The cluster object allows you to configure the ME clusters. A cluster is a group of ME systems that operate within a real-time collaboration network. Systems defined in the cluster can provide synchronization and support failover operations. An ME cluster automatically distributes load among the cluster entities, and routes SIP sessions around any failed elements.
The box object allows you to configure the local box and interface settings. A local ME device is the hardware that you are managing over a local, Telnet, or Secure Shell (SSH) connection.
The interface object defines the physical interfaces: up to 20 Ethernet 1000 Mbps auto-negotiation, full-duplex interfaces (eth0 through eth 19).
For detailed information on clusters, refer to the Oracle Communications WebRTC Session Controller Installation Guide.
The cluster object allows you to enable media distribution between nodes within the cluster, creating media partners, using the share-media-ports property of this object. The pool of ports that participate in the distribution is defined using the media-ports object. From this object, you can open subobjects to first enable and configure ME devices and then Ethernet interfaces and their properties within a network cluster.
To set up load balancing across a cluster, see Configuring Head-End and Backing Interfaces. You create backing interfaces using the sip object.
For media distribution on a system outside of the cluster as a media partner, define media partners using the partner object.
name: Sets an administrative name for this cluster. Enter up 32 alphanumeric characters. For text strings with blank spaces, enclose the strings within quotation marks (””).
Default: There is no default setting
Example: set name ”WebRTC cluster1”
share-media-ports: Specifies whether or not to enable media distribution among the nodes within a cluster. When set to true, media partnering is enabled on the cluster. Media ports are defined for each interface using the media-ports object.
Default: false
Values: true | false
Example: set share-media-ports true
share-signaling-entries: Specifies whether or not all boxes in a cluster exchange active SIP session information. When set to true, they do exchange data. If the primary link then goes down, a backup link can use SIP session information from the primary box to handle existing calls.
This property should be set to true if you have configured VRRP (to provide the redundancy support).
Default: false
Values: true | false
Example: set share-signaling-entries true
backup-session-on-demand: Specifies the manner in which failover is handled by the system. By default (disabled), if signaling failover is configured the system immediately creates a backup session on the failover box when a session is established. When this property is enabled, the system does not create and mirror the session on the backup box. Instead, it maintains a minimum amount of information on the backup, and establishes the full session upon failover.
Default: disabled
Values: enabled | disabled
Example: set backup-session-on-demand enabled
share-turn-ports: Specifies whether or not to enable distribution of TURN ALLOCATE requests (i.e., load balance) across systems within a cluster. When set to true, TURN partnering is enabled on the cluster (the STUN service table contains STUN/TURN routes from all systems in the cluster). The ME performs a cluster-wide STUN service route lookup to determine the best ME device to handle the ALLOCATE request. If set to false, the table contains only those routes for the local box.
TURN servers are defined for each interface using the stun-server object. To load balance ALLOCATE requests, you must enable the TURN-redirector option of the stun-server > port property for one or more STUN servers. To determine route preference for load balancing, use the stun-service-routing object.
Default: false
Values: true | false
Example: set share-turn-ports true
mirror-media-streams: Specifies whether the cluster participates in media mirroring. When set to true, all boxes in the cluster share media state information. The selection of calls that are mirrored is determined by policy; you must also enable the media object mirror property.
Default: false
Values: true | false
Example: set mirror-media-streams true
media-resource-failure-timer: Secondary property. Sets how long to wait after a media proxy failure (in media proxy configurations). When enabled, if no backup media proxy takes ownership before the timer set with this property expires, the signaling sessions for the failed media proxy are terminated. Enter the value in the format displayed in the example or in standard W3C XML format (PnYnMnDTnHnMnS).
Default: disabled Values: enabled days hh:mm:ss | disabled
Example: set media-resource-failure-timer enabled ”5 days 12:00:00
media-proxy-timeout: Secondary property. Specifies how long to wait for responses from the media proxy.
Default: 10
Values: Min: 1 / Max: 300
Example: set media-proxy-timeout 25
Configures the settings and interfaces on the specified physical device. Specify a box number (integer) in the range 1 to 16 that makes this box unique among other boxes in the network cluster.
Until you configure a box, the ME does not list it as an available selection when you use the help. In the following example, the ME does not list box 3 as available until after you have opened the box 3 object.
config cluster> config box ? specify an object of type box 1 2 config cluster> config box 3 config box 3> return config cluster> config box ? specify an object of type box 1 2 3
admin: Enables or disables the specified box (number) within the cluster. When disabled, you can configure box properties, but the box cannot pass traffic.
Default: enabled
Values: enabled | disabled
Example: set admin disabled
hostname: Assigns a network hostname or IP address to the box. This name can be seen in the configuration display as well as in network traffic data.
Enter a string, following the RFC 922 or RFC 1123 hostname naming standards (a string or an IP address).
Default: There is no default setting
Example: set hostname NNOS-E-Boston
timezone: Sets the time zone for the system. Use the help function to list the common values (set timezone ?). Or, to see the full list of supported time zones, see the file /usr/share/zoneinfo. If you enter an unsupported time zone, the system sends an error to the event log.
When interpreting a time zone, the system uses the Linux standard. For time zones east of GMT, use GMT-minus-hours; for time zones west of GMT use GMT-plus-hours. For example, you would configure timezone as GMT-minus-1 if GMT is one hour earlier than your local time.
Default: Eastern
Example: set timezone GMT-plus-5
Note:
After changing the timezone on the ME, you may experience a discrepancy between the system time and the call logs database time. Oracle recommends performing a restart warm after a timezone change.name: Assigns an administrative name for this system. Enter the name using up to 32 alphanumeric characters. For strings containing blank spaces, enclose the string within quotation marks (””).
Default: There is no default setting
Example: set name bostonMaster
description: Assigns a user-defined text description to this system. Enter the description using up to 3p2 alphanumeric characters. For strings containing blank spaces, enclose the string within quotation marks (””).
Default: Eclipse
Example: set description ”NNOS-E network master for company HQ”
contact: Identifies the name of a contact person for this system. Enter the contact description using up to 32 alphanumeric characters. For strings containing blank spaces, enclose the string within quotation marks (””).
Default: There is no default setting
Example: set contact ”Bob at extension 123”
location: Identifies the physical location of this system. Enter the location description using up to 32 alphanumeric characters. For strings containing blank spaces, enclose the string within quotation marks (””).
Default: There is no default setting
Example: set location ”Data center, 2nd floor”
identifier: Assigns a MAC address to the eth0 interface of this box. This address is used to identify the box and associate the configuration with the correct physical appliance. You only assign a MAC address to boxes in a cluster; a standalone does not require this setting.
You must change the value for the configuration to be recognized and the box to be operational.
Default: 00:00:00:00:00:00
Example: set identifier 0f:1c:22:cd:d1:32
transcoding-threads: Sets the number of SIP stack processing threads that should be used for transcoding. Typically, the number of threads should match the number of system processors.
Default: 4
Values: Min: 1 / Max: 8
Example: set transcoding-threads 8
recording-socket-threads: Sets the number of SIP stack processing threads that should be used for servicing the recording sockets. Typically, the number of threads should match the number of system processors. (The automatic setting is based on that value.) Changes to this setting only take place after a system restart. See Using Automatic Values for more information.
Default: automatic Values: automatic | threads
Example: set recording-socket-threads 4
dos-rule-source-limit: Sets the number of rules that can be evaluated strictly on source IP address. These source-only rules are evaluated before other kernel rules, and can provide faster evaluation under a heavy DOS attack.
Default: 1000
Values: Min: 0 (none) | 1000
Example: set dos-rule-source-limit 50
rtp-mixing-action-threads: Secondary property. Configures the number of threads that the worker pool will contain when the mix-session-threaded action is executed.
Default: automatic (The ME uses platform-specific factory default value) Values: automatic | <integer>
Example: set rtp-mixing-threads automatic
Configures the ME Ethernet network interfaces. You can configure up to 20 gigabit Ethernet, full-duplex interfaces. The actual number available depends on your hardware configuration.
It is from the interface object that you configure VLAN and IP settings:
Configuring VLAN objects
Configuring IP objects
admin: Enables or disables the administrative state of this Ethernet interface.
Default: enabled
Values: enabled | disabled
Example: set admin disabled
mtu: Set the maximum transmission unit (MTU) in bytes for Ethernet packets transmitted over this interface.
Default: 1500
Values: Min: 100 / Max: 1500
Example: set mtu 1000
arp: Enables the Address Resolution Protocol (ARP) on this interface. ARP is the Internet protocol that maps real IP addresses to corresponding Ethernet addresses.
Default: enabled
Values: enabled | disabled
Example: set arp disabled
speed: Sets the speed of the Ethernet connection between the system and the piece of equipment to which it is connected. The system ignores this value if autoneg is set to enabled.
Default: 1Gb
Values: 10Mb | 100Mb | 1Gb
Example: set speed 100Mb
duplex: Sets the acceptable duplex method for the interface, either half (asynchronous) or full (simultaneous) transmission. The system ignores this value if autoneg is set to enabled.
Default: full
Values: half | full
Example: set duplex half
autoneg: Sets whether autonegotiation is enabled or disabled. If enabled, the speed and duplex settings are ignored. The system negotiates with the piece of equipment to which it is connected to achieve optimal agreed upon settings.
Default: enabled
Values: enabled | disabled
Example: set autoneg disabled
Configures the ME to recognize an intermediary (proxy) for file fetch operations. By specifying a match criteria for the proxy configuration, you can set the ME to send different types of file requests to different proxies.
proxy<reg-exp>[host][port]: Configures the proxy that the system uses for file fetch operations. Enter a regular expression to match the target URL. Use this, for example, to send FTP requests through one proxy (match ftp://) and HTTP requests through another (match http://). To send all file requests through one proxy, match all (.*).
Optionally, you can set a host name or IP address, and a port. If you set no host for a proxy match, that type will use no proxy.
Default: There is no default setting
Example: set proxy ftp://192.168.10.10
Specifies whether the ME should offload incoming packets to a different CPU and the verbosity level of the information from a kernel ”panic.” In addition, you can enable compression to allows at least 40% more storage for kernel dumps.
Note:
Do not modify these values unless told to do so by Technical Support.rx-queue-offload: Specifies whether incoming packets should be offloaded to a different CPU. Do not change this property.
Default: none
Values: none | hyperthread-pair | alternate-cpu
Example: set rx-queue-offload alternate-cpu
ip-frag-queue-control: Specify the number of milliseconds the AA-SBC holds onto an IP fragment when the first fragment has not been received.
Default: 5
Values: Min: 1 / Max: 20
Example: set ip-frag-queue-control 15
crash-dump-compression: Specifies whether to enable GZIP compression for the dump facility. When enabled, the system compresses the dump image, allowing a greater number of active pages into the raw partition. This provides at least 40% more storage for kernel dumps.
Default: enabled
Values: enabled | disabled
Example: set crash-dump-compression disabled
crash-dump-level: Specifies the level of information to capture when a kernel panic occurs. The dump facility captures kernel logs, kernel memory, task states, and trace information. This information is written to a file, which can later be used for debugging. The kernel header, written in all levels except disabled, contains the following information:
build time, time of the crash, kernel version, etc.
In-memory kernel logs that have not yet been written to disk
Kernel call trace details
System task states
Use the show faults command to display the name of the file the system created as a result of the kernel panic.
Default: header-kernel-page-mem
Values: disabled: Kernel dumping is disabled. If the kernel crashes, no extra processing occurs.
header: The ME prints out dump information to the dump header and then writes it to the dump file.
header-kernel-page-mem: The ME writes out the dump header all kernel memory pages to the dump file.
header-all-mem-except-free-pages: The ME writes out the dump header and all kernel and user memory pages to the dump file.
all-mem: The ME writes out the dump header and all conventional/cached memory (RAM) pages in the system (kernel, user, and free).
Example: set crash-dump-level header
arp-thresholds: Specifies the number of directly connected hosts (ARP entries in the cache) the system supports. Each of the three thresholds initiates an increasingly aggressive ARP cache action.
Default: 128 512 1024
Values: threshold1: Specifies the point at which the system attempts to purge outdated ARP entries. Enter a value from 64 to 1,024.
threshold2: Specifies the point at which the system aggressively tries to purge outdated ARP entries, making room for new entries. Enter a value from 128 to 4,096.
threshold3: Specifies the maximum number of ARP entries the system supports. Any additional learned ARP entries are silently discarded until the cache entries drop below this level. Enter a value from 512 to 8,192.
Example: set arp-thresholds 256 512 2048
tcp-skb-congestion-control: Sets a threshold of system-wide kernel buffer usage before the ME proactively prevents the depletion of the remaining system resources by dropping all received TCP packets. When enabled, TCP packets will be dropped until the kernel buffer usage falls below the configured threshold.
Default: disabled and automatic Values: enabled | disabled <threshold>
Example: set tcp-skb-congestion-control enabled 300000
Opens the object through which you identify the partners, other appliances outside of the cluster, for media distribution.
Media distribution through the media-partners object allows you to configure an appliance outside of the cluster as a media partner. The media partner system does not perform any SIP signaling; it has only media interfaces and handles media traffic. It offloads media anchoring to another appliance; the cluster does load balancing across its specified list of media partners.
Each cluster can specify one or more media partners. Multiple clusters can use the same media partner system(s).
For media distribution within a cluster, use the share-media-ports property of the cluster object.
Configures a partner, outside of the cluster, to take part in the media distribution system. See media-partners for a description of media distribution.
Enter the IP address of the partner to configure when opening this object.
Note:
The protocol, port, and certificate set within this object must match the values set for these properties in the IP messaging object. If they do not match, the systems will not be able to communicate.admin: Enables or disables the specified partner. When disabled, you can configure properties, but the partner cannot participate in shared anchoring.
Default: enabled
Values: enabled | disabled
Example: set admin disabled
protocol: Specifies the protocol that the partners use to communicate.
Default: tcp
Values: tcp | tls
Example: set protocol tls
port: Sets the port number to connect to on the other media partners.
Default: 5132
Values: Min: 1 / Max: 65535
Example: set port 6550
certificate: Assigns the certificate that these media partners present if the protocol is set to TLS. Enter a reference to a previously configured certificate, used by all members of this partnership.
Default: There is no default setting
Example: set certificate vsp tls certificate nnos-e.companyA.com
Opens the object through which you set the number of active ports available for media anchoring.You can set limits on a per-box and per-card basis, preventing an individual card from becoming oversubscribed.
Sets per-processor limits on the number of ports (and thus, the number of active calls) available for media anchoring at any one time. You set limits for each processor on each ”card” in the system.
You can configure the ME to use ports on the cxc processor. Do not configure media ports on ME ports (typically eth0 through eth3).
The limits you set with this object apply to the total ports on all Ethernet interfaces for the given processor. Use the show media-ports-process-units command to view the limits and configuration for each processor. In the example below, across interfaces eth0 though eth3 there are a total of 10,000 media ports allocated.
NNOS-E> show media-ports-process-units
card process-unit busy-threshold full-limit total active
---- ------------ -------------- ---------- ----- ------
CXC CXC 0 16000 10000 0
Media ports are assigned to an IP interface via the media-ports object, which defines the starting port number and total ports available for media anchoring on a given interface. By setting port limits (this object), you are defining the total number of ports that can be simultaneously active for each processor on the appliance.
Note:
For purposes of calculating port requirements, typically one anchored voice call requires four ports.To open the object, enter the card followed by the applicable processor.
config box media-anchor-limits port-limit {all | CXC} {all | CXC}
config cluster box integer media-anchor-limits port-limit {all | CXC} {all | CXC}
busy-threshold: Specifies the point at which the system considers the processor busy, and finds a less-congested processor, if available.This is a ”soft” limit that serves to distribute anchoring across processors for best performance. For the cxc processor, the default is 0 so that all media anchoring will be offloaded if other processors are available.
Default: 0 for the cxc processor; 12000 for all others
Example: set busy-threshold 14000
full-limit: Specifies the maximum allowable active ports for a processor. When this value is reached, no new calls can be established on the effected processor. Note that the total number of ports allocated for a processor, as displayed with the show media-ports-processor-units command, may be higher than this value, as those ports are not all active. The total port count may also be lower than this limit, in which case the active ports will not exceed the total.
Default: 16000
Example: set full-limit 18000
The IP discard packet logging feature allows you to enable a discard to be logged for UDP, TCP, and ”Other,” with an option to log which specific ports were hit within the previous configured scanning interval for the UDP and TCP packets.Within a given scan interval, the header of the first eight discarded packets are logged. The total discarded packets are counted and logged at the end of the scanning interval.
This feature is configured via the packet-discard object. If an IP interface has media-ports configured, you must first disable the media-ports>idle-monitor property, before the packet-discard object can be enabled. See the media-ports object for information on how to do this.
admin: Enable or disable the packet discard feature.
Default: enabled
Values: enabled | disabled
Example: set admin disabled
track-port: When enabled, this will log an additional type of message with the list of ports that were hit within the logging interval.
Default: disabled
Values: enabled | disabled
example: set track-port enabled
scan-interval: The interval in seconds between reading and logging the latest discarded packet information.
Default: 60
Values: Min: 10 / Max: 86400
Example: set scan-interval 70000
Configures route-server import services settings
admin: Enable or disable the use of route-server import service over the selected interface. If enabled, the ME functions as an route-server import services server.
Default: enabled
Values: enabled | disabled
Example: set admin enabled
protocol: Sets the protocol to use for route-server import operations. After setting a protocol, you can select the route-server import server's listening port (or accept the default). This is the port the server listens on for HTTP(S) requests.
Enter the protocol and port.
Default: http 8082
Values: HTTP: Use for unencrypted transmission
HTTPS: Use for secure transmission of web pages by using HTTP over SSL
Example: set protocol https 8787
max-threads: Specifies the maximum number of total worker threads, both active and spare (idle), allocated to the route-server import service server.
Default: 10
Values: Min: 1 / Max: 50
Example: set max-threads 25
min-spare-threads: Specifies the minimum number of inactive threads that the ME must leave allocated to the route-server import service server. When the ME removes idle threads, it must leave this number available.
Default: 1
Values: Min: 0 / Max: 50
Example: set min-spare-threads 5
max-spare-threads: Specifies the maximum number of inactive threads the ME can leave allocated to the route-server import service server. When the ME detects idle threads, it will not use more than this number for the route-server.
Default: 5
Values: Min: 0 / Max: 50
Example: set max-spare-threads 10
idle-timeout: Specifies an inactivity timeout, in minutes, for the ME GUI. When a session has been inactive for this amount of time, the ME logs the user off the system.
Default: 30
Values: Min: 0 / Max: 4294967296
Example: set idle-timeout 50
ciphers: Specifies SSL cipher suite names separated by commas.
Default: There is no default setting
Example: set ciphers SSL_RSA_WITH_RC4_128_SHA_TLS_RSA_WITH_AES
use-https-for-file-copy: When enabled, the route-server import service sends the route-server request to the Web server and specifies using HTTPS to download call rates file. When disabled, HTTP is used for downloading.
Default: enabled
Values: enabled | disabled
Example: set use-https-for-file-copy disabled
authentication: Specifies the HTTP SSL certificate sent to the route server for route server import service. Set to basic to use the default certificate. Set to certificate to specify a custom certificate that has to be in PKCS12 format.
Default: basic Values: basic | custom <certificate>
Example: set authentication custom cert1
Allows each VX to be associated with another system on the network. In addition to sending periodic VRRP advertisements across the messaging interface, this object allows the ME to send ARP requests across the VX interface to the associated timeout.
If the ARP probe times out, the master ME knows that its connection to the network is broken. It then transitions into a ”link-down” state and notifies the backup ME to take over. While in the link-down state, the ME periodically sends an ARP probe to continue checking the link. The ME stays in this state until it gets an ARP response. The ME is then able to take over the VX again if required.
admin: Enables or disables the ARP heartbeat on a redundant VM system or in a complicated network.
Default: enabled
Values: enabled | disabled
Example: set admin enabled
heartbeat-system: Enter the IP address of the system on the subnet to query with ARPs.
Default: There is no default setting
Example: set heart-beat-system 10.10.10.10