Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Separate Interfaces for Management and Circuit Traffic Overview

 

Until CTPOS and CTPView Release 7.1, only one network device (the default device) is used for both management and circuit data. In certain network topologies, a segregation is required between the circuit or Ethernet traffic and management traffic. Therefore, separate interfaces need to be used for the management and circuit networks so that traffic segregation can be achieved at the physical interface level. Starting with CTPOS Release 7.2, support for configuring two default gateways, one for management traffic and the other for circuit device, is available, which enables circuit and management traffic to be segregated.

The functionality to segregate management and circuit traffic requires at least two Ethernet devices—one for circuit traffic and the other for management traffic. When this feature is enabled, both management and circuit interfaces are required to be configured. Segregation of traffic is performed on the basis of the management and circuit device or interface. CTP devices that support two default gateways are required—one for management device and other for circuit device. Each interface replies to incoming packets via its own default gateway. All incoming and outgoing packets in the circuit network traverse through the circuit device gateway (main default gateway). All incoming and outgoing packets in the management network traverse through the management device gateway.

For having two default gateways, policy-based routing is required. Policy-based routing enables the creation of multiple routing tables, one for each interface. Policy-based routing provides a flexible mechanism for forwarding data packets based on polices configured by a network administrator. This capability enables you to implement policies that selectively cause packets to take different paths. For circuit traffic, the main routing table, inet.0 is referred and for management traffic, the newly-created policy-based routing table is referred. The policy-based routing table is used, based on a set of rules. Using the main routing table for circuit device enables any IP table-related changes for the SAToP and CESoPSN bundles to be avoided. An entry of this newly created policy-based routing table is stored at /etc/iproute2/rt_tables.

The “IPV4 configuration” under “Config Network Settings” menu is modified to enable the configuration of different interfaces for management traffic and circuit or Ethernet traffic. The Display network settings menu is modified to display the circuit and management network devices. A separate conf file is implemented to indicate the status of this feature (whether it is enabled or not). Apart from feature status, this configuration file also stores information related to circuit and management device. With this feature to distinguish management and circuit traffic, Ethernet failover is supported only on the circuit interface and not on the management interface. This feature cannot be activated during the first boot process.

After the management device is selected, a new policy based routing table is created for this device. For example, if the routine table is named 10 tab-eth0, 10 denotes the route table number and tab-eth0 signifies the route table name created for management device eth0. This table is referred according to the rule specified in the rule-eth0 file.

The following command displays the main route table and the newly created policy based route table “tab-eth0”:

The following command displays the rules added for the policy-based route table:

When this feature is disabled, the IP config/query section in the CTP Menu does not display the option for segregating management and circuit traffic.

Operations Performed When Management and Circuit Traffic Are Segregated

When you activate the feature to separate management and circuit traffic, you are prompted to enter the default circuit and default management device. If you enter the same device for both management and circuit devices, an error message is displayed stating that you need to define different devices for circuit and management traffic. When you enter a correct management device (say ethX), a reference for the policy-based routing table is created for management device. An entry of its route-table number and route-table name is added in /etc/iproute2/rt_tables. This route table is referred for the management device according to the rule specified by its rule file (rule-ethX).

After you configure the management device, a route entry for its own subnet and a default gateway route for that device is added to the route- ethX file. Rules are added to rule-ethX file to handle the inbound and outbound packets through this network. The rule-ethX file contains the rules such that if any packet arrives for the management network or if any packet is originated from the management network IP address, then such a packet is transmitted through the management device gateway. An existing configuration file, /etc/sysconfig/ctp, is used to store this feature configuration. The configuration of this feature contains the status of this feature, circuit device name, and management device name.

The following example illustrates the contents of the /etc/sysconfig/ctp file:

When you disable this feature, the policy-based route table and the rules corresponding to that route table are deleted from the system and the system is configured as it was configured previously (with one default gateway). The route-ethX file and rule-ethX files are also be deleted from the system after the feature is disabled.

This feature is not supported with IPv6-only or independent IPv6 (and not a combination of IPv4 and IPv6) configuration. This limitation denotes that with IPv6 configuration settings specified on a CTP device, the option to separate management and circuit traffic is not available for configuration. If this feature is enabled on CTP150 devices, Ethernet failover cannot be activated because CTP150 devices contain only two Ethernet devices and the PCI mezzanine card (PMC) is not supported on such devices.