Sunday, March 28, 2010

Deploying updates on clients in WSUS environment

Query:
I am little bit confused regarding deploying updates on clients using WSUS server, i have configured some four clients using group policy to point to WSUS server, that clients are shown in WSUS administrationtconsole but how to deploy updtes from server to client i want the procedure , also i want to schedule the client for getting updtes informtion from server. so plz help me out for this problem asap.

Solution:
Check this
Server Side after SUS Installation
Synchronizing SUS
  • If you are not already viewing the SUS administration page, open Internet Explorer and navigate to http://yoursusSERVER01/SUSAdmin. 
  • To view the SUS administration site, you might need to add Server01 to the Local Intranet trusted site list to access the site. Open Internet Explorer, and choose Internet Options from the Tools menu. Click the Security Tab. Select Trusted Sites, and click Sites. Add yoursusServer01 and yoursusServer01.contoso.com to the trusted site list. 
  • Click Synchronize Server on the left navigation bar. 
  • Click Synchronization Schedule.
    You will manually synchronize for this. However, you can examine synchronization options by clicking Synchronize Using This Schedule. When you are finished exploring settings, click Cancel. 
  • On the Synchronize Server page, click Synchronize Now. If you have elected to download updates to the server, synchronization might take some time. 
  • After synchronization has occurred, you will be redirected automatically to the Approve Updates page. You can also click Approve Updates on the left navigation bar. 
  • Approve a small number of updates so that you can return later to experiment further with approval and automatic updates. 
  • Examine other pages of the SUS administration site. After you have familiarized yourself with the site, close Internet Explorer.
    Configuring Automatic Updates Through Group Policy
    The Automatic Updates client will, by default, connect to the Microsoft Windows Update server. Once you have installed SUS in your organization, you can direct Automatic Updates to connect to specific intranet servers by configuring the registry of clients manually or by using Windows Update group policies.
    To configure Automatic Updates using GPOs, open a GPO and navigate to the Computer Configuration\Administrative Templates\Windows Components\Windows Update node.
Configuring Automatic Updates
  • ·         Open Active Directory Sites And Services.NoteMost enterprises have found little reason to link GPOs to sites, rather than to OUs or the domain. However, SUS-related policies lend themselves well to site application because you are directing clients to the most site-appropriate SUS server.
  • ·         Right-click the Default-First-Site-Name site, and choose Properties.
  • ·         Click the Group Policy tab.
  • ·         Click New, and name the new GPO SUS-Site1.
  • ·         Click Edit. The Group Policy Object Editor opens.
  • ·         Navigate to Computer Configuration\Administrative Templates\Windows Components\Windows Update.
  • ·         Double-click the policy Specify Intranet Microsoft Update Service Location.
  • ·         Click Enabled.
  • ·         In both text boxes, type http://yourSUSserver01.contoso.com.
  • ·         Click OK.
  • ·         Double-click the policy Configure Automatic Updates.
  • ·         Click Enabled.
  • ·         In the Configure Automatic Updating drop-down list, choose 4-Auto Download And Schedule The Install.
  • ·         Confirm the installation schedule as daily at 3:00 A.M.
  • ·         Click OK.
  • ·         Double-click the policy Reschedule Automatic Updates Scheduled Installations.
  • ·         Click Enabled.
  • ·         In the Wait After System Startup (Minutes) box, type 1.The Wait After System Startup policy is used to reschedule a scheduled installation that was missed, typically when a machine was turned off at the scheduled date and time. !
  • ·         Click OK.
  • ·         Close the Group Policy Object Editor and the Properties dialog box for Default-First-Site-Name.
  • ·         To confirm the configuration, you can restart Server02, which is also within the scope of the new policy. Open System from Control Panel, and click the Automatic Updates tab. You will see that configuration options are disabled, as they are now being determined by policy.

How to forward multicast using linux machine?



Query:
I need to forward multicast using linux machine.
my server lan is on one interface & another interface of the firewall holds local lan,
nse server ip is 172.20.20.219
multicast comming from nse server is 233.1.2.3
i need to tansfer same to the local lan to view rates of the NSE EXCHANGE.
i am using redhat fedora core 2
eth0 is local lan
eth1&eth2 is dsl internet links
eth3 is server lan
i have tried with ifconfig -allmulti command on server interface,
i tried with :- [root@squid all]# echo 1 > /proc/sys/net/ipv4/conf/eth3/mc_forwarding
-bash: /proc/sys/net/ipv4/conf/eth3/mc_forwarding: Operation not permitted
route add -net 233.1.2.3 netmask 255.255.255.255 dev eth0
still i dont get multicast on the local interface.
kindly suggest me how can i do this.
                                        
Solution:
Multicast addresses are like Ethernet broadcast addresses, except that instead of automatically including everybody, the only people who receive packets sent to a multicast address are those programmed to listen to it. This is useful for applications such as Ethernet-based video conferencing or network audio, to which only those interested can listen. Multicast addressing is supported by most, but not all, Ethernet drivers. When this option is enabled, the interface receives and passes multicast packets for processing. This option corresponds to the ALLMULTI flag.
Check lan card drivers and kernel compilation option for multicast.


Squid iptables firewall


Problem: Firewall is applied on my network as given in below diagram; problem is that after configuring the firewall client system didnt get internet ping to firewall on both lan ips.

My network flow as follows

                Linux DHCP & Squid Proxy server
                                           |
Client System---> Switch ------>Firewall ----> Router---->VSNL Leased line

My problem is firewall set on linux server my cli

Solution:

Squid iptables firewall

The following iptables firewall is suited for a dual-homed Squid proxy server. ssh (TCP port 22), squid (TCP port 3128), and ICMP ECHO requests are allowed on the internal (LAN) interface. 
Squid is configured to proxy ftp, http, https, and AOL Instant Messenger traffic. In addition, the server is running a caching/forwarding name server and time server and therefore requires therefore requires outgoing UDP port 123 (ntp) and TCP/UDP port 53 (dns).
#!/bin/sh

LAN="eth1"   #(Note: Select the interface #
# which is connected to LAN)
INTERNET="eth0"
#((Note: Select the above internet interface which is #connected to WAN Side..)
IPTABLES="/sbin/iptables"



# Drop ICMP echo-request messages sent to broadcast or multicast addresses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ ignore_broadcasts

# Drop source routed packets
echo 0 > /proc/sys/net/ipv4/conf/all/ accept_source_route

# Enable TCP SYN cookie protection from SYN floods
echo 1 > /proc/sys/net/ipv4/tcp_ syncookies

# Don't accept ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/ accept_redirects

# Don't send ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/ send_redirects

# Enable source address spoofing protection
echo 1 > /proc/sys/net/ipv4/conf/all/ rp_filter

# Log packets with impossible source addresses
echo 1 > /proc/sys/net/ipv4/conf/all/ log_martians

# Needed for FTP (specifically, to allow incoming ftp-data connections)
/sbin/modprobe ip_conntrack_ftp

# Flush all chains
$IPTABLES --flush

# Allow unlimited traffic on the loopback interface
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT

# Set default policies
$IPTABLES --policy INPUT DROP
$IPTABLES --policy OUTPUT DROP
$IPTABLES --policy FORWARD DROP

# Previously initiated and accepted exchanges bypass rule checking
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow incoming port 22 (ssh) connections on LAN interface
$IPTABLES -A INPUT -i $LAN -p tcp --destination-port 22 -m state \
--state NEW -j ACCEPT

# Allow incoming port 3128 (squid) connections on LAN interface
$IPTABLES -A INPUT -i $LAN -p tcp --destination-port 3128 -m state \
--state NEW -j ACCEPT

# Allow ICMP ECHO REQUESTS on LAN interface
$IPTABLES -A INPUT -i $LAN -p icmp --icmp-type echo-request -j ACCEPT

# Allow DNS resolution
$IPTABLES -A OUTPUT -o $INTERNET -p udp --destination-port 53 -m state \
--state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 53 -m state \
--state NEW -j ACCEPT

# Allow ntp synchronization
$IPTABLES -A OUTPUT -o $LAN -p udp --destination-port 123 -m state \
--state NEW -j ACCEPT

# Allow ssh on LAN interface
$IPTABLES -A OUTPUT -o $LAN -p tcp --destination-port 22 -m state \
--state NEW -j ACCEPT

# Allow Squid to proxy ftp, http, https, and AIM traffic
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 21 -m state \
--state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 80 -m state \
--state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 443 -m state \
--state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp --destination-port 5190 -m state \
--state NEW -j ACCEPT

# Create a LOGDROP chain to log and drop packets
$IPTABLES -N LOGDROP
$IPTABLES -A LOGDROP -j LOG
$IPTABLES -A LOGDROP -j DROP

# Drop all other traffic
$IPTABLES -A INPUT -j LOGDROP

# Have these rules take effect when iptables is started
/sbin/service iptables save

See Also:

Sunday, March 14, 2010

Abbreviations

Abbreviations used in WiMAX Section
AAA Authentication, Authorization and Accounting
AAS Adaptive Antenna System also Advanced Antenna System
ACK Acknowledgement
AMC Adaptive Modulation and Coding
ASN Access Service network
ASP Application Service Provider
BS Base Station
BWA Broadband Wireless Access
CC Convolutional Coding
CP Cyclic Prefix
CQI Channel Quality Information
CSN Connectivity Service Node
CTC Convolutional Turbo Coding
DHCP Dynamic Host Configuration Protocol, typically used to assign IP addresses
DL Down Link
DVB/DAB Digital Video Broadcast/ Digital Audio Broadcast
FA Foreign Agent (MIP)
FCH Frame Control Header
FDD Frequency Division Duplex
FFT Fast Fourier Transform
FUSC Full Use of Sub-Channels
GW Gateway
HA Home Agent (MIP)
HARQ Hybrid Automatic Repeat reQuest
HHO Hard Hand-Off
IEEE Institute of Electrical and Electronics Engineers
IFFT Inverse Fast Fourier Transform
ISI Inter-Symbol Interference
LOS Line of Sight
MAC Media Access Control
MIMO Multiple Input Multiple Output
MIP Mobile IP (RFC 3344)
MS Mobile Station
NLOS Non Line-of-Sight
OFDM Orthogonal Frequency Division Multiplex
OFDMA Orthogonal Frequency Division Multiple Access
PHY Physical Layer, Layer 1
PUSC Partial Usage of Sub-Channels
QAM Quadrature Amplitude Modulation
QPSK Quadrature Phase Shift Keying
RTG Receive/transmit Transition Gap
S-OFDMA Scalable Orthogonal Frequency Division Multiple Access
SS Subscriber Station
STC Space Time Coding
TDD Time Division Duplex
TDMA Time Division Multiple Access
TTG Transmit/receive Transition Gap
UL Up Link
WiMAX Worldwide Interoperability for Microwave Access

OFDMA

OFDMA
TDD Frame Structure


OFDMA is two-dimensional with users sharing in both the time and frequency domains.
This allows scheduling and optimum use of finite spectrum.


Each user is assigned a burst area that has dimensions of sub-channels and symbols.


Key Elements
  • Preamble is broadcast for one symbol period and allows the user devices to acquire the system and synchronize. A known PN code is transmitted.
  • FCH reports the length of the DL-Map.
  • DL-Map contains bandwidth allocation for users and location of the UL-Map.
  • UL-Map contains bandwidth allocation of the UL for the next frame.
  • Both maps contain burst data regions, modulation, and coding type for the user.
  • Allocated regions in UL are available for random access, CQI, and ACKs.
  • Transmit Recieve Transition Gap (TTG) and Receiver Transmit Transition Gap (RTG) are guard times between the transmit and receiver portions of the frame.

Cyclic Prefix (CP)

Cyclic Prefix (CP)


Cyclic prefix (CP) mitigates multipath fading and inter-symbol interference (ISI) at the price of increasing bandwidth.


Delay spread exceeds symbol time. ISI is the result.


Separate the symbols in time by adding a gap.


Transmission must be continuous. To “fill” the gap, append data from the end of the symbol
to the beginning of the symbol.


CP allows the system to ignore the initial part of each symbol thus avoiding the area that would be
most likely impacted by multipath delay. Data in the CP region of the signal is discarded. CP is set
to 4-6 times the delay spread. WiMAX Forum profiles use a CP of 1/8, meaning that a section of
data equal to 1/8 of the original symbol is used.

Saturday, March 13, 2010

Multipath and Fading



Multipath and Fading

Each narrow band signal is subject to frequency-selective fading on the radio link. Convolutional Coding (CC) or Convolutional Turbo Coding (CTC) is used to protect the data.

Wednesday, March 10, 2010

OFDMA Sub-Channels and Permutation Zones

OFDMA Sub-Channels and Permutation Zones

The sub-carriers are divided into groups known as sub-channels
  • Sub-carriers may be adjacent or distributed in a sub-channel
  • Sub-carriers are assigned to sub-channels to ensure frequency diversity and interference diversity.

Sub-channel Usage Schemes
  • PUSC – Partial Usage of Sub-Channels
-       Mandatory mode for sending preambles and allocation messages and all the uplink messages
-       Sub-carriers are divided between cells (N=3) and then grouped into sub-channels
-       Goal: Reduce RF interference
  • FUSC - Full Usage of Sub-Channels
-       Optional and used in the downlink only.
-       All sub-carriers are available in every cell (N=1)
-       Goal: Maximize throughput
  • AMC – Adaptive Modulation and Coding
-       Adjacent sub-carriers are grouped into sub-channels.
-       Mobile devices provide feedback on channel conditions so the BS can adjust coding and modulation to match channel conditions.

In Mobile WiMAX, flexible sub-channel reuse is facilitated by sub-channel segmentation and
permutation zones. A Permutation Zone is a number of contiguous OFDMA symbols in the downlink
or uplink that use the same permutation or mapping sequence between the sub-channels and the
sub-carriers. A downlink frame may contain more than one permutation zone.

Zone Partitioning makes use of sub-carrier characteristics

  • Normal region contains frequency diverse sub-channels. Time scheduling is used to support voice service.
  • Band AMC region makes use of adjacent sub-channels and both time and frequency scheduling is available.
  • Broadcast region uses frequency-diverse sub-channels in a simulcast mode. This concept is borrowed from DVB/DAB system.
  • Preamble is a data-free symbol at the beginning of the frame for rough frequency synchronization in the receiver.

OFDM and OFDMA Signal in Frequency Domain

OFDM and OFDMA Signal in Frequency Domain

The sub-carriers are divided into several types
  • Data Sub-carriers
  • - Use QPSK, 16-QAM, 64-QAM modulation to transport data bits 
  • Pilot Sub-carriers
  • - Data-free symbols used to maintain optimal operation of the receiver 
  • Guard Sub-carriers
  • - Off, no power is generated at these frequencies 
  • DC Sub-carrier
  • - Off to support direct-conversion receivers 
Sub-carrier Spacing (1/T) is the reciprocal of the modulation symbol time (T)

OFDM - All sub-carriers belong to a single user for some period of time. Multiple users are accommodated at different times.
OFDMA - Users share the sub-carriers with a bandwidth dependent on the data service in use.
Each color represents a different user.






    Tuesday, March 9, 2010

    OFDM Spectral Overlap

    OFDM Spectral Overlap
    Conventional Frequency Division Multiplex (FDM) Multi-Carrier Modulation Technique

    In conventional FDM, each carrier frequency is separated by a guard band to prevent interference. The frequencies in the guard band area cannot be used to carry information. The Transmitter contains an IFFT block and the receiver contains an FFT block. FFT and IFFT are a linear transform pair, defined by the following equations. Orthogonal Frequency Division Multiplex (OFDM) Multi-Carrier Modulation Technique 
    OFDM sub-carriers have a sinc (sin(x)/x) frequency response resulting in overlapin the frequency domain. This overlap does not cause interference due to the orthogonality of the sub-carriers. 
    •  The OFDM receiver uses a time and frequency synchronized FFT to convert the OFDM time waveform back into the frequency domain. In this process the FFT picks up discrete frequency samples, corresponding to the peaks of the carriers. At these frequencies, all other carriers pass through zero eliminating interference between the sub-carriers.
    • The FFT requires strict adherence to:
      - An integer number of cycles during a symbol period
      - An integer number of cycles separating the sub-carriers
      - No phase or amplitude changes during symbol period

    Monday, March 8, 2010

    IFFTs and FFTs in OFDM

    IFFTs and FFTs in OFDM
    The Transmitter contains an IFFT block and the receiver contains an FFT block. FFT and IFFT are a linear transform pair, defined by the following equations.


    Sunday, March 7, 2010

    OFDM Transceiver

    OFDM Transceiver

    Block Diagram of OFDM Transmitter & OFDM Receiver

    OFDM Basic Principle

    OFDM Basic Principle
    • OFDM is a multi-carrier modulation scheme that transmits data over a number
      of orthogonal sub-carriers. Conventional transmission uses only a single carrier.
    • OFDM breaks the data to be sent in to multiple data streams. Each data stream
      is passed to a sub-carrier for modulation. The data streams are sent in parallel
      on the orthogonal sub-carriers.
    • OFDM Advantages
      • NLOS performance while maintaining a high level of spectral efficiency
        and maximizing the available spectrum.
      • Simple equalizer design.
      • Supports operation in multi-path propagation environments.
      • Uses a cyclic prefix to provide multi-path immunity and tolerance for time synchronization errors.
      • Scalable bandwidths provide flexibility and potentially reduces capital expense.

    Saturday, March 6, 2010

    WiMAX Network Architecture

    WiMAX Network Architecture developed by the WiMAX Forum

    All IP network
    • Existing IP standards used to avoid creating new network entities
    • WiMAX Forum defines procedures that permit WiMAX to 3GPP and WiMAX to 3GPP2
    Access Service Network (ASN)
    • Provides the radio interface that connects the SS with the network
    • Handles the radio interface and contains the base stations
    • Contains the ASN Gateway which has a one-to-many relationship with base stations
    • ASN Gateway handles mobility between base stations
    • Foreign Agent function acts as proxy for authentication and mobile IP
    Connectivity Service Network (CSN)
    • Provides connectivity between the ASN and the Internet or Application Services
    • Home Agent and AAA provide Authentication
    • Home Agent and DHCP provide IP Address Management
    • AAA provides billing records
    • Home Agent supports mobility
    Logical Interfaces

    802.16 Interfaces
    • R1 interface – SS to BS connection, radio link
    WiMAX Forum Interfaces
    • - R2 interface – SS to HA, supports roaming
    • - R3 interface – ASN to CSN, supports authentication, billing, and MIP messages
    • - R4 interface – ASN to ASN, defines mobility procedures when a SS crosses from one ASN to another
    • - R5 interface – CSN to CSN, supports roaming
    • - R6 interface – BS to ASN Gateway, supports mobility messages
    • - R7 interface – Internal to the ASN Gateway, not shown
    • - R8 interface – BS to BS, supports handoff

    WiMAX Standard & WiMAX Forum Release- 1 Mobile System Profiles

    Evolution of 802.16 Standard & IEEE 802.16 Options



    WiMAX Forum Release- 1 Mobile System Profiles

    IEEE and The WiMAX Forum

    IEEE and The WiMAX Forum

    The IEEE is a standards body and operates in a purely technical capacity.
    IEEE 802.16e-2005 defines the radio interface between the Mobile Station
    and the network for BWA. The standard defines only Layer 1 (PHY) and
    Layer 2 (MAC). Included in the standard are handoff definitions and descriptions
    of mandatory and optional features.

    The WiMAX Forum is a non-profit industry body dedicated to promoting the
    adoption of the IEEE 802.16 standard. The WiMAX Forum is responsible for
    developing the end-to-end, all IP network architecture for WiMAX. The WiMAX
    Forum is responsible for interoperability certification of vendor equipment and
    operates test labs throughout the world. The WiMAX Forum defines system
    profiles that define the feature set to be supported by WiMAX equipment.

    Search & Buy Amazon Products at discounted rate!!

    Newsletter

    Subscribe to AtoZ-networking Newsletter

    Do you want to receive Linux FAQs, Microsoft FAQ, Solaris FAQ, detailed Networking tutorials and tips published at atoz-networking? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

    Sign-up for the newsletter