Cisco Systems ONS 15600 manual Scenario 8 Dual GNEs on a Subnet, Nodes Behind a Firewall

Chapter 9 Management Network Connectivity

9.2.8 Scenario 8: Dual GNEs on a Subnet

Figure 9-13 Nodes Behind a Firewall

Figure 9-14shows a CTC computer and ONS 15600s behind firewalls. For the computer to access the ONS 15600, you must provision the IIOP port on the CTC computer and on the ONS 15600. Each firewall can use a different IIOP port. For example, if the CTC computer firewall uses IIOP port 4000, and the ONS 15600 firewall uses IIOP port 5000, 4000 is the IIOP port you provision for the CTC computer and 5000 is the IIOP port you provision for the ONS 15600.

Figure 9-14 CTC Computer and ONS 15600s Residing Behind Firewalls

If you implement the proxy server, note that all DCC-connected ONS 15600s on the same Ethernet segment must have the same gateway setting. Mixed values produce unpredictable results, and might leave some nodes unreachable through the shared Ethernet segment.

If nodes become unreachable, correct the setting by performing one of the following actions:

•Disconnect the craft computer from the unreachable ONS 15600. Connect to the ONS 15600 through another network ONS 15600 that has a DCC connection to the unreachable ONS 15600.

•Disconnect all DCCs to the node by disabling them on neighboring nodes. Connect a CTC computer directly to the ONS 15600 and change its provisioning.

9.2.8Scenario 8: Dual GNEs on a Subnet

The ONS 15600 provides GNE load balancing, which allows CTC to reach ENEs over multiple GNEs without the ENEs being advertised over OSPF. This feature allows a network to quickly recover from the loss of a GNE, even if the GNE is on a different subnet. If a GNE fails, all connections through that GNE fail. CTC disconnects from the failed GNE and from all ENEs for which the GNE was a proxy and

Cisco ONS 15600 Reference Manual, R7.2

9-17