Defining Connection Access
DDR is commonly configured as a hub and spoke network, where remote sites dial a central site to exchange data. Depending on the needs, the central site can also be the one to contact the remote sites to retrieve data. Calls are initiated on a per need basis and are shut down once the transmission is terminated. Access Control Lists (ACLs) can be used to restrict which type of traffic is allowed to establish a connection. ACLs can be refined so that the interface is brought up only when the connection established matches a specific set of criteria. These specific criteria are essential to minimizing connections which would otherwise be initiated needlessly, thereby minimizing cost.
When using dynamic routing protocols to discover remote networks, it is crucial to configure interesting traffic accordingly; otherwise the connection will be initiated on every dynamic routing update. Depending on the protocol being used this could occur as often as once every 60 seconds. Additionally, it is equally crucial to filter out any native Ethernet traffic which would otherwise cause an unwanted connection to initialize.
ACLs can also restrict the establishment of a link depending on the destination host being contacted and the host trying to establish the connection. For example, if only certain users are to be allowed to establish connections, but all users should have intranet access, then ACLs can be configured so that only the computers of the select users are allowed access.
Furthermore, ACLs can be configured so that only connections to a specific destination will be initialized. For example, if a hypothetical user Alice wants to connect to a Destination X and a hypothetical User Bob wants to connect to Destination Y, but traffic to destination X is not considered interesting, then only Bob would be able to establish a WAN connection.
Interesting traffic can also be defined such that only SSH packets are allowed to establish the link. In that case, then all other packets trying to access valid destinations will be discarded. When configuring dynamic routing protocols to communicate over a DDR connection, their update packets must be classified as interesting traffic. Depending on the dynamic routing protocol being used, setting their updates as interesting traffic might cause the connection to be initialized often.
For example RIP v1, which updates every 30 seconds, would cause the connection to be initialized on every update. It is common to see static routes defined for these connections in order to avoid extra service charges. Other routing protocols such as Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP) only send updates when a connection changes. These routing protocols are ideal for DDR and must be configured with "default-information originate" on a Cisco router.
Read more about this topic: Dial-on-demand Routing
Famous quotes containing the words defining, connection and/or access:
“The industrial world would be a more peaceful place if workers were called in as collaborators in the process of establishing standards and defining shop practices, matters which surely affect their interests and well-being fully as much as they affect those of employers and consumers.”
—Mary Barnett Gilson (1877–?)
“Accept the place the divine providence has found for you, the society of your contemporaries, the connection of events.”
—Ralph Waldo Emerson (1803–1882)
“A girl must allow others to share the responsibility for care, thus enabling others to care for her. She must learn how to care in ways appropriate to her age, her desires, and her needs; she then acts with authenticity. She must be allowed the freedom not to care; she then has access to a wide range of feelings and is able to care more fully.”
—Jeanne Elium (20th century)