Ladder Diagrams » History » Version 4
laforge, 03/03/2022 08:59 PM
| 1 | 1 | laforge | h1. Ladder Diagrams |
|---|---|---|---|
| 2 | |||
| 3 | 3 | laforge | h2. Initial connection setup |
| 4 | |||
| 5 | 4 | laforge | Note: we might want to do something for DoS mitigation at the very initial step? |
| 6 | |||
| 7 | 1 | laforge | {{mscgen_link() |
| 8 | msc { |
||
| 9 | hscale=2; |
||
| 10 | client [label="Client"], server [label="Server (main port)"], worker [label="Server (worker port)"], hlr [label="HLR (database)"]; |
||
| 11 | |||; |
||
| 12 | --- [label="Initial connection attempt from client to well-known server/port"]; |
||
| 13 | |||; |
||
| 14 | client => server [label="HELLO_REQ (user_id)"]; |
||
| 15 | server <=> hlr [label="Obtain auth vectors"]; |
||
| 16 | client <= server [label="AUTH_REQ (rand, autn)"]; |
||
| 17 | client => server [label="AUTH_RESP (res)"]; |
||
| 18 | server box server [label="Verify res == xres?"]; |
||
| 19 | server => worker [label="Create worker socket"]; |
||
| 20 | server note server [label="Server accepts client + redirects to worker IP+Port"]; |
||
| 21 | client <= server [label="HELLO_ACK (worker IP:Port, token)"]; |
||
| 22 | ...; |
||
| 23 | client => worker [label="HELLO_REQ (user_id, token)"]; |
||
| 24 | worker box worker [label="Verify user_id + token"]; |
||
| 25 | client <= worker [label="HELLO_ACK"]; |
||
| 26 | ...; |
||
| 27 | client <=> worker [label="TDMoIP"]; |
||
| 28 | 2 | laforge | ...; |
| 29 | 3 | laforge | } |
| 30 | }} |
||
| 31 | |||
| 32 | 4 | laforge | Both sides operate timeouts, if those occur, the entire procedure is aborted. |
| 33 | |||
| 34 | 3 | laforge | h2. subsequent re-authentication |
| 35 | |||
| 36 | {{mscgen_link() |
||
| 37 | msc { |
||
| 38 | hscale=2; |
||
| 39 | client [label="Client"], server [label="Server (main port)"], worker [label="Server (worker port)"], hlr [label="HLR (database)"]; |
||
| 40 | |||; |
||
| 41 | 2 | laforge | --- [label="At any later point in time, whenever the server wants"]; |
| 42 | worker <=> hlr [label="Obtain auth vectors"]; |
||
| 43 | client <= worker [label="AUTH_REQ (rand, autn)"]; |
||
| 44 | client => worker [label="AUTH_RESP (res)"]; |
||
| 45 | 1 | laforge | worker box worker [label="Verify res == xres?"]; |
| 46 | } |
||
| 47 | }} |
||
| 48 | 4 | laforge | |
| 49 | If there is no response to the AUTH_REQ within a timeout, up to three re-transmissions are attempted, before declaring the link as dead. |
||
| 50 | |||
| 51 | h2. dead peer detection |
||
| 52 | |||
| 53 | Procedure operates on on both sides: |
||
| 54 | |||
| 55 | * Every time a packet is received, a timer is re-started. If the timer expires, the link is declared dead, and no further TDMoIP packets are transmitted. |
||
| 56 | ** On the server side, a dead link means the worker port is closed. |
||
| 57 | ** On the client side, a dead link means the client needs to start like in an initial connection attempt by contacting the well-known server port with a HELLO_REQ. |
