You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 5
Next »
Overview
The Unable to show "metadata-from": No such page "_space_variables"
communicates with the external PSX over the Management Interface and Packet Interface. The Unable to show "metadata-from": No such page "_space_variables"
can choose any alternate IP addresses attached to the Packet Interface to communicate with the external PSX over the Management Interface and/or Packet Interface.The communication between the
Unable to show "metadata-from": No such page "_space_variables"
and the external PSX follows a sequence, as described below:The
Unable to show "metadata-from": No such page "_space_variables"
requests registration and receives response from PSX.
The
Unable to show "metadata-from": No such page "_space_variables"
periodically sends request to know the status of external PSX.
The
Unable to show "metadata-from": No such page "_space_variables"
requests for policy and receives response.
The
Unable to show "metadata-from": No such page "_space_variables"
requests for de-registration and receives response.
The
Unable to show "metadata-from": No such page "_space_variables"
global configuration includes an optional metaVariable field (ipVar) to fetch an IP address from the PSX for use in connecting with the PSX. When the ipVar field is blank, the Unable to show "metadata-from": No such page "_space_variables"
picks any random IP address from the configured interface to connect with the PSX. Additionally, the interfaceIpAddress field is added to the policyServer 'show' command to identify the IP address the
Unable to show "metadata-from": No such page "_space_variables"
uses to communicate with the PSX for the specified Policy Server.
Preliminary Steps
Login to the CLI and perform the following steps to view the current default ACL statistics and metaVariable data before configuring the Unable to show "metadata-from": No such page "_space_variables"
to use alternate IP addresses.
Step | Action |
---|
1 | Enter the following command to view the default ACL statistics (see Example 1 for example results): show table addressContext default ipAccessControlList defaultAclStatistics
The Diameter Server (DS) protocol is used for communication between the Unable to show "metadata-from": No such page "_space_variables" and external PSX. The default Access Control List (ACL) for DS process is created over Management (MGT). |
2 | Enter the following command to view the IP addresses associated with the corresponding metaVariable (see Example 2 for example results). show table system metaVariable |
Example 1:
Click to view example...
show table addressContext default ipAccessControlList defaultAclStatistics
ADDRESS LIF
ACL CONTEXT GRP POLICING BUCKET
ID PROTOCOL APPLICATION ID ID SOURCE IP ADDRESS DESTINATION IP ADDRESS MODE SIZE CREDIT RATE
-----------------------------------------------------------------------------------------------------------------------------------------------------------
7 ICMPv4 icmp_v4 * * * (0) * (0) PktRate 50 pkt 50 pkt/s
8 ICMPv6 icmp_v6 * * * (0) * (0) PktRate 50 pkt 50 pkt/s
9 UDP dhcpv4 * * * (67) * (0) PktRate 50 pkt 1000 pkt/s
10 UDP dhcpv6 * * * (547) * (0) PktRate 50 pkt 1000 pkt/s
11 TCP metadata1 * * 169.254.169.254 (80) * (0) Bypass 0 0
12 TCP emsregistrar * * * (443) * (0) Bypass 0 0
38 TCP ssh 1 1 * (0) fd00:10:6b50:43a0::d6/128 (22) PktRate 50 pkt 1000 pkt/s
39 TCP web-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (80) PktRate 50 pkt 10 pkt/s
40 UDP snmp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (161) PktRate 50 pkt 1000 pkt/s
41 TCP confd 1 1 * (0) fd00:10:6b50:43a0::d6/128 (2022) PktRate 50 pkt 100 pkt/s
42 TCP secure-web-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (443) PktRate 50 pkt 20000 pkt/s
43 TCP sftp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (2024) PktRate 50 pkt 20000 pkt/s
44 TCP connexIp-manager 1 1 * (0) fd00:10:6b50:43a0::d6/128 (444) PktRate 50 pkt 20000 pkt/s
45 TCP secure-LI-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (1099) PktRate 50 pkt 10 pkt/s
46 TCP ssreq-tcp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (3091) PktRate 50 pkt 10 pkt/s
47 UDP ssreq-udp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (3090) PktRate 50 pkt 10 pkt/s
48 TCP data-agent-platform-tcp 1 1 * (5042) fd00:10:6b50:43a0::d6/128 (4041) PktRate 500 pkt 5000 pkt/s
49 TCP data-agent-app-tcp 1 1 * (5042) fd00:10:6b50:43a0::d6/128 (4042) PktRate 500 pkt 5000 pkt/s
50 TCP data-agent-trc-tcp 1 1 * (5043) fd00:10:6b50:43a0::d6/128 (4043) PktRate 500 pkt 5000 pkt/s
51 UDP ntp 1 1 169.254.120.4/32 (123) * (0) PktRate 50 pkt 10 pkt/s
52 UDP safenet_udp 1 1 fd00:10:6b50:43a0::c3/128 (5093) * (0) PktRate 1200 pkt 1200 pkt/s
53 UDP dns 1 3 fd00:10:6b50:45c0::b5/128 (53) * (0) PktRate 50 pkt 1000 pkt/s
54 TCP dns 1 3 fd00:10:6b50:45c0::b5/128 (53) * (0) PktRate 50 pkt 1000 pkt/s
55 * sip-sig-port * 5 * (0) 10.54.226.144/32 (0) PktRate 50 pkt 3000 pkt/s
56 * sip-sig-port * 6 * (0) 10.54.226.208/32 (0) PktRate 50 pkt 3000 pkt/s
57 * sip-sig-port * 4 * (0) fd00:10:6b50:4d71::4f/128 (0) PktRate 50 pkt 3000 pkt/s
58 * dsbc-sig-port * 4 * (4019) * (0) PktRate 100 pkt 15000 pkt/s
59 UDP ds 1 1 fd00:10:6b50:41c0::d/128 (3055) * (65415) Bypass 0 0
60 UDP ds 1 1 fd00:10:6b50:41c0::d/128 (3054) * (65415) Bypass 0 0
61 UDP ds 1 1 fd00:10:6b50:5690::26/128 (3055) * (65415) Bypass 0 0
[ok]
Example 2:
Click to view example...
show table system metaVariable
NAME VALUE
--------------------------------------------------
IF0.GWV6 FD00:10:6B50:43A0::1
IF0.IPV6 FD00:10:6B50:43A0::D6
IF0.Port Mgt0
IF1.GWV4 10.10.20.1
IF1.IPV4 10.10.20.23
IF1.Port Ha0
IF2.GWV6 FD00:10:6B50:4D74::1
IF2.IPV6 FD00:10:6B50:4D74::D6
IF2.Port Pkt0
IF3.GWV6 FD00:10:6B50:4D70::1
IF3.IPV6 FD00:10:6B50:4D70::F
IF3.Port Pkt0
IF4.GWV6 FD00:10:6B50:4D71::1
IF4.IPV6 FD00:10:6B50:4D71::4F
IF4.Port Pkt0
IF5.GWV4 10.54.226.129
IF5.IPV4 10.54.226.144
IF5.Port Pkt0
IF6.GWV4 10.54.226.193
IF6.IPV4 10.54.226.208
IF6.Port Pkt0
IF7.GWV4 10.10.13.1
IF7.IPV4 10.10.13.23
IF7.Port Pkt1
IF2.VlanId 313
IF3.VlanId 309
IF4.VlanId 310
IF5.VlanId 311
IF6.VlanId 312
IF0.PrefixV6 60
IF1.PrefixV4 24
IF2.PrefixV6 64
IF3.PrefixV6 64
IF4.PrefixV6 64
IF5.PrefixV4 26
IF6.PrefixV4 26
IF7.PrefixV4 24
PKT0_V03_ALT_IP_01.IP FD00:10:6B50:4D71::74
PKT0_V03_ALT_IP_02.IP FD00:10:6B50:4D71::75
PKT0_V04_ALT_IP_01.IP 10.54.226.181
PKT0_V04_ALT_IP_02.IP 10.54.226.182
PKT0_V03_ALT_IP_01.IFName IF4
PKT0_V03_ALT_IP_02.IFName IF4
PKT0_V04_ALT_IP_01.IFName IF5
PKT0_V04_ALT_IP_02.IFName IF5
[ok]
Procedure
Step | Action |
---|
1 | Configure alternate IP address of metaVariable to the ipVar Enter the following command to associate the alternate IP address of metaVariable to the ipVar in globalConfig. This allows communication to the external PSX using the IP address that is provided by the metaVariable (ipVar). set system policyServer globalConfig type ip addressContext default ipInterfaceGroup S_DsbcSig_IG3 ipVar PKT0_V03_ALT_IP_02.IP
[ok]
Commit complete |
2 | Configure the SBC for an external PSX Enter the following commands to enable the external PSX. set system policyServer localServer PSX_LOCAL_SERVER mode outOfService
set system policyServer localServer PSX_LOCAL_SERVER state disabled
set system policyServer remoteServer parrotpsx ipAddress fd00:10:6b50:41c0::d
set system policyServer remoteServer parrotpsx ipAddress 10.54.28.13
set system policyServer remoteServer parrotpsx action force state enabled mode active
[ok]
Commit complete |
3 | Display the configured ipVar Enter the following command to view the default ACL statistics. The default ACL for the DS process entry contains the destination IP address with the IP address provided by the metaVariable configured in ipVar field . show table addressContext default ipAccessControlList defaultAclStatistics Click to view example...
show table addressContext default ipAccessControlList defaultAclStatistics
ADDRESS LIF
ACL CONTEXT GRP POLICING BUCKET
ID PROTOCOL APPLICATION ID ID SOURCE IP ADDRESS DESTINATION IP ADDRESS MODE SIZE CREDIT RATE
-----------------------------------------------------------------------------------------------------------------------------------------------------------
7 ICMPv4 icmp_v4 * * * (0) * (0) PktRate 50 pkt 50 pkt/s
8 ICMPv6 icmp_v6 * * * (0) * (0) PktRate 50 pkt 50 pkt/s
9 UDP dhcpv4 * * * (67) * (0) PktRate 50 pkt 1000 pkt/s
10 UDP dhcpv6 * * * (547) * (0) PktRate 50 pkt 1000 pkt/s
11 TCP metadata1 * * 169.254.169.254 (80) * (0) Bypass 0 0
12 TCP emsregistrar * * * (443) * (0) Bypass 0 0
38 TCP ssh 1 1 * (0) fd00:10:6b50:43a0::d6/128 (22) PktRate 50 pkt 1000 pkt/s
39 TCP web-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (80) PktRate 50 pkt 10 pkt/s
40 UDP snmp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (161) PktRate 50 pkt 1000 pkt/s
41 TCP confd 1 1 * (0) fd00:10:6b50:43a0::d6/128 (2022) PktRate 50 pkt 100 pkt/s
42 TCP secure-web-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (443) PktRate 50 pkt 20000 pkt/s
43 TCP sftp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (2024) PktRate 50 pkt 20000 pkt/s
44 TCP connexIp-manager 1 1 * (0) fd00:10:6b50:43a0::d6/128 (444) PktRate 50 pkt 20000 pkt/s
45 TCP secure-LI-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (1099) PktRate 50 pkt 10 pkt/s
46 TCP ssreq-tcp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (3091) PktRate 50 pkt 10 pkt/s
47 UDP ssreq-udp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (3090) PktRate 50 pkt 10 pkt/s
48 TCP data-agent-platform-tcp 1 1 * (5042) fd00:10:6b50:43a0::d6/128 (4041) PktRate 500 pkt 5000 pkt/s
49 TCP data-agent-app-tcp 1 1 * (5042) fd00:10:6b50:43a0::d6/128 (4042) PktRate 500 pkt 5000 pkt/s
50 TCP data-agent-trc-tcp 1 1 * (5043) fd00:10:6b50:43a0::d6/128 (4043) PktRate 500 pkt 5000 pkt/s
51 UDP ntp 1 1 169.254.120.4/32 (123) * (0) PktRate 50 pkt 10 pkt/s
52 UDP safenet_udp 1 1 fd00:10:6b50:43a0::c3/128 (5093) * (0) PktRate 1200 pkt 1200 pkt/s
53 UDP dns 1 3 fd00:10:6b50:45c0::b5/128 (53) * (0) PktRate 50 pkt 1000 pkt/s
54 TCP dns 1 3 fd00:10:6b50:45c0::b5/128 (53) * (0) PktRate 50 pkt 1000 pkt/s
55 * sip-sig-port * 5 * (0) 10.54.226.144/32 (0) PktRate 50 pkt 3000 pkt/s
56 * sip-sig-port * 6 * (0) 10.54.226.208/32 (0) PktRate 50 pkt 3000 pkt/s
57 * sip-sig-port * 4 * (0) fd00:10:6b50:4d71::4f/128 (0) PktRate 50 pkt 3000 pkt/s
58 * dsbc-sig-port * 4 * (4019) * (0) PktRate 100 pkt 15000 pkt/s
62 UDP ds 1 4 fd00:10:6b50:41c0::d/128 (3055) fd00:10:6b50:4d71::75/128 (65385) Bypass 0 0
63 UDP ds 1 4 fd00:10:6b50:41c0::d/128 (3054) fd00:10:6b50:4d71::75/128 (65385) Bypass 0 0
[ok]
|
4 | Display the external PSX global configuration Enter the following command to view the external PSX global configuration: show system policyServer globalConfig Click to view example...
show system policyServer globalConfig
reconnectTimeout 10;
switchOverMode automatic;
congestionControl disabled;
type ip;
addressContext default;
ipInterfaceGroup LIG1;
ipVar IF2.FIPV4;
[ok]
|
5 | Display the PSX status Once the external PSX is enabled, use the following command to view the PSX status: show table system policyServer policyServerStatus Click to view example...
show table system policyServer policyServerStatus
QUERIES
TRANSACTION TRANSACTION SKIPPED
OPER SERVER TRANSACTION RETRY FAILED REDIRECT RELEASE DATA AND
NAME INDEX STATE IP ADDRESS RECONNECTS COMPLETED ATTEMPTS ATTEMPTS VERSION REQUESTS REQUESTS REQUESTS SERVICED
-----------------------------------------------------------------------------------------------------------------------------------------------------------
hp3psxvm1 2 Down fd00:10:6b50:5690::26 134 0 0 0 31 0 0 0 0
parrotpsx 1 Active fd00:10:6b50:41c0::d 0 2 0 0 31 0 0 0 0
PSX_LOCAL_SERVER 0 Down 127.0.0.1 0 0 0 0 31 0 0 0 0
[ok]
|
6 | Display the interface IP address over which the Unable to show "metadata-from": No such page "_space_variables" communicates with the PSX Enter the following command to view the new interfaceIpAddress entry and the associated IP address (configured in ipVar field) provided by the metaVariable. In this example, interfaceIpAddress is associated with IP address (fd00:10:6b50:4d71::75). show status system policyServer policyServerStatus Click to view example...
show status system policyServer policyServerStatus
policyServerStatus hp3psxvm1 {
index 2;
operState Down;
ipAddress fd00:10:6b50:5690::26;
serverReconnects 134;
transactionCompleted 0;
transactionRetryAttempts 0;
transactionFailedAttempts 0;
version 31;
redirectRequests 0;
releaseRequests 0;
dataRequests 0;
queriesSkippedAndServiced 0;
queriesSkippedAndRejected 0;
congestionLevel 0;
allowancePercent 100;
negotiatedVersion 0;
interfaceIpAddress fd00:10:6b50:4d71::75;
}
policyServerStatus parrotpsx {
index 1;
operState Active;
ipAddress fd00:10:6b50:41c0::d;
serverReconnects 0;
transactionCompleted 2;
transactionRetryAttempts 0;
transactionFailedAttempts 0;
version 31;
redirectRequests 0;
releaseRequests 0;
dataRequests 0;
queriesSkippedAndServiced 0;
queriesSkippedAndRejected 0;
congestionLevel 0;
allowancePercent 100;
negotiatedVersion 31;
interfaceIpAddress fd00:10:6b50:4d71::75;
}
policyServerStatus PSX_LOCAL_SERVER {
index 0;
operState Down;
ipAddress 127.0.0.1;
serverReconnects 0;
transactionCompleted 0;
transactionRetryAttempts 0;
transactionFailedAttempts 0;
version 31;
redirectRequests 0;
releaseRequests 0;
dataRequests 0;
queriesSkippedAndServiced 0;
queriesSkippedAndRejected 0;
congestionLevel 0;
allowancePercent 100;
negotiatedVersion 0;
interfaceIpAddress ::;
}
[ok]
|
7 | Verify successful communication between the configured SBC and PSX Once the IP address is configured for Unable to show "metadata-from": No such page "_space_variables" and PSX communication, perform the following verification steps.- Login to the
Unable to show "metadata-from": No such page "_space_variables" as a root user. Execute the following TShark command:
tshark -i pkt0.310 -f "port 3055"
Click to view example...
tshark: Lua: Error during loading:
[string "/usr/share/wireshark/init.lua"]:46: dofile has been disabled due to running Wireshark as superuser. See http://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
Running as user "root" and group "root". This could be dangerous.
Capturing on 'pkt0.310'
1 0.000000 fd00:10:6b50:4d71::75 -> fd00:10:6b50:41c0::d UDP 158 Source port: 65385 Destination port: 3055
2 0.007820 fd00:10:6b50:41c0::d -> fd00:10:6b50:4d71::75 UDP 266 Source port: 3055 Destination port: 65385
3 5.013407 fd00:10:6b50:4d71::75 -> fd00:10:6b50:41c0::d UDP 182 Source port: 65385 Destination port: 3055
4 5.015818 fd00:10:6b50:41c0::d -> fd00:10:6b50:4d71::75 UDP 114 Source port: 3055 Destination port: 65385
^C4 packets captured
Execute the following command to verify the operational state of the remote server:
show status system policyServer policyServerStatus
Click to view example...
show status system policyServer policyServerStatus
policyServerStatus hp3psxvm1 {
index 2;
operState Active;
ipAddress fd00:10:6b50:5690::26;
serverReconnects 134;
transactionCompleted 0;
transactionRetryAttempts 0;
transactionFailedAttempts 0;
version 31;
redirectRequests 0;
releaseRequests 0;
dataRequests 0;
queriesSkippedAndServiced 0;
queriesSkippedAndRejected 0;
congestionLevel 0;
allowancePercent 100;
negotiatedVersion 0;
interfaceIpAddress fd00:10:6b50:4d71::75;
}
In this sample output, the operState is Active. The operState mode should always be displayed as Active/Standby/Alternate and not as Down when the policy server's state is enabled and mode is inservice.
|