Using an Alternate IP Address to Communicate with the PSX

In this section:

Overview

SBC SWe N:1 and SWe cloud-based systems communicate with the external PSX over the management interface and packet interface. The SBC can choose an alternate IP address attached to the packet interface to communicate with the external PSX over the management interface and/or packet interface.

The communication between the SBC and the external PSX follows a sequence, as described below:

The SBC requests registration and receives a response from PSX.
The SBC periodically sends a request to know the status of the external PSX.
The SBC requests policy information and receives a response.
The SBC requests de-registration and receives a response.

The global configuration of SBC SWe N:1 and SWe cloud-based systems include an optional metaVariable field (ipVar) to fetch an IP address from the PSX for use in connecting with the PSX. When the ipVar field is blank, the SBC picks a random IP address from the configured interface to connect with the PSX.

Additionally, the interfaceIpAddress field is added to the policyServer 'show' command to identify the IP address the SBC uses to communicate with the PSX for the specified policy server.

Preliminary Steps

Log into the CLI and perform the following steps to view the current default ACL statistics and metaVariable data before configuring the SBC to use alternate IP addresses.

Note

Port number 3055 is used by default for D+ queries. In the following example, the source IP address is fd00:10:6b50:41c0::d/128 (3055) and the destination IP address are displayed as *, since the destination IP is not configured.

Step Action

1

Enter the following command to view the default ACL statistics (see Example 1 for example results):

show table addressContext default ipAccessControlList defaultAclStatistics

The Diameter Server (DS) protocol is used for communication between the SBC and the external PSX. The default Access Control List (ACL) for the DS process is created over Management (MGT).

2

Enter the following command to view the IP addresses associated with the corresponding metaVariables (see Example 2 for example results).

show table system metaVariable

Example 1:

Click to view example...

show table addressContext default ipAccessControlList defaultAclStatistics

                                        ADDRESS  LIF
ACL                                     CONTEXT  GRP                                                                      POLICING  BUCKET
ID   PROTOCOL  APPLICATION              ID       ID   SOURCE IP ADDRESS                 DESTINATION IP ADDRESS            MODE      SIZE      CREDIT RATE
-----------------------------------------------------------------------------------------------------------------------------------------------------------
7    ICMPv4    icmp_v4                  *        *    * (0)                             * (0)                             PktRate   50 pkt    50 pkt/s
8    ICMPv6    icmp_v6                  *        *    * (0)                             * (0)                             PktRate   50 pkt    50 pkt/s
9    UDP       dhcpv4                   *        *    * (67)                            * (0)                             PktRate   50 pkt    1000 pkt/s
10   UDP       dhcpv6                   *        *    * (547)                           * (0)                             PktRate   50 pkt    1000 pkt/s
11   TCP       metadata1                *        *    169.254.169.254 (80)              * (0)                             Bypass    0         0
12   TCP       emsregistrar             *        *    * (443)                           * (0)                             Bypass    0         0
38   TCP       ssh                      1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (22)    PktRate   50 pkt    1000 pkt/s
39   TCP       web-client               1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (80)    PktRate   50 pkt    10 pkt/s
40   UDP       snmp                     1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (161)   PktRate   50 pkt    1000 pkt/s
41   TCP       confd                    1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (2022)  PktRate   50 pkt    100 pkt/s
42   TCP       secure-web-client        1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (443)   PktRate   50 pkt    20000 pkt/s
43   TCP       sftp                     1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (2024)  PktRate   50 pkt    20000 pkt/s
44   TCP       connexIp-manager         1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (444)   PktRate   50 pkt    20000 pkt/s
45   TCP       secure-LI-client         1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (1099)  PktRate   50 pkt    10 pkt/s
46   TCP       ssreq-tcp                1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (3091)  PktRate   50 pkt    10 pkt/s
47   UDP       ssreq-udp                1        1    * (0)                             fd00:10:6b50:43a0::d6/128 (3090)  PktRate   50 pkt    10 pkt/s

48   TCP       data-agent-platform-tcp  1        1    * (5042)                          fd00:10:6b50:43a0::d6/128 (4041)  PktRate   500 pkt   5000 pkt/s
49   TCP       data-agent-app-tcp       1        1    * (5042)                          fd00:10:6b50:43a0::d6/128 (4042)  PktRate   500 pkt   5000 pkt/s
50   TCP       data-agent-trc-tcp       1        1    * (5043)                          fd00:10:6b50:43a0::d6/128 (4043)  PktRate   500 pkt   5000 pkt/s
51   UDP       ntp                      1        1    169.254.120.4/32 (123)            * (0)                             PktRate   50 pkt    10 pkt/s
52   UDP       safenet_udp              1        1    fd00:10:6b50:43a0::c3/128 (5093)  * (0)                             PktRate   1200 pkt  1200 pkt/s
53   UDP       dns                      1        3    fd00:10:6b50:45c0::b5/128 (53)    * (0)                             PktRate   50 pkt    1000 pkt/s
54   TCP       dns                      1        3    fd00:10:6b50:45c0::b5/128 (53)    * (0)                             PktRate   50 pkt    1000 pkt/s
55   *         sip-sig-port             *        5    * (0)                             10.54.226.144/32 (0)              PktRate   50 pkt    3000 pkt/s
56   *         sip-sig-port             *        6    * (0)                             10.54.226.208/32 (0)              PktRate   50 pkt    3000 pkt/s
57   *         sip-sig-port             *        4    * (0)                             fd00:10:6b50:4d71::4f/128 (0)     PktRate   50 pkt    3000 pkt/s
58   *         dsbc-sig-port            *        4    * (4019)                          * (0)                             PktRate   100 pkt   15000 pkt/s
59   UDP       ds                       1        1    fd00:10:6b50:41c0::d/128 (3055)   * (65415)                         Bypass    0         0
60   UDP       ds                       1        1    fd00:10:6b50:41c0::d/128 (3054)   * (65415)                         Bypass    0         0
61   UDP       ds                       1        1    fd00:10:6b50:5690::26/128 (3055)  * (65415)                         Bypass    0         0
[ok]

Example 2:

Click to view example...

Procedure


set system policyServer globalConfig type ip addressContext default ipInterfaceGroup S_DsbcSig_IG3 ipVar PKT0_V03_ALT_IP_02.IP
[ok]
Commit complete
set system policyServer localServer PSX_LOCAL_SERVER mode outOfService 
set system policyServer localServer PSX_LOCAL_SERVER state disabled 
set system policyServer remoteServer parrotpsx ipAddress fd00:10:6b50:41c0::d 
set system policyServer remoteServer parrotpsx ipAddress 10.54.28.13 
set system policyServer remoteServer parrotpsx action force state enabled mode active
[ok] 
Commit complete
show table addressContext default ipAccessControlList defaultAclStatistics
show system policyServer globalConfig
show table system policyServer policyServerStatus
show status system policyServer policyServerStatus
tshark: Lua: Error during loading:
 [string "/usr/share/wireshark/init.lua"]:46: dofile has been disabled due to running Wireshark as superuser. See http://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user.
Running as user "root" and group "root". This could be dangerous.
Capturing on 'pkt0.310'
  1   0.000000 fd00:10:6b50:4d71::75 -> fd00:10:6b50:41c0::d UDP 158 Source port: 65385  Destination port: 3055
  2   0.007820 fd00:10:6b50:41c0::d -> fd00:10:6b50:4d71::75 UDP 266 Source port: 3055  Destination port: 65385
  3   5.013407 fd00:10:6b50:4d71::75 -> fd00:10:6b50:41c0::d UDP 182 Source port: 65385  Destination port: 3055
  4   5.015818 fd00:10:6b50:41c0::d -> fd00:10:6b50:4d71::75 UDP 114 Source port: 3055  Destination port: 65385
^C4 packets captured

Step	Action
1	Configure use of an alternate IP address using a metaVariable Enter the following command to assign the alternate IP address of a metaVariable to the `ipVar` configuration in `globalConfig.` This allows communication to the external PSX using the IP address that is provided by the metaVariable (ipVar). set system policyServer globalConfig type ip addressContext default ipInterfaceGroup S_DsbcSig_IG3 ipVar PKT0_V03_ALT_IP_02.IP [ok] Commit complete
2	Configure the SBC for an external PSX Enter the following commands to enable the external PSX. set system policyServer localServer PSX_LOCAL_SERVER mode outOfService set system policyServer localServer PSX_LOCAL_SERVER state disabled set system policyServer remoteServer parrotpsx ipAddress fd00:10:6b50:41c0::d set system policyServer remoteServer parrotpsx ipAddress 10.54.28.13 set system policyServer remoteServer parrotpsx action force state enabled mode active [ok] Commit complete
3	Display the configured ipVar value Enter the following command to view the default ACL statistics. The default ACL DS process entry contains the destination IP address with the IP address provided by the metaVariable configured in the ipVar field. show table addressContext default ipAccessControlList defaultAclStatistics Click to view example...
4	Display the external PSX global configuration Enter the following command to view the external PSX global configuration: show system policyServer globalConfig Click to view example...
5	Display the PSX status Once the external PSX is enabled, use the following command to view the PSX status: show table system policyServer policyServerStatus Click to view example...
6	Display the interface IP address over which the SBC communicates with the PSX Enter the following command to view the new `interfaceIpAddress` entry and the associated IP address (configured in the `ipVar` field) provided by the metaVariable. In this example, interfaceIpAddress is associated with the IP address (fd00:10:6b50:4d71::75). show status system policyServer policyServerStatus Click to view example...
7	Verify successful communication between the SBC and PSX Once the IP address is configured for SBC and PSX communication, perform the following verification steps. Log into the SBC as a `root` user. Execute the following TShark command: `tshark -i pkt0.310 -f "port 3055"` Click to view example... Execute the following command to verify the operational state of the remote server: `show status system policyServer policyServerStatus` Click to view example... The operState mode should always be displayed as Active/Standby/Alternate and not as Down when the policy server's state is enabled and mode is inservice.

Space shortcuts

Page tree

Overview

Preliminary Steps

Procedure