HSC Discovery and Validation Procedure

HSC Validation
g
July 2017
GE Power Services
Monitoring and Diagnostics

HSC Discovery and Validation Procedure
These instructions do not purport to cover all details or variations in equipment nor to provide for every possible contingency to be
met in connection with installation, operation or maintenance. Should further information be desired or should particular problems
arise which are not covered sufficiently for the purchaser's purposes the matter should be referred to General Electric Company. These
instructions contain proprietary information of General Electric Company, and are furnished to its customer solely to assist that
customer in the installation, testing, operation, and/or maintenance of the equipment described. This document shall not be reproduced
in whole or in part nor shall its contents be disclosed to any third party without the written approval of General Electric Company.
© 2013 General Electric Company. All Rights Reserved. This material may not be copied or distributed in whole or in part,
without prior permission of the copyright owner.
HSC Validation Monitoring and Diagnostics
The following notices will be found throughout this publication. It is important that the
significance of each is thoroughly understood by those using this document. The definitions are
as follows:
NOTE
Highlights an essential element of a procedure to assure correctness.
CAUTION
Indicates a potentially hazardous situation, which, if not avoided, could result in minor or
moderate injury or equipment damage.
WARNING
INDICATES A POTENTIALLY HAZARDOUS SITUATION, WHICH, IF

NOT AVOIDED, COULD RESULT IN DEATH OR SERIOUS INJURY
***DANGER***
INDICATES AN IMMINENTLY HAZARDOUS SITUATION, WHICH, IF

NOT AVOIDED WILL RESULT IN DEATH OR SERIOUS INJURY.
2 © 2013 General Electric Company. All Rights Reserved. This material may not be copied or distributed in whole or in part,
Monitoring and Diagnostics HSC Validation
TABLE OF CONTENTS
I. PURPOSE ....................................................................................................................................... 4
II. BACKGROUND ............................................................................................................................ 4
III. M&D HSC PACKAGE ................................................................................................................. 4
IV. IP ADDRESS TESTING ............................................................................................................... 6
V. PUBLIC IP ADDRESS DISCOVERY ....................................................................................... 10
LIST OF FIGURES
Table 1. HSC Survey Inputs (Before) ................................................................................................................. 4

Table 2. HSC Survey Inputs (Populated) ........................................................................................................... 6
Figure 1. Network and Sharing Center .............................................................................................................. 7
Figure 2. Local Area Connection Properties ..................................................................................................... 7
Figure 3. IPv4 Properties ..................................................................................................................................... 8
Figure 4. TCP/IP Address, Mask and Gateway................................................................................................. 9
Figure 5. ICMP Tests via Command-Prompt.................................................................................................... 9
Figure 6. Private to Public NAT Scenario ........................................................................................................ 10
Figure 7. Putty Icon ............................................................................................................................................ 10
Figure 8. Putty Configuration ........................................................................................................................... 11
Figure 9. Putty Security Alert ........................................................................................................................... 11
Figure 10. Putty Login Username ..................................................................................................................... 12
Figure 11. Putty Login Password ...................................................................................................................... 12
Figure 12. Router Command Line Interface ................................................................................................... 13
Figure 13. Show TCP Brief Output .................................................................................................................. 13
© 2013 General Electric Company. All Rights Reserved. This material may not be copied or distributed in whole or in part, 3
I. PURPOSE
The following document discusses the manner in which the High Speed Connection (HSC) Circuit Details
can be identified and validated prior to engaging the GE PS Network Team. It is essential to the overall
effectiveness and success of the M&D Team to be provided accurate HSC info. Failure to do so will create
overhead for multiple parties, and possibly delay contractual deadlines. Section III details the M&D HSC
Package inputs. Section IV should be used to test the Customer Provided IP Address. Section V should
be used to discover the Public IP Address in the event the Customer provides a Private IP to the GE
Managed VPN device.
II. BACKGROUND
For any HSC project in which OSM Server data will need to be sent back to Atlanta for analytics, a High
Speed Connection (HSC) will need to be established between the Customer site and GE’s 3rd Party Rail
Inspection Zone. M&D supports two different types of 3rd Party Connections;
1. GE Managed VPN
GE installs a GE Owned GE Managed VPN device (Router or Firewall) at the Customer site which will then
terminate the remote-end of the VPN. This is considered “GE Managed” because GE will then be managing
both end-points of the VPN. This GE Managed VPN device will be configured for Dynamic Multipoint VPN
(DMVPN) so that IPsec Tunnels can be established dynamically to our four HUB VPN Routers located
within our 3rd Party Rail Inspection Zone. The IPsec Tunnels then provide Confidentiality and Integrity to
the Multipoint GREs and NHRP. This allows GE to dynamically route traffic via BGP thus inducing
Availability.
2. Business-to-Business (B2B) IPsec Tunnel
If the Customer deems it necessary to manage the remote-end of the VPN, whether due to Security Policy
or Compliance Standards, GE supports this requirement by working with the Customer Technical
Representative to negotiate and install a simple IPsec Tunnel between the GE Managed 3rd Party Rail
VPN Routers and a remote-end Customer Owned Customer Managed VPN device.
NOTE
For purposes of this instruction, all following communications via this procedure are
in support of the information required to support a GE Managed VPN ONLY.
III. M&D HSC PACKAGE
For any HSC project, it is the responsibility of the GE site personnel to work with the Customer to identify
and populate the necessary information within the M&D HSC Package. All fields within HSC Survey Tab
are important, but this procedure focuses primarily on the GE Managed VPN Section (Rows 45 – 53).
Table 1. HSC Survey Inputs (Before)
4 © 2013 General Electric Company. All Rights Reserved. This material may not be copied or distributed in whole or in
part, without prior permission of the copyright owner.
Static IP Address (Public Routable)
This is in reference to the IP Address that will be assigned to the GE Managed Router’s WAN Interface.
The requirement calls for a Static IP Address, meaning that it’s NOT provided dynamically by the ISP, and
that it won’t ever change without manual intervention. Public Routable is a requirement as well meaning
that it must be an IP Address that’s reachable from other Internet Hosted Addresses.
In contrast, a PRIVATE IP is not routed via the Internet, and as such cannot be directly accessed from the
Internet. A Private IP Address must be NAT’d (changed) to a Public IP before being sent out to the Internet.
If the Customer has provided a Private IP Address to be assigned to the GE Managed Router, this is outside
of the standard and must be addressed with Customer immediately so that they can work with their ISP to
obtain a Public IP Address for the GE Router.
Please reference the following to assess whether or not the provided IP Address is a Private IP.
Any IP Address that begins with 10
o i.e., 10.10.10.10
Any IP Address that begins with 192.168
o i.e., 192.168.1.24
Any IP Addresses that falls within the range of 172.16.0.0 – 172.31.255.255
o i.e., 172.16.16.24
o i.e., 172.20.20.24
o i.e., 172.31.255.254
In the event that there is no way the Customer can provide a Static IP Address that’s Public Routable,
please review the Public IP Address Discovery Section V addressed later in this document for steps
required to “Discover” the Public IP that the Private IP is being NAT’d to.
Subnet Mask
The Subnet Mask is a signifying calculation that depicts the size of the subnet, and also delineates what
other IP Addresses are part of the same subnet. This Subnet Mask can and may be annotated in several
formats. For example, 255.255.255.248 may also be identified by /29. Both are acceptable if provided by
the Customer.
Default Gateway
The Default Gateway is an IP Address that resides within the same subnet as the Public IP provided, and
is typically assigned to the Internet Gateway. When the GE Managed Router needs to send data to a
destination IP that is not hosted by the GE Router, the traffic will be sent to the specified Default Gateway.
This Gateway Device hosting the Default Gateway IP Address will then have specific routes installed so
that it knows where and how to forward the traffic to successfully reach the destination.
Is the IP Address NAT’d?
Network Address Translation (NAT) is a mechanism of changing one or many IP Addresses (typically
Private IPs) into one Public IP Address. As discussed previously, if the Customer is providing a Private IP
Address to be assigned to the GE Managed Router, then NAT is most likely occurring on the ISP Gateway
Modem. Therefore, it’s imperative that the Customer be consulted immediately so that they can work with
their ISP to obtain a Public IP Address for the GE Router.
Is the IP Address Filtered?
The GE Managed Router must be able to communicate via specific Ports and Protocols out to the Internet
in order to establish a Virtual Private Network (VPN) with the GE HUB 3rd Party Rail. Working with the
Customer and ISP to specify the various Ports, Protocols and Destination IPs is very cumbersome,
therefore GE simply requests that the Public IP Address assigned to the GE Router not be Filtered. Filtering
may occur if the Customer or ISP Gateway has a Firewall configured to only permit specific services. As
such, it’s requested that any and all Firewalls on the Customer and ISP Gateway be disabled, thus allowing
the GE Managed Router to control access via Host-Based Access Control Lists.
ISP Hand-Off to the GE VPN Device
This is in reference to the type of cable that will be connected to the GE Router from the Customer or ISP
Gateway. This can be Ethernet or Serial. If Cellular is selected it is then assumed that the Customer
wishes to activate a SIM with a Data Plan that is then installed within a GE Managed Cellular Router.
Circuit Bandwidth
Understanding the bandwidth of the Circuit is critical to the installation of the HSC, and is also essential for
managing the connection in the future in the event that troubleshooting may be required. When the Circuit
is procured, the bandwidth should be agreed-upon between the Customer and the Service Provider. As
such, this information should also be furnished within the HSC Survey.
Bandwidth Dedicated to the OSM
This is simply a reference to whether or not the total bandwidth of the Circuit will be shared with other
systems or users. If the Circuit bandwidth is 1Mbps and the required OSM bandwidth will be approximately
900Kbps, then we need to ensure that this Circuit is not shared and being used by other systems or users.
Have the IP Details been Validated and Tested?
This is a question referencing the Validation a Tests that are required to be conducted which are detailed
later in this procedure.
While the variables for each Customer Site or Circuit will be different, a properly completed HSC Survey
should look like the following:
Table 2. HSC Survey Inputs (Populated)
IV. IP ADDRESS TESTING
Once the IP Address, Subnet Mask and Default Gateway have been provided by the Customer or ISP, it
is imperative that the GE site personnel test these details for accuracy. Failure to do so will delay the HSC
Project from being opened and elongate the overall OSM Installation. To conduct a successful test, please
follow the below listed steps to assign the IP details and attempt to communicate out to known-good Internet
Addresses.
Open you Network Sharing Center and click on the “Change Adapter Settings” option.
Figure 1. Network and Sharing Center
Right-Click on your wired connection adapter (Local Area Connection) and select Properties.
Figure 2. Local Area Connection Properties
You will then be prompted with a User Account Control popup. Just select YES to proceed.
Once you see the Local Area Connection Properties, highlight Internet Protocol Version 4 and click on
Properties.
Figure 3. IPv4 Properties
USING THE IP DETAILS PROVIDED BY THE CUSTOMER, configure the IP Address, Subnet Mask and
Default Gateway then click OK.
NOTE
The IP Address details within this document are Fictional and are solely for training
purposes ONLY.
Figure 4. TCP/IP Address, Mask and Gateway
NOTE
Take a screenshot of the IP details you configured on your network adapter when
testing. Also do a screenshot of the results you received in the Command-Prompt
window (next section) when testing ping to the two below known-good Internet
Addresses.
Now open a Command-Prompt and test ICMP traffic to two separate known-good Public IP Addresses. If
your responses state “Request Timed Out” or “Destination Unreachable” the IP Address details need to be
validated with the Customer. The two Public IP Addresses that should be tested are displayed in the below
window which are 8.8.8.8 and 165.156.25.36. Your responses if successful should look similar to what is
depicted below.
Figure 5. ICMP Tests via Command-Prompt

V. PUBLIC IP ADDRESS DISCOVERY
Anytime the Customer provides a Private IP Address for Router WAN connectivity, it is also required for
GE to obtain the Customer’s Public IP Address as well. The reasoning for this is become GE will configure
the Tunnel Destination to point to the Customer’s Public IP, (which is like knocking on the front-door), and
then “Match” the Private IP configured on the GE Spoke Router to establish the VPN. A visual of this type
of connectivity is depicted below.
Figure 6. Private to Public NAT Scenario
Discovery Steps
To obtain the Customer’s Public IP Address, follow the below prescribed steps and send the findings to the
M&D Requisitions Engineer supporting this HSC Project.
Configure the Customer provided Private IP details on your GE laptop as described in previous section.
Then download Putty to your desktop and save the file extension from “.zzz” to the expected “.exe” so that
the icon listed below appears on your desktop.
Figure 7. Putty Icon
NOTE
If you don’t have Putty, you can either request a copy from your M&D Requisitions
Engineer or M&D Build Engineer.
Once Putty is available, double-click the application to open the following window to make the highlighted
selections and then click OPEN.
Host Name (or IP Address) = 96.28.229.229
Port = 22
Connection type = SSH
Figure 8. Putty Configuration
You will then be prompted by a Putty Security Alert, as this host is not currently saved to your SSH
certificates. Simply click YES to proceed.
Figure 9. Putty Security Alert
After accepting the Security Alert, you’ll then see a Putty session requesting credentials for “login as” and
you’ll use the following credentials to access the SSH Jump Host.
Username = user
Figure 10. Putty Login Username
Password = $$MD2016!!
Figure 11. Putty Login Password
After successfully authenticating to the SSH Jump Host, you will see the following Router Command Line
Interface (CLI) for a Router named POWrtMUSmdlab01>.
Figure 12. Router Command Line Interface
Once you see the above window, type the following command to see the currently established TCP
Sessions, which includes the Customer’s Public IP that you’re currently connecting from via your laptop.
SHOW TCP BRIEF
Figure 13. Show TCP Brief Output
Do a screenshot of what is displayed after running the SHOW TCP BRIEF command and send this
information to the M&D Requisitions Engineer. Using this information, the Requisitions Engineer can then
proceed with opening an HSC Project and adequately describe the TCP/IP settings that will need to be
configured on the GE Managed VPN device.
In total, three screenshots should be sent to the M&D Requisitions Engineer.

Screenshot of the TCP/IP settings configured on the network adapter when running the tests.
Screenshot of the ICMP (ping) tests to the two known-good Internet Addresses.
Screenshot of the SHOW TCP BRIEF output when establishing an SSH session to the Jump Host.
Document Revision Chart

The following chart lists the revisions made to this document tracked by version. Use this to
describe the changes and additions each time this document is re-published. The description
should include as many details of the changes as possible.
#.# Section Modified and Revision Description Date Author

1.0 HSC Discovery and Validation [ New Issue] Oct 3, 2016 Chase Brown
HSC Discovery and Validation [ Added M&D HSC Package section]
1.1 Jul 13, 2017 Chase Brown
HSC Discovery and Validation [ Updated Format, Tables and Figures]

HSC Discovery and Validation Procedure

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

HSC Discovery and Validation Procedure

Caricato da

Copyright:

Formati disponibili

HSC Validation

Monitoring and Diagnostics

Highlights an essential element of a procedure to assure correctness.

INDICATES A POTENTIALLY HAZARDOUS SITUATION, WHICH, IF

INDICATES AN IMMINENTLY HAZARDOUS SITUATION, WHICH, IF

Table 1. HSC Survey Inputs (Before) ................................................................................................................. 4

2. Business-to-Business (B2B) IPsec Tunnel

III. M&D HSC PACKAGE

Table 1. HSC Survey Inputs (Before)

Static IP Address (Public Routable)

Table 2. HSC Survey Inputs (Populated)

IV. IP ADDRESS TESTING

Figure 1. Network and Sharing Center

Figure 2. Local Area Connection Properties

Figure 3. IPv4 Properties

Figure 4. TCP/IP Address, Mask and Gateway

Figure 5. ICMP Tests via Command-Prompt

V. PUBLIC IP ADDRESS DISCOVERY

Figure 6. Private to Public NAT Scenario

Figure 7. Putty Icon

Host Name (or IP Address) = 96.28.229.229

Connection type = SSH

Figure 8. Putty Configuration

Figure 9. Putty Security Alert

Figure 10. Putty Login Username

Figure 11. Putty Login Password

Figure 12. Router Command Line Interface

SHOW TCP BRIEF

Figure 13. Show TCP Brief Output

In total, three screenshots should be sent to the M&D Requisitions Engineer.

Document Revision Chart

#.# Section Modified and Revision Description Date Author

Potrebbero piacerti anche