Hi Guys/Gals - I don't post here often but I read with interest all the postings. - I've been on a lot of mailing lists, but this one is by far the most interesting. I've been doing a lot of work with 'tftp' loading Cisco 79xx phones with firmware, configs. for asterisk, etc. And I see where a lot of folks have trouble with 'tftp', use alternate port numbers (probably to get around firewall issues), etc. - And I've even seen where some folks complain that 'tftp' is one of the 'worst' protocols on the Internet. At the end of this posting, I've included a little tid-bit on 'primary/alternate' 'tftp' servers for the Cisco 79xx phone setup. This next part is mainly for 'newbies' who are new to asterisk & haven't got a clue as to what 'tftp' is. - Advanced users, geeks, etc., please disregard the next part if you want. Apologize in advance if this is boring. Going back to 'Networking 101', just exactly what is 'tftp'? - Is there any reason WHY it came into being in the first place? 'tftp' stands for 'Trivial File Transfer Protocol'. - Unlike the more popular 'ftp' protocol, 'tftp' is considered 'non-secure'. - Meaning that no login name/password challenge is require. - The 'device' (computer, phone, whatever) sends a request to the 'tftp' server for the file & the server sends it. - Plain and simple. 'tftp' also uses the 'UDP' (User Datagram Protocol). - The main difference between 'UDP' and 'TCP' is that 'UDP' uses NO ERROR CORRECTION. - No 'acks' & 'naks' to make sure all the packets arrive okay at the receiving end. - It's up the receiving end to make sure everything was received okay. Why tftp? - Back in the 'olden' days.... When hard disk drives were expensive, the Unix folks (i.e. the folks at Sun Microsystems) came up with the idea of 'diskless workstations'. - But for a 'diskless workstation' to boot up & load an operating system, enter 'tftp'. When you fired up your diskless work station, it would start up, DHCP it's network stuff then go out to the 'tftp' server for it's O/S. - The 'tftp' server would send the 'boot image' and your workstation would be up and running. - Simple as that. Well, not really that simple. - Here's a couple of 'Hows?' and 'What ifs?'. How did the workstation lean the IP address of the 'tftp' server when it booted? When the workstation DHCP'd it's IP address, netmask, gateway, etc., it ALSO got the "PRIMARY TFTP SERVER ADDRESS". - This part is STILL part of the DHCP protocol but a lot of folks don't know it. - Also, for historical purposes, in the olden days we didn't call it DHCP. - It was called 'bootp' - or 'bootpset'. What if the 'boot image' got mangled when the workstation loaded it? Good question. - When the workstation received the 'boot image', the 'boot image' also included a 'checksum' (much similar to our present day md5-checksum). - This checksum was verified. - If it didn't match, the workstation simply asked for the 'boot image' file again. In those days, 'tftp' usually worked very well. - Mainly because all the 'devices' were on the same segment of Ethernet. For newbies.- We asterisk/IP-Phone folks use 'tftp' to let our phones/devices download their configs. when logging into asterisk. - I'm not going into detail here how it works. - There's plenty of docs., readmes, & man pages covering this. Today, when we start doing 'tftp' transfers over several hundred/thousand miles of 'Internet', things can get complicated. - I have a 'Broadvoice' account and hit it with a Sipura ATA. - This means that I 'tftp' whenever I fire up my Sipura. - But I live in JAPAN. - And that's not a short-haul from me to the 'Broadvoice' 'tftp' server. - But most of the times, I boot up just fine. If your phones/devices are on the same local Ethernet segment, you should be okay. - But if you have long distances or firewalls between your devices and the 'tftp' server, you might encounter some difficulties. If you have 'tftp' problems, take a good hard look at your network. But don't blame your problems on the protocol itself. Cisco 79xx phones & 'tftp' server addresses. When configuring a Cisco 79xx phone, you'll probably see configs. for 'primary' and 'alternate' 'tftp' server. - Especially if the phone is configured for DHCP. - You'll also notice that you CANNOT make any changes to the 'primary tftp' server but you can define an 'alternate tftp' server. Reason - If the Cisco phone DHCP's a 'tftp' server address, it will become the phone's 'primary tftp' server. - In most cases, it probably won't (but that's up to your network admin). - If you wish to manually define a 'tftp' server, you have to set it up as an 'alternate tftp' server. - If this is the case, the phone will let the 'alternate tftp' server's address OVERRIDE the 'primary tftp' server's address (if you DHCP'd one or not). Bottom line. - If you want to force your Cisco 79xx phone to go to a specific 'tftp' server, set that server's address as the 'alternate tftp' server. Gary Guthary gguthary@jtech.net
Just an additional FYI: My company uses TFTP for end-users of our telephone service for configuration of their Linksys ATAs. We have had very little issues with our customers (home and business end-users over the internet). Of course, we have our ATAs only pulling configs every once in a while, not upon boot every time, as the Sipura-SPA might (although Linksys's ATAs have sipura-spa backends, AFAIK, let me know if I'm wrong). I do agree though, with the point of multiple traversals of segements and firewalls, and even the point of US to Japan being a possible problem. My $0.02 Sherwood McGowan ->-----Original Message----- ->From: asterisk-users-bounces@lists.digium.com ->[mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of ->Gary Guthary ->Sent: Thursday, August 04, 2005 1:29 PM ->To: asterisk-users@lists.digium.com ->Subject: [Asterisk-Users] TFTP - Good or Bad? -> ->Hi Guys/Gals - -> ->I don't post here often but I read with interest all the ->postings. - I've been on a lot of mailing lists, but this one ->is by far the most interesting. -> ->I've been doing a lot of work with 'tftp' loading Cisco 79xx ->phones with firmware, configs. for asterisk, etc. -> ->And I see where a lot of folks have trouble with 'tftp', use ->alternate port numbers (probably to get around firewall ->issues), etc. - And I've even seen where some folks complain ->that 'tftp' is one of the 'worst' protocols on the Internet. -> ->At the end of this posting, I've included a little tid-bit on ->'primary/alternate' 'tftp' servers for the Cisco 79xx phone setup. -> ->This next part is mainly for 'newbies' who are new to ->asterisk & haven't got a clue as to what 'tftp' is. - ->Advanced users, geeks, etc., please disregard the next part ->if you want. -> ->Apologize in advance if this is boring. -> ->Going back to 'Networking 101', just exactly what is 'tftp'? ->- Is there any reason WHY it came into being in the first place? -> ->'tftp' stands for 'Trivial File Transfer Protocol'. - Unlike ->the more popular 'ftp' protocol, 'tftp' is considered ->'non-secure'. - Meaning that no login name/password challenge ->is require. - The 'device' (computer, phone, ->whatever) sends a request to the 'tftp' server for the file & ->the server sends it. - Plain and simple. -> ->'tftp' also uses the 'UDP' (User Datagram Protocol). - The ->main difference between 'UDP' and 'TCP' is that 'UDP' uses NO ->ERROR CORRECTION. - No 'acks' ->& 'naks' to make sure all the packets arrive okay at the ->receiving end. - It's up the receiving end to make sure ->everything was received okay. -> ->Why tftp? - Back in the 'olden' days.... When hard disk ->drives were expensive, the Unix folks (i.e. the folks at Sun ->Microsystems) came up with the idea of 'diskless ->workstations'. - But for a 'diskless workstation' to boot up ->& load an operating system, enter 'tftp'. -> ->When you fired up your diskless work station, it would start ->up, DHCP it's network stuff then go out to the 'tftp' server ->for it's O/S. - The 'tftp' ->server would send the 'boot image' and your workstation would ->be up and running. - Simple as that. -> ->Well, not really that simple. - Here's a couple of 'Hows?' ->and 'What ifs?'. -> ->How did the workstation lean the IP address of the 'tftp' ->server when it booted? -> ->When the workstation DHCP'd it's IP address, netmask, ->gateway, etc., it ALSO got the "PRIMARY TFTP SERVER ADDRESS". ->- This part is STILL part of the DHCP protocol but a lot of ->folks don't know it. - Also, for historical purposes, in the ->olden days we didn't call it DHCP. - It was called 'bootp' - ->or 'bootpset'. -> ->What if the 'boot image' got mangled when the workstation loaded it? -> ->Good question. - When the workstation received the 'boot ->image', the 'boot image' also included a 'checksum' (much ->similar to our present day md5-checksum). - This checksum was ->verified. - If it didn't match, the workstation simply asked ->for the 'boot image' file again. -> ->In those days, 'tftp' usually worked very well. - Mainly ->because all the 'devices' were on the same segment of Ethernet. -> ->For newbies.- We asterisk/IP-Phone folks use 'tftp' to let ->our phones/devices download their configs. when logging into ->asterisk. - I'm not going into detail here how it works. - ->There's plenty of docs., readmes, & man pages covering this. -> ->Today, when we start doing 'tftp' transfers over several ->hundred/thousand miles of 'Internet', things can get ->complicated. - I have a 'Broadvoice' ->account and hit it with a Sipura ATA. - This means that I ->'tftp' whenever I fire up my Sipura. - But I live in JAPAN. - ->And that's not a short-haul from me to the 'Broadvoice' ->'tftp' server. - But most of the times, I boot up just fine. -> ->If your phones/devices are on the same local Ethernet ->segment, you should be okay. - But if you have long distances ->or firewalls between your devices and the 'tftp' server, you ->might encounter some difficulties. -> ->If you have 'tftp' problems, take a good hard look at your ->network. But don't blame your problems on the protocol itself. -> ->Cisco 79xx phones & 'tftp' server addresses. -> ->When configuring a Cisco 79xx phone, you'll probably see ->configs. for 'primary' and 'alternate' 'tftp' server. - ->Especially if the phone is configured for DHCP. - You'll also ->notice that you CANNOT make any changes to the 'primary tftp' ->server but you can define an 'alternate tftp' server. -> ->Reason - If the Cisco phone DHCP's a 'tftp' server address, ->it will become the phone's 'primary tftp' server. - In most ->cases, it probably won't (but that's up to your network ->admin). - If you wish to manually define a 'tftp' ->server, you have to set it up as an 'alternate tftp' server. ->- If this is the case, the phone will let the 'alternate ->tftp' server's address OVERRIDE the 'primary tftp' server's ->address (if you DHCP'd one or not). -> ->Bottom line. - If you want to force your Cisco 79xx phone to ->go to a specific 'tftp' server, set that server's address as ->the 'alternate tftp' ->server. -> ->Gary Guthary ->gguthary@jtech.net -> -> -> ->_______________________________________________ ->Asterisk-Users mailing list ->Asterisk-Users@lists.digium.com ->http://lists.digium.com/mailman/listinfo/asterisk-users ->To UNSUBSCRIBE or update options visit: -> http://lists.digium.com/mailman/listinfo/asterisk-users ->
On Fri, Aug 05, 2005 at 02:28:36AM +0900, Gary Guthary wrote:> Hi Guys/Gals - > > I don't post here often but I read with interest all the postings. - I've > been on a lot of mailing lists, but this one is by far the most interesting. > > I've been doing a lot of work with 'tftp' loading Cisco 79xx phones with > firmware, configs. for asterisk, etc. > > And I see where a lot of folks have trouble with 'tftp', use alternate port > numbers (probably to get around firewall issues), etc. - And I've even seen > where some folks complain that 'tftp' is one of the 'worst' protocols on the > Internet. > > At the end of this posting, I've included a little tid-bit on > 'primary/alternate' 'tftp' servers for the Cisco 79xx phone setup. > > This next part is mainly for 'newbies' who are new to asterisk & haven't got > a clue as to what 'tftp' is. - Advanced users, geeks, etc., please disregard > the next part if you want. > > Apologize in advance if this is boring. > > Going back to 'Networking 101', just exactly what is 'tftp'? - Is there any > reason WHY it came into being in the first place? > > 'tftp' stands for 'Trivial File Transfer Protocol'. - Unlike the more > popular 'ftp' protocol, 'tftp' is considered 'non-secure'. - Meaning that no > login name/password challenge is require. - The 'device' (computer, phone, > whatever) sends a request to the 'tftp' server for the file & the server > sends it. - Plain and simple. > > 'tftp' also uses the 'UDP' (User Datagram Protocol). - The main difference > between 'UDP' and 'TCP' is that 'UDP' uses NO ERROR CORRECTION. - No 'acks' > & 'naks' to make sure all the packets arrive okay at the receiving end. - > It's up the receiving end to make sure everything was received okay.It also makes it relatively simpler for someone on the same LAN (mostly) to fake being a tftp server for that client (or vice versa). A UDP packet is generally more predictable, so if I wanted to send the phone bogus firmware or bogus config, it would generally be easier for me than if the server has read the files using, e.g. HTTP. HTTP is simple, well-supported and supports all the "file transfers" operations TFTP supports. -- Tzafrir Cohen | tzafrir@jbr.cohens.org.il | VIM is http://tzafrir.org.il | | a Mutt's tzafrir@cohens.org.il | | best ICQ# 16849755 | | friend