Show TOC

Background documentationSAProuter Route Permission Locate this document in the navigation structure

 

The SAProuter works with a Route Permission Table, which is used to authorize route connection. Following properties are essential for the route-check:

  • Source IP address

  • Destination IP address

  • Destination port

  • Number of previous SAProuter hops

  • Number of remaining SAProuter hops

The route permission file is loaded in an internal table during the SAProuter startup. The permission is checked for each accepted connection after receiving the route data. Administrative requests are rejected, if they are not from the local host. Info requests need to be authorized by the route table, too.

The permission check works with a first-match-lookup of the route data received against the route table. For a successful lookup source address, destination address and port are required to match.

Note Note

The number of previous and post hops are conditions for the permission, but not essential for the match.

End of the note.

The internal table, in which the route table is mapped, has the following fields:

  • Type (permitted or denied)

  • SNC (secure network communication required or not)

  • Native (native protocols permitted or not)

  • Previous hops (maximum number of previous hops / SAProuters)

  • Post hops (maximum number of following hops / SAProuters)

  • Source address

  • Source address mask

  • Destination address

  • Destination address mask

  • All destination ports (no port specified)

  • Destination port min

  • Destination port max

  • Password (required password for building up the route)

  • SNC name

The address masks are set, if a subnet is given in the route file. You find details about the route table in section Route Permission Table. Mapping examples of file entries into the internal table are given in Route Table Examples.