Introduction


Port triggering is a network management strategy characterised by dynamic facilitation, opening, and forwarding of specific inbound ports based on discerned patterns in outbound traffic. This adaptive approach optimises network efficiency by selectively permitting inbound data in response to recognised internal network activities.

Branch

https://code.rdkcentral.com/r/q/topic:Port_triggering_patches

Build Instructions

RPI4 32bit/RPI4 64bit Dunfell Build.

RPI4 32bit

mkdir <workspace dir>
cd <workspace dir>
repo init -u https://code.rdkcentral.com/r/manifests -b dunfell -m rdkb-extsrc.xml
repo sync -j`nproc` --no-clone-bundle
MACHINE=raspberrypi4-rdk-broadband source meta-cmf-raspberrypi/setup-environment      //For 32 Bit Image
MACHINE=raspberrypi4-64-rdk-broadband source meta-cmf-raspberrypi/setup-environment   //For 64 Bit Image
bitbake rdk-generic-broadband-image  

Reference link: RPI 4B Model Reference Platform 
Reference link: RPI 4B Model Reference Platform with 64bit Arch

RPI4 32bit/RPI4 64bit Kirkstone Build.

RPI4 64bit
mkdir <workspace dir>
cd <workspace dir>
repo init -u https://code.rdkcentral.com/r/manifests -b kirkstone -m rdkb-extsrc.xml
repo sync -j`nproc` --no-clone-bundle
MACHINE=raspberrypi4-rdk-broadband source meta-cmf-raspberrypi/setup-environment      //For 32 Bit Image
MACHINE=raspberrypi4-64-rdk-broadband source meta-cmf-raspberrypi/setup-environment   //For 64 Bit Image
bitbake rdk-generic-broadband-image  

Reference link: RPI 4B Model Reference Platform 32bit
Reference link: RPI 4B Reference Platform 64bit

Procedure for Testing 

TCP - Method used FTP server 
1)In Your client machine(LAN)you have to run FTP server
2)In router configure Trigger port 443:443 and Target port 21:21
3)External network(WAN) try to access ftp server of client machine using router uplink ip address(Goto terminal enter ftp -p 192.168.2.30)   ftp port 21 will not start util you trigger any packet flow on port 443 in your client machine
4)In your client machine(LAN)run https service(In browser https://www.google.com)
5)Goto to your external network(WAN),try access ftp server of client machine(ftp -p 192.168.2.30).incoming traffic on ports 21 after seeing an outgoing packet on port 443
UDP - The Netcat (nc) command is a command-line utility for reading and writing data between two computer networks. The communication happens using either TCP or UDP
1)In router configure Trigger port 443:443 and Target port 2399:2399
2)In Your client machine(LAN)you have to run : nc -u -l 2399
3)From external WAN machine run nc -u 192.168.2.30 2399 (192.168.2.30 - router uplink ip address) 
4)In your client machine(LAN)run https service(In browser https://www.google.com)
5)Goto to your external network(WAN), access server of client machine(Try sending some packets to wan client). Able to see incoming traffic on ports 2399 after seeing an outgoing packet on port 443

TCP - iperf is a tool to measure the network performance.
1)In router configure Trigger port 443:443 and Target port 5001:5001
2)In Your client machine (LAN)you have to run:  iperf -s -B 10.0.0.106 -i 1 -p 5001 (10.0.0.106 - LAN IP)
3)From external WAN machine run  iperf -c 192.168.161.216 -p 5001 -i  1 -t 60 -B 192.168.160.173 (192.168.161.216 - router uplink ip address, 192.168.160.173 - WAN PC Ip) 
4)In your client machine (LAN)run https service (In browser https://www.google.com)
5)In the WAN PC you will be able to see the traffic and, in the LAN PC, you will be able to see the traffic summery once you stopped the step 3.


By default Port triggering will be disabled in the RPI .We can enable using two methods .One is through DM and other way is through UI


DM : 


dmcli eRT addtable Device.NAT.X_CISCO_COM_PortTriggers.Trigger.
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.Description string Myservice343 
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.TriggerProtocol string TCP
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.TriggerPortStart uint 8080
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.TriggerPortEnd uint 8090
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.ForwardPortStart uint 3000 
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.ForwardPortEnd uint 4000


WEBUI

Step 1: Login to webui, from navigation -> Advanced ->Port Triggering. Click on Add Port Trigger.


Testing Steps (TCP and UDP)



   TCP


 Router configure Trigger port 443:443 and Target port 21:21.

From External network(WAN) try to access ftp server of client machine(LAN client) using router uplink ip address(Goto terminal enter ftp -p 192.168.2.30 in WAN client),
while client machine(LAN)run https service(In browser https://www.google.com)



    UDP :


                    Router configure Trigger port 443:443 and Target port 2399:2399.

In Your client machine(LAN)you have to run : nc -u -l 2399 
From external WAN machine run nc -u 192.168.2.30 2399, while client machine(LAN)run https service(In browser https://www.google.com)

Iperf

DM : 

dmcli eRT addtable Device.NAT.X_CISCO_COM_PortTriggers.Trigger.
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.Description string iperf
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.TriggerProtocol string TCP
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.TriggerPortStart uint 443
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.TriggerPortEnd uint 443
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.ForwardPortStart uint 5001 
dmcli eRT setv Device.NAT.X_CISCO_COM_PortTriggers.Trigger.1.ForwardPortEnd uint 5001


WEB GUI: 

Step 1: Login to webui, from navigation -> Advanced ->Port Triggering. Click on Add Port Trigger (Configure Trigger port as 443:443 and Target port as 5001:5001)


Step2: In Your client machine (LAN)you have to run: iperf -s -B 10.0.0.106 -i 1 -p 5001 (10.0.0.106 - LAN IP)

Step3: In the WAN machine run  iperf -c 192.168.161.216 -p 5001 -i  1 -t 60 -B 192.168.160.173 (192.168.161.216 - router uplink ip address, 192.168.160.173 - WAN PC Ip) same time in the client machine (LAN)run https service (In browser https://www.google.com)

Supported devices

RaspberryPi 

Sanity Testing
 

References


EPIC/User Stories

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

The table is being loaded. Please wait for a bit ...

REFPLTB-2851 - Getting issue details... STATUS

REFPLTB-1735 - Getting issue details... STATUS





  • No labels

DISCLAIMER: Please note that the use of the RDK Wiki is subject to its Privacy Policy & Terms of Use. In addition, this Wiki may be accessed by all RDK licensees and their contractors.