50. Tracing
Let’s talk about an interesting topic called tracing. Tracing allows you to track events that occur on the Junos device. And this includes both normal operations and error conditions. Tracing is the Junos term for what other vendors call as debug. So if you worked on equipment from other vendors, you might have heard people say that they want to debug the traffic flow. Tracing is debugging on a Junos device. When enabled, a choice file is created that is used to store B coded protocol information received or sent by the routing engine. Tracing results are sent to a specific file stored in the/v, e, r/log directory. Or it can also be configured to be sent to a remote, says log server. The advantage of sending trace files to a remote, says log server, is that it reduces the use of the devices internal storage. By default, remote tracing is not configured. To avoid unnecessary resource consumption, tracing must be stopped when it is not needed. Now let’s get to the Junos device and see how to configure tracing. All right, I’m here at the Junos terminal. Let’s see how to configure tracing for security policies.
But before we do that, let’s take a look at the policies configured on this device. The command to do that is show security policies. And you can see here I’ve got just one policy that is matching all traffic from the trust zone to the untrust zone. The policy is called trust to untrust. It matches any source, address any destination, address any application. And the action is set to permit. Now let’s see how to configure tracing for the policies. So the command is set security policies. I’ll start with a question mark. And you’ll notice here we have the option called trace options. Let’s give that a try. Choice options. We’ll start with question mark. So we’ve got three options here. We can specify a file. We can specify a flag, which is basically configuring your tracing parameters. And we can configure no remote trace, which means you are disabling remote tracing for this hierarchy. Let’s start with a file name said, Security policies, trace options, file space question mark, and we can provide a file name here. I’m gonna call this as policy . tsd. We can use the keyword called files to provide the maximum number of trace files that we want to save by default. It is set to 10. I’m gonna set this to three. Scuse me there. I need to include the keyboard files, so files. And then three.
And notice, we also can provide the maximum size of the trace file. If we only want to match a specific pattern, we can use the match keyword and then provide a regular expression. We can set the file two world readable, which means any user can read the file and we can also set it to no world readable, which will only allow the user who creates the file to read that. Right now I am going to press enter here and we are also going to set the flags. So let’s do that one more time. Set security policies, trace options. And the keyword is flag. The options that you see under a flag will depend on where you’re configuring your choice options. So, for example, here we’re configuring trace options under set security policies, and we have these options over here. If you’re configuring trace options under interfaces, you will see a different set of options. So we have some options here where we can set this to all which will trace everything. If you set a two compilation, it will only trace policy compilation events. And we have some other options over here right now to keep things very simple. I am going to say all and press enter. Finally, I’m going to commit to changes. So now we are tracing to a file called policy . text. We can go back to the operational mode and we can do show log space, question mark. And we should see that file here. We can see that file over here. Let’s take a look at the contents of that file show law policy, that taxi. And as you can see, we are already matching a lot of traffic. Let’s configure one more trace this time. Let’s understand how to configure tracing for interfaces. So I’ll go back to the configuration mode and we’ll do set interfaces.
Question mark. Notice you have the option called trace options here. This means you are tracing all the interfaces. Let’s give that a try. Set interfaces. Trace options. Question mark. And you’ll notice that we can use the same options that we configured earlier. File flag and no remote trace. I also want to show you something interesting here. Set interfaces. Question mark. We could provide an interface name as well. So if we do Giese 0 0 one question mark, we have trace options here as well. In this case, we are only tracing a specific interface. Trace options. Question mark. And you’ll notice here we do not have the option to provide a file name. This is very important, remember that when you’re configuring tracing at the global interface level, you can provide a file name. When you’re configuring tracing for a specific interface, you will not be able to provide a file name. So in that case, where is the trace information stored? Well, the trace information is stored in the messages file.
Another important thing to notice over here. Let’s do set interfaces. Is 0 0 one . 0, which means we are now talking about the logical interface. And if I do question mark, you’ll notice we do not have the option called choice options. So trace options is something that you can figure at the physical interface level, not at the logical interface. All right, so I’m gonna go back here. Set interfaces. Question mark. Let’s do trace options. And this time we’ll call the file as interface .ti 60. And this time, let’s also use the size keyword and provide a size for the file. I’m going to provide the file size as 10 cabi or 10 K. Press enter. And let’s also set the flags, set interfaces, trace options flag. And this time you’ll notice we have a different set of flags that we can configure compared to the flags that we saw under SEC security options to keep things simple. I will set it to all and I’m going to commit my changes. Tracing can also be configured at some other levels. So, for example, we could also configure tracing under set security net. Question mark. So we have trace options over here.
We could also configure tracing under set security EICK, which is used for VPN configuration, or we could also set it and set security level. So if I do set security question mark, I can also trace over here trace options. So trace options can be configured at multiple levels. Now, let’s go back to the operational mode. And let’s see if we have some information in the interface, .ti 60 file. As you can see, we’ve already captured a lot of information. Now, what if we wanted to view these files in real time? The way to do that would be to use the monitor command from the operational mode. So let’s do that. Let’s do monitor space. Question mark. There’s quite a few options over here. We’re going to use monitor start. And you’ll notice we have all the log file names over here. One thing to keep in mind is that the monitor command can be used to monitor any log file in real time. Not just the files that were created as a result of trace options. That means we can use this file name here, which was created as a result of trace options. Or we could monitor any other file like this one here. Messages. In fact, let’s do that. Let’s do monitors start messages, press enter. And you can monitor multiple files at the same time. So let’s also do monitor start, interface, ., tsd. And very soon we should see log files in real time. In fact, you can already see some files on the console.
When you are monitoring multiple files, the log files are separated by file name, so you can see over here these log files or these log entries belong to the file called messages. And if you want to know which files you’re monitoring, you could do monitor list. And that will show you the files that we’re monitoring in this case, messages and interface ATX. How do we stop monitoring? The command is monitor stop when you’re typing this command. You do not need to worry about command being broken by the messages being shown on your console. Just make sure that you type the command completely. Even if it’s broken, just make sure you type in monitor, stop and press enter and that will stop all real time monitoring. The tracing that we’ve configured right now is writing old information, two files on the local SRX device tracing can also be configured to send information to a remote slok server. And the way to do that would be set system tracing. Question mark. The command is destination override sist log. And host, and now we can provide the IP address of the CIS lock server. So in this case, all the trace files will be sent to the configured access locked server.
So there are two options we can configure tracing on the local device or we can configure tracing to send the information to a remote source lock server. An important thing to keep in mind is that when you’ve completed your tracing activities, tracing should be stopped. Otherwise, you could end up consuming a lot of your device’s internal storage. So as a final step, let’s delete the tracing that we’ve configured. I’m going to use the command show. Match trace options. And I’ll also say a display set, because if I did this right now, I’ll see an output like this, which doesn’t make sense. So show match, trace options, Display said. So those are the options that we configured. Let’s delete that configuration, so delete security policies, trace options and delete interfaces, choice options. I’m going to commit that configuration. Now, we also need to delete the files that were created. So go back to the operational mode and also file delete. Question mark. And in this case, we need to provide the full part of the file that we want to delete. So we’ll see/we are/log policy, .ti 60. That’s the first one that we created.
Let’s take a look at the other file that we created, which was. Excuse me there. I’m going to use the command show log. Space question mark. And we need to delete these files. So we’re going to do file delete and the command is/V.A. are/log. And we can do one by one like this. So we could do the first file and then we could do the second file in the third file. I’ll press enter here. And similarly, I’ll also delete the other two files. All right. And also delete the last one. So now we’ve deleted all the files that we created. And we’ve also disabled logging.
51. Network Time Protocol
All right, let’s talk about a very popular protocol known as the Network Time Protocol. The network time protocol is used to synchronize the clocks of routers and other hardware devices on the Internet. But why do we need to do this? Why do we need to synchronize the clocks of devices? Well, when you have the clocks of your devices, synchronized debugging and troubleshooting will become much easier because the timestamps in the log files of all these devices are going to be synchronized when you can figure A.P. on a Junos device. The Junos device can be configured to behave as an A.P. client or as a secondary A.P. server or as a primary A.P. server. Let’s understand the differences. When a Junos device is configured as a primary A.P. server, it synchronizes to a reference clock that is directly traceable to UTC, reference clocks have the most accurate and highest precision of timekeeping primary and Tipu servers. Then redistribute this data downstream to other secondary A.P. servers or A.P. clients. When you configure it Junos device as a secondary A.P. server, it will synchronize to either a primary or another secondary A.P. server.
These servers then redistribute this data downstream to other secondary A.P. servers or A.P.. The Junos device can also be configured to act as an A.P. client. In this case, it will synchronize to a primary or a secondary A.P. server. And the important thing to keep in mind is that A.P. Clynes do not redistribute the time data to other servers. So here’s a diagram that represents this on the left hand side, you have a reference clock reference clocks are also called as stratum 0 clocks because they have the most accurate time data. A Junos device can be configured as a primary A.P. server, in which case it will directly give the time data from the reference clock. Now make a note that the primary server can distribute the time data to a secondary server, or it can also distribute to a client. Secondary A.P. servers can then redistribute this data to other secondary A.P. servers or to A.P. clients. And finally, you have devices that are configured as A.P. clients. These devices do not distribute data to any of their devices. When you configure A.P. on a Junos device, it can be configured in one of these modes. So you have the broadcast mode. You have the client and server mode.
And you have the symmetric, pure mode. Let’s talk about them one by one. So when you configure at Junos device in the broadcast mode, it will transmit time information to a specific broadcast or multicast address. Other devices listen for time sync packets on these addresses. You can also configure the Junos device in a client or server mode when it’s configured with the client mode. The local Junos device synchronizes with the remote system, but the remote system can never be synchronized with the local device because the local device is configured as a client. When you configure the Junos device in the server mode, the local device will operate as an A.P. server, distributing the time data to other clients. You can also configure the Junos device in symmetric active mode, sometimes also referred to as a or mode. In this case, the local device and the remote system can synchronize with each other. Some other points to keep in mind, if an A.P. climbed drifts by more than 128 milliseconds, it will try to synchronize with the server. Which means if the time on the local Junos device is offset by more than 120 in milliseconds, it will try to synchronize the time data with the server. It is also possible to manually synchronize with a server by using the operational mode command set date A.P. from the examination perspective.
It is important that you remember the command. Now, when you’re configuring A.P. on a Junos device, you can configure what is called as an A.P. server and you can also configure what is called as an A.P. boot server. Let’s understand the difference. When an A.P. boot server is configured, when the device boots up, it immediately synchronizes with the boot server. So the boot server configuration is used when the Junos device is booting up. This will happen even if the A.P. process is explicitly disabled. Very important to keep in mind when you have A.P. boot server configured on a Junos device, even if the A.P. process is not running or explicitly disabled, the device will still try to synchronize with the boot server. This only happens when the devices booting up. On the other hand, if you configure the Junos device with an A.P. server address, it will periodically try to synchronize for time updates. So the key difference is that when you have the boot server configured, the device will try to get the time at the time of booting. Whereas when you have the server configured or when you have the A.P. time server configured, the device will try to periodically get the time data. Junos recommends configuring the A.P. server as a good practice because when you have the Junos device running for a long time, for months and for years, the clock of the Junos device can drift. So when you have the A.P. server configured, the Junos device will periodically try to synchronize its clock. Now let’s get to the Junos terminal and see how to configure this.
All right. I’m here at the Junos terminal to configure. A.P. will first navigate to edit system A.P. and let’s start where it set space question mark. And we can see here that we can configure a boot server, the configuration that we spoke about. So when you configure a boot server, the server will be used to synchronize the time when the Junos device puts up. So we could do set boot server and then we can provide the IP address or we can simply configure a server to which this Junos device will try to synchronize the time with. Notice that we have support for authentication as well. So we could do set authentication key. And let’s start with a question mark. We need to provide a key number also one, because this is my first authentication key. And then we can specify the type, which can be MDT five, SHAA one or SHA two, five, six. Let’s say, for example, MDT five. And now we can provide the authentication key value. So A.P. supports authentication as well. I’m going to go back here and do set space. Question mark again. Notice you have the option to specify your broadcast parameters. And this will make the Junos device operate in a broadcast mode. So set broadcast. And then you can provide the broadcast or the multicast address. If you wanted to configure a pure mode, you would do set PIERE and then you can provide the name or the address of the pier. For now, let’s configure an A.P. server address. So I’m going to say set server space question. And I’m going to use a public A.P. server which is pulled out, A.P. . or G. And I wouldn’t do a commit here. And let’s go back to the operational mode now. If you wanted to look at your local time or the time on your Junos device, you can do show up time or that should be show system up time. And now you can see that this is the current time of the device.
Notice that we’ve already synchronized with an A.P. clock. And here you can see when was the system booted and when was the system last configured? You can also see the uptime of the device. And let’s take a look at the A.P. association. So let’s do show A.P. associations. And here we can see that we’ve already synchronized with an A.P. clock. Let’s also do show A.P. status that will show us the status of the A.P. configuration. So here we can get all the detailed information about the A.P. status. So the key takeaway here is that the Junos device can operate in three A.P. modes. You have to broadcast mode. You have declined in server mode and then you have the pure mode. And also keep in mind that the Junos device can act as a client where it just consumes the time data or it can also act as a server where it is sending time data to other sources. One last thing before we end this video is the set date A.P. command, which can be used to manually synchronize with an A.P. clock.
So if I do set date, A.P. enter over here, this will automatically use the A.P. server configured on the device. Or if we wanted to provide another A.P. server for synchronization, we can do set date A.P.. And then we can provide a server IP address if we wanted to synchronize to a different NDB server than what is configured on the Junos device. All right. I’m here at the Junos device to configure the A.P. settings will first navigate to edit system A.P.. And let’s start with a question mark. So we’ll do set space question mark. Notice here we have the option to provide a boot server IP address. This will be used to synchronize the clock at the time of device boot. Or we can provide a server IP address, which will be used to periodically update the time. Notice that we can also provide an authentication key. So we could do set authentication key and we’ll provide a key number. I’ll say one because this is my first key. And then we can provide an authentication key type, which can be empty five sha one or sha two five six. Let’s say MDT five. And then we can provide the authentication key value. So an important thing to keep in mind is that A.P. supports authentication.
If you wanted to configure the device in the broadcast mode. You could do set broadcast. Set, broadcast, and then we can provide the broadcast or multicast address where we want to send the time data. If you want to configure the device in a pure mode, you could do set pure and then you can provide the name or the address of the pier. For now, let’s configure an A.P. server. So also set server space. Question mark. And now we can provide the name or the address of the server. I’m going to use a public A.P. server which is pooled on A.P. Dorji. Keep in mind, when you’re providing a domain name, you should have a name server configured because the Junos device will try to resolve this to an IP address, a press enter. And although commit. Let’s go back to the operational mode. And the first thing we’re going to do is take a look at the system uptime. So let’s do show system up time. So this is a really useful command. It shows you that current time of the device. And it also shows you when was the device last configured, who configured it and for how long has the device been up? It also shows you how many users are currently locked into the device. OK. Now let’s take a look at the A.P. association.
So let’s do show A.P. associations. And now we can see that we’ve associated with an A.P. server. So now we’re getting the time data from that server. And another command that you can use is show A.P. status, which will show you the status of your A.P. configuration. One last command that we’re going to look at is set date A.P.. This command is used to manually synchronize with an A.P. server. If you press enter here, it will automatically synchronize with the configured A.P. server. So that’s done. Or if you want to synchronize with another A.P. server, you could do set date A.P.. And then you can provide the IP address of the A.P. server that you want to synchronize with. So the key takeaway here is that the Junos device can be configured in one of the three modes broadcast mode, client or server mode or a peer mode. And the Junos device can be configured to accept time data, or it can also be configured to distribute time data to other devices. Before we end the video, let’s do the command again show system up time just to see if we synchronized with an A.P. clock press enter. And now we can see that we are receiving time data from an A.P. clock.
52. SNMP
Let’s now talk about simple network management protocol. This is a very commonly used protocol to monitor network devices. Let’s talk about it. What is as an MP? Well, as an MP or simple network management protocol allows the monitoring of network devices from a central location. So what can we monitor with as an MP? As an MP can be used to monitor the device, state the device interfaces temperature statistics, resource utilization errors, bandwidth usage, et cetera. So pretty much everything that’s happening on your device can be monitored remotely by using the SMP protocol. This is done using two entities. First, we have an S&P agent. And second, we have a server that is used for monitoring, which is called less than network management system or in a. Talking about the S&P agent. It’s a process that runs on the device and is responsible for exchanging network management information with the S&P manager software running on an animus or network management system. It also responds to requests for information and actions from the manager. Talking about the animals, it is responsible for collecting information about network connectivity, activity and events. And this is done by pulling the managed devices. So this is how it works. We have a server on which we have a monitoring software and that server is called us in a mess or network management system. And then we have the MENAGED device.
The enemy’s starts by pulling the managed device and the MENAGED device since the requested information in the form of a response. There are three versions for S&P. The first one is as an MP, version one. This was the initial implementation of S&P. And it defined the architecture and framework for as an MP. Next, we have as an MP version to see. And this is a very popular version. This version added support for community strings, which act as passwords that determine who, what and how the S&P clients can access data in the S&P agent. Then we have version three, and this version provides data integrity, data, origin authentication, message replay, protection and protection against disclosure of message payload. So from a security standpoint, as an MP, version three is the preferred choice. Data integrity ensures that data stays consistent over its entire lifecycle. Data origin authentication ensures that data has not been modified while in transit and that the receiver is able to verify the source of the message because of these added security features.
As an MP, version three is preferred. The data for S&P is organized in a structure which is called as management information base, also known as MIB. As an MP, data is stored in a highly structured hierarchical format known as the management information base. The MIB structure is based on a tree structure with related objects being grouped together. Each object in the MIB is associated with an object identifier, also known as Oh I.D., which names the object. The leaf in the tree structure is the actual managed object instance, which can represent a resource event or activity that occurs on the device. Here’s a screenshot of what the MIB looks like. As you can see, it has a tree structure and similar information is grouped together in the screenshot here. We can see authentication related events and the leaf in that tree is the object that we’re looking for. The leaf represents a resource or it can represent an event on the device. The management information base can also be found on Juniper’s Web site.
Let’s take a look at it. All right, I’m here at Juniper’s Web site. The Web page you’re looking for is apps, . juniper, . net. And once you reach this page here, you’ll have a link that says S&P, MIB, Explorer. When you click the link, it will open up another page that looks like this. First, we need to start by selecting the product and then the released version for which we want to see the MIB structure. Once you click the released version, you can see the MIB structure over here. For example, here I’m looking at the Juniper MIB or the management information base, and we can open up any of these trees over here. And you’ll notice similar type of events are grouped together. For example, here I have events related to the CHESSY. If I open that up, these are the leaves that we’re talking about. Each leaf over here identifies a specific event on the device. For example, here we have an object for fan failure. Notice that every object has a name. It also has an object identifier. It has a syntax called trap. We’ll talk about it and then we have a description. This specific object here is associated with a fan failure. So if we have a cooling fan failure on the device, this object is used to notify the enemies. Similarly, we have leaves or objects for every event and every resource on the Junos device.
Back over here, the M-I bees are either standard or enterprise specific. Standard M-I bees are defined by IETF or the Internet Engineering Task Force and enterprise specific M-I bees are defined by a specific equipment manufacturer. Let’s now talk about as an MP communication, what are the packets used to communicate as an MP information, the first type of packet is gets requests. So we have get get bulk and get next requests. This is used by the manager to request information from the agent and the agent will return information in it, get response message. Then we have set requests. This is used by the manager to change the value of an MIB object controlled by the agent. The agent indicates status in a set response message. And finally, we have trap notification. This is used by the agent to notify the manager of significant events that occur on the device.
Let’s talk about traps and informs Junos devices can send notifications to S&P managers when significant events occur on a network device, most often errors or failures. As an MP, notifications can be sent as trap’s or as informed requests. As an MP, traps are unconfirmed notifications, while as an MP informs our confirmed notifications. Having understood this. Let’s now get to the Junos terminal and see how to configure this. All right, I’m here at the Junos terminal. Before we can figure this, let’s take a look at the objects available on the device. Right now, I’m in the operational mode. I’m going to use the command show as an MP and we’ll use the key word, MIB to take a look at the MIB objects. And we have different options here. We can use the get command. We can use get next or we can use the watch command. We’ll use the walk command to take a look at the MIB. Now, at this point, we need to specify the object name. I’m going to specify the object name as J and X, am I? This is the root of Juniper or I.D. So show as an MP MIB Warp Genex M IBS. And here we can see all the objects that can be queried from the Junos device. So if we take a look at it here, we can see some of the values configured on this device. Like this is the product line. This is the description of the device. Here is the serial number. And as we go down here, we have some objects that talk about LCD statuses.
The device that I’m working on right now is a V Essar X, so it doesn’t have a physical LCD, but we can definitely see the objects associated with that. And as we keep going down this table, we can see information about every object, every event that is happening on this device. What we are seeing here are the object identifiers. It’s also possible to see the object names, controls, see to exit out. We’ll use the same command again. Show us an MP. It might be walk, but this time, instead of specifying Gen X m IBS, which is the root of the O I.D., will do specify one show as an MP, MIB walk one and that will show you all the object names. So here we can see the uptime. We can see the system name system location, which has not been sent right now. You have some interface objects over here. Like the interface speed, the physical address, which is the MAC address, the Admon status, operational status, et cetera. So we can look at the object I.D. or we can look at the object names. But remember, right now we are doing this from the device itself. We want to be able to see these values from a remote management system, because if you are in an enterprise, there are going to be several of these devices and you need to monitor them from a centralized location.
Let’s configure that first will enter the configuration mode and the configuration for us and MP is from the edit as an MP hierarchy. I’ll start with sex based question mark. Let’s start by setting a name for the device set name. And I’m just gonna call this as my Junos. Right now, we’re going to configure as an MP version to see as an MP version to see only uses a community string to access the device. Before we said the community string, let us also set one more value here. Let’s set the value for contact, which is the contact information for the administrator. So that’s me. I’ll put my phone number here. All right. And finally, we need to provide a community string that will be used to access the device remotely. So we’ll set set as an MP. We are already in the SNP configuration mode. So we don’t need that keyword set question mark. And the keyword is community, said community. And now we can provide a community string. I’ve got to call this as my Junos. Let’s do a question mark here.
We can execute this command or we can set some additional values. So let’s do that. So I’m going to say set community my Junos and let’s set the authorization type is only read only. And finally, we also need to set the client addresses or the addresses that will be used to access this device or monitor this device. Let’s do that, said community. My Junos. Clients. And let’s add the client IP address, which is 10 . 0, the ten . one hundred. Let’s do a show. So we’ve said a name for the device. We’ve set a contact information. We’ve set a community string authorization type is read only. And here’s the IP address from where we’re going to access this device. Let’s do a comet. OK, now we’ll move to another device from where we’ll try to monitor the SRX, the other device is over here. Now, this device has two network interface cards. The first network interface card is 10 0, 030 50. And the second interface card is 10 0 ten one hundred. Now, let’s go to the network monitoring system and try to monitor this device. This is a Ubuntu machine. And I’m going to use the utility called as an MP walk.
To monitor myosin MP device, so as an MP walk, the version is to see. And then I need to provide my community string, which is my Junos. And the IP address of the device. 10, 0, ten, two, five, four. Press enter. And now we can see all the objects from that device. That’s a lot of information. So using this feature call as an MP, we can monitor every event, every resource, every activity that is happening on the device. There are network monitoring utilities available in the market that also have a nice graphical user interface to show you different statistics and utilization levels on the device. Here’s an example. I’m going to use this tool to monitor the SMP device that we configured. We first need to add a server. So the server type is networking device, and I’m going to provide the IP address 10 0 10 two five four and the community string, which is my Junos. And add device. So this isn’t working. And there’s a reason for that. The reason is I haven’t added the IP address of this server into the client list on my Junos device. So let’s go back to the S.R. X terminal and add the IP address of that device. So here’s my terminal. And as you can see, we’ve added only one server.
We need to add the other server as well. So I’m gonna say set community, my Junos clients and the IP address of the other device, which is 10 0 10 forty to a show. Looks good. Let’s do commit. And now when we go back to that server and if you try again. The device has been added. So here’s the device. I’m going to click on the device and now we can monitor the device remotely. We’ll give it a few seconds and then we can start seeing the utilization levels off the device. What we’ve seen now is the configuration of S&P version to see the key takeaway here is to remember the purpose of S&P, which is to remotely monitor your network devices.
It works with two entities, the S&P agent, which is a process running on the device, and a network management system, which is a server that is used to monitor the device. There are three versions of S&P. We have S&P version one, version two C and version three. From a security standpoint, version three is the preferred version. Also, keep in mind that S&P uses a tree structure called MIB in which objects of similar type are grouped together. And the leaf represents a resource event or activity to monitor. And my bees can be of two types standard, my bees, which are defined by IETF or enterprise specific MIB as defined by the equipment vendor.