Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Add_workflow_for_techpubs
AUTH1sbsarkarUserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26ca7f046c, userName='null'}
REV5bscogginsUserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cd5909df, userName='null'}
REV6bscogginsUserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cd5909df, userName='null'}
REV3sguhaUserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c8c30174, userName='null'}
REV1mborikarUserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cdcc0a9b, userName='null'}
REV2dpaniyoorUserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cc650806, userName='null'}

Use this object to trace route for specific peer IP addresses.

The object processes the traceroute requests from the Signaling Gateway (SG). The traceroute functionality for a peer IP address is invoked by sending a traceroute request message to the Traceroute module. The message contains details of the peer 's IP address, which is processed by the TRCRT/Traceroute module.

This object addresses the following scenarios:

  • If the ARS blacklists a server, SIP Signaling Gateway (SIPSG)  sends a traceroute request to log the route for the blacklisted server.
  • When the Gateway-Gateway (GW-GW) TCP connection is lost and cannot be restored, the Gateway Signaling Gateway (GWSG) sends traceroute request to log the route for the peer GW server.
  • When the establishment of a GW-GW connection fails.
  • When a peer IP address is blacklisted by the PathCheck process via the ARS mechanism.

To allow the Internet Control Message Protocol (ICMP) packets from different routers when the traceroute starts, an Access Control List (ACL) entry is configured. As soon as the traceroute output is available, this ACL entry is removed.

Info
iconfalse
titleNote

For the traceroute utility to work, a higher precedence "IP ACL rule" is created to accept ICMP traffic on the SIP Signaling port. This rule overrides any "deny-all" or "deny-ICMP" User ACL rule configured by the Administrator. This higher precedence "IP ACL rule" is created before the start of traceroute for an endpoint, and is be removed as soon as the traceroute is over. Thus, for the brief duration of traceroute, the ICMP traffic to the Signaling port is allowed from any IP address, even if "deny-ICMP" or "deny-all" User ACL rules are configured in the system. 

 

From the EMA main screen, navigate to All > Address Context > Zone > Traceroute Sig Port.

The Traceroute Sig Port window is displayed.

Caption
0Figure
1Traceroute Sig Port window

 

Select the Address Context and the Zone from the dropdown lists.

Caption
0Figure
1Adress Context and Zone dropdowns

 

The Edit Traceroute Sig Port window is displayed.

Caption
0Figure
1Edit Traceroute Sig Port window

 

Click Save to save the changes, or Undo Edits to cancel the changes.

On saving successfully, the Success Message is displayed.

The descriptions of the parameters displayed are:

Caption
0Table
1Traceroute Sig Port - Parameter Descriptions
ParametersDescription
State

Administrative state of the concerned Security Policy Database entry for Traceroute Sig Port.

  • Disabled (default)
  • Enabled
Probe Method

Traceroute probe method.

  • UDP (default)
  • Icmp

Pagebreak