Page History

Panel

In this section:

Table of Contents

maxLevel	4

Feature

Overview

Excerpt

The

Spacevars

0	series4product3

communicates with the external PSX over the Management Interface and Packet Interface. The

Spacevars

0	productproduct3

can choose any alternate IP addresses attached to the Packet Interface to communicate with the external PSX over the Management Interface and/or Packet Interface.

The communication between the SBC

Spacevars

0	product3

and the external PSX follows a sequence, as described below:

The
Spacevars
0 product
requests registration and receives response from PSX.
The
Spacevars
0 product
periodically sends request to know the status of external PSX.
The
Spacevars
0 product
requests for policy and receives response.
The
Spacevars
0 product
requests for de-registration and receives response.

The SBC

Spacevars

0	product

global configuration includes an optional metaVariable field (ipVar) to fetch an IP address from the PSX for use in connecting with the PSX. When the ipVar field is blank, the

Spacevars

0	product

picks any random IP address from the configured interface to connect with the PSX.

Additionally, the interfaceIpAddress field is added to the policyServer 'show' command to identify the IP address the

Spacevars

0	product3

SBC uses to communicate with the PSX for the specified Policy Server.

EMA Changes

EMA UI Path: Configuration > System Setup > Policy Server > Global Config

Caption

0	Figure
1	ipVar

Image Removed

EMA UI Path: Monitoring > Dashboard > System Status > Policy Server Status

Caption

0	Figure
1	Interface IP Address

Image Removed

Best Practice

Before Configuring the ALT IP Address in Cloud

The

Spacevars

0	product

displays the following output before the ALT IP Address is configured in Cloud.

Preliminary Steps

Login to the CLI and perform the following steps to view the current default ACL statistics and metaVariable data before configuring the

Spacevars

0	product3

to use alternate IP addresses.

Info
Note
Port number 3055 is used as default for D+ query. In the below example, the Source IP Address is fd00:10:6b50:41c0::d/128 (3055) and the Destination IP Address is displayed as *, since Destination IP is not configured.

The Diameter Server (DS) protocol is used for communication between the

Div

class	pdf8pttext

Step Action

1

Enter the following command to view the default ACL statistics (see Example 1 for example results):

show table addressContext default ipAccessControlList defaultAclStatistics

The Diameter Server (DS) protocol is used for communication between the

Spacevars

0

productcode

product3

and external PSX. The default Access Control List (ACL) for DS process is created over Management (MGT).

2	Enter the following command to view the IP addresses associated with the corresponding metaVariable (see Example 2 for example results). show table

addressContext default ipAccessControlList defaultAclStatistics ADDRESS LIF ACL CONTEXT GRP POLICING BUCKET ID PROTOCOL APPLICATION ID ID SOURCE IP ADDRESS DESTINATION IP ADDRESS MODE SIZE CREDIT RATE ----------------------------------------------------------------------------------------------------------------------------------------------------------- 7 ICMPv4 icmp_v4 * * * (0) * (0) PktRate 50 pkt 50 pkt/s 8 ICMPv6 icmp_v6 * * * (0) * (0) PktRate 50 pkt 50 pkt/s 9 UDP dhcpv4 * * * (67) * (0) PktRate 50 pkt 1000 pkt/s 10 UDP dhcpv6 * * * (547) * (0) PktRate 50 pkt 1000 pkt/s 11 TCP metadata1 * * 169.254.169.254 (80) * (0) Bypass 0 0 12 TCP emsregistrar * * * (443) * (0) Bypass 0 0 38 TCP ssh 1 1 * (0) fd00:10:6b50:43a0::d6/128 (22) PktRate 50 pkt 1000 pkt/s 39 TCP web-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (80) PktRate 50 pkt 10 pkt/s 40 UDP snmp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (161) PktRate 50 pkt 1000 pkt/s 41 TCP confd 1 1 * (0) fd00:10:6b50:43a0::d6/128 (2022) PktRate 50 pkt 100 pkt/s 42 TCP secure-web-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (443) PktRate 50 pkt 20000 pkt/s 43 TCP sftp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (2024) PktRate 50 pkt 20000 pkt/s 44 TCP connexIp-manager 1 1 * (0) fd00:10:6b50:43a0::d6/128 (444) PktRate 50 pkt 20000 pkt/s 45 TCP secure-LI-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (1099) PktRate 50 pkt 10 pkt/s 46 TCP ssreq-tcp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (3091) PktRate 50 pkt 10 pkt/s 47 UDP ssreq-udp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (3090) PktRate 50 pkt 10 pkt/s 48 TCP data-agent-platform-tcp 1 1 * (5042) fd00:10:6b50:43a0::d6/128 (4041) PktRate 500 pkt 5000 pkt/s 49 TCP data-agent-app-tcp 1 1 * (5042) fd00:10:6b50:43a0::d6/128 (4042) PktRate 500 pkt 5000 pkt/s 50 TCP data-agent-trc-tcp 1 1 * (5043) fd00:10:6b50:43a0::d6/128 (4043) PktRate 500 pkt 5000 pkt/s 51 UDP ntp 1 1 169.254.120.4/32 (123) * (0) PktRate 50 pkt 10 pkt/s 52 UDP safenet_udp 1 1 fd00:10:6b50:43a0::c3/128 (5093) * (0) PktRate 1200 pkt 1200 pkt/s 53 UDP dns 1 3 fd00:10:6b50:45c0::b5/128 (53) * (0) PktRate 50 pkt 1000 pkt/s 54 TCP dns 1 3 fd00:10:6b50:45c0::b5/128 (53) * (0) PktRate 50 pkt 1000 pkt/s 55 * sip-sig-port * 5 * (0) 10.54.226.144/32 (0) PktRate 50 pkt 3000 pkt/s 56 * sip-sig-port * 6 * (0) 10.54.226.208/32 (0) PktRate 50 pkt 3000 pkt/s 57 * sip-sig-port * 4 * (0) fd00:10:6b50:4d71::4f/128 (0) PktRate 50 pkt 3000 pkt/s 58 * dsbc-sig-port * 4 * (4019) * (0) PktRate 100 pkt 15000 pkt/s 59 UDP ds 1 1 fd00:10:6b50:41c0::d/128 (3055) * (65415) Bypass 0 0 60 UDP ds 1 1 fd00:10:6b50:41c0::d/128 (3054) * (65415) Bypass 0 0 61 UDP ds 1 1 fd00:10:6b50:5690::26/128 (3055) * (65415) Bypass 0 0 [ok]

MetaVariable command displays the IP addresses associated with the corresponding metaVariable.

Code Block

show table system metaVariable

NAME                       VALUE
--------------------------------------------------
IF0.GWV6                   FD00:10:6B50:43A0::1
IF0.IPV6                   FD00:10:6B50:43A0::D6
IF0.Port                   Mgt0
IF1.GWV4                   10.10.20.1
IF1.IPV4                   10.10.20.23
IF1.Port                   Ha0
IF2.GWV6                   FD00:10:6B50:4D74::1
IF2.IPV6                   FD00:10:6B50:4D74::D6
IF2.Port                   Pkt0
IF3.GWV6                   FD00:10:6B50:4D70::1
IF3.IPV6                   FD00:10:6B50:4D70::F
IF3.Port                   Pkt0
IF4.GWV6                   FD00:10:6B50:4D71::1
IF4.IPV6                   FD00:10:6B50:4D71::4F
IF4.Port                   Pkt0
IF5.GWV4                   10.54.226.129
IF5.IPV4                   10.54.226.144
IF5.Port                   Pkt0
IF6.GWV4                   10.54.226.193
IF6.IPV4                   10.54.226.208
IF6.Port                   Pkt0
IF7.GWV4                   10.10.13.1
IF7.IPV4                   10.10.13.23
IF7.Port                   Pkt1
IF2.VlanId                 313
IF3.VlanId                 309
IF4.VlanId                 310
IF5.VlanId                 311
IF6.VlanId                 312
IF0.PrefixV6               60
IF1.PrefixV4               24
IF2.PrefixV6               64
IF3.PrefixV6               64
IF4.PrefixV6               64
IF5.PrefixV4               26
IF6.PrefixV4               26
IF7.PrefixV4               24
PKT0_V03_ALT_IP_01.IP      FD00:10:6B50:4D71::74
PKT0_V03_ALT_IP_02.IP      FD00:10:6B50:4D71::75
PKT0_V04_ALT_IP_01.IP      10.54.226.181
PKT0_V04_ALT_IP_02.IP      10.54.226.182
PKT0_V03_ALT_IP_01.IFName  IF4
PKT0_V03_ALT_IP_02.IFName  IF4
PKT0_V04_ALT_IP_01.IFName  IF5
PKT0_V04_ALT_IP_02.IFName  IF5
[ok]

Configuring the Alternate IP Address of metaVariable to the `ipVar`

Associate the alternate IP address of metaVariable to the ipVar in globalConfig to specify that the communication to the external PSX is using the IP address that is provided by the metaVariable (ipVar).

Code Block
set system policyServer globalConfig type ip addressContext default ipInterfaceGroup S_DsbcSig_IG3 ipVar PKT0_V03_ALT_IP_02.IP [ok] Commit complete

Configuring the External PSX

Enable the external PSX.

Code Block

set system policyServer localServer PSX_LOCAL_SERVER mode outOfService 
set system policyServer localServer PSX_LOCAL_SERVER state disabled 
set system policyServer remoteServer parrotpsx ipAddress fd00:10:6b50:41c0::d 
set system policyServer remoteServer parrotpsx ipAddress 10.54.28.13 
set system policyServer remoteServer parrotpsx action force state enabled mode active 
[ok] 
Commit complete

Displaying the Configured ipVar

The default ACL for the DS process entry contains the destination IP address with the IP address provided by the metaVariable configured in ipVar field.

Code Block

show table addressContext default ipAccessControlList defaultAclStatistics

                                        ADDRESS  LIF
ACL                                     CONTEXT  GRP                                                                       POLICING  BUCKET
ID   PROTOCOL  APPLICATION              ID       ID   SOURCE IP ADDRESS                 DESTINATION IP ADDRESS             MODE      SIZE      CREDIT RATE
-----------------------------------------------------------------------------------------------------------------------------------------------------------
7    ICMPv4    icmp_v4                  *        *    * (0)                             * (0)                              PktRate   50 pkt    50 pkt/s
8    ICMPv6    icmp_v6                  *        *    * (0)                             * (0)                              PktRate   50 pkt    50 pkt/s
9    UDP       dhcpv4                   *        *    * (67)                            * (0)                              PktRate   50 pkt    1000 pkt/s
10   UDP       dhcpv6                   *        *    * (547)                           * (0)                              PktRate   50 pkt    1000 pkt/s
11   TCP       metadata1                *        *    169.254.169.254 (80)              * (0)                              Bypass    0         0
12   TCP       emsregistrar             *        *    * (443)                           * (0)                              Bypass    0         0
38   TCP       ssh                      1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (22)     PktRate   50 pkt    1000 pkt/s
39   TCP       web-client               1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (80)     PktRate   50 pkt    10 pkt/s
40   UDP       snmp                     1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (161)    PktRate   50 pkt    1000 pkt/s
41   TCP       confd                    1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (2022)   PktRate   50 pkt    100 pkt/s
42   TCP       secure-web-client        1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (443)    PktRate   50 pkt    20000 pkt/s
43   TCP       sftp                     1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (2024)   PktRate   50 pkt    20000 pkt/s
44   TCP       connexIp-manager         1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (444)    PktRate   50 pkt    20000 pkt/s
45   TCP       secure-LI-client         1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (1099)   PktRate   50 pkt    10 pkt/s
46   TCP       ssreq-tcp                1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (3091)   PktRate   50 pkt    10 pkt/s
47   UDP       ssreq-udp                1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (3090)   PktRate   50 pkt    10 pkt/s
48   TCP       data-agent-platform-tcp  1        1    * (5042)                          fd00:10:6b50:43a0::d6/128 (4041)   PktRate   500 pkt   5000 pkt/s
49   TCP       data-agent-app-tcp       1        1    * (5042)                          fd00:10:6b50:43a0::d6/128 (4042)   PktRate   500 pkt   5000 pkt/s
50   TCP       data-agent-trc-tcp       1        1    * (5043)                          fd00:10:6b50:43a0::d6/128 (4043)   PktRate   500 pkt   5000 pkt/s
51   UDP       ntp                      1        1    169.254.120.4/32 (123)            * (0)                              PktRate   50 pkt    10 pkt/s
52   UDP       safenet_udp              1        1    fd00:10:6b50:43a0::c3/128 (5093)  * (0)                              PktRate   1200 pkt  1200 pkt/s
53   UDP       dns                      1        3    fd00:10:6b50:45c0::b5/128 (53)    * (0)                              PktRate   50 pkt    1000 pkt/s
54   TCP       dns                      1        3    fd00:10:6b50:45c0::b5/128 (53)    * (0)                              PktRate   50 pkt    1000 pkt/s
55   *         sip-sig-port             *        5    * (0)                             10.54.226.144/32 (0)               PktRate   50 pkt    3000 pkt/s
56   *         sip-sig-port             *        6    * (0)                             10.54.226.208/32 (0)               PktRate   50 pkt    3000 pkt/s
57   *         sip-sig-port             *        4    * (0)                             fd00:10:6b50:4d71::4f/128 (0)      PktRate   50 pkt    3000 pkt/s
58   *         dsbc-sig-port            *        4    * (4019)                          * (0)                              PktRate   100 pkt   15000 pkt/s
62   UDP       ds                       1        4    fd00:10:6b50:41c0::d/128 (3055)   fd00:10:6b50:4d71::75/128 (65385)  Bypass    0         0
63   UDP       ds                       1        4    fd00:10:6b50:41c0::d/128 (3054)   fd00:10:6b50:4d71::75/128 (65385)  Bypass    0         0
[ok]

Displaying the globalConfig for the External PSX

Displays the globalConfig for the external PSX.

Code Block
show system policyServer globalConfig reconnectTimeout 10; switchOverMode automatic; congestionControl disabled; type ip; addressContext default; ipInterfaceGroup LIG1; ipVar IF2.FIPV4; [ok]

Displaying the Status of PSX

Once the external PSX is enabled, the command displays the status of the PSX.

Code Block

show table system policyServer policyServerStatus

                                                                                                                                                  QUERIES
                                                                                 TRANSACTION  TRANSACTION                                         SKIPPED
                         OPER                           SERVER      TRANSACTION  RETRY        FAILED                REDIRECT  RELEASE   DATA      AND
NAME              INDEX  STATE   IP ADDRESS             RECONNECTS  COMPLETED    ATTEMPTS     ATTEMPTS     VERSION  REQUESTS  REQUESTS  REQUESTS  SERVICED
-----------------------------------------------------------------------------------------------------------------------------------------------------------
hp3psxvm1         2      Down    fd00:10:6b50:5690::26  134         0            0            0            31       0         0         0         0
parrotpsx         1      Active  fd00:10:6b50:41c0::d   0           2            0            0            31       0         0         0         0
PSX_LOCAL_SERVER  0      Down    127.0.0.1              0           0            0            0            31       0         0         0         0
[ok]

Displaying the interfaceIpAddress over which SBC Communicates with PSX

Displays the new interfaceIpAddress entry with the associated IP address (configured in ipVar field) provided by the metaVariable. In this example, interfaceIpAddress is associated with IP address (fd00:10:6b50:4d71::75).

Code Block

show status system policyServer policyServerStatus

policyServerStatus hp3psxvm1 {
    index                     2;
    operState                 Down;
    ipAddress                 fd00:10:6b50:5690::26;
    serverReconnects          134;
    transactionCompleted      0;
    transactionRetryAttempts  0;
    transactionFailedAttempts 0;
    version                   31;
    redirectRequests          0;
    releaseRequests           0;
    dataRequests              0;
    queriesSkippedAndServiced 0;
    queriesSkippedAndRejected 0;
    congestionLevel           0;
    allowancePercent          100;
    negotiatedVersion         0;
    interfaceIpAddress        fd00:10:6b50:4d71::75;
}
policyServerStatus parrotpsx {
    index                     1;
    operState                 Active;
    ipAddress                 fd00:10:6b50:41c0::d;
    serverReconnects          0;
    transactionCompleted      2;
    transactionRetryAttempts  0;
    transactionFailedAttempts 0;
    version                   31;
    redirectRequests          0;
    releaseRequests           0;
    dataRequests              0;
    queriesSkippedAndServiced 0;
    queriesSkippedAndRejected 0;
    congestionLevel           0;
    allowancePercent          100;
    negotiatedVersion         31;
    interfaceIpAddress        fd00:10:6b50:4d71::75;
}
policyServerStatus PSX_LOCAL_SERVER {
    index                     0;
    operState                 Down;
    ipAddress                 127.0.0.1;
    serverReconnects          0;
    transactionCompleted      0;
    transactionRetryAttempts  0;
    transactionFailedAttempts 0;
    version                   31;
    redirectRequests          0;
    releaseRequests           0;
    dataRequests              0;
    queriesSkippedAndServiced 0;
    queriesSkippedAndRejected 0;
    congestionLevel           0;
    allowancePercent          100;
    negotiatedVersion         0;
    interfaceIpAddress        ::;
}
[ok]

Verifying Whether the Configured SBC and the PSX Communication is Successful

Once the IP address is configured for the

Spacevars

0	product

and the PSX communication, follow below procedure to verify:

Login to the

Spacevars

0	product

as a root user.

To verify if the communication between the

Spacevars

0	product

and the external PSX is successful using the packet interface and the configured IP address, execute the following command:

Code Block
tshark -i pkt0.310 -f "port 3055"

Code Block

tshark: Lua: Error during loading:
 [string "/usr/share/wireshark/init.lua"]:46: dofile has been disabled due to running Wireshark as superuser. See http://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
Running as user "root" and group "root". This could be dangerous.
Capturing on 'pkt0.310'
  1   0.000000 fd00:10:6b50:4d71::75 -> fd00:10:6b50:41c0::d UDP 158 Source port: 65385  Destination port: 3055
  2   0.007820 fd00:10:6b50:41c0::d -> fd00:10:6b50:4d71::75 UDP 266 Source port: 3055  Destination port: 65385
  3   5.013407 fd00:10:6b50:4d71::75 -> fd00:10:6b50:41c0::d UDP 182 Source port: 65385  Destination port: 3055
  4   5.015818 fd00:10:6b50:41c0::d -> fd00:10:6b50:4d71::75 UDP 114 Source port: 3055  Destination port: 65385
^C4 packets captured

To verify the operState (Operational State) of the remote server, execute below command:
In this sample output, the operState is Active. The operState mode should always be displayed as Active/Standby/Alternate and not as Down when the policy server's state is enabled and mode is inservice.

Code Blockshow status system policyServer policyServerStatus policyServerStatus hp3psxvm1 { index 2; operState Active; ipAddress fd00:10:6b50:5690::26; serverReconnects 134; transactionCompleted 0; transactionRetryAttempts 0; transactionFailedAttempts 0; version 31; redirectRequests 0; releaseRequests 0; dataRequests 0; queriesSkippedAndServiced 0; queriesSkippedAndRejected 0; congestionLevel 0; allowancePercent 100; negotiatedVersion 0; interfaceIpAddress fd00

system metaVariable

Noprint

Anchor

	Example 1
	Example 1

Example 1:

Toggle Cloak

Click to view example...

Cloak

Anchor

	Example 2
	Example 2

Example 2:

Toggle Cloak

Click to view example...

Cloak

Procedure

Div

class	pdf6pttext

Step Action

1

Configure alternate IP address of metaVariable to the ipVar

Enter the following command to associate the alternate IP address of metaVariable to the ipVar in globalConfig. This allows communication to the external PSX using the IP address that is provided by the metaVariable (ipVar).

set system policyServer globalConfig type ip addressContext default ipInterfaceGroup S_DsbcSig_IG3 ipVar PKT0_V03_ALT_IP_02.IP
[ok]
Commit complete

2

Configure the SBC for an external PSX

Enter the following commands to enable the external PSX.

set system policyServer localServer PSX_LOCAL_SERVER mode outOfService 
set system policyServer localServer PSX_LOCAL_SERVER state disabled 
set system policyServer remoteServer parrotpsx ipAddress fd00:10:6b50:41c0::d 
set system policyServer remoteServer parrotpsx ipAddress 10.54.28.13 
set system policyServer remoteServer parrotpsx action force state enabled mode active
[ok] 
Commit complete

3

Display the configured ipVar

Enter the following command to view the default ACL statistics. The default ACL for the DS process entry contains the destination IP address with the IP address provided by the metaVariable configured in ipVar field .

show table addressContext default ipAccessControlList defaultAclStatistics

Noprint

Toggle Cloak
Click to view example...

Cloak

4

Display the external PSX global configuration

Enter the following command to view the external PSX global configuration:

show system policyServer globalConfig

Noprint

Toggle Cloak

Click to view example...

Cloak

5

Display the PSX status

Once the external PSX is enabled, use the following command to view the PSX status:

show table system policyServer policyServerStatus

Noprint

Toggle Cloak

Click to view example...

Cloak

6

Display the interface IP address over which the

Spacevars

0	product

communicates with the PSX

Enter the following command to view the new interfaceIpAddress entry and the associated IP address (configured in ipVar field) provided by the metaVariable. In this example, interfaceIpAddress is associated with IP address (fd00:10:6b50:4d71::75).

show status system policyServer policyServerStatus

Noprint

Toggle Cloak

Click to view example...

Cloak

7

Verify successful communication between the configured SBC and PSX

Once the IP address is configured for

Spacevars

0	product

and PSX communication, perform the following verification steps.

Login to the
Spacevars
0 product
as a root user.
Execute the following TShark command:
tshark -i pkt0.310 -f "port 3055"
Noprint
Toggle Cloak
Click to view example...
Cloak
Execute the following command to verify the operational state of the remote server:
show status system policyServer policyServerStatus
Noprint
Toggle Cloak
Click to view example...
Cloak

In this sample output, the operState is Active. The operState mode should always be displayed as Active/Standby/Alternate and not as Down when the policy server's state is enabled and mode is inservice.

:10:6b50:4d71::75; }

Pagebreak

Space shortcuts

Page tree

Versions Compared

Old Version 2

New Version Current

Key

Overview

EMA Changes

Best Practice

Before Configuring the ALT IP Address in Cloud

Preliminary Steps

Configuring the Alternate IP Address of metaVariable to the `ipVar`

Configuring the External PSX

Displaying the Configured ipVar

Displaying the globalConfig for the External PSX

Displaying the Status of PSX

Displaying the interfaceIpAddress over which SBC Communicates with PSX

Verifying Whether the Configured SBC and the PSX Communication is Successful

Procedure

Space shortcuts

Page tree

Page History

Versions Compared

Old Version 2

New Version Current

Key

Overview

EMA Changes

Best Practice

Before Configuring the ALT IP Address in Cloud

Preliminary Steps

Configuring the Alternate IP Address of metaVariable to the ipVar

Configuring the External PSX

Displaying the Configured ipVar

Displaying the globalConfig for the External PSX

Displaying the Status of PSX

Displaying the interfaceIpAddress over which SBC Communicates with PSX

Verifying Whether the Configured SBC and the PSX Communication is Successful

Procedure

Configuring the Alternate IP Address of metaVariable to the `ipVar`