Specifications

Technical Concepts Nur für den internen Gebrauch
A31003-H3580-M103-2-76A9, 01-2009
9-28 HiPath 3000/5000 V8 - HG 1500 V8, Administrator Documentation
hg-09.fm
SSL and VPN
9.5.6 Packet Loss Verification in Adaptive Jitter Buffers
To avoid excessive packet loss, two factors are considered when calculating the average delay
for adaptive jitter buffers:
1. the current delay measured
2. the number of packets lost
The weighting of the second factor can be set using a "preference" parameter in the HG board.
Using values between 0 and 8, you can set whether more emphasis should be placed on min-
imizing the delay or preventing packet loss when calculating the average delay. Here, 0 means
"avoid packet loss as far as possible" and 8 means "keep average delay as low as possible".
The average value (4) is set by default.
The following rule of thumb applies: the value 0 produces an average delay that is approximate-
ly 10 ms longer that the average value 4 and the value 8 produces an average delay that is ap-
proximately 10 ms shorter than the average delay 4.
9.6 SSL and VPN
SSL is used for secure transmission of data between the Web browser on the administration
PC and the HG 1500 Web server.
SSL supports the following security services:
Authenticity (the communication partner is who he says he is),
Trustworthiness (the data cannot be accessed by a third party)
Integrity (the data was received in the same condition as it was sent).
These security services demand prior agreement on the security mechanism used and the ex-
change of cryptographic keys. These two tasks are performed in the course of connection set-
up. The server transfers an SSL certificate with its public key to the client. Client authentication
is optional, and not used in the HiPath 3000/5000 V8 - HG 1500 V8. SSL uses the public key
procedure. A master key is generated at the client for the relevant SSL connection. This is
transported to the server under the protection of the server’s public key. Using deterministic
principles (that is, without any further secrecy), the two sides then take this master key and cre-
ate a client-session key or a server-session key. The server-session key is used for the path
from the server to the client and the client-session key is for the opposite direction.
VPN functions are also used for secure payload transmission with guaranteed authenticity,
trustworthiness, and integrity. In contrast to SSL where only TCP data streams are secured, a
VPN that uses IPsec can secure all data that is transmitted in IP packets, such as TCP, UDP
or ICMP data.