You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

 

The request system command applies to both system-level and configure modes except where noted. The following objects apply to this command:

admin

Command Syntax

MultiExcerpt named adminRequestSyntax was not found -- Please check the page name and MultiExcerpt name used in the MultiExcerpt-Include macro

Command Parameters

MultiExcerpt named adminRequestParameters was not found -- Please check the page name and MultiExcerpt name used in the MultiExcerpt-Include macro

congestion

Command Syntax

> request system congestion
	cpuhistory type <all | oneSecSample | rsiAverage | rsiWeightedAvg>
	memhistory type <all | oneSecSample | rsiAverage | rsiWeightedAvg>
	setDebugSysCongestion debugflag <disabled | enabled>
	setSysCongestion 
		level <mc0 | mc1 | mc2 | mc3> 
		res <cpu | memory>
	setSysIpInstance 
		instance <unsignedInt> 
		iptype <h323 | sip | sipreg>

Command Parameters

'request system congestion' Command Parameters

 
ParameterDescription

cpuhistory type

Displays the CPU usage history.

  • all – Displays all of the following usage histories.
  • oneSecSample – Displays the CPU usage for every second. The usage is reported for the CPU that has highest utilization for that second.    
  • rsiAverage – Displays the average of the one second samples for the resample interval, usually three (3) samples. The usage is reported for the CPU  with the highest rsi average for the resample interval.
  • rsiWeightedAvg – Displays the weighted average. The weighted average is a running average of waited samples where the current sample is computed  using the formula below:

    resourceAVGFactor * ( previous weighted sample) * (1-resourceAVGFactor) * (current rsi average).

The resourceAvgFactor usually = 30%. The usage is reported for the CPU that has weighted average for the resample interval.

memhistory

Displays the memory usage history.

  • all – Displays all of the following usage histories.
  • oneSecSample – Displays the memory usage for every second.
  • rsiAverage – Displays the average of the one second samples for the resample interval, usually three (3) samples.
  • rsiWeightedAvg Displays the weighted average. The weighted average is a running average of waited samples where the current sample is computed using the formula below:

    resourceAVGFactor * ( previous weighted sample) * (1-resourceAVGFactor) * (current rsi average). 

The resourceAvgFactor usually = 30%.

setDebugSysCongestion debugflag

Enable/disable the debug flag associated with system congestion.

  • disabled
  • enabled
setSysCongestion

Simulates CPU or memory resource congestion for the specified level.

  • level 
    • mc0 – Simulate machine congestion level 0 ( no congestion).
    • mc1 – Simulate machine congestion level 1.
    • mc2 – Simulate machine congestion level 2.
    • mc3 – Simulate machine congestion level 3.
  • res
    • cpu – Simulate CPU congestion.
    • memory – Simulate memory congestion.
setSysIpInstance

Direct all calls of a specific type or SIP registrations to a specific instance of call processing engine.

  • instance <unsignedInt> – Instance ID of the call processing engine.
  • iptype – Choose an IP type:
    •   h323 – Direct all H.323 calls to the specified instance.  
    • sip – Direct all SIP calls to the specified instance.

       
    • sipreg – Direct all SIP registrations to the specified instance.

ethernetPort

Command Syntax

% request system ethernetPort packetAdmin <host name> <pkt0 | pkt1> switchover

Command Parameter

Ethernet Port 'request' Parameter

 

Parameter

Length/Range

Description

switchover

N/A

Use this parameter to initiate a port switchover within a redundancy pair.

The switchover command only applies to pkt0 and pkt1 on

Unable to show "metadata-from": No such page "_space_variables"
active CE.

ipPolicing

Command Syntax

> request system ipPolicing resetOffendersList <OffendersList name> 
  aclOffendersList 
  aggregateOffendersList 
  arpOffendersList 
  badEtherIpHdrOffendersList 
  discardRuleOffendersList 
  ipSecDecryptOffendersList 
  mediaOffendersList 
  rogueMediaOffendersList 
  uFlowOffendersList

Offenders List Details

IP Policing Offenders Lists

ACL Offenders List – The Access Control List policer offenders list.

Aggregate Offenders List – The aggregate policer offenders list.

ARP Offenders List – The ARP policer offenders list.

Bad Ethernet IP Header Offenders List – The bad Ethernet/IP Header policer offenders list. Ethernet/IP headers are considered bad under the following conditions:

  • Only broadcast ARP packets are allowed; all other broadcast packets are considered bad.

  • Anything other than the following unicast/multicast ICMPV6 packets are considered bad.

    • Type 2 (Packet too big)
    • Type 3 (ICMP Time exceeded) Code 0 (hop limit exceeded).
    • Type 128 (ICMPV6 Echo request)
    • Type 129 (ICMPV6 Echo reply)
    • Type 135 Neighbor Solicitation
    • Type 136 Neighbor Advertisement
  • Anything other than the following unicast ICMPV4 packets are considered bad:

    • Type 0 Echo Reply

    • Type 3 Code 4 (Destination unreachable, fragmentation required)

    • Type 8 Echo Request

    • Type 11 Code 0 (Time Exceeded, TTL expired)

  • Only ICMPV6 neighbor discovery packets are allowed under multicast MAC address. Anything else is considered bad.

  • If DestMAC is zero, it is considered a bad packet.

  • Anything other than ethertype (IPV4, IPV6, VLAN) is considered bad.

  • IP Checksum error is considered bad.

  • IP version other than 4 or 6 is considered bad.

  • Bad IP Header length

  • Packet that is not long enough to contain IP header.

  • TTL == 0 is considered bad.

  • IPV4 with options set is considered bad.

  • IPV6 with initial next header field of 0, 60, or 43 is considered bad.

Discard Rule Offenders List – The table of statistics for the discard rule offenders list. For example: ACLi discard rule packets.

IPsec Decrypt Offenders List – The table of statistics for the IPsec Decrypt policer offenders list. For example:

  • Bad IPsec packet

  • Authentication error

  • Invalid SSID

  • IPsec protocol == AH

Media Offenders List – The table of statistics for the media policer offenders list. For example: Media packets exceeding the policing value.

Rogue Media Offenders List – The table of statistics for the rogue media policer offenders list. For example:

  • UDP packets received in the media port range, but the destination UDP port is not allocated for media call
  • Media packets where source port, source address or destination address do not match the allocated media resource

srtpDecryptOffendersList – The table of statistic for SRTP decrypt offenders list.  This contains SRTP packets which failed authentication or were flagged as replay packets. This could indicate malicious media packet attacks or it can be used to troubleshoot "no audio" calls using SRTP.

uFlow Offenders List – The table of statistics for the Micro Flow policer offenders list. For example: Microflow packet exceeding the policing rate.

 

Note: rogueMediaOffenders List vs. mediaOffendersList

Entries in the Media Offenders List are for allocated media packets that violate the policing rules. The associated call is sending too many media packets. This could indicate a possible “Theft of Service” scenario. Entries in the Rogue Media Offenders List are media packets that the SBC is receiving but no resource is allocated for the packet. This may be a Denial of Service attack or indication that a call was terminated but the other end is still sending media packets.

logout

Operational mode only.

 

Command Syntax

> request system logout user <user_Id>

policyServer

Command Syntax

> request system policyServer remoteServer <server_name>

security

For additional security configuration details, see PKI Security - CLI.

Command Syntax

% request system security 
	generateSipHeaderEncryptionKeys
	pki 
		certificate <certificate name>
			generateCSR
				csrSub (max 255 chars)
				keySize (ketSize1K | keySize2K)
				subjectAlternativeDnsName (0-512 chars)
			importCert certContent (max 4096 chars)
			retrieveCertContent
		uploadCertificate

Command Parameters

request system security Parameters

 

Parameter

Description

generateSipHeaderEncryptionKeys

Use this command to generate header encryption keys. A "Success" or "Failure" indication is returned. The SBC then adds the key-Id to each encrypted header based on which key is selected as the correct key for decryption.

The SBC stores up to two sets of keys at any given time. There is no limit to the number of times this command may be executed. Additionally, there is no specific time delay required before reissuing the command.

Caution

Generating new keys too frequently may lead to a situation where the SBC receives a request with an expired key-id (i.e. the current header encryption key is over-written due to the new key generation) causing unsuccessful decryption of headers. This may lead to call failures any calls caught in the transition to the new key-id.

pki

PKI certification configuration details.

  • certificate <certificateName>The name for a collection of certificates configured on SBC.
    • generateCSR – Use this parameter to generate CSR (Certificate Signing Request).
      • csrSub CSR subject name (max 255 chars).

      • keySize  Size of the key to generate private key via openssl command.

        • keySize1K

        • keySize2K

      • subjectAlternativeDnsName Alternative DNS subject name(s). Multiple alternative names can be specified using "," (comma) separator. (0-512 chars). Example:  "nj.sonusnet.com, in.sonusnet.com, uk.sonusnet.com, ca.sonusnet.com, tx.sonusnet.com"

    • importCert certContent Import PEM format certificate (max 4096 characters).
    • retrieveCertContent – Retrieve content of an existing PKI certificate (local, local-internal and remote).
  • uploadCertificate – Upload a pk12 certificate.


 

Command Example

 

To retrieve certificate content of an existing PKI certificate:

% request system security pki certificate server retrieveCertContent
result Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 13211600523504912060 (0xb75908ad95e006bc)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=MA, L=Westford, O=VeriSign
        Validity
            Not Before: Apr 28 09:56:54 2015 GMT
            Not After : Jul 12 09:56:54 2033 GMT
        Subject: C=IN, ST=TN, L=Chennai
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c5:80:dc:59:0a:8d:98:19:0b:bd:be:fd:ab:6c:
                    f7:e9:b6:28:d9:e8:fe:a5:84:fb:45:d9:16:97:f5:
                    fc:9f:df:7b:5b:03:6e:34:38:3f:10:2b:d0:d8:d6:
                    4a:03:5f:2a:78:85:4c:65:d4:0d:a6:e2:d3:be:1a:
                    fc:8b:96:a1:db:15:16:74:3e:9f:2a:34:95:88:6a:
                    49:3b:1e:78:15:bf:5c:e8:ec:a3:0d:8b:d4:2a:39:
                    d6:17:c1:a8:88:94:36:23:23:d5:3b:2c:49:fb:15:
                    d3:e6:7f:72:b0:e4:3d:e6:3a:44:f3:ac:a2:d3:2a:
                    62:f7:2f:d1:d4:a1:82:fe:03:57:49:1d:6b:12:14:
                    2c:28:f8:ef:6c:e0:c2:36:8c:7f:77:2a:32:d9:ce:
                    c7:9e:fc:4f:20:aa:43:db:b1:77:16:e9:d5:b5:44:
                    ff:06:8a:85:d4:74:63:af:3c:5e:f3:a3:e0:83:5a:
                    40:d1:5d:fc:84:36:34:b4:8b:ac:f1:5b:2c:b6:0e:
                    97:bc:1b:cd:a4:f8:17:b3:81:42:41:db:09:bb:79:
                    42:1f:92:dc:43:52:ca:78:e3:db:3d:db:e9:f6:39:
                    15:eb:3a:09:e5:ab:eb:18:5f:7e:14:ec:f9:b6:04:
                    9e:f5:6d:73:f4:ea:85:c4:4a:1f:5a:01:8f:2e:94:
                    b6:0d
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
         1a:91:c0:8a:b8:66:4b:a2:67:bc:99:4f:b4:0b:f8:bc:67:0e:
         de:23:37:42:bc:dd:96:64:7c:ef:e1:05:c7:eb:92:06:fa:ef:
         7b:72:ee:7f:26:b5:1c:39:b5:f2:b2:04:6e:2e:0c:1d:7e:1f:
         7a:87:b8:8b:9c:25:e2:8f:77:6f:ac:bb:a0:63:28:51:4f:7c:
         35:30:ad:31:24:85:f3:99:6d:c2:f8:33:eb:49:45:ed:ab:26:
         97:f4:04:a7:0a:06:dd:40:c3:f6:1a:0e:ec:72:0f:40:65:ab:
         34:4a:dc:51:2b:f3:61:b6:3a:1c:26:09:a1:af:37:dc:bf:a5:
         ba:dd
No Trusted Uses.
No Rejected Uses.
Alias: Server Cert
Key Id: 79:70:FC:99:1A:2B:15:A7:A1:33:21:F7:8A:57:0C:A7:07:7B:96:35
 
status 0 

 

serverAdmin

Command Syntax

> request system serverAdmin <server_name>  
	forceCoreDump coreDumpType <full | partial>
	identify duration <0-255 seconds> 
	removeCoredump coredumpFileName <filename> 
	restart  
	softReset  
	startSoftwareUpgrade  
		integrityCheck <perform | skip>
		package <pkg_name> 
		rpmName <name> 
		versionCheck <perform | skip> 

Command Parameters

'request system serverAdmin' Command Parameters

 
ParameterLength/RangeDescription

<serverName>

N/A

The unique name of the server.

forceCoreDumpN/A

Use this command to force the termination of a fixed set of application processes with accompanying core dumps for troubleshooting purposes. By default, a full dump is performed if no option is specified.

Before the command executes, the user is prompted to confirm or cancel the operation. If canceled, no further action is taken, and application operation is not affected.

  • coreDumpType– Choose an option below:
    • full (default) – Full set of processes to dump (see Table 2 below).
    • partial – Partial set of processes to dump (see Table 3 below).
identify duration0-255 seconds

The duration (in seconds) to illuminate the locator LED of this server. The LED illuminates for the specified number of seconds and then extinguishes. A duration of "0" turns off the locator LED and a duration of "255" turns on the locator LED indefinitely. If the duration is not specified, the default value of 15 seconds is used.

removeCoredumpN/A

Use this object to remove the specified coredump from the chosen server.

  • coredumpFileName <filename> – The name of the coredump file.
restartN/A Restart the specified server.
softResetN/A Restart the application on the server without rebooting the server.
startSoftwareUpgradeN/A

Use this control to start a software upgrade on the specified server.

  • integrityCheck – Use this flag to specify whether or not to perform an integrity check (signature validation) against
    Unable to show "metadata-from": No such page "_space_variables"
    software updates and patches as they are uploaded to the
    Unable to show "metadata-from": No such page "_space_variables"
    system.
    • perform (default)
    • skip 
  • package – Name of the new package.
  • rpmName – Name of the rpm/package, if different from the file name of the .tar.gz.
  • versionCheck– Use this flag to perform/skip version checking during software upgrades.
    • perform (default)
    • skip

Full Application Process List

 

CamProcess

ChmProcess

CpxAppProc

DiamProcess

DnsProcess

DsProcess

EmaProcess

EnmProcessMain

FmMasterProcess

IkeProcess

ImProcess

IpmProcess

PathchkProcess

PesProcess

PipeProcess

PrsProcess

RtmProcess

SamProcess

ScmProcess_0

ScmProcess_1

ScmProcess_2

ScmProcess_3

ScpaProcess

SmProcess

SsaProcess

SsreqProcess

 

 

Partial Application Process List

 

Process

PrsProcess

RtmProcess

SamProcess

ScmProcess_0

ScmProcess_1

ScmProcess_2

ScmProcess_3

SmProcess


  • No labels