Defining Connection Access
DDR is commonly configured as a hub and spoke network, where remote sites dial a central site to exchange data. Depending on the needs, the central site can also be the one to contact the remote sites to retrieve data. Calls are initiated on a per need basis and are shut down once the transmission is terminated. Access Control Lists (ACLs) can be used to restrict which type of traffic is allowed to establish a connection. ACLs can be refined so that the interface is brought up only when the connection established matches a specific set of criteria. These specific criteria are essential to minimizing connections which would otherwise be initiated needlessly, thereby minimizing cost.
When using dynamic routing protocols to discover remote networks, it is crucial to configure interesting traffic accordingly; otherwise the connection will be initiated on every dynamic routing update. Depending on the protocol being used this could occur as often as once every 60 seconds. Additionally, it is equally crucial to filter out any native Ethernet traffic which would otherwise cause an unwanted connection to initialize.
ACLs can also restrict the establishment of a link depending on the destination host being contacted and the host trying to establish the connection. For example, if only certain users are to be allowed to establish connections, but all users should have intranet access, then ACLs can be configured so that only the computers of the select users are allowed access.
Furthermore, ACLs can be configured so that only connections to a specific destination will be initialized. For example, if a hypothetical user Alice wants to connect to a Destination X and a hypothetical User Bob wants to connect to Destination Y, but traffic to destination X is not considered interesting, then only Bob would be able to establish a WAN connection.
Interesting traffic can also be defined such that only SSH packets are allowed to establish the link. In that case, then all other packets trying to access valid destinations will be discarded. When configuring dynamic routing protocols to communicate over a DDR connection, their update packets must be classified as interesting traffic. Depending on the dynamic routing protocol being used, setting their updates as interesting traffic might cause the connection to be initialized often.
For example RIP v1, which updates every 30 seconds, would cause the connection to be initialized on every update. It is common to see static routes defined for these connections in order to avoid extra service charges. Other routing protocols such as Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP) only send updates when a connection changes. These routing protocols are ideal for DDR and must be configured with "default-information originate" on a Cisco router.
Read more about this topic: Dial-on-demand Routing
Famous quotes containing the words defining, connection and/or access:
“Art, if one employs this term in the broad sense that includes poetry within its realm, is an art of creation laden with ideals, located at the very core of the life of a people, defining the spiritual and moral shape of that life.”
—Ivan Sergeevich Turgenev (1818–1883)
“One must always maintain one’s connection to the past and yet ceaselessly pull away from it. To remain in touch with the past requires a love of memory. To remain in touch with the past requires a constant imaginative effort.”
—Gaston Bachelard (1884–1962)
“The nature of women’s oppression is unique: women are oppressed as women, regardless of class or race; some women have access to significant wealth, but that wealth does not signify power; women are to be found everywhere, but own or control no appreciable territory; women live with those who oppress them, sleep with them, have their children—we are tangled, hopelessly it seems, in the gut of the machinery and way of life which is ruinous to us.”
—Andrea Dworkin (b. 1946)