Network Setting > NAT > ALG

EMG6726/8726-B10A User’s Guide

162

Chapter 11 Network Address Translation (NAT)

The following table describes the fields in this screen. Table 58 Network Setting > NAT > ALG

LABEL DESCRIPTION

NAT ALG Enable this to make sure applications such as FTP and file transfer in IM applications work

correctly with port-forwarding and address-mapping rules. SIP ALG Enable this to make sure SIP (VoIP) works correctly with port-forwarding and address-mapping

rules. RTSP ALG Enable this to have the EMG detect RTSP traffic and help build RTSP sessions through its NAT. The

Real Time Streaming (media control) Protocol (RTSP) is a remote control for multimedia on the

Internet. PPTP ALG Enable this to turn on the PPTP ALG on the EMG to detect PPTP traffic and help build PPTP

sessions through the EMG’s NAT. IPSEC ALG

Apply Click Apply to save your changes. Cancel Click Cancel to restore your previously saved settings.

Enable this to turn on the IPSec ALG on the EMG to detect IPSec traffic and help build IPSec

sessions through the EMG’s NAT.

11.7 The Address Mapping Screen

Ordering your rules is important because the EMG applies the rules in the order that you specify. When a rule matches the current packet, the EMG takes the corresponding action and the remaining rules are ignored.

Click Network Setting > NAT > Address Mapping to display the following screen.

Figure 101 Network Setting > NAT > Address Mapping

The following table describes the fields in this screen. Table 59 Network Setting > NAT > Address Mapping

LABEL DESCRIPTION

Add new rule Click this to create a new rule. Rule Name This show the name of the rule. Local Start IP This is the starting Inside Local IP Address (ILA). Local End IP This is the ending Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field

displays 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address. This

field is blank for One-to-One mapping types. Global Start IP This is the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP

address from your ISP. You can only do this for the Many-to-One mapping type. Global End IP This is the ending Inside Global IP Address (IGA). This field is blank for One-to-One and Many-to-

One mapping types.

EMG6726/8726-B10A User’s Guide

163

Chapter 11 Network Address Translation (NAT)

Table 59 Network Setting > NAT > Address Mapping (continued)

LABEL DESCRIPTION

Type This is the address mapping type.

One-to-One: This mode maps one local IP address to one global IP address. Note that port

numbers do not change for the One-to-one NAT mapping type.

Many-to-One: This mode maps multiple local IP addresses to one global IP address. This is

equivalent to SUA (i.e., PAT, port address translation), the EMG's Single User Account feature that

previous routers supported only.

Many-to-Many: This mode maps multiple local IP addresses to shared global IP addresses. Wan Interface This is the WAN interface to which the address mapping rule applies. Modify Click the Edit icon to go to the screen where you can edit the address mapping rule.

Click the Delete icon to delete an existing address mapping rule. Note that subsequent address

mapping rules move up by one when you take this action.

11.7.1 Add/Edit Address Mapping Rule

To add or edit an address mapping rule, click Add new rule or the rule’s edit icon in the Address Mapping screen to display the screen shown next.

Figure 102 Address Mapping: Add/Edit

The following table describes the fields in this screen. Table 60 Address Mapping: Add/Edit

LABEL DESCRIPTION

Rule Name This show the name of the rule. Type Choose the IP/port mapping type from one of the following.

One-to-One: This mode maps one local IP address to one global IP address. Note that port

numbers do not change for the One-to-one NAT mapping type.

Many-to-One: This mode maps multiple local IP addresses to one global IP address. This is

equivalent to SUA (i.e., PAT, port address translation), the EMG's Single User Account feature that

previous routers supported only.

Many-to-Many: This mode maps multiple local IP addresses to shared global IP addresses. Local Start IP Enter the starting Inside Local IP Address (ILA).

EMG6726/8726-B10A User’s Guide

164

Chapter 11 Network Address Translation (NAT)

Table 60 Address Mapping: Add/Edit (continued)

LABEL DESCRIPTION

Local End IP Enter the ending Inside Local IP Address (ILA). If the rule is for all local IP addresses, then this field

displays 0.0.0.0 as the Local Start IP address and 255.255.255.255 as the Local End IP address. This

field is blank for One-to-One mapping types. Global Start IP Enter the starting Inside Global IP Address (IGA). Enter 0.0.0.0 here if you have a dynamic IP

address from your ISP. You can only do this for the Many-to-One mapping type. Global End IP Enter the ending Inside Global IP Address (IGA). This field is blank for One-to-One and Many-to-

One mapping types. WAN Interface Select a WAN interface to which the address mapping rule applies. OK Click OK to save your changes. Cancel Click Cancel to exit this screen without saving.

11.8 The Sessions Screen

Use this screen to limit the number of concurrent NAT sessions a client can use. Click Network Setting > NAT > Sessions to display the following screen.

Figure 103 Network Setting > NAT > Sessions

The following table describes the fields in this screen. Table 61 Network Setting > NAT > Sessions

LABEL DESCRIPTION

MAX NAT Session Per Host

Apply Click this to save your changes on this screen. Cancel Click this to exit this screen without saving any changes.

Use this field to set a limit to the number of concurrent NAT sessions each client host can have.

If only a few clients use peer to peer applications, you can raise this number to improve their

performance. With heavy peer-to-peer application use, lower this number to ensure no single

client uses too many of the available NAT sessions.

11.9 Technical Reference

This part contains more information regarding NAT.

EMG6726/8726-B10A User’s Guide

165

11.9.1 NAT Definitions

Inside/outside denotes where a host is located relative to the EMG, for example, the computers of your subscribers are the inside hosts, while the web servers on the Internet are the outside hosts.

Note that inside/outside refers to the location of a host, while global/local refers to the IP address of a host used in a packet. Thus, an inside local address (ILA) is the IP address of an inside host in a packet when the packet is still in the local network, while an inside global address (IGA) is the IP address of the same inside host when the packet is on the WAN side. The following table summarizes this information.

Table 62 NAT Definitions

ITEM DESCRIPTION

Inside This refers to the host on the LAN. Outside This refers to the host on the WAN. Local This refers to the packet address (source or destination) as the packet travels on the LAN. Global This refers to the packet address (source or destination) as the packet travels on the WAN.

Chapter 11 Network Address Translation (NAT)

NAT never changes the IP address (either local or global) of an outside host.

11.9.2 What NAT Does

The global IP addresses for the inside hosts can be either static or dynamically assigned by the ISP. In addition, you can designate servers, for example, a web server and a telnet server, on your local network and make them accessible to the outside world. If you do not define any servers (for Many-toOne and Many-to-Many Overload mapping), NAT offers the additional benefit of firewall protection. With no servers defined, your EMG filters out all incoming inquiries, thus preventing intruders from probing your network. For more information on IP address translation, refer to RFC 1631, The IP Network Address Translator (NAT).

EMG6726/8726-B10A User’s Guide

166

11.9.3 How NAT Works

Each packet has two addresses – a source address and a destination address. For outgoing packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside Global Address) is the source address on the WAN. For incoming packets, the ILA is the destination address on the LAN, and the IGA is the destination address on the WAN. NAT maps private (local) IP addresses to globally unique ones required for communication with hosts on other networks. It replaces the original IP source address (and TCP or UDP source port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet and then forwards it to the Internet. The EMG keeps track of the original addresses and port numbers so incoming reply packets can have their original values restored. The following figure illustrates this.

Figure 104 How NAT Works

Chapter 11 Network Address Translation (NAT)

11.9.4 NAT Application

The following figure illustrates a possible NAT application, where three inside LANs (logical LANs using IP alias) behind the EMG can communicate with three distinct WAN networks.

EMG6726/8726-B10A User’s Guide

167

Chapter 11 Network Address Translation (NAT)

Figure 105 NAT Application With IP Alias

Port Forwarding: Services and Port Numbers

The most often used port numbers are shown in the following table. Please refer to RFC 1700 for further information about port numbers.

Table 63 Services and Port Numbers

SERVICES PORT NUMBER

ECHO 7 FTP (File Transfer Protocol) 21 SMTP (Simple Mail Transfer Protocol) 25 DNS (Domain Name System) 53 Finger 79 HTTP (Hyper Text Transfer protocol or WWW, Web) 80 POP3 (Post Office Protocol) 110 NNTP (Network News Transport Protocol) 119 SNMP (Simple Network Management Protocol) 161 SNMP trap 162 PPTP (Point-to-Point Tunneling Protocol) 1723

EMG6726/8726-B10A User’s Guide

168

Chapter 11 Network Address Translation (NAT)

Port Forwarding Example

Figure 106 Multiple Servers Behind NAT Example

EMG6726/8726-B10A User’s Guide

169

12.1 Overview

DNS

DNS (Domain Name System) is for mapping a domain name to its corresponding IP address and vice versa. The DNS server is extremely important because without it, you must know the IP address of a machine before you can access it.

In addition to the system DNS server(s), each WAN interface (service) is set to have its own static or dynamic DNS server list. You can configure a DNS static route to forward DNS queries for certain domain names through a specific WAN interface to its DNS server(s). The EMG uses a system DNS server (in the order you specify in the Broadband screen) to resolve domain names that do not match any DNS routing entry. After the EMG receives a DNS reply from a DNS server, it creates a new entry for the resolved IP address in the routing table.

CHAPTER 12

Dynamic DNS Setup

Dynamic DNS

Dynamic DNS allows you to update your current dynamic IP address with one or many dynamic DNS services so that anyone can contact you (in NetMeeting, CU-SeeMe, etc.). You can also access your FTP server or Web site on your own computer using a domain name (for instance myhost.dhs.org, where myhost is a name of your choice) that will never change instead of using an IP address that changes each time you reconnect. Your friends or relatives will always be able to call you even if they don't know your IP address.

First of all, you need to have registered a dynamic DNS account with www.dyndns.org. This is for people with a dynamic IP from their ISP or DHCP server that would still like to have a domain name. The Dynamic DNS service provider will give you a password or key.

12.1.1 What You Can Do in this Chapter

• Use the DNS Entry screen to view, configure, or remove DNS routes (Section 12.2 on page 171).

• Use the Dynamic DNS screen to enable DDNS and configure the DDNS settings on the EMG (Section

12.3 on page 172).

12.1.2 What You Need To Know

DYNDNS Wildcard

Enabling the wildcard feature for your host causes *.yourhost.dyndns.org to be aliased to the same IP address as yourhost.dyndns.org. This feature is useful if you want to be able to use, for example, www.yourhost.dyndns.org and still reach your hostname.

EMG6726/8726-B10A User’s Guide

170

Chapter 12 Dynamic DNS Setup

If you have a private WAN IP address, then you cannot use Dynamic DNS.

12.2 The DNS Entry Screen

Use this screen to view and configure DNS routes on the EMG. Click Network Setting > DNS to open the DNS Entry screen.

Figure 107 Network Setting > DNS > DNS Entry

The following table describes the fields in this screen. Table 64 Network Setting > DNS > DNS Entry

LABEL DESCRIPTION

Add New DNS Entry

# This is the index number of the entry. Hostname This indicates the host name or domain name. IP Address This indicates the IP address assigned to this computer. Modify Click the Edit icon to edit the rule.

Click this to create a new DNS entry.

Click the Delete icon to delete an existing rule.

12.2.1 Add/Edit DNS Entry

You can manually add or edit the EMG’s DNS name and IP address entry. Click Add New DNS Entry in the DNS Entry screen or the Edit icon next to the entry you want to edit. The screen shown next appears.

Figure 108 DNS Entry: Add/Edit

EMG6726/8726-B10A User’s Guide

171

Chapter 12 Dynamic DNS Setup

The following table describes the labels in this screen. Table 65 DNS Entry: Add/Edit

LABEL DESCRIPTION

Host Name Enter the host name of the DNS entry. IPv4 Address Enter the IPv4 address of the DNS entry. OK Click OK to save your changes. Cancel Click Cancel to exit this screen without saving.

12.3 The Dynamic DNS Screen

Use this screen to change your EMG’s DDNS. Click Network Setting > DNS > Dynamic DNS. The screen appears as shown.

Figure 109 Network Setting > DNS > Dynamic DNS

The following table describes the fields in this screen. Table 66 Network Setting > DNS > > Dynamic DNS

LABEL DESCRIPTION

Dynamic DNS Setup

Dynamic DNS Select Enable to use dynamic DNS. Service Provider Select your Dynamic DNS service provider from the drop-down list box. If it’s not in the

drop-down list, please select DNS user defined. Fill in the Connection Type and URL Update

fields. Connection Type Select a protocol that your Dynamic DNS service server use. URL Update Enter an URL of the Dynamic DNS provider. Host/Domain

Name

Username Type your user name. Password Type the password assigned to you.

Type the domain name assigned to your EMG by your Dynamic DNS provider.

You can specify up to two host names in the field separated by a comma (",").

EMG6726/8726-B10A User’s Guide

172

Chapter 12 Dynamic DNS Setup

Table 66 Network Setting > DNS > > Dynamic DNS (continued)

LABEL DESCRIPTION

Enable Wildcard Option

Enable Off Line Option (Only applies to custom DNS)

Dynamic DNS Status

User Authentication Result

Last Updated Time This shows the last time the IP address the Dynamic DNS provider has associated with the

Current Dynamic IPThis shows the IP address your Dynamic DNS provider has currently associated with the

Apply Click Apply to save your changes. Cancel Click Cancel to exit this screen without saving.

Select the check box to enable DynDNS Wildcard.

Check with your Dynamic DNS service provider to have traffic redirected to a URL (that

you can specify) while you are off line.

This shows Success if the account is correctly set up with the Dynamic DNS provider

account.

hostname was updated.

hostname.

EMG6726/8726-B10A User’s Guide

173

13.1 Overview

Use the IGMP/MLD screen to configure IGMP/MLD group settings.

13.1.1 What You Need To Know

Multicast and IGMP

See Multicast on page 75 for more information.

Multicast Listener Discovery (MLD)

The Multicast Listener Discovery (MLD) protocol (defined in RFC 2710) is derived from IPv4's Internet Group Management Protocol version 2 (IGMPv2). MLD uses ICMPv6 message types, rather than IGMP message types. MLDv1 is equivalent to IGMPv2 and MLDv2 is equivalent to IGMPv3.

• MLD allows an IPv6 switch or router to discover the presence of MLD hosts who wish to receive multicast packets and the IP addresses of multicast groups the hosts want to join on its network.

• MLD snooping and MLD proxy are analogous to IGMP snooping and IGMP proxy in IPv4.

• MLD filtering controls which multicast groups a port can join.

• An MLD Report message is equivalent to an IGMP Report message, and a MLD Done message is equivalent to an IGMP Leave message.

CHAPTER 13

IGMP/MLD

IGMP Fast Leave

When a host leaves a multicast group (224.1.1.1), it sends an IGMP leave message to inform all routers (224.0.0.2) in the multicast group. When a router receives the leave message, it sends a specific query message to all multicast group (224.1.1.1) members to check if any other hosts are still in the group. Then the router deletes the host’s information. With the IGMP fast leave feature enabled, the router removes the host’s information from the group member list once it receives a leave message from a host and the fast leave timer expires.

13.2 The IGMP/MLD Screen

Use this screen to configure multicast groups the EMG has joined and which ports have joined it. To open this screen, click Network Setting > IGMP/MLD.

EMG6726/8726-B10A User’s Guide

174

Chapter 13 IGMP/MLD

Figure 110 Network Setting > IGMP/MLD

The following table describes the labels in this screen. Table 67 Network Setting > IGMP/MLD

LABEL DESCRIPTION

IGMP/MLD Configuration Default Version Enter the version of IGMP (1~3) and MLD (1~2) that you want the EMG to use on the WAN. Query Interval Enter the number of seconds the EMG sends a query message to hosts to get the group

membership information.

Query Response Interval

Last Member Query Interval

Robustness Value

Maximum Multicast Groups

Maximum Multicast Data Sources

Enter the maximum number of seconds the EMG can wait for receiving a General Query message. Multicast routers use general queries to learn which multicast groups have members.

Enter the maximum number of seconds the EMG can wait for receiving a response to a GroupSpecific Query message. Multicast routers use group-specific queries to learn whether any member remains in a specific multicast group.

Enter the number of times (1~7) the EMG can resend a packet if packet loss occurs due to network congestion.

Enter a number to limit the number of multicast groups an interface on the EMG is allowed to join. Once a multicast member is registered in the specified number of multicast groups, any new IGMP or MLD join report frames are dropped by the interface.

Enter a number to limit the number of multicast data sources (1-24) a multicast group is allowed to have.

Note: The setting only works for IGMPv3 and MLDv2.

Maximum Multicast Group Members

Enter a number to limit the number of multicast members a multicast group can have.

EMG6726/8726-B10A User’s Guide

175

Chapter 13 IGMP/MLD

Table 67 Network Setting > IGMP/MLD (continued)

LABEL DESCRIPTION

Fast Leave Enable

LAN to LAN (Intra LAN) Multicast Enable

Membership Join Immediate (IPTV)

Apply Click Apply to save your changes back to the EMG. Cancel Click Cancel to exit this screen without saving.

Select this option to set the EMG to remove a port from the multicast tree immediately (without sending an IGMP or MLD membership query message) once it receives an IGMP or MLD leave message. This is helpful if a user wants to quickly change a TV channel (multicast group change) especially for IPTV applications.

Select this to enable LAN to LAN IGMP snooping capability.

Select this to have the EMG add a host to a multicast group immediately once the EMG receives an IGMP or MLD join message.

EMG6726/8726-B10A User’s Guide

176

14.1 Overview

Virtual LAN IDs are used to identify different traffic types over the same physical link.

In the following example, the EMG can use VLAN IDs (VID) 100 and 200 to identify Video-on-Demand and IPTV traffic respectively coming from the two VoD and IPTV multicast servers. The EMG can also tag outgoing requests to these servers with these VLAN IDs.

Figure 111 VLAN Group Example

CHAPTER 14

VLAN Group

14.1.1 What You Can Do in this Chapter

Use these screens to group separate VLAN groups together to be treated as one VLAN group.

14.2 The VLAN Group Screen

Click Network Setting > Vlan Group to open the following screen.

Figure 112 Network Setting > Vlan Group

EMG6726/8726-B10A User’s Guide

177

Chapter 14 VLAN Group

The following table describes the fields in this screen. Table 68 Network Setting > Vlan Group

LABEL DESCRIPTION

Add New VLAN Group

# This is the index number of the VLAN group. Group Name This shows the descriptive name of the VLAN group. VLAN ID This shows the unique ID number that identifies the VLAN group. Interfaces This shows the LAN ports included in the VLAN group and if traffic leaving the port will be tagged

Modify Click the Edit icon to change an existing VLAN group setting or click the Delete icon to remove

Click this button to create a new VLAN group.

with the VLAN ID.

the VLAN group.

14.2.1 Add/Edit a VLAN Group

Click the Add New VLAN Group button in the Vlan Group screen to open the following screen. Use this screen to create a new VLAN group.

Figure 113 Add/Edit VLAN Group

The following table describes the fields in this screen. Table 69 Add/Edit VLAN Group

LABEL DESCRIPTION

VLAN Group Name

VLAN ID Enter a unique ID number, from 1 to 4,094, to identify this VLAN group. Outgoing traffic is tagged

LAN Select Include to add the associated LAN interface to this VLAN group.

OK Click OK to save your changes back to the EMG. Cancel Click Cancel to exit this screen without saving.

Enter a name to identify this group. You can enter up to 30 characters. You can use letters, numbers, hyphens (-) and underscores (_). Spaces are not allowed.

with this ID if Tx Tagging is selected below.

Select Tx Tagging to tag outgoing traffic from the associated LAN port with the VLAN ID number entered above.

EMG6726/8726-B10A User’s Guide

178

Interface Grouping

15.1 Overview

By default, all LAN and WAN interfaces on the EMG are in the same group and can communicate with each other. Create interface groups to have the EMG assign the IP addresses in different domains to different groups. Each group acts as an independent network on the EMG. This lets devices connected to an interface group’s LAN interfaces communicate through the interface group’s WAN or LAN interfaces but not other WAN or LAN interfaces.

15.1.1 What You Can Do in this Chapter

The Interface Grouping screens let you create multiple networks on the EMG (Section 15.2 on page 179).

CHAPTER 15

15.2 The Interface Grouping Screen

You can manually add a LAN interface to a new group. Alternatively, you can have the EMG automatically add the incoming traffic and the LAN interface on which traffic is received to an interface group when its DHCP Vendor ID option information matches one listed for the interface group.

Use the LAN screen to configure the private IP addresses the DHCP server on the EMG assigns to the clients in the default and/or user-defined groups. If you set the EMG to assign IP addresses based on the client’s DHCP Vendor ID option information, you must enable DHCP server and configure LAN TCP/IP settings for both the default and user-defined groups. See Chapter 8 on page 100 for more information.

In the following example, the client that sends packets with the DHCP Vendor ID option set to MSFT 5.0 (meaning it is a Windows 2000 DHCP client) is assigned the IP address 192.168.2.2 and uses the WAN eth10.0 interface.

EMG6726/8726-B10A User’s Guide

179

Chapter 15 Interface Grouping

Figure 114 Interface Grouping Application

Click Network Setting > Interface Grouping to open the following screen.

Figure 115 Network Setting > Interface Grouping

The following table describes the fields in this screen. Table 70 Network Setting > Interface Grouping

LABEL DESCRIPTION

Add New Interface Group

Group Name This shows the descriptive name of the group. WAN Interface This shows the WAN interfaces in the group. LAN Interfaces This shows the LAN interfaces in the group. Criteria This shows the filtering criteria for the group. Modify Click the Delete icon to remove the group.

Click this button to create a new interface group.

15.2.1 Interface Group Configuration

Click the Add New Interface Group button in the Interface Grouping screen to open the following screen. Use this screen to create a new interface group.

Note: An interface can belong to only one group at a time.

EMG6726/8726-B10A User’s Guide

180

+ 143 hidden pages