2010年6月2日 星期三

How to delimit TR069,OAM and OMCI


What is TR069?
TR069 is a protocol number define by DSL forum (www.broadband-forum.com). The protocol name is CPE WAN Management Protocol. The CPE WAN Management Protocol defines a mechanism that encompasses secure auto-configuration of a CPE, and also incorporates other CPE management functions into a common framework.
The CPE WAN Management Protocol is intended to support a variety of functionalities to manage a collection of CPE, including the following primary capabilities:
a)Auto-configuration and dynamic service provisioning
b)Software/firmware image management
c)Status and performance monitoring
d)Diagnostics
There are a lot of protocols related to TR069. For example:
Number
Describe
Date
TR-069 Amendment 2
CPE WAN Management Protocol v1.1
December 2007
TR-098 Amendment 1
Internet Gateway Device Data Model for TR-069
December 2006
TR-104
DSLHomeTM Provisioning Parameters for VoIP CPE
September 2005
TR-111
DSLHomeTMApplying TR-069 to Remote Management of Home Networking Devices
December 2005
TR-142
Framework for TR-069 enabled PON devices
March 2008
What is OAM?
OAM is Operations, Administration, and Maintenance.
Chapter 57 of 802.3ah defines the Operations, Administration, and Maintenance (OAM) sublayer, which provides mechanisms useful for monitoring link operation such as remote fault indication and remote loopback control. In general, OAM provides network operators the ability to monitor the health of the network and quickly determine the location of failing links or fault conditions. The OAM described in this clause provides data link layer mechanisms that complement applications that may reside in higher layers.
This subclause provides details and functional requirements for the OAM objectives:
a) Remote Failure Indication
1) A mechanism is provided to indicate to a peer that the receive path of the local DTE is nonoperational.
2) Physical layer devices using Clause 66 may support unidirectional operation that allows OAM
remote failure indication during fault conditions.
3) Subscriber access physical layer devices using Clause 65 support unidirectional operation in
the direction from OLT to ONU that allows OAM remote failure indication from OLT during fault conditions.
4) Physical layer devices other than those listed above do not support unidirectional operation allowing OAM remote failure indication during fault conditions. Some physical layer devices have specific remote failure signaling mechanisms in the physical layer.
b) Remote Loopback
A mechanism is provided to support a data link layer frame-level loopback mode.
c) Link Monitoring
1) A mechanism is provided to support event notification that permits the inclusion of diagnostic information.
2) A mechanism is provided to support polling of any variable in the Clause 30 MIB.
d) Miscellaneous
1) Implementation and activation of OAM is optional.
2) A mechanism is provided that performs OAM capability discovery.
3) An extension mechanism is provided and made available for higher layer management applications.
NoteThe 802.3ah standard only describes some OAM capabilities on the link layer, and no provisioning capabilities to configure other CPE features.
What is OMCI?
OMCI is ONT Management and Control Interface.
The OMCI is used by the OLT to control an ONT. This protocol allows the OLT to:
a) establish and release connections across the ONT;
b) manage the UNIs at the ONT;
c) request configuration information and performance statistics;
d) autonomously inform the system operator of events such as link failures.
The OMCI protocol runs across either an ATM or GEM connection between the OLT controller and the ONT controller that is established at ONT initialization. The OMCI protocol is asymmetric: the controller in the OLT is the master and the one in the ONT is the slave. A single OLT controller using multiple instances of the protocol over separate control channels may control multiple ONTs.
The ONT management and control interface requirements given in this Recommendation are needed to manage the ONT in the following areas:
a) configuration management;
b) fault management;
c) performance management;
d) security management.
Note: G.984.4 OMCI does specify quite extensive provisioning capabilities.
TR142 -------TR069, OAM and OMCI
First we explain what are TR069, OAM and OMCI. They have lot of capabilities and someone maybe overlap another one. How to delimit them? TR142 define some clauses for delimit TR069, OAM and OMCI.
In broad terms, layer 3 auto-configuration is the same for a PON ONT as for a DSL BNT. A PON ONT can be assigned an IP address via DHCP, IPCP, or static IP addressing. The main difference between the PON ONT and the DSL B-NT configuration and management is in the link layer.
There is quite a big difference between OMCI capabilities and 802.3ah. Briefly, the 802.3ah standard only describes some OAM capabilities on the link layer, and no provisioning capabilities to configure other CPE features. In contrast OMCI does specify quite extensive provisioning capabilities, including management of services such as voice services, circuit emulation services, etc.
OAM
OMCI
For the configuration and management of the PON ONT, PLOAM messages, OMCI and 802.3ah still play the role for which they were designed. The TR-069 protocol (CPE WAN Management Protocol) can complement OMCI (and related protocols) for the configuration and management of subscriber services, meaning services for layer3 and above. TR-069 can also overlap OMCI (and related protocols) in the configuration and management of the PON ONT itself. TR-069 is moreover used for the configuration and management of other customer premises devices (STB, VoIP, network storage elements…) as explained in TR-106. Note that it is not in the goal of this Technical Report to define a clear delimitation on the roles of OMCI and TR-069, as this is implementation-specific.
reference documentation
TR-142Framework for TR-069 enabled PON devices
TR-069CPE WAN Management Protocol
G.984.4
802.3ah

IPTABLE 對付(減輕) DDOS 的設定

# Make sure NEW tcp connections are SYN packets
iptables -N syn-flood
iptables -A INPUT -p tcp --syn -j syn-flood
iptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN
iptables -A syn-flood -j DROP
iptables -A INPUT -i eth0 -p tcp ! --syn -m state --state NEW -j DROP

#SYN_RECV
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "10" > /proc/sys/net/ipv4/tcp_fin_timeout
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "5000" > /proc/sys/net/ipv4/tcp_max_syn_backlog
#TIME_WAIT
echo "180000" > /proc/sys/net/ipv4/tcp_max_tw_buckets
echo "1" > /proc/sys/net/ipv4/tcp_rfc1337
echo "1" > /proc/sys/net/ipv4/tcp_tw_recycle
echo "1" > /proc/sys/net/ipv4/tcp_tw_reuse
echo "5" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
echo "10" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_recv
echo "10" > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_sent

How to use simple speedtest in RaspberryPi CLI

  pi@ChunchaiRPI2:/tmp $  wget -O speedtest-cli https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py --2023-06-26 10:4...