CrossLink
Description
The HOOC CrossLink service enables network groups across different sites to be connected and to communicate with each other as if they were at the same location, offering you a wide range of options for linking devices and sites. Typical applications include:
- Site-to-site connections at Layer-2;
- Device-to-device communication at Layer-3;
- Linking SCADA systems to devices;
- Connecting devices to centralized servers (e.g., log servers);
- Enabling VPN access to dedicated VLANs through virtual sites.
Operating principle
You can access the network groups of both physical and virtual sites in the CrossLink service through the Secure Remote Access service. A network group refers to a physical network port (LAN, SEP0, SEP1) or a virtual interface (OPT0) on a HOOC gateway. Network groups can be connected in various ways, enabling complex Layer-2 networking solutions (see graphic below).
HOOC CrossLink is built around three core elements: Selector, Assigner and Links. With the Selector, you can choose for each HOOC gateway a specific network group as well as the Layer-2 frames. The choice is then automatically attributed to a specific Link. Links are virtual connections that transport a particular type of Layer-2 frame. The Assigner, in turn, manages the data exchange between the Links. That is why Links and Assigner are closely related, as shown in the graphic below.
By following the elements and connections in the Assigner, you can see which types of Layer-2 frames are available, how they are modified and translated with respect to VLANs, and how they are ultimately assigned to the Links. In the CrossLink service, the following Links are available:
- The TRUNK Link: This link transports all Layer-2 frames in a fully transparent way and includes frames without VLAN tags (UNTAGGED) as well as all frames with VLAN tags (TAGGED), regardless of whether the VLAN tags are managed by the CrossLink service or not.
- The TAGGED Link: This link transports only Layer-2 frames with VLAN tags managed by the CrossLink service. A VLAN is considered managed when Layer-2 frames have been assigned to a VLAN X Link through a Selector.
- The UNTAGGED Link: This link transports only Layer-2 frames without VLAN tags. These frames also appear as UNTAGGED on the TRUNK Link.
- The VLAN X Links: This link transports Layer-2 frames without VLAN tags that originate from Layer-2 frames with VLAN tags from the TAGGED or TRUNK Links. In the reverse direction, Layer-2 frames are mapped back to the corresponding VLANs.
The CrossLink service also provides a DHCP filter that discards Layer-2 frames related to DHCP, preventing DHCP servers on interconnected sites from interfering with each other.
Configuration
You can configure the CrossLink service on the reseller or customer level (HOOC ManagementPortal -> Services -> CrossLink). In case the option DHCP filter is enabled (recommended), the DHCP packets between the connected systems are blocked.
How to integrate a site into the HOOC system
When using the CrossLink service, it is essential to ensure that no IP address conflicts occur, as these can lead to malfunctions. It is therefore important to clearly define and consistently apply an IP address concept. Before integrating sites and their network groups into the CrossLink service, verify the correct IP addressing, if necessary with the help of the available diagnostic tools.
By clicking the icon, you can add a specific network group of a site to the CrossLink service. The process is as follows:
- Select the site
- Select the network group
- Select the Layer-2 frames and assign them to a Link
A specific combination of site and network group can only appear once in the CrossLink service.
Site selection
You can choose from all sites belonging to the same account as your CrossLink service. If the account includes specific customer accounts, these sites can also be selected.
Network group selection
There are different networks to choose from when selecting the network group:
| Network group | Description |
|---|---|
| LAN | Standard network for Layer-2 networking. This network group is supported by all HOOC gateways. |
| OPT0 | Virtual network 0: For virtual Layer-3 networking (see info box) |
| SEP0 | Isolated network 0: For Layer-2 networking of isolated network interfaces (see info box) |
| SEP1 | Isolated network 1: For Layer-2 networking of isolated network interfaces (see info box) |
Please note that the network groups OPT0, SEP0, and SEP1 only work if the firmware of the physical HOOC gateway supports the corresponding network group functionality.
Frame selection and link assignment
After selecting the network group, you then select the Layer-2 frames and assign them to a Link, as illustrated below.
You can select from the following items for the VLAN type of network group field.
- TRUNK: TAGGED and UNTAGGED Layer-2 frames are assigned to the TRUNK Link.
- TAGGED: TAGGED Layer-2 frames are assigned to the TAGGED Link. TAGGED frames from unmanaged VLANs as well as UNTAGGED frames are ignored.
- UNTAGGED: Layer-2 frames without VLAN tags (UNTAGGED) can be selected for further assignment.
Please note that when selecting UNTAGGED, you must further specify the assignment, by choosing from the following options in the Affiliation field:
- Selecting UNTAGGED assigns the defined Layer-2 frames without VLAN tags to the UNTAGGED Link.
- Selecting VLAN assigns the defined Layer-2 frames without VLAN tags to a Link of the type VLAN X. You can use the VLAN field (ID) in order to select the desired VLAN, which will then be assigned to the corresponding Link.
A VLAN is considered managed when Layer-2 frames are assigned to a VLAN X Link through a Selector.
Actions
The following actions are available for assignments configured in the CrossLink service:
| Action | Description |
|---|---|
| Modify the assignment according to the options available under How to integrate a site into the HOOC system | |
| Remove the assignment of the site and/or network group | |
| Switch to the site associated with the assignment |
Diagnostic tools
Ping
For diagnostic purposes, you can execute a ping to a specific IP address by clicking on the icon.
| Property | Description |
|---|---|
| Source IP | IP address from where you want to send a ping |
| Destination IP | IP address of a device in a site network to which you want to send a ping |
| Netmask | Subnet mask of the source and the destination IP address |
| VLAN Type | Layer-2 frames with VLAN tags (TAGGED) or without VLAN tags (UNTAGGED) |
| VLAN | The VLAN used (provided that TAGGED is selected as VLAN type) |
Detecting IP address conflicts
To detect potential IP conflicts, an IP address check can be performed by clicking on the icon.
| Property | Description |
|---|---|
| IP address | IP address to be checked for conflict |
| VLAN type | Layer-2 frames with VLAN tags (TAGGED) or Layer-2 frames without VLAN tags (UNTAGGED) |
| VLAN | VLAN to be used (provided that TAGGED is selected as VLAN type) |