Skip to end of metadata
Go to start of metadata

In this section:

Overview

The SBC SWe Cloud communicates with the external PSX over the Management Interface and Packet Interface. The SBC SWe Cloud can choose any alternate IP addresses attached to the Packet Interface to communicate with the external PSX over the Management Interface and/or Packet Interface.

The communication between the SBC SWe Cloud and the external PSX follows a sequence, as described below:

  1. The SBC requests registration and receives response from PSX.

  2. The SBC periodically sends request to know the status of external PSX.

  3. The SBC requests for policy and receives response.

  4. The SBC requests for de-registration and receives response.

The SBC global configuration includes an optional metaVariable field (ipVar) to fetch an IP address from the PSX for use in connecting with the PSX. When the ipVar field is blank, the SBC picks any random IP address from the configured interface to connect with the PSX.

 Additionally, the interfaceIpAddress field is added to the policyServer 'show' command to identify the IP address the SBC SWe Cloud uses to communicate with the PSX for the specified Policy Server.


Preliminary Steps

Login to the CLI and perform the following steps to view the current default ACL statistics and metaVariable data before configuring the SBC SWe Cloud to use alternate IP addresses.

Note

Port number 3055 is used as default for D+ query. In the below example, the Source IP Address is fd00:10:6b50:41c0::d/128 (3055) and the Destination IP Address is displayed as *, since Destination IP is not configured.
StepAction
1

Enter the following command to view the default ACL statistics (see Example 1 for example results):

show table addressContext default ipAccessControlList defaultAclStatistics

The Diameter Server (DS) protocol is used for communication between the SBC SWe Cloud and external PSX. The default Access Control List (ACL) for DS process is created over Management (MGT).

2

Enter the following command to view the IP addresses associated with the corresponding metaVariable (see Example 2 for example results). 

show table system metaVariable

 

Example 1:

Click to view example...

Example 2:

Click to view example...

Procedure

StepAction
1

Configure alternate IP address of metaVariable to the ipVar

Enter the following command to associate the alternate IP address of metaVariable to the ipVar in globalConfig. This allows communication to the external PSX using the IP address that is provided by the metaVariable (ipVar).

 

set system policyServer globalConfig type ip addressContext default ipInterfaceGroup S_DsbcSig_IG3 ipVar PKT0_V03_ALT_IP_02.IP
[ok]
Commit complete
2

Configure the SBC for an external PSX

Enter the following commands to enable the external PSX.

set system policyServer localServer PSX_LOCAL_SERVER mode outOfService 
set system policyServer localServer PSX_LOCAL_SERVER state disabled 
set system policyServer remoteServer parrotpsx ipAddress fd00:10:6b50:41c0::d 
set system policyServer remoteServer parrotpsx ipAddress 10.54.28.13 
set system policyServer remoteServer parrotpsx action force state enabled mode active
[ok] 
Commit complete
3

Display the configured ipVar

Enter the following command to view the default ACL statistics. The default ACL for the DS process entry contains the destination IP address with the IP address provided by the metaVariable configured in ipVar field .

show table addressContext default ipAccessControlList defaultAclStatistics

 

Click to view example...

4

Display the external PSX global configuration

Enter the following command to view the external PSX global configuration:

show system policyServer globalConfig

Click to view example...

5

Display the PSX status

Once the external PSX is enabled, use the following command to view the PSX status:

show table system policyServer policyServerStatus

Click to view example...


6

Display the interface IP address over which the SBC communicates with the PSX

Enter the following command to view the new interfaceIpAddress entry and the associated IP address (configured in ipVar field) provided by the metaVariable. In this example, interfaceIpAddress is associated with IP address (fd00:10:6b50:4d71::75).

 
show status system policyServer policyServerStatus

 

Click to view example...

7

Verify successful communication between the configured SBC and PSX

Once the IP address is configured for SBC and PSX communication, perform the following verification steps.

  1. Login to the SBC as a root user.
  2. Execute the following TShark command:
    tshark -i pkt0.310 -f "port 3055"

    Click to view example...

  3. Execute the following command to verify the operational state of the remote server:
    show status system policyServer policyServerStatus

    Click to view example...

    In this sample output, the operState is Active. The operState mode should always be displayed as Active/Standby/Alternate and not as Down when the policy server's state is enabled and mode is inservice.