GA

GA-C

Translate

Recent Most Popular

Friday, 15 February 2019

IP Tables in Linux - A Tutorial

This tutorial guides you how firewall works in Linux Operating system and what is IPTables in Linux? Firewall decides fate of packets incoming and outgoing in system. IPTables is a rule based firewall and it is pre-installed on most of Linux operating system. By default it runs without any rules. IPTables was included in Kernel 2.4, prior it was called ipchains or ipfwadm. IPTables is a front-end tool to talk to the kernel and decides the packets to filter. This guide may help you to rough idea and basic commands of IPTables where we are going to describe practical iptables rules which you may refer and customized as per your need.
Different services is used for different protocols as:
  1. iptables applies to IPv4.
  2. ip6tables applies to IPv6.
  3. arptables applies to ARP.
  4. ebtables applies to Ethernet frames..
IPTables main files are:
  1. /etc/init.d/iptables – init script to start|stop|restart and save rulesets.
  2. /etc/sysconfig/iptables – where Rulesets are saved.
  3. /sbin/iptables – binary.
iptables firewall is used to manage packet filtering and NAT rules. IPTables comes with all Linux distributions. Understanding how to setup and configure iptables will help you manage your Linux firewall effectively.
iptables tool is used to manage the Linux firewall rules. At a first look, iptables might look complex (or even confusing). But, once you understand the basics of how iptables work and how it is structured, reading and writing iptables firewall rules will be easy.
This article is part of an ongoing iptables tutorial series. This is the 1st article in that series.
This article explains how iptables is structured, and explains the fundamentals about iptables tables, chains and rules.
On a high-level iptables might contain multiple tables. Tables might contain multiple chains. Chains can be built-in or user-defined. Chains might contain multiple rules. Rules are defined for the packets.
So, the structure is: iptables -> Tables -> Chains -> Rules. This is defined in the following diagram.

Fig: IPTables Table, Chain, and Rule Structure
Just to re-iterate, tables are bunch of chains, and chains are bunch of firewall rules.

I. IPTABLES TABLES and CHAINS

IPTables has the following 4 built-in tables.

1. Filter Table

Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.
  • INPUT chain – Incoming to firewall. For packets coming to the local server.
  • OUTPUT chain – Outgoing from firewall. For packets generated locally and going out of the local server.
  • FORWARD chain – Packet for another NIC on the local server. For packets routed through the local server.

2. NAT table

Iptable’s NAT table has the following built-in chains.
  • PREROUTING chain – Alters packets before routing. i.e Packet translation happens immediately after the packet comes to the system (and before routing). This helps to translate the destination ip address of the packets to something that matches the routing on the local server. This is used for DNAT (destination NAT).
  • POSTROUTING chain – Alters packets after routing. i.e Packet translation happens when the packets are leaving the system. This helps to translate the source ip address of the packets to something that might match the routing on the desintation server. This is used for SNAT (source NAT).
  • OUTPUT chain – NAT for locally generated packets on the firewall.

3. Mangle table

Iptables’s Mangle table is for specialized packet alteration. This alters QOS bits in the TCP header. Mangle table has the following built-in chains.
  • PREROUTING chain
  • OUTPUT chain
  • FORWARD chain
  • INPUT chain
  • POSTROUTING chain

4. Raw table

Iptable’s Raw table is for configuration excemptions. Raw table has the following built-in chains.
  • PREROUTING chain
  • OUTPUT chain
The following diagram shows the three important tables in iptables.
Fig: IPTables built-in tables

II. IPTABLES RULES

Following are the key points to remember for the iptables rules.
  • Rules contain a criteria and a target.
  • If the criteria is matched, it goes to the rules specified in the target (or) executes the special values mentioned in the target.
  • If the criteria is not matached, it moves on to the next rule.

Target Values

Following are the possible special values that you can specify in the target.
  • ACCEPT – Firewall will accept the packet.
  • DROP – Firewall will drop the packet.
  • QUEUE – Firewall will pass the packet to the userspace.
  • RETURN – Firewall will stop executing the next set of rules in the current chain for this packet. The control will be returned to the calling chain.
If you do iptables –list (or) service iptables status, you’ll see all the available firewall rules on your system. The following iptable example shows that there are no firewall rules defined on this system. As you see, it displays the default input table, with the default input chain, forward chain, and output chain.
# iptables -t filter --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Do the following to view the mangle table.
# iptables -t mangle --list
Do the following to view the nat table.
# iptables -t nat --list
Do the following to view the raw table.
# iptables -t raw --list
Note: If you don’t specify the -t option, it will display the default filter table. So, both of the following commands are the same.
# iptables -t filter --list
(or)
# iptables --list
The following iptable example shows that there are some rules defined in the input, forward, and output chain of the filter table.
# iptables --list
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
3    ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
5    ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
8    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
10   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
The rules in the iptables –list command output contains the following fields:
  • num – Rule number within the particular chain
  • target – Special target variable that we discussed above
  • prot – Protocols. tcp, udp, icmp, etc.,
  • opt – Special options for that specific rule.
  • source – Source ip-address of the packet
  • destination – Destination ip-address for the packet

Sunday, 27 January 2019

5G - Could it be a platform of dominance for years and change the strategic games?

Image result for 5g weapon
5G is most buzzing term in telecom industry since a couple of years now. As an technologies its going to be a enabler of many things that's going to affect the economies to far larger extent.

I think while defining objective for IMT2020, even ITU-T was not prudent in sensing the power of 5G abilities that it can bring to world and impact at large.

5G seemed so far being taken as technology next to 4G, which would enhance the communication systems for more better and fast service provisioning and delivery. 

But the real power of 5G capability was reckoned, probably late, and that became the point of conflict for the dominance into 5G. 

As 5G, for many in ecosystem, is still on test bed and trails, vendors like Nokia is in phase of acquiring grant to do research on 5G. On the other hand Chinese vendors are far ahead and Specifically Huawei has not only taken leading position, far ahead of other, but having in the spree of dominance across the globe. 

We should also be noted that 5G is not a confined technology but a notion of many advancement constructed well for delivering connectivity services of all scale. 

We provided our whitepaper for that with a notion of "5G as large scale convergence", hopefully few could have understood. you may here with it (its for beginners too in 5G). 


Also most interesting part of 5G is that once it settle its gonna settle for next industry evolution or revolution, like it is there for industry 4.0 and will remain at least till industry 5.0. And that's a worry some for many who reckoned 5G abilities a little bit late. So the dominance into 5G should be distributed, not from particular vendors or from a specific land or part of world. 

That's all late rising community want a margin of time for many others to come forward in 5G field, and their intent is being reflected earlier through politicized game plan, but now even voices to restrain on 5G is appearing on major telecom service providers.  As recently Verizon CTO spoken about to keep the 5G term reserved for future.

Among all these matter, 5G is becoming highly politicized. As per the recent news Jeremy Hunt, the British foreign minister, arrived in Washington this past week for a whirlwind of meetings dominated by a critical question: Should Britain risk its relationship with Beijing and agree to the Trump administration's request to ban Huawei.

In Poland, officials are also under pressure from the United States to bar Huawei from building its fifth generation, or 5G, network. Trump officials suggested that future deployments of US troops — including the prospect of a permanent base labeled "Fort Trump" — could hinge on Poland's decision. And a delegation of US officials showed up this spring in Germany, where most of Europe's giant fiber-optic lines connect and Huawei wants to build the switches that make the system hum. 
Their message: Any economic benefit of using cheaper Chinese telecom equipment is outweighed by the security threat to the NATO alliance.  

The administration contends that the world is engaged in a new arms race — one that involves technology, rather than conventional weaponry, but poses just as much danger to US national security. In an age when the most powerful weapons, short of nuclear arms, are cyber-controlled, whichever country dominates 5G will gain an economic, intelligence and military edge for much of this century. 

The views are from observations and perception, expressed by Saurabh Verma, Chief Technology Consultant, fundarc Communication (xgnlab).

Some of news has been taken from HERE

Tuesday, 22 January 2019

Fantastic Article on 5G from CTO for North America, Nokia Corp. Source : LightReading

Taxes, death and mobile data growth are three things that will continue until the end of time. There are a lot of forecasts on the latter, but let's keep the mathematics simple and say demand is growing at 50% compounded annually in dense urban centers -- the only places we're really concerned about. So, the question then is, how can operators build networks to meet that demand?

There are a few ways. The first is by using existing spectrum more efficiently. The second is by using new spectrum. The third is through densification.

Let's take a look at LTE.

In LTE, the last great efficiency push comes from an antenna technology called massive MIMO (multiple input, multiple output). Deployment has already started, but we expect gains in throughput and capacity to come mainly in 2020 and beyond.

In terms of new spectrum, three of the top four operators in the US will have no new licensed LTE spectrum from 2017-2020! Only T-Mobile US Inc. can draw on new 600MHz purchased in 2017. However, there are other options. Shared CBRS (3.5GHz GAA) should be available in 2019 and unlicensed 5GHz (WiFi spectrum) is now an option through the use of Licensed Assisted Access (LAA) technology.

Densification, the third capacity technique, unfortunately can result in unwanted interference if applied more so than has already been done in the same frequencies, and so we expect its use to be limited.

So, what does all this mean? From our forecasts, we see LTE hitting a wall. The wall appears around 2022 or so and shifts a year in or a year out depending on one's assumptions; but LTE exhaustion is definitely coming. And while one's natural reaction is that 5G will solve global hunger, unfortunately, there won't be enough 5G mobile phones available to eat data capacity in a significant way until about 2023.

This is illustrated below, where the brown "User Demand" line represents an approximate 50% growth curve and the blue "LTE Capacity" line represents the actual capacity of an LTE network to service that demand (after massive MIMO has been applied). Assuming some headroom will be planned, we can see difficulties starting about 2022 unless 5G is ready and waiting to take over.

From the above, were 5G to be deployed in a timely fashion, all would be OK; however, there is not a lot of time. To meet forthcoming demand, we need to get started now, because getting a new technology in the right places at the right time with the requisite capacity-handling capability is no small task: Think in terms of years of preparation, not months. In fact, if we simulate using all the tools mentioned previously, we end up with the following forecast, where the black parts of the histogram represent what 5G would need to supply to avert congestion and, thus, a degraded user experience.

However, there is another dirty secret in the closet. The rule of thumb for capacity, as embedded in the 3GPP channel models, is that 80% of traffic originates indoors and 20% outdoors. Compounding that, there is a seasonal aspect to traffic. During the cold winter months in the north, there is even less traffic outdoors (likewise, in the hot summer months in the south). With LTE, indoor traffic is primarily served by outdoor cell sites, booming signals through walls and windows. This begs the question: What happens when 5G needs to handle that indoor traffic?

In the US, the Federal Communications Commission (FCC) is planning to auction off Millimeter Wave (mmWave) (24GHz, 28GHz and 39GHz) spectrum over the next two years. But mmWave doesn't like hard things such as walls, windows and trees. Penetration loss is significant. This means 5G mmWave, practically, will not really be able to service indoor demand from outdoors-in (unlike low band LTE). (For completeness, we should note that T-Mobile US Inc.'s 600MHz spectrum and Sprint Corp. (NYSE: S) Band 41 spectrum (2.5GHz) can help in this situation to a degree. However, the number of petabytes needed is very significant, and it is unlikely these solutions alone will suffice.)

So where does this leave us? There are only two options. The first is to use low or mid-band spectrum outdoors, and blast indoors; the outside-in approach. But in the dense urban case, we are already using that spectrum! So, the only real alternative is new mid-band spectrum. For the moment, none is in sight in the US until about 2020+ when the 3.7-4.2GHz band -- or parts of it -- become available. The other is to deploy mmWave indoors. The problem with going indoors versus using the outdoors-in approach is that everyone wants to get inside. Imagine Verizon, AT&T, Sprint, T-Mobile and all the others showing up at your building and wanting to deploy 5G mmWave inside every room. Perhaps neutral hosting solutions may help.

Before we finish, let's dismiss one counter argument. Some will say, "But WiFi will fix that." WiFi, however, has its own growth problems, thank you very much. WiFi demand is also growing, at least at 30% or more, and it too has looming capacity issues, with no significant new spectrum becoming available either.

Cellular demand, meanwhile, is separate, independent and additive. So, there is no getting around it. 5G needs to go and bang on some front doors.

Now, LTE has many good years left, with a few tricks up its sleeve, but it is aging as a technology and as we all know, it gets harder to run new races as you get old. 5G is the upstart and needs to be deployed quickly to help take over the baton from LTE. But in doing so, it needs to take it over not only outside, but also inside, and knock-knock on some friendly doors.

— Mike Murphy, CTO for North America, Nokia Corp. (NYSE: NOK)


5G Rationales and Strategic Insights - just to fathom emerging 5G in a perspective.

White paper vindictively stress on convergence for 5G step wise growth and strategical adoption. Convergence, not only aggregation at access but a holistic approach and ONAP going to be the platform to make it a success. ONAP is being joined by almost all the major operators now.

Interestingly we released the paper at beginning of year 2018 with name '5G in apprehension - beginning of new era' and later rectified it with some 5G deployment cases and emerging strategies.

It becomes more relevant today as AT&T discloses it's 5G strategy, why read the paper below for that -

Don't we need to re-write this paper - Operator must transform to deepen entry into the digital ecosystem.

The Paper below put very matured attention and we must put it again with little more experience.

Friday, 18 January 2019

AT&T's backed Akraino project going to provide open source for Edge cloud



Linux foundation managed Akraino project backed by AT&T is going to provide open source software for mobile edge computing cloud preparation. AT&T has mega plan to decompose RAN functionality into distributed elements and Akraino is for that purpose. 

AT&T is relying on Akraino for high degree of orchestration and ease of deploying edge cloud environment. By decomposing RAN functionalities its can address various application demands and effective management of ran infrastructure. 

The Complete Akraino solution will be a combination of different elements provided through different software vendors.



image source : Akraino.

Why India should not go with the global wind of shortcoming with Chinese vendors like Huawei and ZTE.



Amidst the much hype of 5G and intense attempts to thwarts the challenges around and gain the leads, there are interesting insights to be watched and allude for. 

I took some in context of Indian turmoil to include Huawei and ZTE in its 5G test bed plan. 

There are few industry cues to go with Huawei on 5G, or in general for Chinese vendors.

1. 5G has been there across global in a very limited capacity so far, see the commercial deployment of 5G from Verizon and AT&T and SK Telecom and even the upcoming test beds, all have been in constrained and limited scope. 

2. All 5G commercial deployment have been with rigorous criticism, like for Verizon home broadband service severely criticized by T-mobile  CEO Mr Legere as "fake 5G". As it was on proprietary 5G standards based on Verzon 5G Technical Forum. Also the 5G Which came through AT&T is also under criticism as AT&T shown it with logo of '5G Evolution' not a clear 5G. Both vendors seems to be running on Samsung or Ericsson based equipment.

3. 5G Demonstration from Huawei has been at par with standards in comparison to others, Huawei leadership has been well recognized as BT Chief architect has already praised Huawei capabilities on 5G. 

BT Chief architect Neil McRae  on Huawei capabilities and readiness in Global mobile broadband conference.

"I've been to Shenzhen recently [Huawei's headquarters] and there's nowhere else in the world where you can see" the kind of 5G technology developments that Huawei has achieved, he noted during a panel discussion, though without highlighting any specific advances.

"The other suppliers need to learn from Huawei -- the others are held back by old telco issues," he added.

Not only Huawei but ZTE has also gone side by side with its remarkably innovative streak for 5G E2E Solution like FlexE for backhaul and X-haul kind solution and 5G Converge core for 5G core network solution. Apart from that ZTE solution also enabled pre-commercial rollout on 5G in Europe etc. 

ZTE, in partnership with Wind Tre and Open Fiber, accomplished Europe's first pre-commercial 5G network in October 2017, symbolizing a major step forward for 5G commercial deployment in Europe.  

ZTE seems to be first who satisfied IMT2020 for 5G core networks.

ZTE's latest version of 5G core network is developed in compliance with 3GPP Release-15 specifications released in September 2018. By adopting SBA, micro-service components and network slicing, ZTE's 5G core network can achieve flexible and agile service innovation. 

ZTE recently announced successful 5G call with Chinese service provider china unicom. 

4. 5G Ecosystem is in complete flow with Chinese vendors and Chinese  innovation, Qualcomm investment wings has recently announced to fund Chinese innovative venture Baicell. Altogether global ecosystem does not take Chinese vendors in dissolute. 

5. In an interesting move from Verizon CTO Mr Kely malady, where he recognized that true 5G has yet to evolve and hype around 5G is over hyped, as technology has not been in place in its true form. As per him, more has to come and 5G name need to be reserved for that. 

"The potential to over-hype and under-deliver is a temptation the industry must resists," said Malady

6. T-mobile and Sprint also been reluctant to hype around 5G so far, in fact T-mobile CEO Mr legere called the current 5G as "fake 5G". And their debut on 5G has been around their existing infrastructures and with low spectrum band i.e. 700 MHz and 2100 MHz.   

7. There was some interesting insights on 5G that could be conduced when Vodafone India CTO speak about 5G readiness as a software upgrade only.

Among these all, which i refer to as cues around 5G progress and roll outs with commercials, pre-commercials and even test beds plans. Recent outspoken statement from Huawei CEO  Mr Ren Zhengfei made the dust clear. 

"I personally would never harm the interest of my customers and me and my company would not answer to such requests," Ren said, as reported by Fox Business.
As reported by CNBC, he told the assembled journalists at Huawei's headquarters in Shenzen, China, that "when it comes to cyber security and privacy protection, we are committed to be sided with our customers. We will never harm any nation or any individual.
India has been in on and off situation while taking Huawei and ZTE for its 5G Test bed considerations. Whereas Indian Telecom export specific organization came up with strict restriction on Chinese vendors, but department of telecom and ministry of telecom given a separate stand after initial tussles - and given Huawei a green flag, though ignored ZTE. 
Reason behind accepting Huawei by Indian telecom ministry could not only technical or based on security assessments, but political as well. But as an industry observer, I corroborate with the decision here and even want to extend it further like for ZTE as well. 
Chinese vendors can not be ignored by the massive economy like India, as well as Indian service providers are also in likely hood for them. As Indian Cellular operator association chief Mr matthew has also expressed interest of cellular industry of India in favor of Chinese vendors. This all are due to valid reasons of their capability and suiting prices.
These view are based on industry observation and from Saurabh Verma, Chief technology Consultant, Fundarc Communication (xgnlab).