In this section:
Feature Overview
The The communication between the SBC and the external PSX follows a sequence, as described below: The The The The The SBC global configuration includes an optional metaVariable field (ipVar) to fetch an IP address from the PSX for use in connecting with the PSX. When the ipVar field is blank, the Additionally, the interfaceIpAddress field is added to the policyServer 'show' command to identify the IP address the SBC uses to communicate with the PSX for the specified Policy Server.Unable to show "metadata-from": No such page "_space_variables" communicates with the external PSX over the Management Interface and Packet Interface. The Unable to show "metadata-from": No such page "_space_variables" can choose any alternate IP addresses attached to the Packet Interface to communicate with the external PSX over the Management Interface and/or Packet Interface.Unable to show "metadata-from": No such page "_space_variables" requests registration and receives response from PSX.Unable to show "metadata-from": No such page "_space_variables" periodically sends request to know the status of external PSX.Unable to show "metadata-from": No such page "_space_variables" requests for policy and receives response.Unable to show "metadata-from": No such page "_space_variables" requests for de-registration and receives response.Unable to show "metadata-from": No such page "_space_variables" picks any random IP address from the configured interface to connect with the PSX.
EMA Changes
EMA UI Path: Configuration > System Setup > Policy Server > Global Config
ipVar
Interface IP Address
Best Practice
Before Configuring the ALT IP Address in Cloud
The Unable to show "metadata-from": No such page "_space_variables" displays the following output before the ALT IP Address is configured in Cloud.
Port number 3055 is used as default for D+ query. In the below example, the Source IP Address is fd00:10:6b50:41c0::d/128 (3055) and the Destination IP Address is displayed as *, since Destination IP is not configured.
The Diameter Server (DS) protocol is used for communication between the Unable to show "metadata-from": No such page "_space_variables" and external PSX. The default Access Control List (ACL) for DS process is created over Management (MGT).
show table addressContext default ipAccessControlList defaultAclStatistics
ADDRESS LIF
ACL CONTEXT GRP POLICING BUCKET
ID PROTOCOL APPLICATION ID ID SOURCE IP ADDRESS DESTINATION IP ADDRESS MODE SIZE CREDIT RATE
-----------------------------------------------------------------------------------------------------------------------------------------------------------
7 ICMPv4 icmp_v4 * * * (0) * (0) PktRate 50 pkt 50 pkt/s
8 ICMPv6 icmp_v6 * * * (0) * (0) PktRate 50 pkt 50 pkt/s
9 UDP dhcpv4 * * * (67) * (0) PktRate 50 pkt 1000 pkt/s
10 UDP dhcpv6 * * * (547) * (0) PktRate 50 pkt 1000 pkt/s
11 TCP metadata1 * * 169.254.169.254 (80) * (0) Bypass 0 0
12 TCP emsregistrar * * * (443) * (0) Bypass 0 0
38 TCP ssh 1 1 * (0) fd00:10:6b50:43a0::d6/128 (22) PktRate 50 pkt 1000 pkt/s
39 TCP web-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (80) PktRate 50 pkt 10 pkt/s
40 UDP snmp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (161) PktRate 50 pkt 1000 pkt/s
41 TCP confd 1 1 * (0) fd00:10:6b50:43a0::d6/128 (2022) PktRate 50 pkt 100 pkt/s
42 TCP secure-web-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (443) PktRate 50 pkt 20000 pkt/s
43 TCP sftp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (2024) PktRate 50 pkt 20000 pkt/s
44 TCP connexIp-manager 1 1 * (0) fd00:10:6b50:43a0::d6/128 (444) PktRate 50 pkt 20000 pkt/s
45 TCP secure-LI-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (1099) PktRate 50 pkt 10 pkt/s
46 TCP ssreq-tcp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (3091) PktRate 50 pkt 10 pkt/s
47 UDP ssreq-udp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (3090) PktRate 50 pkt 10 pkt/s
48 TCP data-agent-platform-tcp 1 1 * (5042) fd00:10:6b50:43a0::d6/128 (4041) PktRate 500 pkt 5000 pkt/s
49 TCP data-agent-app-tcp 1 1 * (5042) fd00:10:6b50:43a0::d6/128 (4042) PktRate 500 pkt 5000 pkt/s
50 TCP data-agent-trc-tcp 1 1 * (5043) fd00:10:6b50:43a0::d6/128 (4043) PktRate 500 pkt 5000 pkt/s
51 UDP ntp 1 1 169.254.120.4/32 (123) * (0) PktRate 50 pkt 10 pkt/s
52 UDP safenet_udp 1 1 fd00:10:6b50:43a0::c3/128 (5093) * (0) PktRate 1200 pkt 1200 pkt/s
53 UDP dns 1 3 fd00:10:6b50:45c0::b5/128 (53) * (0) PktRate 50 pkt 1000 pkt/s
54 TCP dns 1 3 fd00:10:6b50:45c0::b5/128 (53) * (0) PktRate 50 pkt 1000 pkt/s
55 * sip-sig-port * 5 * (0) 10.54.226.144/32 (0) PktRate 50 pkt 3000 pkt/s
56 * sip-sig-port * 6 * (0) 10.54.226.208/32 (0) PktRate 50 pkt 3000 pkt/s
57 * sip-sig-port * 4 * (0) fd00:10:6b50:4d71::4f/128 (0) PktRate 50 pkt 3000 pkt/s
58 * dsbc-sig-port * 4 * (4019) * (0) PktRate 100 pkt 15000 pkt/s
59 UDP ds 1 1 fd00:10:6b50:41c0::d/128 (3055) * (65415) Bypass 0 0
60 UDP ds 1 1 fd00:10:6b50:41c0::d/128 (3054) * (65415) Bypass 0 0
61 UDP ds 1 1 fd00:10:6b50:5690::26/128 (3055) * (65415) Bypass 0 0
[ok]
MetaVariable command displays the IP addresses associated with the corresponding metaVariable.
show table system metaVariable NAME VALUE -------------------------------------------------- IF0.GWV6 FD00:10:6B50:43A0::1 IF0.IPV6 FD00:10:6B50:43A0::D6 IF0.Port Mgt0 IF1.GWV4 10.10.20.1 IF1.IPV4 10.10.20.23 IF1.Port Ha0 IF2.GWV6 FD00:10:6B50:4D74::1 IF2.IPV6 FD00:10:6B50:4D74::D6 IF2.Port Pkt0 IF3.GWV6 FD00:10:6B50:4D70::1 IF3.IPV6 FD00:10:6B50:4D70::F IF3.Port Pkt0 IF4.GWV6 FD00:10:6B50:4D71::1 IF4.IPV6 FD00:10:6B50:4D71::4F IF4.Port Pkt0 IF5.GWV4 10.54.226.129 IF5.IPV4 10.54.226.144 IF5.Port Pkt0 IF6.GWV4 10.54.226.193 IF6.IPV4 10.54.226.208 IF6.Port Pkt0 IF7.GWV4 10.10.13.1 IF7.IPV4 10.10.13.23 IF7.Port Pkt1 IF2.VlanId 313 IF3.VlanId 309 IF4.VlanId 310 IF5.VlanId 311 IF6.VlanId 312 IF0.PrefixV6 60 IF1.PrefixV4 24 IF2.PrefixV6 64 IF3.PrefixV6 64 IF4.PrefixV6 64 IF5.PrefixV4 26 IF6.PrefixV4 26 IF7.PrefixV4 24 PKT0_V03_ALT_IP_01.IP FD00:10:6B50:4D71::74 PKT0_V03_ALT_IP_02.IP FD00:10:6B50:4D71::75 PKT0_V04_ALT_IP_01.IP 10.54.226.181 PKT0_V04_ALT_IP_02.IP 10.54.226.182 PKT0_V03_ALT_IP_01.IFName IF4 PKT0_V03_ALT_IP_02.IFName IF4 PKT0_V04_ALT_IP_01.IFName IF5 PKT0_V04_ALT_IP_02.IFName IF5 [ok]
Configuring the Alternate IP Address of metaVariable to the ipVar
Associate the alternate IP address of metaVariable to the ipVar in globalConfig to specify that the communication to the external PSX is using the IP address that is provided by the metaVariable (ipVar).
set system policyServer globalConfig type ip addressContext default ipInterfaceGroup S_DsbcSig_IG3 ipVar PKT0_V03_ALT_IP_02.IP [ok] Commit complete
Configuring the External PSX
Enable the external PSX.
set system policyServer localServer PSX_LOCAL_SERVER mode outOfService set system policyServer localServer PSX_LOCAL_SERVER state disabled set system policyServer remoteServer parrotpsx ipAddress fd00:10:6b50:41c0::d set system policyServer remoteServer parrotpsx ipAddress 10.54.28.13 set system policyServer remoteServer parrotpsx action force state enabled mode active [ok] Commit complete
Displaying the Configured ipVar
The default ACL for the DS process entry contains the destination IP address with the IP address provided by the metaVariable configured in ipVar field.
show table addressContext default ipAccessControlList defaultAclStatistics
ADDRESS LIF
ACL CONTEXT GRP POLICING BUCKET
ID PROTOCOL APPLICATION ID ID SOURCE IP ADDRESS DESTINATION IP ADDRESS MODE SIZE CREDIT RATE
-----------------------------------------------------------------------------------------------------------------------------------------------------------
7 ICMPv4 icmp_v4 * * * (0) * (0) PktRate 50 pkt 50 pkt/s
8 ICMPv6 icmp_v6 * * * (0) * (0) PktRate 50 pkt 50 pkt/s
9 UDP dhcpv4 * * * (67) * (0) PktRate 50 pkt 1000 pkt/s
10 UDP dhcpv6 * * * (547) * (0) PktRate 50 pkt 1000 pkt/s
11 TCP metadata1 * * 169.254.169.254 (80) * (0) Bypass 0 0
12 TCP emsregistrar * * * (443) * (0) Bypass 0 0
38 TCP ssh 1 1 * (0) fd00:10:6b50:43a0::d6/128 (22) PktRate 50 pkt 1000 pkt/s
39 TCP web-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (80) PktRate 50 pkt 10 pkt/s
40 UDP snmp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (161) PktRate 50 pkt 1000 pkt/s
41 TCP confd 1 1 * (0) fd00:10:6b50:43a0::d6/128 (2022) PktRate 50 pkt 100 pkt/s
42 TCP secure-web-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (443) PktRate 50 pkt 20000 pkt/s
43 TCP sftp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (2024) PktRate 50 pkt 20000 pkt/s
44 TCP connexIp-manager 1 1 * (0) fd00:10:6b50:43a0::d6/128 (444) PktRate 50 pkt 20000 pkt/s
45 TCP secure-LI-client 1 1 * (0) fd00:10:6b50:43a0::d6/128 (1099) PktRate 50 pkt 10 pkt/s
46 TCP ssreq-tcp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (3091) PktRate 50 pkt 10 pkt/s
47 UDP ssreq-udp 1 1 * (0) fd00:10:6b50:43a0::d6/128 (3090) PktRate 50 pkt 10 pkt/s
48 TCP data-agent-platform-tcp 1 1 * (5042) fd00:10:6b50:43a0::d6/128 (4041) PktRate 500 pkt 5000 pkt/s
49 TCP data-agent-app-tcp 1 1 * (5042) fd00:10:6b50:43a0::d6/128 (4042) PktRate 500 pkt 5000 pkt/s
50 TCP data-agent-trc-tcp 1 1 * (5043) fd00:10:6b50:43a0::d6/128 (4043) PktRate 500 pkt 5000 pkt/s
51 UDP ntp 1 1 169.254.120.4/32 (123) * (0) PktRate 50 pkt 10 pkt/s
52 UDP safenet_udp 1 1 fd00:10:6b50:43a0::c3/128 (5093) * (0) PktRate 1200 pkt 1200 pkt/s
53 UDP dns 1 3 fd00:10:6b50:45c0::b5/128 (53) * (0) PktRate 50 pkt 1000 pkt/s
54 TCP dns 1 3 fd00:10:6b50:45c0::b5/128 (53) * (0) PktRate 50 pkt 1000 pkt/s
55 * sip-sig-port * 5 * (0) 10.54.226.144/32 (0) PktRate 50 pkt 3000 pkt/s
56 * sip-sig-port * 6 * (0) 10.54.226.208/32 (0) PktRate 50 pkt 3000 pkt/s
57 * sip-sig-port * 4 * (0) fd00:10:6b50:4d71::4f/128 (0) PktRate 50 pkt 3000 pkt/s
58 * dsbc-sig-port * 4 * (4019) * (0) PktRate 100 pkt 15000 pkt/s
62 UDP ds 1 4 fd00:10:6b50:41c0::d/128 (3055) fd00:10:6b50:4d71::75/128 (65385) Bypass 0 0
63 UDP ds 1 4 fd00:10:6b50:41c0::d/128 (3054) fd00:10:6b50:4d71::75/128 (65385) Bypass 0 0
[ok]
Displaying the globalConfig for the External PSX
Displays the globalConfig for the external PSX.
show system policyServer globalConfig reconnectTimeout 10; switchOverMode automatic; congestionControl disabled; type ip; addressContext default; ipInterfaceGroup LIG1; ipVar IF2.FIPV4; [ok]
Displaying the Status of PSX
Once the external PSX is enabled, the command displays the status of the PSX.
show table system policyServer policyServerStatus
QUERIES
TRANSACTION TRANSACTION SKIPPED
OPER SERVER TRANSACTION RETRY FAILED REDIRECT RELEASE DATA AND
NAME INDEX STATE IP ADDRESS RECONNECTS COMPLETED ATTEMPTS ATTEMPTS VERSION REQUESTS REQUESTS REQUESTS SERVICED
-----------------------------------------------------------------------------------------------------------------------------------------------------------
hp3psxvm1 2 Down fd00:10:6b50:5690::26 134 0 0 0 31 0 0 0 0
parrotpsx 1 Active fd00:10:6b50:41c0::d 0 2 0 0 31 0 0 0 0
PSX_LOCAL_SERVER 0 Down 127.0.0.1 0 0 0 0 31 0 0 0 0
[ok]
Displaying the interfaceIpAddress over which SBC Communicates with PSX
Displays the new interfaceIpAddress entry with the associated IP address (configured in ipVar field) provided by the metaVariable. In this example, interfaceIpAddress is associated with IP address (fd00:10:6b50:4d71::75).
show status system policyServer policyServerStatus
policyServerStatus hp3psxvm1 {
index 2;
operState Down;
ipAddress fd00:10:6b50:5690::26;
serverReconnects 134;
transactionCompleted 0;
transactionRetryAttempts 0;
transactionFailedAttempts 0;
version 31;
redirectRequests 0;
releaseRequests 0;
dataRequests 0;
queriesSkippedAndServiced 0;
queriesSkippedAndRejected 0;
congestionLevel 0;
allowancePercent 100;
negotiatedVersion 0;
interfaceIpAddress fd00:10:6b50:4d71::75;
}
policyServerStatus parrotpsx {
index 1;
operState Active;
ipAddress fd00:10:6b50:41c0::d;
serverReconnects 0;
transactionCompleted 2;
transactionRetryAttempts 0;
transactionFailedAttempts 0;
version 31;
redirectRequests 0;
releaseRequests 0;
dataRequests 0;
queriesSkippedAndServiced 0;
queriesSkippedAndRejected 0;
congestionLevel 0;
allowancePercent 100;
negotiatedVersion 31;
interfaceIpAddress fd00:10:6b50:4d71::75;
}
policyServerStatus PSX_LOCAL_SERVER {
index 0;
operState Down;
ipAddress 127.0.0.1;
serverReconnects 0;
transactionCompleted 0;
transactionRetryAttempts 0;
transactionFailedAttempts 0;
version 31;
redirectRequests 0;
releaseRequests 0;
dataRequests 0;
queriesSkippedAndServiced 0;
queriesSkippedAndRejected 0;
congestionLevel 0;
allowancePercent 100;
negotiatedVersion 0;
interfaceIpAddress ::;
}
[ok]
Verifying Whether the Configured SBC and the PSX Communication is Successful
Once the IP address is configured for the Unable to show "metadata-from": No such page "_space_variables" and the PSX communication, follow below procedure to verify:
- Login to the Unable to show "metadata-from": No such page "_space_variables"as a
rootuser. To verify if the communication between the
Unable to show "metadata-from": No such page "_space_variables"and the external PSX is successful using the packet interface and the configured IP address, execute the following command:tshark -i pkt0.310 -f "port 3055"
tshark: Lua: Error during loading: [string "/usr/share/wireshark/init.lua"]:46: dofile has been disabled due to running Wireshark as superuser. See http://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user. Running as user "root" and group "root". This could be dangerous. Capturing on 'pkt0.310' 1 0.000000 fd00:10:6b50:4d71::75 -> fd00:10:6b50:41c0::d UDP 158 Source port: 65385 Destination port: 3055 2 0.007820 fd00:10:6b50:41c0::d -> fd00:10:6b50:4d71::75 UDP 266 Source port: 3055 Destination port: 65385 3 5.013407 fd00:10:6b50:4d71::75 -> fd00:10:6b50:41c0::d UDP 182 Source port: 65385 Destination port: 3055 4 5.015818 fd00:10:6b50:41c0::d -> fd00:10:6b50:4d71::75 UDP 114 Source port: 3055 Destination port: 65385 ^C4 packets captured
To verify the operState (Operational State) of the remote server, execute below command:
In this sample output, the operState is Active. The operState mode should always be displayed as Active/Standby/Alternate and not as Down when the policy server's state is enabled and mode is inservice.show status system policyServer policyServerStatus policyServerStatus hp3psxvm1 { index 2; operState Active; ipAddress fd00:10:6b50:5690::26; serverReconnects 134; transactionCompleted 0; transactionRetryAttempts 0; transactionFailedAttempts 0; version 31; redirectRequests 0; releaseRequests 0; dataRequests 0; queriesSkippedAndServiced 0; queriesSkippedAndRejected 0; congestionLevel 0; allowancePercent 100; negotiatedVersion 0; interfaceIpAddress fd00:10:6b50:4d71::75; }
Overview
Content Tools