In this section:
The The communication between the SBC and the external PSX follows a sequence, as described below: The The The The The SBC global configuration includes an optional metaVariable field (ipVar) to fetch an IP address from the PSX for use in connecting with the PSX. When the ipVar field is blank, the Additionally, the interfaceIpAddress field is added to the policyServer 'show' command to identify the IP address the SBC uses to communicate with the PSX for the specified Policy Server.
EMA UI Path: Configuration > System Setup > Policy Server > Global Config
The
Port number 3055 is used as default for D+ query. In the below example, the Source IP Address is fd00:10:6b50:41c0::d/128 (3055) and the Destination IP Address is displayed as *, since Destination IP is not configured.
The Diameter Server (DS) protocol is used for communication between the
show table addressContext default ipAccessControlList defaultAclStatistics ADDRESS LIF ACL CONTEXT GRP POLICING BUCKET ID PROTOCOL APPLICATION ID ID SOURCE IP ADDRESS DESTINATION IP ADDRESS MODE SIZE CREDIT RATE ----------------------------------------------------------------------------------------------------------------------------------------------------------- 7 ICMPv4 icmp_v4 * * * (0) * (0) PktRate 50 pkt 50 pkt/s 8 ICMPv6 icmp_v6 * * * (0) * (0) PktRate 50 pkt 50 pkt/s 9 UDP dhcpv4 * * * (67) * (0) PktRate 50 pkt 1000 pkt/s 10 UDP dhcpv6 * * * (547) * (0) PktRate 50 pkt 1000 pkt/s 11 TCP metadata1 * * 169.254.169.254 (80) * (0) Bypass 0 0 12 TCP emsregistrar * * * (443) * (0) Bypass 0 0 38 TCP ssh 1 1 * (0) fd00:10:6b50:43a0::d6/128 (22) PktRate 50 pkt 1000 pkt/s 39 TCP web-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (80) PktRate 50 pkt 10 pkt/s 40 UDP snmp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (161) PktRate 50 pkt 1000 pkt/s 41 TCP confd 1 1 * (0) fd00:10:6b50:43a0::d6/128 (2022) PktRate 50 pkt 100 pkt/s 42 TCP secure-web-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (443) PktRate 50 pkt 20000 pkt/s 43 TCP sftp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (2024) PktRate 50 pkt 20000 pkt/s 44 TCP connexIp-manager 1 1 * (0) fd00:10:6b50:43a0::d6/128 (444) PktRate 50 pkt 20000 pkt/s 45 TCP secure-LI-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (1099) PktRate 50 pkt 10 pkt/s 46 TCP ssreq-tcp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (3091) PktRate 50 pkt 10 pkt/s 47 UDP ssreq-udp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (3090) PktRate 50 pkt 10 pkt/s 48 TCP data-agent-platform-tcp 1 1 * (5042) fd00:10:6b50:43a0::d6/128 (4041) PktRate 500 pkt 5000 pkt/s 49 TCP data-agent-app-tcp 1 1 * (5042) fd00:10:6b50:43a0::d6/128 (4042) PktRate 500 pkt 5000 pkt/s 50 TCP data-agent-trc-tcp 1 1 * (5043) fd00:10:6b50:43a0::d6/128 (4043) PktRate 500 pkt 5000 pkt/s 51 UDP ntp 1 1 169.254.120.4/32 (123) * (0) PktRate 50 pkt 10 pkt/s 52 UDP safenet_udp 1 1 fd00:10:6b50:43a0::c3/128 (5093) * (0) PktRate 1200 pkt 1200 pkt/s 53 UDP dns 1 3 fd00:10:6b50:45c0::b5/128 (53) * (0) PktRate 50 pkt 1000 pkt/s 54 TCP dns 1 3 fd00:10:6b50:45c0::b5/128 (53) * (0) PktRate 50 pkt 1000 pkt/s 55 * sip-sig-port * 5 * (0) 10.54.226.144/32 (0) PktRate 50 pkt 3000 pkt/s 56 * sip-sig-port * 6 * (0) 10.54.226.208/32 (0) PktRate 50 pkt 3000 pkt/s 57 * sip-sig-port * 4 * (0) fd00:10:6b50:4d71::4f/128 (0) PktRate 50 pkt 3000 pkt/s 58 * dsbc-sig-port * 4 * (4019) * (0) PktRate 100 pkt 15000 pkt/s 59 UDP ds 1 1 fd00:10:6b50:41c0::d/128 (3055) * (65415) Bypass 0 0 60 UDP ds 1 1 fd00:10:6b50:41c0::d/128 (3054) * (65415) Bypass 0 0 61 UDP ds 1 1 fd00:10:6b50:5690::26/128 (3055) * (65415) Bypass 0 0 [ok]
MetaVariable command displays the IP addresses associated with the corresponding metaVariable.
show table system metaVariable NAME VALUE -------------------------------------------------- IF0.GWV6 FD00:10:6B50:43A0::1 IF0.IPV6 FD00:10:6B50:43A0::D6 IF0.Port Mgt0 IF1.GWV4 10.10.20.1 IF1.IPV4 10.10.20.23 IF1.Port Ha0 IF2.GWV6 FD00:10:6B50:4D74::1 IF2.IPV6 FD00:10:6B50:4D74::D6 IF2.Port Pkt0 IF3.GWV6 FD00:10:6B50:4D70::1 IF3.IPV6 FD00:10:6B50:4D70::F IF3.Port Pkt0 IF4.GWV6 FD00:10:6B50:4D71::1 IF4.IPV6 FD00:10:6B50:4D71::4F IF4.Port Pkt0 IF5.GWV4 10.54.226.129 IF5.IPV4 10.54.226.144 IF5.Port Pkt0 IF6.GWV4 10.54.226.193 IF6.IPV4 10.54.226.208 IF6.Port Pkt0 IF7.GWV4 10.10.13.1 IF7.IPV4 10.10.13.23 IF7.Port Pkt1 IF2.VlanId 313 IF3.VlanId 309 IF4.VlanId 310 IF5.VlanId 311 IF6.VlanId 312 IF0.PrefixV6 60 IF1.PrefixV4 24 IF2.PrefixV6 64 IF3.PrefixV6 64 IF4.PrefixV6 64 IF5.PrefixV4 26 IF6.PrefixV4 26 IF7.PrefixV4 24 PKT0_V03_ALT_IP_01.IP FD00:10:6B50:4D71::74 PKT0_V03_ALT_IP_02.IP FD00:10:6B50:4D71::75 PKT0_V04_ALT_IP_01.IP 10.54.226.181 PKT0_V04_ALT_IP_02.IP 10.54.226.182 PKT0_V03_ALT_IP_01.IFName IF4 PKT0_V03_ALT_IP_02.IFName IF4 PKT0_V04_ALT_IP_01.IFName IF5 PKT0_V04_ALT_IP_02.IFName IF5 [ok]
ipVar
Associate the alternate IP address of metaVariable to the ipVar
in globalConfig
to specify that the communication to the external PSX is using the IP address that is provided by the metaVariable (ipVar).
set system policyServer globalConfig type ip addressContext default ipInterfaceGroup S_DsbcSig_IG3 ipVar PKT0_V03_ALT_IP_02.IP [ok] Commit complete
Enable the external PSX.
set system policyServer localServer PSX_LOCAL_SERVER mode outOfService set system policyServer localServer PSX_LOCAL_SERVER state disabled set system policyServer remoteServer parrotpsx ipAddress fd00:10:6b50:41c0::d set system policyServer remoteServer parrotpsx ipAddress 10.54.28.13 set system policyServer remoteServer parrotpsx action force state enabled mode active [ok] Commit complete
The default ACL for the DS process entry contains the destination IP address with the IP address provided by the metaVariable configured in ipVar field.
show table addressContext default ipAccessControlList defaultAclStatistics ADDRESS LIF ACL CONTEXT GRP POLICING BUCKET ID PROTOCOL APPLICATION ID ID SOURCE IP ADDRESS DESTINATION IP ADDRESS MODE SIZE CREDIT RATE ----------------------------------------------------------------------------------------------------------------------------------------------------------- 7 ICMPv4 icmp_v4 * * * (0) * (0) PktRate 50 pkt 50 pkt/s 8 ICMPv6 icmp_v6 * * * (0) * (0) PktRate 50 pkt 50 pkt/s 9 UDP dhcpv4 * * * (67) * (0) PktRate 50 pkt 1000 pkt/s 10 UDP dhcpv6 * * * (547) * (0) PktRate 50 pkt 1000 pkt/s 11 TCP metadata1 * * 169.254.169.254 (80) * (0) Bypass 0 0 12 TCP emsregistrar * * * (443) * (0) Bypass 0 0 38 TCP ssh 1 1 * (0) fd00:10:6b50:43a0::d6/128 (22) PktRate 50 pkt 1000 pkt/s 39 TCP web-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (80) PktRate 50 pkt 10 pkt/s 40 UDP snmp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (161) PktRate 50 pkt 1000 pkt/s 41 TCP confd 1 1 * (0) fd00:10:6b50:43a0::d6/128 (2022) PktRate 50 pkt 100 pkt/s 42 TCP secure-web-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (443) PktRate 50 pkt 20000 pkt/s 43 TCP sftp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (2024) PktRate 50 pkt 20000 pkt/s 44 TCP connexIp-manager 1 1 * (0) fd00:10:6b50:43a0::d6/128 (444) PktRate 50 pkt 20000 pkt/s 45 TCP secure-LI-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (1099) PktRate 50 pkt 10 pkt/s 46 TCP ssreq-tcp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (3091) PktRate 50 pkt 10 pkt/s 47 UDP ssreq-udp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (3090) PktRate 50 pkt 10 pkt/s 48 TCP data-agent-platform-tcp 1 1 * (5042) fd00:10:6b50:43a0::d6/128 (4041) PktRate 500 pkt 5000 pkt/s 49 TCP data-agent-app-tcp 1 1 * (5042) fd00:10:6b50:43a0::d6/128 (4042) PktRate 500 pkt 5000 pkt/s 50 TCP data-agent-trc-tcp 1 1 * (5043) fd00:10:6b50:43a0::d6/128 (4043) PktRate 500 pkt 5000 pkt/s 51 UDP ntp 1 1 169.254.120.4/32 (123) * (0) PktRate 50 pkt 10 pkt/s 52 UDP safenet_udp 1 1 fd00:10:6b50:43a0::c3/128 (5093) * (0) PktRate 1200 pkt 1200 pkt/s 53 UDP dns 1 3 fd00:10:6b50:45c0::b5/128 (53) * (0) PktRate 50 pkt 1000 pkt/s 54 TCP dns 1 3 fd00:10:6b50:45c0::b5/128 (53) * (0) PktRate 50 pkt 1000 pkt/s 55 * sip-sig-port * 5 * (0) 10.54.226.144/32 (0) PktRate 50 pkt 3000 pkt/s 56 * sip-sig-port * 6 * (0) 10.54.226.208/32 (0) PktRate 50 pkt 3000 pkt/s 57 * sip-sig-port * 4 * (0) fd00:10:6b50:4d71::4f/128 (0) PktRate 50 pkt 3000 pkt/s 58 * dsbc-sig-port * 4 * (4019) * (0) PktRate 100 pkt 15000 pkt/s 62 UDP ds 1 4 fd00:10:6b50:41c0::d/128 (3055) fd00:10:6b50:4d71::75/128 (65385) Bypass 0 0 63 UDP ds 1 4 fd00:10:6b50:41c0::d/128 (3054) fd00:10:6b50:4d71::75/128 (65385) Bypass 0 0 [ok]
Displays the globalConfig
for the external PSX.
show system policyServer globalConfig reconnectTimeout 10; switchOverMode automatic; congestionControl disabled; type ip; addressContext default; ipInterfaceGroup LIG1; ipVar IF2.FIPV4; [ok]
Once the external PSX is enabled, the command displays the status of the PSX.
show table system policyServer policyServerStatus QUERIES TRANSACTION TRANSACTION SKIPPED OPER SERVER TRANSACTION RETRY FAILED REDIRECT RELEASE DATA AND NAME INDEX STATE IP ADDRESS RECONNECTS COMPLETED ATTEMPTS ATTEMPTS VERSION REQUESTS REQUESTS REQUESTS SERVICED ----------------------------------------------------------------------------------------------------------------------------------------------------------- hp3psxvm1 2 Down fd00:10:6b50:5690::26 134 0 0 0 31 0 0 0 0 parrotpsx 1 Active fd00:10:6b50:41c0::d 0 2 0 0 31 0 0 0 0 PSX_LOCAL_SERVER 0 Down 127.0.0.1 0 0 0 0 31 0 0 0 0 [ok]
Displays the new interfaceIpAddress
entry with the associated IP address (configured in ipVar
field) provided by the metaVariable. In this example, interfaceIpAddress is associated with IP address (fd00:10:6b50:4d71::75).
show status system policyServer policyServerStatus policyServerStatus hp3psxvm1 { index 2; operState Down; ipAddress fd00:10:6b50:5690::26; serverReconnects 134; transactionCompleted 0; transactionRetryAttempts 0; transactionFailedAttempts 0; version 31; redirectRequests 0; releaseRequests 0; dataRequests 0; queriesSkippedAndServiced 0; queriesSkippedAndRejected 0; congestionLevel 0; allowancePercent 100; negotiatedVersion 0; interfaceIpAddress fd00:10:6b50:4d71::75; } policyServerStatus parrotpsx { index 1; operState Active; ipAddress fd00:10:6b50:41c0::d; serverReconnects 0; transactionCompleted 2; transactionRetryAttempts 0; transactionFailedAttempts 0; version 31; redirectRequests 0; releaseRequests 0; dataRequests 0; queriesSkippedAndServiced 0; queriesSkippedAndRejected 0; congestionLevel 0; allowancePercent 100; negotiatedVersion 31; interfaceIpAddress fd00:10:6b50:4d71::75; } policyServerStatus PSX_LOCAL_SERVER { index 0; operState Down; ipAddress 127.0.0.1; serverReconnects 0; transactionCompleted 0; transactionRetryAttempts 0; transactionFailedAttempts 0; version 31; redirectRequests 0; releaseRequests 0; dataRequests 0; queriesSkippedAndServiced 0; queriesSkippedAndRejected 0; congestionLevel 0; allowancePercent 100; negotiatedVersion 0; interfaceIpAddress ::; } [ok]
Once the IP address is configured for the
root
user.To verify if the communication between the
tshark -i pkt0.310 -f "port 3055"
tshark: Lua: Error during loading: [string "/usr/share/wireshark/init.lua"]:46: dofile has been disabled due to running Wireshark as superuser. See http://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user. Running as user "root" and group "root". This could be dangerous. Capturing on 'pkt0.310' 1 0.000000 fd00:10:6b50:4d71::75 -> fd00:10:6b50:41c0::d UDP 158 Source port: 65385 Destination port: 3055 2 0.007820 fd00:10:6b50:41c0::d -> fd00:10:6b50:4d71::75 UDP 266 Source port: 3055 Destination port: 65385 3 5.013407 fd00:10:6b50:4d71::75 -> fd00:10:6b50:41c0::d UDP 182 Source port: 65385 Destination port: 3055 4 5.015818 fd00:10:6b50:41c0::d -> fd00:10:6b50:4d71::75 UDP 114 Source port: 3055 Destination port: 65385 ^C4 packets captured
To verify the operState (Operational State) of the remote server, execute below command:
In this sample output, the operState is Active. The operState mode should always be displayed as Active/Standby/Alternate and not as Down when the policy server's state is enabled and mode is inservice.
show status system policyServer policyServerStatus policyServerStatus hp3psxvm1 { index 2; operState Active; ipAddress fd00:10:6b50:5690::26; serverReconnects 134; transactionCompleted 0; transactionRetryAttempts 0; transactionFailedAttempts 0; version 31; redirectRequests 0; releaseRequests 0; dataRequests 0; queriesSkippedAndServiced 0; queriesSkippedAndRejected 0; congestionLevel 0; allowancePercent 100; negotiatedVersion 0; interfaceIpAddress fd00:10:6b50:4d71::75; }