EXPLORER. TFT Filter CONFIGURATION

(1)

EXPLORER™ TFT Filter Configuration Page 1 of 9

EXPLORER™

TFT Filter

(2)

(3)

2 Introduction

This document describes how to configure the Traffic Flow Templates (TFT) filters in the built-in web server of the Thrane & Thrane EXPLORER™ BGAN Terminals EXPLORER™300, EXPLORER™500 and EXPLORER™700.

(4)

3 Protocols

This chapter provides an overview of the most important and common protocols of the TCP/IP transport layer. These include:

•User Datagram Protocol (UDP) •Transmission Control Protocol (TCP)

By building on the functionality provided by the Internet Protocol (IP), the transport protocols deliver data to applications. The transport protocols can provide additional functionality such as congestion control, reliable data delivery, duplicate data

suppression, and flow control as is done by TCP. The protocol number must be known to create some of the filters described later in this document.

ICMP 1 Internet Control Message, ICMP messages are sent in

several situations: for example, when a datagram cannot reach its destination, when the gateway does not have the buffering capacity to forward a datagram, and when the gateway can direct the host to send traffic on a shorter route. The purpose of these control messages is to provide feedback about problems in the communication environment, not to make IP reliable.

TCP 6 Transmission Control Protocol (TCP) is typically used

by applications that require guaranteed delivery. The most common applications are file transfer (FTP), email and web browsing.

UDP 17 User Datagram Protocol (UDP) offers only a minimal

transport service (non-guaranteed datagram delivery). UDP is used by applications that do not require the level of service of TCP and is mostly used for video

and radio broadcast.

For further detailed information about protocols vist following websites:

http://www.iana.org/numbers.html

(5)

4 Ports

This chapter describes the most common used protocol numbers. A port number is a 16-bit number, used by the host-to-host protocol to identify to which application program it must deliver incoming messages. The port number must be known to create some of the filters described later in this document.

FTP-data 20 File Transfer – data

FTP-control 21 File Transfer – control

SSH 22 SSH - Remote Login Protocol

Telnet 23 Telnet session

SMTP 25 Simple Mail Transfer Protocol (email)

HTTP 80 World Wide Web HTTP

POP3 110 Post Office Protocol - Version 3 (email)

IMAP 143 Internet Message Access Protocol (email)

SNMP 161 Simple Network Management Protocol

For further detailed information about ports visit following websites:

(6)

5 TFT

Filters

The Traffic Flow Template (TFT) filters are used by GGSN (Gateway GPRS Support Node) in the Inmarsat core network to discriminate between different user payloads. The TFT incorporates packet filters such as QoS (Quality of Service), PDP Context and security. Using the packet filters the GGSN maps the incoming datagrams into the correct PDP Context. The TFT filter can be configured in the web server of the EXPLORER™ after log in as Administrator. The default username is: “admin” and password: “1234”. These can be changed if needed. See Figure 1 below:

(7)

Configuration of the TFT Filters is done in the “Traffic flow templates” menu. See Figure 2.

Figure 2: TFT Filters

The TFT filters are setup in the EXPLORER™ and in the core network (CN) upon registration of a PDP Context.

NOTE:

TFT filters are seen from the core network’s (CN) view. Therefore “Destination” means from CN to EXPLORER™ and “Source” means from EXPLORER™ to CN.

5.1 UDP - TFT Filter

To create a filter to control only UDP traffic to use a certain PDP context it is necessary only to specify the Protocol number 17 (UDP). See example in Figure 3 below.

Figure 3: UDP - TFT Filter

The next is to select the UDP - TFT filter to be used on a certain PDP Context. See example in Figure 4 below.

(8)

5.2 FTP - TFT Filter

To create a filter only allowing FTP traffic through a certain PDP Context it is necessary to specify the protocol number 6 (TCP) and a port ranges for up and download and data transfer. Normally port 20 to 22 is used for control message and after connection setup the FTP server specifies a random port number above 1023. Only port numbers below 1024 is standard defined ports. See example below of how to make the two filters to control FTP traffic.

Figure 5: FTP - TFT Filters

The next is to select the filters to apply to a certain PDP Context. See example in Figure 6 below.

(9)

5.3 IP address - TFT Filter

Some users want to restrict the use of the EXPLORER ™ terminal e.g. only to be able to log in to the company via VPN. This can be obtained by specifying a TFT filter only to allow traffic to a certain IP address. To create that TFT filter it is necessary to specify the IP address and subnet mask. See example in Figure 7 below.

Figure 7: IP address - TFT Filter

Next is to enable this filter on all PDP Contexts in the EXPLORER™. See settings on Figure 8 below.

Figure 8: Filter 1 for all connections

6 Final

word

The filter configurations in the previous chapters are just examples of how to make the most common used filtering. Only your imagination is the limit to how you can route traffic, exclude certain type of traffic and how to restrict access to certain web sites. This document was meant to help you understand how to make filters for your applications and usage.

Kind regards,

Thrane & Thrane A/S