telecom • networking • design

an blog

1 Comment

IKE v2 Based VPN Establishment

Learn how IKEv2 signaling is used to establish an IPSec VPN tunnel.

IKE performs mutual authentication between two parties and establishes an IKE security association (SA) that includes shared secret information that can be used to efficiently establish SAs for Encapsulating Security Payload (ESP) or Authentication Header (AH) and a set of cryptographic algorithms to be used by the SAs to protect the traffic that they carry.

An example of IKEv2 handshake and an IPSec tunnel transport is illustrated with the sequence diagram. You can click on IKE messages in the sequence diagram to see field level details.

The following sequence of Virtual Private Network (VPN) setup are covered:

  1. A ping triggers establishment of the IKEv2 security association.
  2. An IPSec tunnel is setup with a Child Security Association setup handshake.
  3. The ping data gets transported over the IPSec tunnel.

IKEv2 Based IPSec VPN Establishment

Leave a comment

Kerberos Sequence Diagram

Buying food via tickets and tokens

Kerberos allows the users to login once and then automatically get logged into all the services they may need. The mechanism used here is similar to the steps you have to take to purchase food at a stall at a fair:

  1. You pay cash and get a ticket specifying the amount you paid.
  2. You then take your ticket to another stall where you present the ticket and get tokens for individual items that you ordered.
  3. Now you visit individual stalls, present the token and collect the food item.

Three step ticket based authentication in Kerberos

Authentication is Kerberos is very similar:

  1. Authenticate yourself with the Authentication Server and get a “Ticket Granting Ticket”.
  2. Present the “Ticket Granting Ticket” to the “Ticket Granting Server” and get a Service Ticket.
  3. Present the Service Ticket and get the requested service.

Kerberos Sequence Diagram

The following Kerberos Sequence Diagram explains the feature in great detail:

Kerberos Sequence Diagram; Ticket Granting Ticket creation


Sequence diagrams from Wireshark PCAP files

Announcing the release of VisualEther Protocol Analyzer 6.0.015 release.

VisualEther - Wireshark to Sequence Diagram Generation

  • Automate sequence diagram generation from the PCAP files with the built in command-line support. VisualEther can now be invoked from a script.
  • Built in support for Wi-Fi and Ethernet messages
  • Simplified message field analysis with collapsible message definition
  • Improved filtering to weed out repeated packets like RTP packets and broadcast messages.
  • Full support for .cap, .pcap, .pcapng and their .gz counterparts
  • Improved bookmarking for important messages. Bookmarked messages are appear in the bookmark pane of your PDF reader.
  • Improved processing for large PCAP files. VisualEther now automatically splits large files.
  • Reduced memory footprint in sequence diagram generation

Leave a comment

LDAP sequence diagram with Kerberos authentication

The LDAP sequence diagram describes authenticated LDAP directory lookup. The steps covered are:

  1. TCP connection establishment with the LDAP server
  2. Initial interaction to list the available services.
  3. Authenticate with the Kerberos server and obtain a ticket to proceed with the authentication with the LDAP server.
  4. Armed with the Kerberos ticket, the LDAP client uses bind to authenticate and initiate a secure connection.
  5. Encrypted LDAP communication follows.

The LDAP message flow is presented as a context diagram as well.

Leave a comment

Map C switch and if statements to assembly code

This article covers the code generation for if-else and switch statements.

Switch jump table

The code generated for a switch statement varies a lot from one compiler to another. In fact, a given compiler might generate different code in different scenarios. The choice of the code to be generated depends upon the number and range spread of individual case statements.

Different cases of generation of a switch statement are:

Leave a comment

Translate C for loop, while loop, struct access and array index into assembly

We have covered the C calling convention,  frame pointers and the assembly code in the previous article. This article will focus on the code generation for:


      C to assembly for loops, structure access and array indexing

Leave a comment

C Function Call to Assembly Translation – Frame Pointer Operations

Even though most programming is now carried out in high level languages, a good understanding of the generated assembly code really helps in debugging, performance analysis and performance tuning.

In this article, we will discuss the assembly code generated for function calling, parameter passing and local variable management. Frame pointer operations in a function call are described in detail.

C function call mapped to assembly - learn about frame pointer operations

We follow the lifecycle of a function call:

  1. Pushing parameters
  2. Invoking function
  3. Setting up the frame pointer
  4. Dismantling the frame and restoring the callers frame at function exit
  5. The caller popping the parameters.

C to Assembly : function calls and frame pointer operations

Leave a comment

LTE S1-interface handover between eNodeBs

LTE networks prefer using the X2 interface for performing inter eNodeB handovers. An S1 handover is a fallback for scenarios where X2 interface is not available.

As the name suggests, S1 handovers take place over the S1-interface. The MME and the SGW are involved during the handover procedure.

An interesting part of LTE S1 handovers is the indirect tunnel that is established to carry the downlink data during the handover process. Refer to the S1 handover call flow for a detailed signaling flow.

Inter eNodeB S1 handover in LTE


1 Comment

3G UMTS Mobile Terminated Call Flow

Get a detailed look at a UMTS mobile terminating call. RANAP and RRC signaling in a terminating call is describe in detail.

3G UMTS Mobile Terminating Call Flow

3G UMTS Terminating Call Sequence Diagram

The RANAP message flow presented here was generated with VisualEther from a PCAP file.  The field level details have been preserved for the RANAP messages. Click on a RANAP messages in the sequence diagram to see full field level details. For example clicking on the Paging message reveals field level detail in the message.

ranap Radio Access Network Application Part

  • per.extension_bit 0… …. Extension Bit: False
  • per.choice_index Choice Index: 0
  • ranap.RANAP_PDU RANAP-PDU: initiatingMessage (0)
    • ranap.initiatingMessage initiatingMessage
      • ranap.procedureCode procedureCode: id-Paging (14)
      • per.enum_index Enumerated Index: 1
      • ranap.criticality criticality: ignore (1)
      • per.open_type_length Open Type Length: 21
      • ranap.value value
        • ranap.Paging Paging
          • per.extension_bit 0… …. Extension Bit: False
          • per.optional_field_bit .0.. …. Optional Field Bit: False (protocolExtensions is NOT present)
          • per.sequence_of_length Sequence-Of Length: 2
          • ranap.protocolIEs protocolIEs: 2 items
            • ranap Item 0: id-CN-DomainIndicator
              • ranap.ProtocolIE_Field ProtocolIE-Field
                • id: id-CN-DomainIndicator (3)
                • per.enum_index Enumerated Index: 1
                • ranap.criticality criticality: ignore (1)
                • per.open_type_length Open Type Length: 1
                • ranap.value value
                  • per.enum_index Enumerated Index: 0
                  • ranap.CN_DomainIndicator CN-DomainIndicator: cs-domain (0)
            • ranap Item 1: id-PermanentNAS-UE-ID
              • ranap.ProtocolIE_Field ProtocolIE-Field
                • id: id-PermanentNAS-UE-ID (23)
                • per.enum_index Enumerated Index: 1
                • ranap.criticality criticality: ignore (1)
                • per.open_type_length Open Type Length: 9
                • ranap.value value
                  • per.extension_bit 0… …. Extension Bit: False
                  • ranap.PermanentNAS_UE_ID PermanentNAS-UE-ID: iMSI (0)
                    • per.octet_string_length Octet String Length: 8
                    • ranap.iMSI iMSI: 21436587000200f0
                    • ranap.imsi_digits IMSI digits: 123456780020000