You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

In this section:

Feature Overview

The 

Unable to show "metadata-from": No such page "_space_variables"
 communicates with the external PSX over the Management Interface and Packet Interface. The 
Unable to show "metadata-from": No such page "_space_variables"
 can choose any alternate IP addresses attached to the Packet Interface to communicate with the external PSX over the Management Interface and/or Packet Interface.

The communication between the SBC and the external PSX follows a sequence, as described below:

  1. The 

    Unable to show "metadata-from": No such page "_space_variables"
     requests registration and receives response from PSX.

  2. The 

    Unable to show "metadata-from": No such page "_space_variables"
     periodically sends request to know the status of external PSX.

  3. The 

    Unable to show "metadata-from": No such page "_space_variables"
     requests for policy and receives response.

  4. The 

    Unable to show "metadata-from": No such page "_space_variables"
     requests for de-registration and receives response.

The SBC global configuration includes an optional metaVariable field (ipVar) to fetch an IP address from the PSX for use in connecting with the PSX. When the ipVar field is blank, the 

Unable to show "metadata-from": No such page "_space_variables"
 picks any random IP address from the configured interface to connect with the PSX.

 

Additionally, the interfaceIpAddress field is added to the policyServer 'show' command to identify the IP address the SBC uses to communicate with the PSX for the specified Policy Server.


EMA Changes

EMA UI Path: Configuration > System Setup > Policy Server > Global Config

ipVar

EMA UI Path: Monitoring > Dashboard > System Status > Policy Server Status

Interface IP Address


Best Practice

Before Configuring the ALT IP Address in Cloud

The

Unable to show "metadata-from": No such page "_space_variables"
 displays the following output before the ALT IP Address is configured in Cloud.

Port number 3055 is used as default for D+ query. In the below example, the Source IP Address is fd00:10:6b50:41c0::d/128 (3055) and the Destination IP Address is displayed as *, since Destination IP is not configured.

 

The Diameter Server (DS) protocol is used for communication between the

Unable to show "metadata-from": No such page "_space_variables"
 and external PSX. The default Access Control List (ACL) for DS process is created over Management (MGT).

show table addressContext default ipAccessControlList defaultAclStatistics

                                        ADDRESS  LIF
ACL                                     CONTEXT  GRP                                                                      POLICING  BUCKET
ID   PROTOCOL  APPLICATION              ID       ID   SOURCE IP ADDRESS                 DESTINATION IP ADDRESS            MODE      SIZE      CREDIT RATE
-----------------------------------------------------------------------------------------------------------------------------------------------------------
7    ICMPv4    icmp_v4                  *        *    * (0)                             * (0)                             PktRate   50 pkt    50 pkt/s
8    ICMPv6    icmp_v6                  *        *    * (0)                             * (0)                             PktRate   50 pkt    50 pkt/s
9    UDP       dhcpv4                   *        *    * (67)                            * (0)                             PktRate   50 pkt    1000 pkt/s
10   UDP       dhcpv6                   *        *    * (547)                           * (0)                             PktRate   50 pkt    1000 pkt/s
11   TCP       metadata1                *        *    169.254.169.254 (80)              * (0)                             Bypass    0         0
12   TCP       emsregistrar             *        *    * (443)                           * (0)                             Bypass    0         0
38   TCP       ssh                      1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (22)    PktRate   50 pkt    1000 pkt/s
39   TCP       web-client               1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (80)    PktRate   50 pkt    10 pkt/s
40   UDP       snmp                     1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (161)   PktRate   50 pkt    1000 pkt/s
41   TCP       confd                    1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (2022)  PktRate   50 pkt    100 pkt/s
42   TCP       secure-web-client        1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (443)   PktRate   50 pkt    20000 pkt/s
43   TCP       sftp                     1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (2024)  PktRate   50 pkt    20000 pkt/s
44   TCP       connexIp-manager         1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (444)   PktRate   50 pkt    20000 pkt/s
45   TCP       secure-LI-client         1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (1099)  PktRate   50 pkt    10 pkt/s
46   TCP       ssreq-tcp                1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (3091)  PktRate   50 pkt    10 pkt/s
47   UDP       ssreq-udp                1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (3090)  PktRate   50 pkt    10 pkt/s
48   TCP       data-agent-platform-tcp  1        1    * (5042)                          fd00:10:6b50:43a0::d6/128 (4041)  PktRate   500 pkt   5000 pkt/s
49   TCP       data-agent-app-tcp       1        1    * (5042)                          fd00:10:6b50:43a0::d6/128 (4042)  PktRate   500 pkt   5000 pkt/s
50   TCP       data-agent-trc-tcp       1        1    * (5043)                          fd00:10:6b50:43a0::d6/128 (4043)  PktRate   500 pkt   5000 pkt/s
51   UDP       ntp                      1        1    169.254.120.4/32 (123)            * (0)                             PktRate   50 pkt    10 pkt/s
52   UDP       safenet_udp              1        1    fd00:10:6b50:43a0::c3/128 (5093)  * (0)                             PktRate   1200 pkt  1200 pkt/s
53   UDP       dns                      1        3    fd00:10:6b50:45c0::b5/128 (53)    * (0)                             PktRate   50 pkt    1000 pkt/s
54   TCP       dns                      1        3    fd00:10:6b50:45c0::b5/128 (53)    * (0)                             PktRate   50 pkt    1000 pkt/s
55   *         sip-sig-port             *        5    * (0)                             10.54.226.144/32 (0)              PktRate   50 pkt    3000 pkt/s
56   *         sip-sig-port             *        6    * (0)                             10.54.226.208/32 (0)              PktRate   50 pkt    3000 pkt/s
57   *         sip-sig-port             *        4    * (0)                             fd00:10:6b50:4d71::4f/128 (0)     PktRate   50 pkt    3000 pkt/s
58   *         dsbc-sig-port            *        4    * (4019)                          * (0)                             PktRate   100 pkt   15000 pkt/s
59   UDP       ds                       1        1    fd00:10:6b50:41c0::d/128 (3055)   * (65415)                         Bypass    0         0
60   UDP       ds                       1        1    fd00:10:6b50:41c0::d/128 (3054)   * (65415)                         Bypass    0         0
61   UDP       ds                       1        1    fd00:10:6b50:5690::26/128 (3055)  * (65415)                         Bypass    0         0
[ok]

 

MetaVariable command displays the IP addresses associated with the corresponding metaVariable.

show table system metaVariable

NAME                       VALUE
--------------------------------------------------
IF0.GWV6                   FD00:10:6B50:43A0::1
IF0.IPV6                   FD00:10:6B50:43A0::D6
IF0.Port                   Mgt0
IF1.GWV4                   10.10.20.1
IF1.IPV4                   10.10.20.23
IF1.Port                   Ha0
IF2.GWV6                   FD00:10:6B50:4D74::1
IF2.IPV6                   FD00:10:6B50:4D74::D6
IF2.Port                   Pkt0
IF3.GWV6                   FD00:10:6B50:4D70::1
IF3.IPV6                   FD00:10:6B50:4D70::F
IF3.Port                   Pkt0
IF4.GWV6                   FD00:10:6B50:4D71::1
IF4.IPV6                   FD00:10:6B50:4D71::4F
IF4.Port                   Pkt0
IF5.GWV4                   10.54.226.129
IF5.IPV4                   10.54.226.144
IF5.Port                   Pkt0
IF6.GWV4                   10.54.226.193
IF6.IPV4                   10.54.226.208
IF6.Port                   Pkt0
IF7.GWV4                   10.10.13.1
IF7.IPV4                   10.10.13.23
IF7.Port                   Pkt1
IF2.VlanId                 313
IF3.VlanId                 309
IF4.VlanId                 310
IF5.VlanId                 311
IF6.VlanId                 312
IF0.PrefixV6               60
IF1.PrefixV4               24
IF2.PrefixV6               64
IF3.PrefixV6               64
IF4.PrefixV6               64
IF5.PrefixV4               26
IF6.PrefixV4               26
IF7.PrefixV4               24
PKT0_V03_ALT_IP_01.IP      FD00:10:6B50:4D71::74
PKT0_V03_ALT_IP_02.IP      FD00:10:6B50:4D71::75
PKT0_V04_ALT_IP_01.IP      10.54.226.181
PKT0_V04_ALT_IP_02.IP      10.54.226.182
PKT0_V03_ALT_IP_01.IFName  IF4
PKT0_V03_ALT_IP_02.IFName  IF4
PKT0_V04_ALT_IP_01.IFName  IF5
PKT0_V04_ALT_IP_02.IFName  IF5
[ok]

Configuring the Alternate IP Address of metaVariable to the ipVar

Associate the alternate IP address of metaVariable to the ipVar in globalConfig to specify that the communication to the external PSX is using the IP address that is provided by the metaVariable (ipVar).

set system policyServer globalConfig type ip addressContext default ipInterfaceGroup S_DsbcSig_IG3 ipVar PKT0_V03_ALT_IP_02.IP
[ok]
Commit complete

Configuring the External PSX

Enable the external PSX.

set system policyServer localServer PSX_LOCAL_SERVER mode outOfService 
set system policyServer localServer PSX_LOCAL_SERVER state disabled 
set system policyServer remoteServer parrotpsx ipAddress fd00:10:6b50:41c0::d 
set system policyServer remoteServer parrotpsx ipAddress 10.54.28.13 
set system policyServer remoteServer parrotpsx action force state enabled mode active 
[ok] 
Commit complete

Displaying the Configured ipVar

The default ACL for the DS process entry contains the destination IP address with the IP address provided by the metaVariable configured in ipVar field.

show table addressContext default ipAccessControlList defaultAclStatistics

                                        ADDRESS  LIF
ACL                                     CONTEXT  GRP                                                                       POLICING  BUCKET
ID   PROTOCOL  APPLICATION              ID       ID   SOURCE IP ADDRESS                 DESTINATION IP ADDRESS             MODE      SIZE      CREDIT RATE
-----------------------------------------------------------------------------------------------------------------------------------------------------------
7    ICMPv4    icmp_v4                  *        *    * (0)                             * (0)                              PktRate   50 pkt    50 pkt/s
8    ICMPv6    icmp_v6                  *        *    * (0)                             * (0)                              PktRate   50 pkt    50 pkt/s
9    UDP       dhcpv4                   *        *    * (67)                            * (0)                              PktRate   50 pkt    1000 pkt/s
10   UDP       dhcpv6                   *        *    * (547)                           * (0)                              PktRate   50 pkt    1000 pkt/s
11   TCP       metadata1                *        *    169.254.169.254 (80)              * (0)                              Bypass    0         0
12   TCP       emsregistrar             *        *    * (443)                           * (0)                              Bypass    0         0
38   TCP       ssh                      1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (22)     PktRate   50 pkt    1000 pkt/s
39   TCP       web-client               1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (80)     PktRate   50 pkt    10 pkt/s
40   UDP       snmp                     1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (161)    PktRate   50 pkt    1000 pkt/s
41   TCP       confd                    1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (2022)   PktRate   50 pkt    100 pkt/s
42   TCP       secure-web-client        1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (443)    PktRate   50 pkt    20000 pkt/s
43   TCP       sftp                     1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (2024)   PktRate   50 pkt    20000 pkt/s
44   TCP       connexIp-manager         1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (444)    PktRate   50 pkt    20000 pkt/s
45   TCP       secure-LI-client         1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (1099)   PktRate   50 pkt    10 pkt/s
46   TCP       ssreq-tcp                1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (3091)   PktRate   50 pkt    10 pkt/s
47   UDP       ssreq-udp                1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (3090)   PktRate   50 pkt    10 pkt/s
48   TCP       data-agent-platform-tcp  1        1    * (5042)                          fd00:10:6b50:43a0::d6/128 (4041)   PktRate   500 pkt   5000 pkt/s
49   TCP       data-agent-app-tcp       1        1    * (5042)                          fd00:10:6b50:43a0::d6/128 (4042)   PktRate   500 pkt   5000 pkt/s
50   TCP       data-agent-trc-tcp       1        1    * (5043)                          fd00:10:6b50:43a0::d6/128 (4043)   PktRate   500 pkt   5000 pkt/s
51   UDP       ntp                      1        1    169.254.120.4/32 (123)            * (0)                              PktRate   50 pkt    10 pkt/s
52   UDP       safenet_udp              1        1    fd00:10:6b50:43a0::c3/128 (5093)  * (0)                              PktRate   1200 pkt  1200 pkt/s
53   UDP       dns                      1        3    fd00:10:6b50:45c0::b5/128 (53)    * (0)                              PktRate   50 pkt    1000 pkt/s
54   TCP       dns                      1        3    fd00:10:6b50:45c0::b5/128 (53)    * (0)                              PktRate   50 pkt    1000 pkt/s
55   *         sip-sig-port             *        5    * (0)                             10.54.226.144/32 (0)               PktRate   50 pkt    3000 pkt/s
56   *         sip-sig-port             *        6    * (0)                             10.54.226.208/32 (0)               PktRate   50 pkt    3000 pkt/s
57   *         sip-sig-port             *        4    * (0)                             fd00:10:6b50:4d71::4f/128 (0)      PktRate   50 pkt    3000 pkt/s
58   *         dsbc-sig-port            *        4    * (4019)                          * (0)                              PktRate   100 pkt   15000 pkt/s
62   UDP       ds                       1        4    fd00:10:6b50:41c0::d/128 (3055)   fd00:10:6b50:4d71::75/128 (65385)  Bypass    0         0
63   UDP       ds                       1        4    fd00:10:6b50:41c0::d/128 (3054)   fd00:10:6b50:4d71::75/128 (65385)  Bypass    0         0
[ok]

Displaying the globalConfig for the External PSX

Displays the globalConfig for the external PSX.

show system policyServer globalConfig
reconnectTimeout  10;
switchOverMode    automatic;
congestionControl disabled;
type              ip;
addressContext    default;
ipInterfaceGroup  LIG1;
ipVar             IF2.FIPV4;
[ok]

Displaying the Status of PSX

Once the external PSX is enabled, the command displays the status of the PSX.

show table system policyServer policyServerStatus

                                                                                                                                                  QUERIES
                                                                                 TRANSACTION  TRANSACTION                                         SKIPPED
                         OPER                           SERVER      TRANSACTION  RETRY        FAILED                REDIRECT  RELEASE   DATA      AND
NAME              INDEX  STATE   IP ADDRESS             RECONNECTS  COMPLETED    ATTEMPTS     ATTEMPTS     VERSION  REQUESTS  REQUESTS  REQUESTS  SERVICED
-----------------------------------------------------------------------------------------------------------------------------------------------------------
hp3psxvm1         2      Down    fd00:10:6b50:5690::26  134         0            0            0            31       0         0         0         0
parrotpsx         1      Active  fd00:10:6b50:41c0::d   0           2            0            0            31       0         0         0         0
PSX_LOCAL_SERVER  0      Down    127.0.0.1              0           0            0            0            31       0         0         0         0
[ok]

Displaying the interfaceIpAddress over which SBC Communicates with PSX

Displays the new interfaceIpAddress entry with the associated IP address (configured in ipVar field) provided by the metaVariable. In this example, interfaceIpAddress is associated with IP address (fd00:10:6b50:4d71::75).

show status system policyServer policyServerStatus

policyServerStatus hp3psxvm1 {
    index                     2;
    operState                 Down;
    ipAddress                 fd00:10:6b50:5690::26;
    serverReconnects          134;
    transactionCompleted      0;
    transactionRetryAttempts  0;
    transactionFailedAttempts 0;
    version                   31;
    redirectRequests          0;
    releaseRequests           0;
    dataRequests              0;
    queriesSkippedAndServiced 0;
    queriesSkippedAndRejected 0;
    congestionLevel           0;
    allowancePercent          100;
    negotiatedVersion         0;
    interfaceIpAddress        fd00:10:6b50:4d71::75;
}
policyServerStatus parrotpsx {
    index                     1;
    operState                 Active;
    ipAddress                 fd00:10:6b50:41c0::d;
    serverReconnects          0;
    transactionCompleted      2;
    transactionRetryAttempts  0;
    transactionFailedAttempts 0;
    version                   31;
    redirectRequests          0;
    releaseRequests           0;
    dataRequests              0;
    queriesSkippedAndServiced 0;
    queriesSkippedAndRejected 0;
    congestionLevel           0;
    allowancePercent          100;
    negotiatedVersion         31;
    interfaceIpAddress        fd00:10:6b50:4d71::75;
}
policyServerStatus PSX_LOCAL_SERVER {
    index                     0;
    operState                 Down;
    ipAddress                 127.0.0.1;
    serverReconnects          0;
    transactionCompleted      0;
    transactionRetryAttempts  0;
    transactionFailedAttempts 0;
    version                   31;
    redirectRequests          0;
    releaseRequests           0;
    dataRequests              0;
    queriesSkippedAndServiced 0;
    queriesSkippedAndRejected 0;
    congestionLevel           0;
    allowancePercent          100;
    negotiatedVersion         0;
    interfaceIpAddress        ::;
}
[ok]

Verifying Whether the Configured SBC and the PSX Communication is Successful

Once the IP address is configured for the

Unable to show "metadata-from": No such page "_space_variables"
 and the PSX communication, follow below procedure to verify:

  1. Login to the
    Unable to show "metadata-from": No such page "_space_variables"
     as a root user.
  2. To verify if the communication between the

    Unable to show "metadata-from": No such page "_space_variables"
     and the external PSX is successful using the packet interface and the configured IP address, execute the following command:

    tshark -i pkt0.310 -f "port 3055"
    tshark: Lua: Error during loading:
     [string "/usr/share/wireshark/init.lua"]:46: dofile has been disabled due to running Wireshark as superuser. See http://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
    Running as user "root" and group "root". This could be dangerous.
    Capturing on 'pkt0.310'
      1   0.000000 fd00:10:6b50:4d71::75 -> fd00:10:6b50:41c0::d UDP 158 Source port: 65385  Destination port: 3055
      2   0.007820 fd00:10:6b50:41c0::d -> fd00:10:6b50:4d71::75 UDP 266 Source port: 3055  Destination port: 65385
      3   5.013407 fd00:10:6b50:4d71::75 -> fd00:10:6b50:41c0::d UDP 182 Source port: 65385  Destination port: 3055
      4   5.015818 fd00:10:6b50:41c0::d -> fd00:10:6b50:4d71::75 UDP 114 Source port: 3055  Destination port: 65385
    ^C4 packets captured
  3. To verify the operState (Operational State) of the remote server, execute below command:
    In this sample output, the operState is Active. The operState mode should always be displayed as Active/Standby/Alternate and not as Down
    when the policy server's state is enabled and mode is inservice.

    show status system policyServer policyServerStatus
    
    policyServerStatus hp3psxvm1 {
        index                     2;
        operState                 Active;
        ipAddress                 fd00:10:6b50:5690::26;
        serverReconnects          134;
        transactionCompleted      0;
        transactionRetryAttempts  0;
        transactionFailedAttempts 0;
        version                   31;
        redirectRequests          0;
        releaseRequests           0;
        dataRequests              0;
        queriesSkippedAndServiced 0;
        queriesSkippedAndRejected 0;
        congestionLevel           0;
        allowancePercent          100;
        negotiatedVersion         0;
        interfaceIpAddress        fd00:10:6b50:4d71::75;
    }
    

  • No labels