The Corelatus Blog
E1/T1 and SDH/SONET telecommunications

Controlling a GTH from Amazon EC2

Posted October 1st 2011

This post is about what I did to get the GTH example code (the C version) to run on Amazon EC2, controlling a GTH on the public internet.

Amazon EC2 is a service where you rent a virtual server by the second. The virtual server can run Windows or Linux. Our in-house environment is all-linux, so we use EC2 to give us an on-demand Windows environment to check example code on.

Overview

  1. Connect a GTH to the Internet
  2. Create and set up an Amazon EC2 Instance running Windows Server
  3. Install the example code
  4. Open up holes in the firewall

Taking each step in detail:

Connect a GTH to the Internet

First off: spend a moment thinking about security. You probably don't want SS7 traffic from a live network going over the internet. The GTH is designed to be installed in a secure network, not directly facing the internet. Take care.

Most likely, you've got the GTH behind a firewall. The firewall needs to be configured so that TCP port 2089 gets to the GTH.

The GTH needs to be told where the firewall is. In my case, it's at 172.16.1.1: 

query_set 172.16.1.10 eth1 "default gateway" 172.16.1.1

Create an Amazon EC2 Instance

I'm assuming you're familiar with Amazon EC2. It's your choice which OS you want to run at Amazon. In my case, I wanted Windows because our primary development environment is linux, so I like the convenience of starting up an Amazon machine when I need to do something with Windows.

Install the example code

An easy way to do that is to use a WWW browser on EC2 to download the example code from corelatus.com.

On Amazon windows instances, an alternative is to use a remote share via terminal server. Still another is to install 'putty' and use 'psftp' to get the code from your own server.

Now you can try out the install: 

> query_set 128.250.22.3 board
LED mode=normal
PCM LED assignment=universal
voice coding=alaw
architecture=gth2.1
ROM ID=0x26cbce800000005f
temperature=40.2
power consumption=6.4
power source=A
POE source=

'query_set' only uses the port 2089 API socket. But some of the other examples do more complicated things with TCP. 'playback_file', 'record' and 'save_to_pcap' all open TCP connections back to EC2 to send data.

Relaxing firewall rules

There are three places which are likely to block TCP connections originating at the GTH. You need to make sure each of those lets them through.

  1. The firewall between the GTH and the internet needs to allow the GTH to make outbound TCP connections. On most small firewall setups, that's the default. Some firewalls block outbound connections entirely, in which case you're out of luck (unless you can tunnel TCP through something else, such as SSH or an HTTP/1.1 proxy, but even that will require modifying the example code to use known port numbers).
  2. The firewall in EC2 Windows "security groups" needs to allow inbound TCP connections on all ports, as long as the originate from the GTH. Use the "Security Group" screen of the AWS console, in the "inbound" tab create a new rule. Use the internet-facing IP address the GTH has as the "source" IP. That way only the GTH can connect to your EC2 instance.
  3. Windows' own firewall needs to allow inbound TCP connections. Either make a program-specific exception, or disable the windows firewall entirely (and just rely on EC2's firewall). 
           netsh firewall add allowedprogram c:\users\mml\downloads\save_to_pcap.exe mode=ENABLE

All done

Now you can run use pretty much anything in the GTH API from a machine in Amazon's cloud.

Permalink | Tags: GTH, C, Windows