Enterasys Networks CSX5500, CSX6000, CSX7000 manual Watchdog Protocol

CONFIGURING IPX

IPX Spoofing

WATCHDOG PROTOCOL

Watchdog Protocol is used by NetWare Servers to detect “dead” clients. If no traffic has been seen by a server from an attached client for a configurable amount of time, the server sends a watchdog packet to the client to determine if the client is still alive or merely inactive. If, after a few minutes, a watchdog reply is not received by a server, it is assumed that the client is no longer alive and the connection to the server is terminated.

If no connection exists to a device and the server sends a watchdog request to a remote client, a connection would have to be established to deliver the watchdog request. With watchdog spoofing enabled, a watchdog response is generated internally and delivered to the server as if the packet was sent by the remote client. This satisfies the server without causing a connection to be established. To allow a server to timeout a client that is no longer alive, the watchdog requests are forwarded over the WAN when a connection already exists. In addition, a watchdog spoofing duration time, T, can be specified. When the connection is down to a device and a watchdog request is received that should be forwarded to this device, a watchdog response will be spoofed for T amount of time. After T amount of time, the watchdog request will be filtered without generating a response. The duration timer T starts when a device is disconnected and is reset each time a new connection is established.

This above described implementation will be followed for watchdog request packets received over the LAN and the WAN. If a watchdog request is received over the WAN and it is determined that a spoofed watchdog response should be generated, it will be returned over the same WAN connection on which it was received.

The implementation of watchdog spoofing eliminates unnecessary connections while allowing clients to be aged out and does not require any client side spoofing or end-to-end-protocol.

The parameters for watchdog spoofing are configured for each remote device. The watchdog spoofing option can be enabled or disabled. By default the option is enabled. When disabled the watchdog requests are routed without any special handling. If the option is enabled, the watchdog spoofing duration time T is specified in minutes. The default is set to 120 minutes.

SPX PROTOCOL

SPX Protocol is optionally used by NetWare applications requiring guaranteed, in-sequence delivery of packets by a connection-oriented service. Each end of an SPX connection sends keep- alive packets, identified as <SYS> packets, to monitor the status of the connection.

The SPX protocol ensures connection integrity by exchanging a keep-alive packet between the connection end-points, once every 6 seconds. If an SPX keep-alive packet is received that is destined for a remote device and no connection exists to the device, a connection would have to be established to deliver the packet. The keep-alive packets are handled using the same approach being used for server watchdog request packets. With SPX spoofing enabled, a keep-alive is generated internally and delivered to the local endpoint as if the packet was sent by the remote endpoint. This satisfies the local endpoint without causing a connection to be established. To allow an SPX connection to timeout the keep-alives are forwarded over the WAN when a connection already exists. In addition, an SPX spoofing duration time T can be specified. When the connection is down to a device and a keep-alive is received that should be forwarded to this device, a keep- alive will be spoofed for T amount of time. After T amount of time, the keep-alive will be filtered without generating a keep-alive response. The duration timer T starts when a device is disconnected and is reset each time a new connection is established.

Central Site Remote Access Switch 339