SEPP Metrics, KPIs, and Alerts

5 SEPP Metrics, KPIs, and Alerts

5.1 SEPP Metrics

This section provides information about the SEPP metrics.

The following table describes the SEPP metric types used to measure the health and performance of SEPP and its core functionalities:

Table 5-1 Metric Type

Metric Type	Description
Counter	Represents the total number of occurrences of an event or traffic, such as measuring the total amount of traffic received and transmitted by SEPP, and so on.
Gauge	Represents a single numerical value that changes randomly. This metric type is used to measure various parameters, such as SEPP load values, memory usage, and so on.
Histogram	A histogram is a combination of various counters. The histogram metrics are used to track the size of events, usually how long they take, via their observe method.

The following table describes the SEPP dimensions:

Table 5-2 Dimensions

Dimensions	Details	Values
apiUrl	Resource URIs passing across Inter PLMN Via SEPP	Example: /namf-comm/v1/subscriptions
app	SEPP Service names	Examples: cn32f-svc cn32c-svc pn32f-svc pn32c-svc Plmn Ingress Gateway N32 Ingress Gateway
application	application name, here, it is ocsepp.	Example: ocsepp
cause	Indicates the reason of failure	Examples: Network ID is not present in PLMN ID List UDR Response Is Not Success UE is either not present or unable to extract UE from message Previous Location Check Validation Failed
chart	Indicates the SEPP microservice release names	Examples: pn32f-svc-2.23.3-0 cn32f-svc-2.23.3-0
container	Indicates the name of the container. It is part of each metrics. The app and container contains the same value.	Examples: cn32f-svc cn32c-svc pn32f-svc pn32c-svc Plmn Ingress Gateway N32 Ingress Gateway
DestinationHost	Indicates the destination host for Jetty client on PN32F or CN32F	Examples: ocsepp-release-plmn-egress-gateway ocsepp-release-n32-egress-gateway
direction	Direction of the request or response. In Gateway Metrics, the values are egress and egressOut. In N32F Metrics the values are ingress and egress.	Examples: Ingress Egress
Egress Rate Limit List	The list that contains the PLMN for applying Egress Rate Limit.	Example: ERL1
engVersion	The SEPP Release version	Example: 23.3.0
error_action	The action needs to be taken when there is a validation failure in SEPP.	Examples: REJECT FORWARD
ErrorOriginator	Name of service that originates the error.	Example: PN32F
event	The event that occurred on request processing or completion.	Examples: onBegin onHeaders onQueued onContent onCommit onFailure
handshake_procedure	The type of the handshake operation at cSEPP or pSEPP.	Example: capability-exchange
header	SBI Headers	Examples: via server
Host	FQDN of the target host	Example: ocsepp-release-n32-egress-gateway.
http_error_message	Reason for failure response received.	Examples: Context Not Established Destination URI contain invalid PLMN ID Message validation failed N32fContext Not Found org.springframework.web.reactive.function.client.WebClientRequestException: Connect Timeout
http_method	HTTP Method Name	Examples: GET PUT POST PATCH DELETE
http_status	HTTP Status Code in response (404 NOT_FOUND, 429 TOO_MANY_REQUESTS, 200 OK)	Examples: 2xx, 4xx, 5xx
namespace	Name of the Kubernetes namespace on which microservice is running.	Example: seppsvc
nf_instance_id	Unique identity of the NF Instance sending request to OCSEPP.	Example: 9faf1bbc-6e4a-4454-a507-aef01a101a06
NfServiceType	Name of target network function service	Example: nausf-auth
NfType	Name of target network function	Examples: ausf udm nrf
node	Name of the Kubernetes worker node on which microservice is running.	Example: k8s-node-13.chase1.lab.in.oracle.com
peer_domain	Domain of Remote SEPP	Example: svc.cluster.local
peer_fqdn	FQDN of peer present in Remote SEPP
peer_plmn_id	Supported PLMN list of Remote SEPP	Example: "[Plmn [mcc=123, mnc=456]]"
plmn_identifier	In CAT 2 Network ID Validation feature, PLMN is extracted from this identifier.	Examples: supi addUeLocation guamiList
pod	Name of the pod of SEPP microservice	Example: ocsepp-release-cn32f-svc-6fd6ccfd4b-hkgqb
Port	Port number	Example: 443
release	Name of the SEPP release deployed.	Example: ocsepp-release
releaseVersion	Indicates the current release version of SEPP.	Example: 23.4.0
remote_sepp_name	Name of the SEPP from where message is received or destined to	Example: SEPP-1
remote_sepp_set_name	Name of the Remote SEPP Set from where message is received or destined to	Example: RPS-3
request_path	Resource URI as per defined in 3GPP specifications for 5G.	Example: /nudm-sdm/v2/imsi-987654000000008
ruleApplied	Rules Applied on Local SEPP or Remote SEPP.	Examples: REMOTE LOCAL
Scheme	Indicates the HTTP Scheme	Examples: HTTPS HTTP
sepp_type	SEPP that acts as Producer SEPP or Consumer SEPP	Examples: Consumer Producer
sourceRss	only if Allowed P-RSS Validation is enabled	Example:
Status	The status of the feature or microservice.	Examples: accepted dropped ratelimit not applied
vendor	For OCSEPP, vendor Value must be set to "oracle"	Example: oracle

5.1.1 Configuring SEPP Metrics Dashboard in OCI

This section describes the steps to upload the ocsepp_oci_dashboard_<version>.json file on OCI Logging Analytics Dashboard. As OCI doesn't support Grafana, OCI uses the Logging Analytics Dashboard Service for visualizing the metrics and logs.

The steps are:

Log in to OCI Console.

Note:
For more details about logging in to the OCI, refer to Signing In to the OCI Console.
Open the navigation menu and click Observability & Management.
Under Logging Analytics, click Dashboards. The Dashboards page appears.
Choose the Compartment on the left pane.
Click Import dashboards.
User can select and upload the ocsepp_oci_dashboard_<version>.json file. The following three parameters of json file must be customized before uploading it:
1. ##COMPARTMENT_ID: The OCID of the compartment.
2. ##METRIC_NAMESPACE: The metrics namespace that the user provided while deploying OCI adaptor.
3. ##K8_NAMESPACE: Kubernetes namespace where SEPP is deployed.
Import dashboard page appears. Click Import button on the page.
User can view the imported dashboard and can view the metrics in the dashboard.

Note:
SEPP has organized the panels or widgets in five dashboards to support the SEPP metrics and all the five dashboards have been clubbed into a single JSON file.

For more details, see Oracle Communications Cloud Native Core, OCI Adaptor Deployment Guide.

5.1.2 Common Metrics

5.1.2.1 cgroup_cpu_nanoseconds

Table 5-3 cgroup_cpu_nanoseconds

Field	Details
Metric Details	Total CPU time consumed by service in nanoseconds
Microservice	Consumer N32f, Producer N32f
Type	Hologram
Dimensions	app (Consumer, Producer) chart service_resource_overload_level container engVersion exported_application exported_microservice exported_namespace exported_pod exported_vendor microservice mktgVersion namespace node pod security_istio_io_tlsMode service_istio_io_canonical_name service_istio_io_canonical_revision vendor "Oracle"

5.1.2.2 cgroup_memory_bytes

Table 5-4 cgroup_memory_bytes

Field	Details
Metric Details	Total memory consumed by service in bytes
Microservice	Consumer N32f, Producer N32f
Type	Gauge
Dimensions	app (Consumer, Producer) chart container engVersion exported_application exported_microservice exported_namespace exported_pod exported_vendor microservice mktgVersion namespace node pod security_istio_io_tlsMode service_istio_io_canonical_name service_istio_io_canonical_revision vendor "Oracle"

5.1.2.3 oc_configclient_request_total

Table 5-5 oc_configclient_request_total

Field	Details
Metric Details	This metric will be pegged whenever config client is polling for configuration update from common configuration server.
Microservice	Plmn Ingress Gateway, N32 Ingress Gateway
Type	Counter
Dimensions	configVersion releaseVersion

5.1.2.4 oc_configclient_response_total

Table 5-6 oc_configclient_response_total

Field	Details
Metric Details	This metrics will be pegged whenever config client receives response from common configuration server.
Microservice	Plmn Ingress Gateway, N32 Ingress Gateway
Type	Counter
Dimensions	configVersion releaseVersion updated

5.1.2.5 oc_configserver_reachability

Table 5-7 oc_configserver_reachability

Field	Details
Metric Details	Gauge metric to peg the reachability of config server.
Microservice	Plmn Ingress Gateway, N32 Ingress Gateway
Type	Gauge
Dimensions	NA

5.1.2.6 nrfclient_nf_status_with_nrf

Table 5-8 nrfclient_nf_status_with_nrf

Field	Details
Metric Details	The operative status of the NF communicated to the NRF. The gauge indicates status as follows: 0 - REGISTERED 1 - DEREGISTERED 2 - SUSPENDED 3 - UNDISCOVERABLE 4 - UNKNOWN
Microservice	nrf client
Metric type	Gauge
Dimensions	NfInstanceID NfType NfFqdn

Note:

This metrics is not applicable for the Roaming Hub mode.

5.1.3 CN32F Common Metrics

5.1.3.1 ocsepp_cn32f_jetty_request_stat_metrics_total

Table 5-9 ocsepp_cn32f_jetty_request_stat_metrics_total

Field	Details
Metric Details	This metric will be pegged for every event occurred when a request is sent to CN32F
Microservice	Consumer N32f
Type	Counter
Dimensions	app (Consumer) chart client_type container DestinationHost event nf_instance_id namespace pod

5.1.3.2 ocsepp_cn32f_jetty_response_stat_metrics_total

Table 5-10 ocsepp_cn32f_jetty_response_stat_metrics_total

Field	Details
Metric Details	This metric will be pegged for every event occurred when a response is received from CN32F
Microservice	Consumer N32f
Type	Counter
Dimensions	app (Consumer) chart client_type container DestinationHost event nf_instance_id namespace pod

5.1.3.3 ocsepp_cn32f_connection_failure_total

Table 5-11 ocsepp_cn32f_connection_failure_total

Field	Details
Metric Details	This metric will be pegged in the customized Jetty Client as soon as it fails to connect to the destination service.
Microservice	Consumer N32f
Type	Counter
Dimensions	app (Consumer) chart container direction ErrorOriginator http_error_message Host nf_instance_id namespace pod Port

5.1.3.4 ocsepp_cn32f_requests_failure_total

Table 5-12 ocsepp_cn32f_requests_failure_total

Field	Details
Metric Details	Total number of requests failed to be sent from cn32f to Remote SEPP. Condition: When any error or exception occurs on cn32f side because of which request is not sent to pn32f.
Microservice	Consumer N32f
Type	Counter
Dimensions	app(consumer) chart container namespace nf_instance_id pod http_status vendor "Oracle" peer_domain peer_plmn_id peer_fqdn remote_sepp_name

Note:

The dimension peer_domain is optional and will be present only when destination URI contains PLMN ID.
The dimension peer_plmn_id is optional and will be present only when destination URI contains PLMN ID.
The dimension peer_fqdn is optional and will be present only when n32f context is found.
The dimension remote_sepp_name is optional and will be present only when n32f context is found.

5.1.3.5 ocsepp_cn32f_response_failure_total

Table 5-13 ocsepp_cn32f_response_failure_total

Field	Details
Metric Details	Total number of response failed to be sent from cn32f pod to NF. Condition: When any error or exception occurs on cn32f and request is not sent to NF.
Microservice	Consumer N32f
Type	Counter
Dimensions	app(consumer) chart container namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name http_status vendor "Oracle"

5.1.3.6 ocsepp_cn32f_requests_total

Table 5-14 ocsepp_cn32f_requests_total

Field	Details
Metric Details	Total number of requests sent or received through the cn32f interface. Count is incremented when a request is received on the InboundInterface or sent from the OutboundInterface of cn32f.
Microservice	Consumer N32f
Type	Counter
Dimensions	app (consumer) chart container direction http_method namespace nf_instance_id NfServiceType NfType peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name sourceRss (only if Allowed P-RSS Validation is enabled) source_plmn_id vendor "Oracle"

5.1.3.7 ocsepp_cn32f_response_total

Table 5-15 ocsepp_cn32f_response_total

Field	Details
Metric Details	Total number of responses sent or received through the cn32f interface. Count is incremented when a response is received on the OutboundInterface or sent from the InboundInterface of cn32f.
Microservice	Consumer N32f
Type	Counter
Dimensions	app(consumer) chart container direction http_method namespace nf_instance_id NfServiceType NfType peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name sourceRss (only if Allowed P-RSS Validation is enabled) http_status vendor "Oracle"

5.1.3.8 ocsepp_cn32f_latency_seconds_count

Table 5-16 ocsepp_cn32f_latency_seconds_count

Field	Details
Metric Details	This metric is used to display the number of ingress requests processed at cn32f in a particular time span (in seconds).
Microservice	Consumer N32f
Type	Histogram
Dimensions	app(consumer) chart container direction message_type namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name nf_type vendor "Oracle"

5.1.3.9 ocsepp_cn32f_latency_seconds_max

Table 5-17 ocsepp_cn32f_latency_seconds_max

Field	Details
Metric Details	This metrics is used to display the maximum of processing time of an ingress request at cn32f in seconds.
Microservice	Consumer N32f
Type	Histogram
Dimensions	app(consumer) chart container direction message_type namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name nf_type vendor "Oracle"

5.1.3.10 ocsepp_cn32f_latency_seconds_sum

Table 5-18 ocsepp_cn32f_latency_seconds_sum

Field	Details
Metric Details	This metrics is used to display the average of processing time of all the ingress request at cn32f for a particular time.
Microservice	Consumer N32f
Type	Histogram
Dimensions	app(consumer) chart container direction message_type namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name nf_type nf_service_type vendor "Oracle"

5.1.3.11 ocsepp_cn32f_outgoing_connections

Table 5-19 ocsepp_cn32f_outgoing_connections

Field	Details
Metric Details	Gauge metric that will peg active outgoing connections from CN32F to destination
Microservice	Consumer N32f
Type	Gauge
Dimensions	app (Consumer) chart container direction Host nf_instance_id namespace pod

5.1.3.12 ocsepp_cn32f_server_latency

Table 5-20 ocsepp_cn32f_server_latency

Field	Details
Metric Details	This metric will be pegged in Jetty response listener that captures the amount of time taken for processing of the request by jetty client
Microservice	Consumer N32f
Type	Gauge
Dimensions	method instanceIdentifier host

5.1.4 PN32F Common Metrics

5.1.4.1 ocsepp_pn32f_requests_total

Table 5-21 ocsepp_pn32f_requests_total

Field	Details
Metric Details	Total number of requests sent to or received from the peer SEPP through the pn32f interface. The counter is incremented when a request is received on the InboundInterface or sent from the OutboundInterface of pn32f.
Microservice	Producer N32f
Type	Counter
Dimensions	app(producer) chart container direction http_method namespace nf_instance_id NfServiceType NfType peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name vendor "Oracle"

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.4.2 ocsepp_pn32f_requests_failure_total

Table 5-22 ocsepp_pn32f_requests_failure_total

Field	Details
Metric Details	Total number of requests failed to be sent to NF. Condition: When any error or exception occurs on pn32f side because of which request is not sent to NF.
Microservice	Producer N32f
Type	Counter
Dimensions	app(producer) chart container namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name http_status vendor

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.4.3 ocsepp_pn32f_responses_total

Table 5-23 ocsepp_pn32f_responses_total

Field	Details
Metric Details	Total number of responses sent to or received from peer SEPP through the pn32f interface. This counter is incremented when a response is received on the InboundInterface or sent via the OutboundInterface of pn32f.
Microservice	Producer N32f
Type	Counter
Dimensions	app(producer) chart container direction http_method namespace nf_instance_id NfServiceType NfType peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name http_status (201 CREATED, 404 NOT_FOUND) vendor "Oracle"

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.4.4 ocsepp_pn32f_responses_failure_total

Table 5-24 ocsepp_pn32f_responses_failure_total

Field	Details
Metric Details	Number of responses failed to be sent to Consumer SEPP (cSEPP). Condition: When a response is failed to be sent to cSEPP.
Microservice	Producer N32f
Type	Counter
Dimensions	app (producer) chart container namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name http_status vendor

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.4.5 ocsepp_pn32f_latency_seconds_count

Table 5-25 ocsepp_pn32f_latency_seconds_count

Field	Details
Metric Details	This metric is used to display the number of ingress requests processed at pn32f in a particular time span (in seconds).
Microservice	Producer N32f
Type	Histogram
Dimensions	app (producer) chart container direction message_type namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name nf_type vendor

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.4.6 ocsepp_pn32f_latency_seconds_sum

Table 5-26 ocsepp_pn32f_latency_seconds_sum

Field	Details
Metric Details	This metrics is used to display the average processing time of all the ingress request at pn32f for a particular time.
Microservice	Producer N32f
Type	Histogram
Dimensions	app (producer) chart container direction message_type namespace nf_instance_id nf_service_type peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name nf_type

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.4.7 ocsepp_pn32f_latency_seconds_max

Table 5-27 ocsepp_pn32f_latency_seconds_max

Field	Details
Metric Details	This metrics is used to display the maximum processing time of all the ingress request at pn32f for a particular time.
Microservice	Producer N32f
Type	Histogram
Dimensions	vendor nf_instance_id nf_type peer_fqdn peer_domain peer_plmn_id direction message_type namespace nf_type nf_service_type remote_sepp_name app container pod release

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.4.8 ocsepp_pn32f_connection_failure_total

Table 5-28 ocsepp_pn32f_connection_failure_total

Field	Details
Metric Details	This metric will be pegged in the customized Jetty Client as soon as it fails to connect to the destination service.
Microservice	Producer N32f
Type	Counter
Dimensions	host port direction http_error_message errorOriginator nf_instance_id

5.1.4.9 ocsepp_pn32f_jetty_request_stat_metrics_total

Table 5-29 ocsepp_pn32f_jetty_request_stat_metrics_total

Field	Details
Metric Details	This metric will be pegged for every event occurred when a request is sent to PN32F
Microservice	Producer N32f
Type	Counter
Dimensions	app (Producer) chart client_type container DestinationHost event nf_instance_id namespace pod

5.1.4.10 ocsepp_pn32f_jetty_response_stat_metrics_total

Table 5-30 ocsepp_pn32f_jetty_response_stat_metrics_total

Field	Details
Metric Details	This metric will be pegged for every event occurred when a response is received from PN32F
Microservice	Producer N32f
Type	Counter
Dimensions	app (Producer) chart client_type container DestinationHost event nf_instance_id namespace pod

5.1.4.11 ocsepp_pn32f_outgoing_connections

Table 5-31 ocsepp_pn32f_outgoing_connections

Field	Details
Metric Details	Gauge metric that will peg active outgoing connections from PN32F to destination
Microservice	Producer N32f
Type	Gauge
Dimensions	app (Producer) chart container direction Host nf_instance_id namespace pod

5.1.4.12 ocsepp_pn32f_server_latency

Table 5-32 ocsepp_pn32f_server_latency

Field	Details
Metric Details	This metric will be pegged in Jetty response listener that captures the amount of time taken for processing of the request by jetty client
Microservice	Producer N32f
Type	Gauge
Dimensions	method instanceIdentifier host

5.1.5 N32C Handshake Procedure Metrics

5.1.5.1 ocsepp_n32c_handshake_failure_attempts_total

Table 5-33 ocsepp_n32c_handshake_failure_attempts_total

Field	Details
Metric Details	If N32c Handshake procedure fails, this metrics will be pegged and corresponding alarm will be raised.
Microservice	Producer and Consumer N32c
Type	Counter
Dimensions	app(consumer, producer) chart container handshake_procedure namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name vendor

5.1.5.2 ocsepp_n32c_handshake_reInitiation_failure

Table 5-34 ocsepp_n32c_handshake_reInitiation_failure

Field	Details
Metric Details	If N32c Handshake Reinitiation procedure fails, this metrics will be pegged and corresponding alarm will be raised.
Microservice	Consumer N32c, Producer N32c
Type	Gauge
Dimensions	app(consumer, producer) chart container handshake_procedure namespace peer_domain (optional) peer_fqdn peer_plmn_id pod remote_sepp_name vendor

5.1.5.3 ocsepp_cn32c_handshake_requests_total

Table 5-35 ocsepp_cn32c_handshake_requests_total

Field	Details
Metric Details	Total number of requests sent over n32c for handshake procedure. Condition: When SEPP initiates any handshake procedure requests towards peer SEPP.
Microservice	Consumer N32c
Type	Counter
Dimensions	app(consumer) chart container handshake_procedure namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name vendor

5.1.5.4 ocsepp_cn32c_handshake_response_total

Table 5-36 ocsepp_cn32c_handshake_response_total

Field	Details
Metric Details	Total number of responses received over n32c for handshake procedure. Condition: When SEPP receives any handshake procedure response from peer SEPP. It can be successful or failure based on response code.
Microservice	Consumer N32c
Type	Counter
Dimensions	app(consumer) chart container handshake_procedure namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name http_status (2xx,4xx,5xx) vendor

5.1.5.5 ocsepp_cn32c_handshake_initiation_req_total

Table 5-37 ocsepp_cn32c_handshake_initiation_req_total

Field	Details
Metric Details	Total number of Handshake initiation requests received from config-mgr. Condition: When handshake initiation requests are received from config-mgr.
Microservice	Consumer N32c
Type	Counter
Dimensions	app(consumer) chart container namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name vendor

5.1.5.6 ocsepp_cn32c_handshake_reinitiation_req_total

Table 5-38 ocsepp_cn32c_handshake_reinitiation_req_total

Field	Details
Metric Details	Total number of Handshake ReInitiation requests received from config-mgr. Condition: When handshake Reinitiation requests received from config-mgr.
Microservice	Consumer N32C
Type	Counter
Dimensions	app(consumer) chart container namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name vendor

5.1.5.7 ocsepp_cn32c_handshake_delete_req_total

Table 5-39 ocsepp_cn32c_handshake_delete_req_total

Field	Details
Metric Details	Total number of Handshake context delete requests received from config-mgr. Condition: When handshake context delete requests are received from config-mgr.
Microservice	Consumer N32c
Type	Counter
Dimensions	app(consumer) chart container namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name vendor

5.1.5.8 ocsepp_pn32c_handshake_requests_total

Table 5-40 ocsepp_pn32c_handshake_requests_total

Field	Details
Metric Details	Total number of requests received over n32c for handshake procedure. Condition: When any handshake procedure request is received from peer SEPP.
Microservice	Producer N32c
Type	Counter
Dimensions	app(producer) chart container handshake_procedure namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name vendor

5.1.5.9 ocsepp_pn32c_handshake_response_total

Table 5-41 ocsepp_pn32c_handshake_response_total

Field	Details
Metric Details	Total number of responses sent over n32c for handshake procedure. Condition: When SEPP sends response to handshake procedure received. It can be a success response or failure response based on success code.
Microservice	Producer N32c
Type	Counter
Dimensions	app(producer) chart container handshake_procedure namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name http_status (200 OK,4xx,5xx) vendor

5.1.5.10 ocsepp_n32c_handshake_status

Table 5-42 ocsepp_n32c_handshake_status

Field	Details
Metric Details	This metric describes the current status of the Remote partner handshake procedure.
Microservice	N32c
Type	Gauge
Dimensions	Remote_partner_name Remote_fqdn Namespace Nf_instance_id

Note:

Following are the possible values:

0: CONTEXT_NOT_FOUND
1: CAPABILITY_EXCHANGE_STATE
2: PARAMETER_EXCHANGE_STATE
3: N32F_ESTABLISHED_STATE
If no entry is found for a specific Remote SEPP, the N32c context is never established.

5.1.6 Cat-1 NRF Service API Query Parameters Validation metrics

5.1.6.1 ocsepp_security_service_api_query_param_validation_success_total

Table 5-43 ocsepp_security_service_api_query_param_validation_success_total

Field	Details
Metric Details	Total number of successful requests when the Cat-1 NRF Service API Query Parameters Validation feature is enabled.
Microservice	N32f
Dimensions	app chart container direction endpoint helm_sh_chart heritage http_method instance job namespace nf_instance_id peer_domain peer_fqdn pod pod_template_hash release remote_sepp_name remote_sepp_set_name requester_nf_type resource_uri target_nf_type vendor
Type	Counter

5.1.6.2 ocsepp_security_service_api_query_param_validation_failure_total

Table 5-44 ocsepp_security_service_api_query_param_validation_failure_total

Field	Details
Metric Details	Total number of failure requests when the feature is enabled.
Microservice	N32f
Dimensions	app chart container direction endpoint helm_sh_chart heritage http_method instance job namespace nf_instance_id peer_domain peer_fqdn pod pod_template_hash release remote_sepp_name remote_sepp_set_name resource_uri vendor
Type	Counter

5.1.7 5G SBI Message Mediation Support Metrics

5.1.7.1 ocsepp_n32f_mediation_requests_total

Table 5-45 ocsepp_n32f_mediation_requests_total

Field	Details
Metric Details	Metric is common for both CN32F & PN32F. Separation happens based on "app" tag. Number of requests in which Trigger Rule Applied at SEPP end for Mediation, based on configuration.
Microservice	Consumer N32f, Producer N32f
Type	Counter
Dimensions	peer_fqdn peer_domain peer_plmn_id direction http_method NfType NfServiceType vendor nfInstanceId requestType

5.1.7.2 ocsepp_n32f_mediation_not_applied_total

Table 5-46 ocsepp_n32f_mediation_not_applied_total

Field	Details
Metric Details	Metric is common for both CN32F and PN32F. Separation happens based on "app" tag. Number of requests for which Trigger Rule do not match at SEPP and request is not forwarded to Mediation. For Match all configurations, the trigger points will be matched.
Microservice	Consumer N32f, Producer N32f
Type	Counter
Dimensions	app (Consumer, Producer) chart container direction http_method namespace nf_instance_id NfServiceType NfType peer_domain peer_fqdn peer_plmn_id pod message_type ruleApplied vendor "Oracle"

5.1.7.3 ocsepp_cn32f_mediation_response_total

Table 5-47 ocsepp_cn32f_mediation_response_total

Field	Details
Metric Details	Number of requests in which CN32F service of SEPP get Response from Mediation Service.
Microservice	Consumer N32f
Type	Counter
Dimensions	app (Producer) chart container direction http_method namespace nf_instance_id NfServiceType NfType peer_domain peer_fqdn peer_plmn_id pod http_status remote_sepp_name vendor "Oracle"

5.1.7.4 ocsepp_cn32f_mediation_response_failure_total

Table 5-48 ocsepp_cn32f_mediation_response_failure_total

Field	Details
Metric Details	Number of requests in which CN32F service of SEPP get failure response from mediation service.
Microservice	Consumer N32f
Type	Counter
Dimensions	peer_fqdn peer_domain plmn_id statusCode direction error_msg vendor nfInstanceId ruleApplied requestType method request_path

5.1.7.5 ocsepp_pn32f_mediation_response_total

Table 5-49 ocsepp_pn32f_mediation_response_total

Field	Details
Metric Details	Number of requests in which PN32F service of SEPP get response from Mediation Service.
Microservice	Producer N32f
Type	Counter
Dimensions	app (Producer) chart container direction http_method namespace nf_instance_id NfServiceType NfType peer_domain peer_fqdn peer_plmn_id pod message_type ruleApplied http_status vendor "Oracle"

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.7.6 ocsepp_pn32f_mediation_response_failure_total

Table 5-50 ocsepp_pn32f_mediation_response_failure_total

Field	Details
Metric Details	Number of requests in which PN32F service of SEPP get failure response from mediation service.
Microservice	Producer N32f
Type	Counter
Dimensions	app (Producer) chart container direction http_error_message http_method namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod request_path message_type ruleApplied http_status vendor "Oracle"

5.1.7.7 ocsepp_cn32f_mediation_latency_seconds_count

Table 5-51 ocsepp_cn32f_mediation_latency_seconds_count

Field	Details
Metric Details	This metric is used to display the number of ingress requests processed at cn32f in a particular time span (in seconds).
Microservice	Consumer N32f
Type	Histogram
Dimensions	app (Consumer) chart container direction message_type namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name nf_type vendor "Oracle"

5.1.7.8 ocsepp_cn32f_mediation_latency_seconds_max

Table 5-52 ocsepp_cn32f_mediation_latency_seconds_max

Field	Details
Metric Details	Total time taken for processing a message (from sending a message to receiving the response).
Microservice	Consumer N32f
Type	Histogram
Dimensions	app (Consumer) chart container direction message_type namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name nf_type vendor "Oracle"

5.1.7.9 ocsepp_cn32f_mediation_latency_seconds_sum

Table 5-53 ocsepp_cn32f_mediation_latency_seconds_sum

Field	Details
Metric Details	Total time taken for processing a message (from sending a message to receiving the response).
Microservice	Consumer N32f
Type	Histogram
Dimensions	app (Consumer) chart container direction message_type namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name nf_type vendor "Oracle"

5.1.7.10 ocsepp_pn32f_mediation_latency_seconds_count

Table 5-54 ocsepp_pn32f_mediation_latency_seconds_count

Field	Details
Metric Details	Total time taken for processing a message (from sending a message to receiving the response).
Microservice	Producer N32f
Type	Histogram
Dimensions	app (Producer) chart container direction message_type namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name nf_type vendor

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.7.11 ocsepp_pn32f_mediation_latency_seconds_max

Table 5-55 ocsepp_pn32f_mediation_latency_seconds_max

Field	Details
Metric Details	This metrics is used to display the maximum processing time of all the ingress request at pn32f for a particular time.
Microservice	Producer N32f
Type	Histogram
Dimensions	app (Producer) chart container direction message_type namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name nf_type vendor

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.7.12 ocsepp_pn32f_mediation_latency_seconds_sum

Table 5-56 ocsepp_pn32f_mediation_latency_seconds_sum

Field	Details
Metric Details	Time taken by Mediation Service to process request after getting called from PN32F service.
Microservice	PN32f
Type	Histogram
Dimensions	app (Producer) chart container direction message_type namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name nf_type vendor

5.1.8 Hosted SEPP Metrics

5.1.8.1 ocsepp_allowed_p_rss_routing_failure_total

Table 5-57 ocsepp_allowed_p_rss_routing_failure_total

Field	Details
Metric Details	Number of requests failing due to Hosted SEPP failure.
Microservice	Consumer N32F
Type	Counter
Dimensions	app (Consumer, Producer) chart container http_error_message namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name http_status vendor "Oracle"

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.9 Message Copy Metrics

5.1.9.1 oc_ingressgateway_msgcopy_requests_total

Table 5-58 oc_ingressgateway_msgcopy_requests_total

Field	Details
Metric Details	This is incremented whenever request message is sent or acknowledged from Data Director.
Microservice	PLMN Ingress gateway, N32 Ingress Gateway
Type	Counter
Dimensions	app (PLMN Ingress gateway, N32 Ingress Gateway) chart container namespace pod type

5.1.9.2 oc_ingressgateway_msgcopy_responses_total

Table 5-59 oc_ingressgateway_msgcopy_responses_total

Field	Details
Metric Details	This is incremented whenever response message is sent or acknowledged from DD.
Microservice	Plmn Ingress Gateway, N32 Ingress Gateway
Type	Counter
Dimensions	app (PLMN Ingress gateway, N32 Ingress Gateway) chart container namespace pod type

5.1.9.3 oc_ingressgateway_dd_unreachable

Table 5-60 oc_ingressgateway_dd_unreachable

Field	Details
Metric Details	This indicates whether DD is reachable or not 0 - reachable, 1 - unreachable
Microservice	Plmn Ingress Gateway, N32 Ingress Gateway
Type	Gauge
Dimensions	app

5.1.9.4 oc_egressgateway_msgcopy_requests_total

Table 5-61 oc_egressgateway_msgcopy_requests_total

Field	Details
Metric Details	This is incremented whenever request message is sent or acknowledged from DD.
Microservice	Plmn Egress Gateway, N32 Egress Gateway
Type	Counter
Dimensions	app (PLMN Ingress gateway, N32 Ingress Gateway) chart container namespace pod type

5.1.9.5 oc_egressgateway_msgcopy_responses_total

Table 5-62 oc_egressgateway_msgcopy_responses_total

Field	Details
Metric Details	This is incremented whenever response message is sent or acknowledged from DD.
Microservice	Plmn Egress Gateway, N32 Egress Gateway
Type	Counter
Dimensions	app (PLMN Ingress gateway, N32 Ingress Gateway) chart container namespace pod type

5.1.9.6 oc_egressgateway_dd_unreachable

Table 5-63 oc_egressgateway_dd_unreachable

Field	Details
Metric Details	This indicates whether DD is reachable or not 0 - reachable, 1 - unreachable
Microservice	Plmn Egress Gateway, N32 Egress Gateway
Type	Gauge
Dimensions	app

5.1.10 SOR Metrics

5.1.10.1 ocsepp_pn32f_sor_requests_total

Table 5-64 ocsepp_pn32f_sor_requests_total

Field	Details
Metric Details	Number of requests sent to SOR
Microservice	Producer N32f
Type	Counter
Dimensions	app (Producer) chart container direction http_method namespace nf_instance_id NfServiceType NfType peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name resource_uri vendor "Oracle"

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.10.2 ocsepp_pn32f_sor_responses_total

Table 5-65 ocsepp_pn32f_sor_responses_total

Field	Details
Metric Details	Number of responses received from SOR.
Microservice	Producer N32f
Type	Counter
Dimensions	app (Producer) chart container direction http_method namespace nf_instance_id NfServiceType NfType peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name http_status resource_uri vendor "Oracle"

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.10.3 ocsepp_pn32f_sor_retry_to_producer_requests_total

Table 5-66 ocsepp_pn32f_sor_retry_to_producer_requests_total

Field	Details
Metric Details	Number of requests sent to producer based on 3gpp header.
Microservice	Producer N32f
Type	Counter
Dimensions	app (Producer) chart container direction http_method namespace nf_instance_id NfServiceType NfType peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name http_status vendor "Oracle"

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.10.4 ocsepp_pn32f_sor_back_to_consumer_responses_total

Table 5-67 ocsepp_pn32f_sor_back_to_consumer_responses_total

Field	Details
Metric Details	Number of responses received from SoR sent back to consumer.
Microservice	Producer N32f
Type	Counter
Dimensions	app (Producer) chart container direction http_method namespace nf_instance_id NfServiceType NfType peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name http_status sorFqdn sorPort vendor "Oracle"

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.
If Alternate Routing for SOR (Steering of Roaming) servers is enabled, the fqdn and port tags will contain multiple values.
Example:

fqdn = A,B,C

port = A,B,C

In this context:

A refers to the Primary SOR Server/Port

B refers to the Secondary SOR Server/Port

C refers to the Tertiary SOR Server/Port
Each position in the list corresponds to the same level of priority across both the FQDN and Port fields.

5.1.10.5 ocsepp_pn32f_sor_failure_total

Table 5-68 ocsepp_pn32f_sor_failure_total

Field	Details
Metric Details	Number of 4xx or 5xx responses received from SOR.
Microservice	Producer N32f
Type	Counter
Dimensions	app (Producer) chart container direction http_method namespace nf_instance_id NfServiceType NfType peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name http_status vendor "Oracle"

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.10.6 ocsepp_pn32f_sor_timeout_failure_total

Table 5-69 ocsepp_pn32f_sor_timeout_failure_total

Field	Details
Metric Details	Number of requests which are request timeout while connecting to SOR.
Microservice	Producer N32f
Type	Counter
Dimensions	app (Producer) chart container direction http_method namespace nf_instance_id NfServiceType NfType peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name http_status vendor "Oracle"

Note:

The dimension peer_plmn_id is optional and will be available only when SAN contains the PLMN in FQDN.

5.1.11 Rate Limiting for Ingress Roaming Signaling per Remote SEPP Set Metrics

5.1.11.1 oc_ingressgateway_rss_ratelimit_total

Table 5-70 oc_ingressgateway_rss_ratelimit_total

Field	Details
Metric Details	Number of request for which RSS based rate limiting was applied and request was successfully forwarded.
Microservice	N32 Ingress Gateway
Type	Counter
Dimensions	app (PLMN Ingress Gateway, N32 Ingress Gateway) chart container ErrorOriginator method namespace PLMN_ID pod Remote_SEPP_Set InstanceIdentifier Scheme Status
Metric filter	Status = accepted

5.1.11.2 oc_ingressgateway_rss_ratelimit_total

Table 5-71 oc_ingressgateway_rss_ratelimit_total

Field	Details
Metric Details	Number of request for which RSS based rate limiting was not applied.
Microservice	N32 Ingress Gateway
Type	Counter
Dimensions	Method Status Scheme InstanceIdentifier ErrorOriginator
Metric filter	Status = ratelimit not applied

5.1.11.3 ocsepp_configmgr_routefailure_total

Table 5-72 ocsepp_configmgr_routefailure_total

Field	Details
Metric Details	Metric pegged due to route sync issue in SEPP.
Microservice	Config Manager
Type	Counter
Dimensions	http_status http_error_message app

5.1.11.4 oc_ingressgateway_rss_ratelimit_total

Table 5-73 oc_ingressgateway_rss_ratelimit_total

Field	Details
Metric Details	Number of request for which RSS based rate limiting was applied but request had to be dropped.
Microservice	N32 Ingress Gateway
Type	Counter
Dimensions	app (PLMN Ingress Gateway, N32 Ingress Gateway) chart container ErrorOriginator nf_instance_id http_method namespace peer_plmn_id pod remote_sepp_set_name Scheme Status
Metric filter	Status = dropped

5.1.12 Topology Hiding Metrics

5.1.12.1 ocsepp_topology_latency_seconds_count

Table 5-74 ocsepp_topology_latency_seconds_count

Field	Details
Metric Details	This metric is used to display the number of ingress requests processed at cn32f and pn32f in a particular time span (in seconds).
Microservice	Consumer N32f, Producer N32f
Type	Histogram
Dimensions	app (consumer, producer) chart container direction message_type namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name nf_type vendor "Oracle"

5.1.12.2 ocsepp_topology_latency_seconds_max

Table 5-75 ocsepp_topology_latency_seconds_max

Field	Details
Metric Details	This metrics is used to display the maximum processing time of an ingress request at cn32f and pn32f in seconds.
Microservice	Consumer N32f, Producer N32f
Type	Histogram
Dimensions	app (consumer, producer) chart container direction message_type namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name nf_type vendor "Oracle"

5.1.12.3 ocsepp_topology_latency_seconds_sum

Table 5-76 ocsepp_topology_latency_seconds_sum

Field	Details
Metric Details	This metrics is used to display the average processing time of all the ingress request at cn32f and pn32f for a particular time.
Microservice	Consumer N32f, Producer N32f
Type	Histogram
Dimensions	app (consumer, producer) chart container direction message_type namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name nf_type vendor "Oracle"

5.1.12.4 ocsepp_topology_header_success_total

Table 5-77 ocsepp_topology_header_success_total

Field	Details
Metric Details	Count of headers for which topology hiding and recovery was successful
Microservice	Consumer N32f, Producer N32f
Type	Counter
Dimensions	app (consumer, producer) chart container header namespace nf_instance_id pod vendor "Oracle"

5.1.12.5 ocsepp_topology_header_failure_total

Table 5-78 ocsepp_topology_header_failure_total

Field	Details
Metric Details	Count of headers for which topology hiding and recovery failed
Microservice	Consumer N32f, Producer N32f
Type	Counter
Dimensions	app (consumer, producer) chart container header namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name vendor "Oracle"

5.1.12.6 ocsepp_topology_body_success_total

Table 5-79 ocsepp_topology_body_success_total

Field	Details
Metric Details	Count of body attributes for which topology hiding and recovery was successful.
Microservice	Consumer N32f, Producer N32f
Type	Counter
Dimensions	app (Consumer, Producer) chart container http_method namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name vendor "Oracle"

5.1.12.7 ocsepp_topology_body_failure_total

Table 5-80 ocsepp_topology_body_failure_total

Field	Details
Metric Details	Count of body for which topology hiding and recovery failed
Microservice	Consumer N32f, Producer N32f
Type	Counter
Dimensions	app (Consumer, Producer) api_url http_error_message chart container http_method namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod http_status vendor "Oracle"

5.1.12.8 ocsepp_topology_success_total

Table 5-81 ocsepp_topology_success_total

Field	Details
Metric Details	Count of messages for which topology hiding or recovery was successful
Microservice	Consumer N32f, Producer N32f
Type	Counter
Dimensions	app (consumer, producer) chart container namespace nf_instance_id peer_domain peer_fqdn peer_plmn_id pod remote_sepp_name vendor "Oracle"

5.1.12.9 ocsepp_topology_invalid_header_regex_configured_total

Table 5-82 ocsepp_topology_invalid_header_regex_configured_total

Field	Details
Metric Details	If configured header regex pattern is invalid, this metric will be pegged.
Microservice	Consumer N32f, Producer N32f
Type	Counter
Dimensions	vendor nfInstanceId error_message

5.1.12.10 ocsepp_topology_header_regex_not_configured_total

Table 5-83 ocsepp_topology_header_regex_not_configured_total

Field	Details
Metric Details	If header regex pattern is not configured, this metric will be pegged.
Microservice	Consumer N32f, Producer N32f
Type	Counter
Dimensions	vendor nfInstanceId error_message

5.1.13 Cat 0 - SBI Message Schema Validation Metrics

5.1.13.1 ocsepp_message_validation_applied_total

Table 5-84 ocsepp_message_validation_applied_total

Field	Details
Metric Details	Total number of requests for which message validation is applied.
Microservice	Producer N32f, Consumer N32F
Type	Counter
Dimensions	app (Consumer, Producer) chart container http_method namespace nf_instance_id peer_fqdn peer_plmn_id pod remote_sepp_name remote_sepp_set_name vendor "Oracle"

Note:

The dimension "peer_plmn_id" is applicable only for Consumer N32F.
An additional dimension "sourceRss" is applicable for Consumer N32F in Roaming Hub mode.

5.1.13.2 ocsepp_message_validation_on_body_failure_total

Table 5-85 ocsepp_message_validation_on_body_failure_total

Field	Details
Metric Details	Number of requests in which message validation failed on body at SEPP end.
Microservice	Producer N32f, Consumer N32F
Type	Counter
Dimensions	app chart container http_method namespace nf_instance_id peer_fqdn peer_plmn_id pod remote_sepp_name remote_sepp_set_name request_path vendor "Oracle" http_status

Note:

The dimension "peer_plmn_id" is applicable only for Consumer N32F.
An additional dimension "sourceRss" is applicable for Consumer N32F in Roaming Hub mode.

5.1.13.3 ocsepp_message_validation_on_header_failure_total

Table 5-86 ocsepp_message_validation_on_header_failure_total

Field	Details
Metric Details	Number of requests for which message validation failed on query parameters at SEPP end.
Microservice	Producer N32f, Consumer N32F
Type	Counter
Dimensions	app chart container http_method namespace nf_instance_id peer_fqdn peer_plmn_id pod remote_sepp_name remote_sepp_set_name request_path vendor "Oracle" http_status

Note:

The dimension "peer_plmn_id" is applicable only for Consumer N32F.
An additional dimension "sourceRss" is applicable for Consumer N32F in Roaming Hub mode.

5.1.14 Cat 1 - Service API Validation Metrics

5.1.14.1 ocsepp_security_service_api_failure_total

Table 5-87 ocsepp_security_service_api_failure_total

Field	Details
Metric Details	Metric are common for both CN32F and PN32F. Separation happens based on "app" tag. Number of requests failed as Method and Resource URI were not Allowed
Microservice	N32f
Type	Counter
Dimensions	app (Consumer, Producer) chart container http_method namespace nf_instance_id peer_fqdn peer_plmn_id pod remote_sepp_name request_path http_status vendor "Oracle" nf_service_type nf_type

5.1.15 Cat 2 - Network ID Validation Metrics

5.1.15.1 ocsepp_originating_network_request_success_total

Table 5-88 ocsepp_originating_network_request_success_total

Field	Details
Metric Details	Total number of requests for Cat-2 Network id header validation successful. Condition : This metric will be pegged only when cat-2 is enabled and header validation is successful.
Microservice	Pn32f
Metric type	Counter
Dimensions	app chart container endpoint direction http_method peer_plmn_id namespace nf_instance_id NfServiceType NfType peer_domain peer_fqdn pod method remote_sepp_name remote_sepp_set_name vendor "Oracle"

5.1.15.2 ocsepp_network_id_validation_body_failure_total

Table 5-89 ocsepp_network_id_validation_body_failure_total

Field	Details
Metric Details	Number of request for which Network ID body validation feature were failed.
Microservice	Producer N32f, Consumer N32F
Type	Counter
Dimensions	app (Consumer, Producer) cause chart container error_action http_method namespace nf_instance_id peer_domain peer_fqdn plmn_identifier pod remote_sepp_name remote_sepp_set_name resource_uri sepp_type vendor "Oracle"

5.1.15.3 ocsepp_network_id_validation_header_failure_total

Table 5-90 ocsepp_network_id_validation_header_failure_total

Field	Details
Metric Details	Number of request for which Network ID header validation feature were failed.
Microservice	Producer N32f, Consumer N32F
Type	Counter
Dimensions	app (Consumer, Producer) cause chart container error_action http_method namespace nf_instance_id peer_domain peer_fqdn plmn_identifier pod remote_sepp_name remote_sepp_set_name resource_uri sepp_type vendor "Oracle"

5.1.16 Cat 3 - Previous Location Check Metrics

5.1.16.1 ocsepp_previous_location_exception_failure_total

Table 5-91 ocsepp_previous_location_exception_failure_total

Field	Details
Metric Details	Number of requests, for which previous location validation check failed due to exceptions.
Microservice	Producer N32f
Type	Counter
Dimensions	app (Consumer, Producer) cause chart container error_action http_method namespace nf_instance_id peer_domain peer_fqdn pod remote_sepp_name remote_sepp_set_name resource_uri vendor "Oracle"

5.1.16.2 ocsepp_previous_location_validation_success_total

Table 5-92 ocsepp_previous_location_validation_success_total

Field	Details
Metric Details	Number of requests, for which previous location validation feature is successful.
Microservice	Producer N32f
Type	Counter
Dimensions	app (Consumer, Producer) chart container http_method namespace nf_instance_id peer_domain peer_fqdn pod remote_sepp_name remote_sepp_set_name vendor "Oracle"

5.1.16.3 ocsepp_previous_location_validation_failure_total

Table 5-93 ocsepp_previous_location_validation_failure_total

Field	Details
Metric Details	Number of requests, for which previous location validation check failed.
Microservice	Producer N32f
Type	Counter
Dimensions	app (Consumer, Producer) cause chart container error_action http_method namespace nf_instance_id peer_domain peer_fqdn pod remote_sepp_name remote_sepp_set_name resource_uri vendor "Oracle"

5.1.16.4 ocsepp_previous_location_validation_requests_total

Table 5-94 ocsepp_previous_location_validation_requests_total

Field	Details
Metric Details	Number of requests, for which previous location validation feature is applied.
Microservice	Producer N32f
Type	Counter
Dimensions	app (Consumer, Producer) chart container http_method namespace nf_instance_id peer_domain peer_fqdn pod remote_sepp_name remote_sepp_set_name vendor "Oracle"

5.1.16.5 ocsepp_pn32f_notification_total

Table 5-95 ocsepp_pn32f_notification_total

Field	Details
Metric Details	It is pegged every time the notification is received on pn32f from NRF for UDR profile change.
Microservice	Producer N32f
Type	Counter
Dimensions	NA

5.1.17 Cat-3 Time Check for Roaming Subscribers

5.1.17.1 ocsepp_time_unauthenticated_location_validation_requests_total

Table 5-96 ocsepp_time_unauthenticated_location_validation_requests_total

Field	Details
Metric Details	Total number of requests received by the Cat-3 time check feature.
Microservice	Producer N32f
Type	Counter
Dimensions	app assertedPlmnValue chart container endpoint helm_sh_chart heritage instance job namespace nf_instance_id peer_domain peer_fqdn pod pod_template_hash release remote_sepp_name remote_sepp_set_name vendor

5.1.17.2 ocsepp_time_unauthenticated_location_validation_success_total

Table 5-97 ocsepp_time_unauthenticated_location_validation_success_total

Field	Details
Metric Details	Total number of requests received by the Cat-3 time check feature with successful validation.
Microservice	Producer N32f
Type	Counter
Dimensions	app assertedPlmnValue chart container endpoint helm_sh_chart heritage instance job namespace nf_instance_id peer_domain peer_fqdn pod pod_template_hash reason release remote_sepp_name remote_sepp_set_name vendor

5.1.17.3 ocsepp_time_unauthenticated_location_validation_failure_total

Table 5-98 ocsepp_time_unauthenticated_location_validation_failure_total

Field	Details
Metric Details	Total number of requests received by the Cat-3 time check feature with failed validation.
Microservice	Producer N32f
Type	Counter
Dimensions	app assertedPlmnValue chart container endpoint error_action helm_sh_chart heritage instance job namespace nf_instance_id peer_domain peer_fqdn pod pod_template_hash release remote_sepp_name remote_sepp_set_name vendor

5.1.17.4 ocsepp_time_unauthenticated_location_exception_failure_total

Table 5-99 ocsepp_time_unauthenticated_location_exception_failure_total

Field	Details
Metric Details	Total number of requests received by the Cat-3 time check feature where exception was encountered.
Microservice	Producer N32f
Type	Counter
Dimensions	app assertedPlmnValue chart container endpoint error_action helm_sh_chart heritage instance job namespace nf_instance_id peer_domain peer_fqdn pod pod_template_hash release remote_sepp_name remote_sepp_set_name vendor

5.1.17.5 ocsepp_time_unauthenticated_location_blocklist_requests_total

Table 5-100 ocsepp_time_unauthenticated_location_blocklist_requests_total

Field	Details
Metric Details	Total number of requests received by the Cat-3 time check feature which were blacklisted.
Microservice	Producer N32f
Type	Counter
Dimensions	app assertedPlmnValue chart container endpoint helm_sh_chart heritage instance job namespace nf_instance_id peer_domain peer_fqdn pod pod_template_hash release remote_sepp_name remote_sepp_set_name vendor

5.1.17.6 ocsepp_configmgr_country_config_failure_total

Table 5-101 ocsepp_configmgr_country_config_failure_total

Field	Details
Metric Details	Total number of exceptions that occurred while saving default country configurations or deleting the same for the Cat-3 time check feature.
Microservice	Producer N32f
Type	Counter
Dimensions	app application chart container endpoint helm_sh_chart heritage http_error_message http_status http_method instance job namespace node pod pod_template_hash release vendor

5.1.18 Rate Limiting for Egress Roaming Signaling per PLMN Metrics

5.1.18.1 oc_ingressgateway_plmn_egress_ratelimit_total

Table 5-102 oc_ingressgateway_plmn_egress_ratelimit_total

Field	Details
Metric Details	Number of requests for which Egress Rate Limiting was applied and request was successfully forwarded because tokens were available for the Egress Rate Limit List.
Microservice	Ingress Gateway
Type	Counter
Dimensions	Status PLMN_ID Scheme Egress Rate Limit List InstanceIdentifier ErrorOriginator
Status	ERL_MATCH_TOKEN_AVAILABLE_FWD

5.1.18.2 oc_ingressgateway_plmn_egress_ratelimit_total

Table 5-103 oc_ingressgateway_plmn_egress_ratelimit_total

Field	Details
Metric Details	Number of requests for which Egress Rate Limiting was applied, here tokens were not available to process the request, request was rejected as its priority was low (above than the configured cutoff).
Microservice	Ingress Gateway
Type	Counter
Dimensions	Status PLMN_ID Scheme Egress Rate Limit List InstanceIdentifier ErrorOriginator
Status	ERL_MATCH_NO_TOKEN_LOW_PRI_REJECT

5.1.18.3 oc_ingressgateway_plmn_egress_ratelimit_total

Table 5-104 oc_ingressgateway_plmn_egress_ratelimit_total

Field	Details
Metric Details	The number of requests for which egress rate limiting was applied, here tokens were not available to process the request, but the request was forwarded as its priority was high (less than the configured cutoff).
Microservice	Ingress Gateway
Type	Counter
Dimensions	Status PLMN_ID Scheme Egress Rate Limit List InstanceIdentifier ErrorOriginator
Status	ERL_MATCH_NO_TOKEN_HIGH_PRI_FWD

5.1.18.4 oc_ingressgateway_plmn_egress_ratelimit_total

Table 5-105 oc_ingressgateway_plmn_egress_ratelimit_total

Field	Details
Metric Details	Number of requests for which rate limiting could not be applied as invalid PLMN ID was sent in the request. The request was forwarded.
Microservice	Ingress Gateway
Type	Counter
Dimensions	Status PLMN_ID Scheme Egress Rate Limit List InstanceIdentifier ErrorOriginator
Status	ERROR_UNABLE_TO_EXTRACT_PLMN_FWD

5.1.18.5 oc_ingressgateway_plmn_egress_ratelimit_total

Table 5-106 oc_ingressgateway_plmn_egress_ratelimit_total

Field	Details
Metric Details	Number of requests for which rate limiting could not be applied as none of the Egress Rate Limit List contains the corresponding PLMN ID. The request was forwarded.
Microservice	Ingress Gateway
Type	Counter
Dimensions	Status PLMN_ID Scheme Egress Rate Limit List InstanceIdentifier ErrorOriginator
Status	ERL_NO_MATCH_FWD

5.1.18.6 oc_ingressgateway_plmn_egress_ratelimit_total

Table 5-107 oc_ingressgateway_plmn_egress_ratelimit_total

Field	Details
Metric Details	Number of requests for which rate limiting could not be applied as some unexpected exception was raised during the execution of the rate limit filter for the request. The request was forwarded.
Microservice	Ingress Gateway
Type	Counter
Dimensions	Status PLMN_ID Scheme Egress Rate Limit List InstanceIdentifier ErrorOriginator
Status	ERROR_INTERNAL_FWD

5.1.19 Config Manager Metrics

5.1.19.1 ocsepp_configmgr_rpp_config_failure_total

Table 5-108 ocsepp_configmgr_rpp_config_failure_total

Field	Details
Metric Details	This metrics is pegged whenever there is a Remote SEPP configuration failure.
Microservice	Config Manager
Type	Counter
Dimensions	app http_error_message http_method http_status vendor chart pod namespace container

5.1.19.2 ocsepp_configmgr_rpp_validation_failure_total

Table 5-109 ocsepp_configmgr_rpp_validation_failure_total

Field	Details
Metric Details	This metric is pegged whenever there is a change in mandatory parameter of Remote SEPP Profile or mandatory parameter is missing.
Microservice	Config Manager
Type	Counter
Dimensions	app http_error_message http_status vendor chart pod namespace container

5.1.19.3 ocsepp_configmgr_routeupdate_total

Table 5-110 ocsepp_configmgr_routeupdate_total

Field	Details
Metric Details	This metric shows the total number of times config-mgr microservice has tried to update the route details for Egress Gateway microservices.
Microservice	Config Manager
Type	Counter
Dimensions	app vendor chart pod namespace container

5.1.19.4 ocsepp_configmgr_n32f_context_config_failure_total

Table 5-111 ocsepp_configmgr_n32f_context_config_failure_total

Field	Details
Metric Details	This metric is pegged when an HS context is fetched by name or FQDN and the query fails or returns empty.
Microservice	Config Manager
Type	Counter
Dimensions	app vendor chart pod namespace container exported_namespace exported_pod http_error_message http_method http_status instance microservice node

5.1.20 Support for Originating Network Id Header Validation, Insertion, and Transposition Metrics

5.1.20.1 ocsepp_originating_network_id_header_added_total

Table 5-112 ocsepp_originating_network_id_header_added_total

Field	Details
Metric Details	Total number of requests on which "3gpp-sbi-originating-network-id" or "3gpp-sbi-asserted-plmn-id" header is added.
Microservice	PN32F CN32F
Type	Counter
Dimensions	CN32F: header_name header_value remote_sepp_name remote_sepp_set_name peer_fqdn peer_plmn_id request_path vendor nf_instance_id PN32F: header_name header_value remote_sepp_name remote_sepp_set_name peer_fqdn request_path vendor nf_instance_id

5.1.20.2 ocsepp_originating_id_header_transposed_total

Table 5-113 ocsepp_originating_id_header_transposed_total

Field	Details
Metric Details	Total number of requests in which the header name ("3gpp-sbi-originating-network-id" or "3gpp-sbi-asserted-plmn-id") is transposed to another header name. Example: "3gpp-sbi-originating-network-id" is transposed into "3gpp-sbi-asserted-plmn-id" or "3gpp-sbi-asserted-plmn-id" is transposed into "3gpp-sbi-originating-network-id"
Microservice	PN32F
Type	Counter
Dimensions	transposed_header header_value header_from_request remote_sepp_name remote_sepp_set_name peer_fqdn request_path vendor nf_instance_id Note: The header_value dimension will not be populated in cases where SEPP does not make any modifications in incoming request header value for 3gpp-Sbi-Originating-Network-Id or 3gpp-Sbi-Asserted-Plmn-Id header while header transposition.

5.1.20.3 ocsepp_originating_header_addition_failed

Table 5-114 ocsepp_originating_header_addition_failed

Field	Details
Metric Details	Total number of requests in which missing header ("3gpp-sbi-originating-network-id" or "3gpp-sbi-asserted-plmn-id") could not be added due to any internal error.
Microservice	CN32F
Type	Counter
Dimensions	request_path vendor nf_instance_id

5.1.20.4 ocsepp_originating_network_id_header_add_or_transpose_failed

Table 5-115 ocsepp_originating_network_id_header_add_or_transpose_failed

Field	Details
Metric Details	Total number of requests for which the missing header ("3gpp-sbi-originating-network-id" or "3gpp-sbi-asserted-plmn-id") could not be added, or header transposition was failed due to any internal error.
Microservice	PN32F
Type	Counter
Dimensions	request_path vendor nf_instance_id

5.1.21 Support for TLS 1.3 Metrics

5.1.21.1 oc_ingressgateway_incoming_tls_connections

Table 5-116 oc_ingressgateway_incoming_tls_connections

Field	Details
Metric Details	Number of TLS connections received on the Ingress Gateway and their negotiated versions. The version can be TLS 1.2 or TLS 1.3.
Microservice	PLMN Ingress Gateway N32 Ingress Gateway
Type	Gauge
Dimensions	NegotiatedTLSVersion Host Direction InstanceIdentifier

5.1.21.2 oc_egressgateway_outgoing_tls_connections

Table 5-117 oc_egressgateway_outgoing_tls_connections

Field	Details
Metric Details	Number of TLS connections sent on the Egress Gateway and their negotiated versions. The version can be TLS 1.2 or TLS 1.3.
Microservice	PLMN Egress Gateway N32 Egress Gateway
Type	Gauge
Dimensions	NegotiatedTLSVersion Host Direction InstanceIdentifier

5.1.21.3 security_cert_x509_expiration_seconds

Table 5-118 security_cert_x509_expiration_seconds

Field	Details
Metric Details	Time to certificate expiry in epoch seconds.
Microservice	PLMN Ingress Gateway N32 Ingress Gateway PLMN Egress Gateway N32 Egress Gateway
Type	Histogram
Dimensions	app chart endpoint container namespace pod serialNumber subject CN (CommonName) O (Organization) L (Locality) ST (State or ProvinceName) C (CountryName)

5.1.22 Proactive Status Updates on SEPP Metrics

5.1.22.1 oc_egressgateway_peer_health_status

Table 5-119 oc_egressgateway_peer_health_status

Field	Details
Metric Details	Set to 1, if a peer is unhealthy and reset to 0, when it becomes healthy again. Set to -1, if peer is removed from peerconfiguration.
Microservice	N32 Egress Gateway, PLMN Egress Gateway
Metric type	Gauge
Dimensions	peer vfqdn

5.1.22.2 oc_egressgateway_peer_health_ping_request_total

Table 5-120 oc_egressgateway_peer_health_ping_request_total

Field	Details
Metric Details	Incremented every time a health ping is sent toward a peer.
Microservice	N32 Egress Gateway, PLMN Egress Gateway
Metric type	Counter
Dimensions	peer vfqdn

5.1.22.3 oc_egressgateway_peer_health_ping_response_total

Table 5-121 oc_egressgateway_peer_health_ping_response_total

Field	Details
Metric Details	Incremented every time a health ping response(irrespective of success or failure) is received from a peer.
Microservice	N32 Egress Gateway, PLMN Egress Gateway
Metric type	Counter
Dimensions	peer vfqdn statusCode cause

5.1.22.4 oc_egressgateway_peer_health_status_transitions_total

Table 5-122 oc_egressgateway_peer_health_status_transitions_total

Field	Details
Metric Details	Incremented every time a peer transitions from AVAILABLE to UNAVAILABLE or UNAVAILABLE to AVAILABLE.
Microservice	N32 Egress Gateway, PLMN Egress Gateway
Metric type	Counter
Dimensions	peer vfqdn from to

5.1.22.5 oc_ingressgateway_health_check_incoming_ping_total

Table 5-123 oc_ingressgateway_health_check_incoming_ping_total

Field	Details
Metric Details	Incremented every time a health ping is received from a peer.
Microservice	N32 Ingress Gateway, PLMN Ingress Gateway
Metric type	Counter
Dimensions	method resource_uri

5.1.23 Multiple SEPP instances on shared cnDBTier cluster Metrics

5.1.23.1 ocsepp_cn32f_database_connectivity_healthy

Table 5-124 ocsepp_cn32f_database_connectivity_healthy

Field	Details
Metric Details	This metric will be pegged when database connectivity with cn32f service is established and healthy and when connection breaks then set to 0.
Microservice	cn32f
Metric type	Gauge
Dimensions	app app_kubernetes_io_instance app_kubernetes_io_managed_by app_kubernetes_io_name app_kubernetes_io_part_of app_kubernetes_io_version chart container database endpoint helm_sh_chart heritage instance job namespace nf_instance_id pod pod_template_hash release vendor

5.1.23.2 ocsepp_pn32f_database_connectivity_healthy

Table 5-125 ocsepp_pn32f_database_connectivity_healthy

Field	Details
Metric Details	This metric will be pegged when database connectivity with pn32f service is established and healthy and when connection breaks then set to 0.
Microservice	pn32f
Metric type	Gauge
Dimensions	app app_kubernetes_io_instance app_kubernetes_io_managed_by app_kubernetes_io_name app_kubernetes_io_part_of app_kubernetes_io_version chart container database endpoint helm_sh_chart heritage instance job namespace nf_instance_id pod pod_template_hash release vendor

5.1.23.3 ocsepp_cn32c_database_connectivity_healthy

Table 5-126 ocsepp_cn32c_database_connectivity_healthy

Field	Details
Metric Details	This metric will be pegged when database connectivity with cn32c service is established and healthy and when connection breaks then set to 0.
Microservice	cn32c
Metric type	Gauge
Dimensions	app app_kubernetes_io_instance app_kubernetes_io_managed_by app_kubernetes_io_name app_kubernetes_io_part_of app_kubernetes_io_version chart container database endpoint helm_sh_chart heritage instance job namespace nf_instance_id pod pod_template_hash release vendor

5.1.23.4 ocsepp_pn32c_database_connectivity_healthy

Table 5-127 ocsepp_pn32c_database_connectivity_healthy

Field	Details
Metric Details	This metric will be pegged when database connectivity with pn32c service is established and healthy and when connection breaks then set to 0.
Microservice	pn32c
Metric type	Gauge
Dimensions	app app_kubernetes_io_instance app_kubernetes_io_managed_by app_kubernetes_io_name app_kubernetes_io_part_of app_kubernetes_io_version chart container database endpoint helm_sh_chart heritage instance job namespace nf_instance_id pod pod_template_hash release vendor

5.1.23.5 ocsepp_configmgr_database_connectivity_healthy

Table 5-128 ocsepp_configmgr_database_connectivity_healthy

Field	Details
Metric Details	This metric will be pegged when database connectivity with config manager service is established and healthy and when connection breaks then set to 0.
Microservice	config-mgr
Metric type	Gauge
Dimensions	app app_kubernetes_io_instance app_kubernetes_io_managed_by app_kubernetes_io_name app_kubernetes_io_part_of app_kubernetes_io_version application chart container database endpoint exported_namespace exported_pod helm_sh_chart heritage instance job namespace nf_instance_id node pod pod_template_hash release vendor

5.1.23.6 ocsepp_coherence_database_connectivity_healthy

Table 5-129 ocsepp_coherence_database_connectivity_healthy

Field	Details
Metric Details	This metric will be pegged when database connectivity with coherence service is established and healthy and when connection breaks then set to 0..
Microservice	coherence-svc
Metric type	Gauge
Dimensions	app app_kubernetes_io_instance app_kubernetes_io_managed_by app_kubernetes_io_name app_kubernetes_io_part_of app_kubernetes_io_version chart container database endpoint helm_sh_chart heritage instance job namespace nf_instance_id pod pod_template_hash release vendor

5.1.24 LCI and OCI Headers Metrics

5.1.24.1 oc_ingressgateway_headers_lci_total

Table 5-130 oc_ingressgateway_headers_lci_total

Field	Details
Metric Details	This counts the total number of lci header attached.
Microservice	n32-ingress-gateway, plmn-ingress-gateway
Metric type	Counter
Dimensions	scope

5.1.24.2 oc_ingressgateway_headers_oci_total

Table 5-131 oc_ingressgateway_headers_oci_total

Field	Details
Metric Details	This counts the total number of oci header attached.
Microservice	n32-ingress-gateway, plmn-ingress-gateway
Metric type	Counter
Dimensions	scope

5.1.25 Integrating SEPP with 5G Network Intelligence Fabric (5G NIF) Metrics

5.1.25.1 ocsepp_nif_discovery_requests_total

Table 5-132 ocsepp_nif_discovery_requests_total

Field	Details
Metric Details	Total number of requests received to NRF when querying for NIF.
Microservice	Config-mgr
Type	Counter
Dimensions	app chart container helm_sh_chart heritage instance job namespace nf_instance_id pod_template_hash pod release vendor "Oracle"

5.1.25.2 ocsepp_nif_discovery_responses_total

Table 5-133 ocsepp_nif_discovery_responses_total

Field	Details
Metric Details	Total number of responses received from NRF when querying for NIF.
Microservice	Config-mgr
Type	Counter
Dimensions	app chart container helm_sh_chart heritage instance job namespace nf_instance_id pod_template_hash pod release status_code vendor "Oracle"

5.1.25.3 ocsepp_nif_registration_status

Table 5-134 ocsepp_nif_registration_status

Field	Details
Metric Details	Total number of active NIFs for routing.
Microservice	Config-mgr
Type	Gauge
Dimensions	app chart container helm_sh_chart heritage instance job namespace nf_instance_id pod_template_hash pod release status_code vendor "Oracle"

5.1.25.4 ocsepp_pn32f_nif_error_copy_requests_total

Table 5-135 ocsepp_pn32f_nif_error_copy_requests_total

Field	Details
Metric Details	Total number of message copy requests sent to NIF when error response is generated.
Microservice	pn32f-svc
Type	Counter
Dimensions	app chart container helm_sh_chart heritage instance job namespace nf_instance_id uri pod pod_template_hash release vendor "Oracle"

5.1.25.5 ocsepp_pn32f_nif_error_copy_responses_total

Table 5-136 ocsepp_pn32f_nif_error_copy_responses_total

Field	Details
Metric Details	Total number of message copy responses received from NIF when error response is generated.
Microservice	pn32f-svc
Type	Counter
Dimensions	app chart container helm_sh_chart heritage instance job namespace nf_instance_id pod pod_template_hash release status_code vendor "Oracle"

5.1.26 NRF Selection Mechanisms Using nrf client Metrics

5.1.26.1 nrfclient_nrf_operative_status

Table 5-137 nrfclient_nrf_operative_status

Field Details

Description

The current operative status of the NRF Instance.

Note: The HealthCheck mechanism is an important component that allows monitoring and managing the health of NRF services.

When enabled, it makes periodic HTTP requests to NRF services to check their availability and updates their status accordingly so that the metric nrfclient_nrf_operative_status updates properly.

When disabled, for each NRF route, it is checked whether the retry time has expired. If so, the health state is reset to "HEALTHY", and the retry time is cleared.

If the metric value is :

0 - NRF is unavailable/unhealthy
1- NRF is available/healthy

Type Gauge

Dimension NrfUri - URI of the NRF Instance

5.1.26.2 nrfclient_dns_lookup_request_total

Table 5-138 nrfclient_dns_lookup_request_total

Field	Details
Description	Total number of times a DNS lookup request is sent to the alternate route service. Note: The metric will be pegged only if `enableVirtualNrfResolution` is set to true.
Type	Counter
Dimension	Scheme VirtualFqdn

5.1.27 Overload Control Metrics

5.1.27.1 service_resource_overload_level

Table 5-139 service_resource_overload_level

Field	Details
Metric Details	Overload level value for Warning, Minor, Major, and Critical.
Microservice	Performance
Type	Gauge
Dimensions	namespace app value metric

5.1.27.2 oc_ingressgateway_route_overloadcontrol_discard_total

Table 5-140 oc_ingressgateway_route_overloadcontrol_discard_total

Field	Details
Metric Details	This metric is pegged when the incoming request is discarded by the Overload filter on priority or percentage basis.
Microservice	N32 Ingress Gateway
Type	Counter
Dimensions	namespace app DiscardAction Status

5.1.27.3 ingressgateway_svc_pending_count

Table 5-141 ingressgateway_svc_pending_count

Field	Details
Metric Details	The number of pending requests count on Ingress Gateway.
Microservice	N32 IGW
Type	Gauge
Dimensions	namespace app value servicenow

5.1.28 Ingress and Egress Gateway Metrics

Table 5-142 Ingress and Egress Gateway Dimensions

Dimension	Details
NFType	Name of the NF Type in path. For Example: Path is /nxxx-yyy/vz/....... Where XXX(Upper Case) is NFType UNKNOWN if unable to extract NFType from the path
NFServiceType	Name of the Service with in the NF. Example: Path is /nxxx-yyy/vz/....... Where nxxx-yyy is NFServiceType UNKNOWN if unable to extract NFServiceType from the path
receivedResponseCode (Pod readiness state metric)	receivedResponseCode (Pod readiness state metric)
id (Pod readiness state metric)	Servivce profile Id of the backend svc
uri (Pod readiness state metric)	Service profile Uri of the backend svc
event	This tag captures the lifecycle event processed during the jetty request processing with the back-end svc
Host	(Ip or fqdn) : port of ingress gateway
DestinationHost	Destination ip/fqdn
client_type	client_type
HttpVersion	Http protocol version
oc_ingressgateway_pod_resource_stress_Type	The type of resource for which the pod protection threshold has reached.e.g. CPU, MEMORY, PENDING_REQUEST
XfccHeaderPresent	XfccHeaderPresent
consumerNfType	consumerNfType
Scheme	Http protocol scheme
Path	Path predicate that matched the current request
ClientCertIdentity	Cerificate Identity of the client
content_available	content_available
Route_Path	Path predicate/Header predicate that matched the current request
InstanceIdentifier	Prefix of the pod configured in helm when there are multiple instances in same deployment
jetty_request_timeout	Tag to capture if a request at IGW failed due to request timeout at jetty level
Virtual Host	The fqdn which requires alternate route svc resolution
error_reason	Reason for failure response received. If message is sent in the response, then it is filled with the message otherwise exception class is filled. In case of successful response it is filled with "no-error"
ErrorOriginator	This tag captures the ErrorOriginator
quantile	This tag captures the latency values with ranges as 10ms, 20ms, 40ms, 80ms, 100ms, 200ms, 500ms, 1000ms and 5000ms
oc_ingressgateway_xfcc_header_validate_ServiceType	Name of the Service with in the NF.
oc_ingressgateway_dns_resolution_Status	oc_ingressgateway_dns_resolution_Status
oc_ingressgateway_global_ratelimit_Status	Request accepted or dropped
oc_ingressgateway_global_ratelimit_total_app	Application at which traffic rejection occurs - n32-ingress-gateway or plmn-ingress-gateway
oc_ingressgateway_global_ratelimit_total_Method	Request method received ( POST , PUT , GET , PATCH , DELETE)
oc_ingressgateway_connection_failure_Host	destination ip/fqdn
oc_ingressgateway_connection_failure_Port	destination port
oc_ingressgateway_connection_failure_Direction	This tag determines the direction in which there is connection failure at IGW
oc_ingressgateway_xfcc_header_validate_Status	oc_ingressgateway_xfcc_header_validate_Status
oc_ingressgateway_xfcc_header_validate_Cause	This tag determines the validation cause for the xfcc header validation metric being pegged
oc_ingressgateway_incoming_pod_connections_rejected_Direction	The incoming connections rejected at IGW handled in pod protection
oc_ingressgateway_xfcc_header_validate_CertsCompared	This tag captures the total number of certificates compared in XFCC header at IGW during the header validation
oc_configclient_request_total_releaseVersion	This tag indicates the current release version of ingress gateway
oc_configclient_request_total_configVersion	This tag indicates the configuration version that ingress gateway is currently maintaining
oc_configclient_response_total_releaseVersion	This tag indicates the configuration version that ingress gateway is currently maintaining
oc_configclient_response_total_updated	This tag indicates whether the configuration was updated or not
oc_ingressgateway_incoming_connections_Direction	This tag indicates the direction of connection established i.e, whether it is incoming or outgoing
oc_ingressgateway_incoming_connections_Host	This tag indicates the remote address of client connected to ingress gateway
oc_ingressgateway_outgoing_connections_Direction	This tag indicates the direction of connection established i.e, whether it is incoming or outgoing
oc_ingressgateway_going_connections_Host	This tag indicates the address of destination
Proxy	Value received for "x-custom-egress-proxy-header".
ConnectedHostIp	This tag captures the IP of destination host to which EGW sends ping requests
ConnectedHostFqdn	This tag captures the fqdn of destination host to which EGW sends ping requests
ConnectedHostPort	This tag captures the port of destination host to which EGW sends ping requests
oc_egressgateway_connection_failure_Host	destination ip/fqdn
oc_egressgateway_connection_failure_Port	destination port
oc_egressgateway_incoming_connections_Direction	This tag indicates the direction of connection established i.e, whether it is incoming or outgoing
oc_egressgateway_incoming_connections_Host	This tag indicates the remote address of client connected to ingress gateway
oc_egressgateway_outgoing_connections_Direction	This tag indicates the direction of connection established i.e, whether it is incoming or outgoing
oc_egressgateway_outgoing_connections_Host	This tag indicates address of destination
EndpointName	Request sent for
Reroute_Path	Path that matched the request to over corresponding route Example : /nef/**
Attempt	Attempt number for scp re-route. Example : 1 , 2 etc.,

5.1.28.1 Ingress Gateway Metrics

This section provides information about the Ingress Gateway metrics used in SEPP.

5.1.28.1.1 oc_ingressgateway_http_requests_total

Table 5-143 oc_ingressgateway_http_requests_total

Field	Details
Metric Details	This metric will be pegged as soon as the request reaches the Ingress gateway in the first custom filter of the application.
Microservice	Plmn Ingress Gateway, N32 Ingress Gateway
Type	Counter
Dimensions	Method NFType NFServiceType Host HttpVersion Scheme Route_path InstanceIdentifier ClientCertIdentity consumerInstanceId ConsumerFqdn

5.1.28.1.2 oc_ingressgateway_http_responses_total

Table 5-144 oc_ingressgateway_http_responses_total

Field	Details
Metric Details	This metric will be pegged in the last custom filter of the Ingress gateway while the response is being sent back to the consumer NF.
Microservice	Plmn Ingress Gateway, N32 Ingress Gateway
Type	Counter
Dimensions	Status Method NFType NFServiceType Host HttpVersion Scheme Route_path InstanceIdentifier ClientCertIdentity

5.1.28.1.3 oc_ingressgateway_request_latency_seconds

Table 5-145 oc_ingressgateway_request_latency_seconds

Field	Details
Metric Details	This metric will be pegged in the last custom filter of the Ingress gateway while the response is being sent back to the consumer NF. This metric tracks the amount of time taken for processing the request. It starts as soon the request reaches the first custom filter of the application and lasts till the response is sent back to the consumer NF from the last custom filter of the application.
Microservice	Plmn Ingress Gateway, N32 Ingress Gateway
Type	Histogram
Dimensions	quantile InstanceIdentifier Route_path Method

5.1.28.1.4 oc_ingressgateway_request_latency_seconds_count

Table 5-146 oc_ingressgateway_request_latency_seconds_count

Field	Details
Metric Details	This metric is used to display the number of ingress requests processed in a particular time span (in seconds).
Microservice	Plmn Ingress Gateway, N32 Ingress Gateway
Type	Histogram
Dimensions	InstanceIdentifier Route_path Method

5.1.28.1.5 oc_ingressgateway_request_latency_seconds_sum

Table 5-147 oc_ingressgateway_request_latency_seconds_sum

Field	Details
Metric Details	This metrics is used to display the average of processing time of all the ingress request for a particular time.
Microservice	Plmn Ingress Gateway, N32 Ingress Gateway
Type	Histogram
Dimensions	InstanceIdentifier Route_path Method

5.1.28.1.6 oc_configclient_request_total

Table 5-148 oc_configclient_request_total

Field	Details
Metric Details	This metric will be pegged whenever config client is polling for configuration update from common configuration server.
Microservice	Plmn Ingress Gateway, N32 Ingress Gateway
Type	Counter
Dimensions	configVersion releaseVersion

5.1.28.1.7 oc_configclient_response_total

Table 5-149 oc_configclient_response_total

Field	Details
Metric Details	This metrics will be pegged whenever config client receives response from common configuration server.
Microservice	Plmn Ingress Gateway, N32 Ingress Gateway
Type	Counter
Dimensions	configVersion releaseVersion updated

5.1.28.1.8 oc_configserver_reachability

Table 5-150 oc_configserver_reachability

Field	Details
Metric Details	Gauge metric to peg the reachability of config server.
Microservice	Plmn Ingress Gateway, N32 Ingress Gateway
Type	Gauge
Dimensions	NA

5.1.28.1.9 oc_ingressgateway_incoming_connections

Table 5-151 oc_ingressgateway_incoming_connections

Field	Details
Metric Details	Gauge metric that will peg active incoming connections from client to ingress gateway
Microservice	PLMN Ingress Gateway, N32 Ingress Gateway
Type	Gauge
Dimensions	host direction instanceIdentifier

5.1.28.1.10 oc_ingressgateway_outgoing_connections

Table 5-152 oc_ingressgateway_outgoing_connections

Field	Details
Metric Details	Gauge metric that will peg active outgoing connections from ingress gateway to destination
Microservice	PLMN Ingress Gateway, N32 Ingress Gateway
Type	Gauge
Dimensions	host direction instanceIdentifier

5.1.28.1.11 oc_ingressgateway_connection_failure_total

Table 5-153 oc_ingressgateway_connection_failure_total

Field	Details
Metric Details	This metric will be pegged in the customized Jetty Client as soon as it fails to connect to the destination service with direction as ingressOut. Here in case of Ingress gateway, the destination service will be a backend microservice of the NF. And TLS connection failure metrics when connecting to ingress with direction as ingress.
Microservice	PLMN Ingress Gateway, N32 Ingress Gateway
Type	Counter
Dimensions	host port direction instanceIdentifier errorReason errorOriginator

5.1.28.1.12 oc_ingressgateway_global_ratelimit_total

Table 5-154 oc_ingressgateway_global_ratelimit_total

Field	Details
Metric Details	This metric will be pegged in the custom filter implemented to check the global rate limit conditions.
Microservice	PLMN Ingress Gateway, N32 Ingress Gateway
Type	Counter
Dimensions	Method Route_path Scheme InstanceIdentifier Status

5.1.28.1.13 oc_ingressgateway_request_content_metrics_total

Table 5-155 oc_ingressgateway_request_content_metrics_total

Field	Details
Metric Details	This metric will be pegged by default filter RequestContentMetrics. It pegs whether request has request body or not.
Microservice	PLMN Egress Gateway, N32 Egress Gateway
Type	Counter
Dimensions	method content_available InstanceIden tifier

5.1.28.1.14 oc_ingressgateway_request_processing_latency_seconds

Table 5-156 oc_ingressgateway_request_processing_latency_seconds

Field	Details
Metric Details	This metric will be pegged in the last custom filter of the Ingress gateway while the response is being sent back to the consumer NF. This metric captures the amount of time taken for processing of the request only within Ingress gateway. It starts as soon the request reaches the first custom filter of the application and lasts till the request is forwarded to the destination.
Microservice	PLMN Egress Gateway, N32 Egress Gateway
Type	Histogram
Dimensions	quantile InstanceIdentifier Route_path Method

5.1.28.1.15 oc_ingressgateway_incoming_ip_type

Table 5-157 oc_ingressgateway_incoming_ip_type

Field	Details
Metric Details	Pegs IP address type of the active incoming connections from the client to Ingress Gateway. Example: `oc_ingressgateway_incoming_ip_type{Host="10.233.109.0",ReceivedAddressType="IPv4",} 0.0`
Microservice	N32 Ingress Gateway, PLMN Ingress Gateway
Type	Gauge
Dimensions	host ReceivedAddressType

5.1.28.1.16 oc_ingressgateway_outgoing_ip_type

Table 5-158 oc_ingressgateway_outgoing_ip_type

Field	Details
Metric Details	Pegs IP address type of the active outgoing connections from Ingress Gateway to the destination. Example: `oc_ingressgateway_outgoing_ip_type{BackendSvc="n32-egress-gateway",BackendSvcAddressType="IPv6",} 4.0`
Microservice	N32 Ingress Gateway, PLMN Ingress Gateway
Type	Gauge
Dimensions	BackendSvc BackendSvcAddressType

5.1.28.2 Egress Gateway Metrics

This section provides information about the Egress Gateway metrics used in SEPP.

5.1.28.2.1 oc_egressgateway_http_requests_total

Table 5-159 oc_egressgateway_http_requests_total

Field	Details
Metric Details	This metric will be pegged as soon as the request reaches the Egress gateway in the first custom filter of the application with direction as egress. This will also be pegged when the request goes out of egress in Jetty Request Listener with direction as egressOut.
Microservice	Plmn Egress GatewayN32 Egress Gateway
Type	Counter
Dimensions	Method NFType NFServiceType Host HttpVersion Scheme Proxy InstanceIdentifier Direction

5.1.28.2.2 `

Table 5-160 oc_egressgateway_http_responses_total

Field	Details
Metric Details	This metric will be pegged in the last custom filter of the Egress gateway while the response is being sent back to backend NF microservice with direction as egress. This will also be pegged when the response is fetched in Jetty responseListener with direction as egressOut. BlacklistedFqdn tag will be filled with BlacklistedFqdn when request is sent with blacklisted producer
Microservice	Plmn Egress GatewayN32 Egress Gateway
Type	Counter
Dimensions	HttpVersion Scheme Direction error_reason ErrorOriginator

5.1.28.2.3 oc_egressgateway_incoming_connections

Table 5-161 oc_egressgateway_incoming_connections

Field	Details
Metric Details	Gauge metric that will peg active incoming connections from client to egress gateway
Microservice	PLMN Egress Gateway, N32 Egress Gateway
Type	Gauge
Dimensions	host direction instanceIdentifier

5.1.28.2.4 oc_egressgateway_outgoing_connections

Table 5-162 oc_egressgateway_outgoing_connections

Field	Details
Metric Details	Gauge metric that will peg active outgoing connections from egress gateway to destination
Microservice	PLMN Egress Gateway, N32 Egress Gateway
Type	Gauge
Dimensions	host direction instanceIdentifier

5.1.28.2.5 oc_egressgateway_connection_failure_total

Table 5-163 oc_egressgateway_connection_failure_total

Field	Details
Metric Details	This metric will be pegged by jetty client when the destination is not reachable by egress gateway. Here the destination is producer NF.
Microservice	PLMN Egress Gateway, N32 Egress Gateway
Type	Counter
Dimensions	host port direction instanceIdentifier errorReason errorOriginator

5.1.28.2.6 oc_egressgateway_sbiRouting_http_requests_total

Table 5-164 oc_egressgateway_sbiRouting_http_requests_total

Field	Details
Metric Details	This metric is pegged in the SBIRoutingFilter only when SBIRouting feature is enabled for a route to which request is sent to EGW.
Microservice	Plmn Egress GatewayN32 Egress Gateway
Type	Counter
Dimensions	Sbi_Fqdn Reroute_Path Response_Code (This would be populated as blank for requests) Attempt HttpVersion Scheme InstanceIdentifier

5.1.28.2.7 oc_egressgateway_sbiRouting_http_responses_total

Table 5-165 oc_egressgateway_sbiRouting_http_responses_total

Field	Details
Metric Details	This metric will be pegged in the SBIRoutingFilter only when SBI Routing feature is enabled for a route to which request is sent to EGW and when sbiRerouteEnabled is set to true and reroute mechanism is executed.
Microservice	PLMN Egress Gateway, N32 Egress Gateway
Type	Counter
Dimensions	Sbi_Fqdn Reroute_Path Status Attempt HttpVersion Scheme InstanceIdentifier ErrorOriginator

5.1.28.2.8 oc_egressgateway_server_latency_seconds

Table 5-166 oc_egressgateway_server_latency_seconds

Field	Details
Metric Details	This metric will be pegged in Jetty response listener that captures the amount of time taken for processing of the request by jetty client.
Microservice	PLMN Egress Gateway, N32 Egress Gateway
Type	Histogram
Dimensions	quantile InstanceIdentifier Method

5.1.28.2.9 oc_fqdn_alternate_route_total

Table 5-167 oc_fqdn_alternate_route_total

Field	Details
Metric Details	Tracks the number of registration, deregistration and GET calls received for a given scheme and FQDN. Note: Registration does not reflect active registration numbers. It captured number of registration requests received.
Microservice	Egress Gateway
Type	Counter
Dimensions	type: Register/Deregister/GET binding_value: <scheme>+<FQDN>

5.1.28.2.10 oc_dns_srv_lookup_total

Table 5-168 oc_dns_srv_lookup_total

Field	Details
Metric Details	Track the number of times the DNS SRV lookup was done for a given scheme and FQDN.
Microservice	Egress Gateway
Type	Counter
Dimensions	binding_value: <scheme>+<FQDN>

5.1.28.2.11 oc_alternate_route_resultset

Table 5-169 oc_alternate_route_resultset

Field	Details
Metric Details	Provides number of alternate routes known for a given scheme and FQDN. Whenever DNS SRV lookup or static configuration is done, this metric provides number of known alternate route for a given pair. For example, <"http", "abc.oracle.com">: 2.
Microservice	Egress Gateway
Type	Gauge
Dimensions	binding_value: <scheme>+<FQDN>

5.1.28.2.12 oc_configclient_request_total

Table 5-170 oc_configclient_request_total

Field	Details
Metric Details	This metric is pegged whenever a polling request is made from config client to the server for configuration updates.
Microservice	Egress Gateway
Type	Counter
Dimensions	Tags: releaseVersion, configVersion. releaseVersion tag indicates the current chart version of alternate route service deployed. configVersion tag indicates the current configuration version of alternate route service.

5.1.28.2.13 oc_configclient_response_total

Table 5-171 oc_configclient_response_total

Field	Details
Metric Details	This metric is pegged whenever a response is received from the server to client.
Microservice	Egress Gateway
Type	Counter
Dimensions	Tags: releaseVersion, configVersion, updated. releaseVersion tag indicates the current chart version of alternate route service deployed. configVersion tag indicates the current configuration version of alternate route service. updated tag indicates whether there is a configuration update or not.

5.1.28.2.14 oc_egressgateway_incoming_ip_type

Table 5-172 oc_egressgateway_incoming_ip_type

Field	Details
Metric Details	Pegs IP address type of the active incoming connections from the client to Egress Gateway. Example: `oc_egressgateway_incoming_ip_type{Host="fd00:0:0:1:809e:4529:947c:bea8%0",ReceivedAddressType="IPv6",} 4.0`
Microservice	N32 Egress Gateway, PLMN Egress Gateway
Type	Gauge
Dimensions	host receivedAddressType

5.1.28.2.15 oc_egressgateway_outgoing_ip_type

Table 5-173 oc_egressgateway_outgoing_ip_type

Field	Details
Metric Details	Pegs IP address type of the active outgoing connections from Egress Gateway to the destination. Example: `oc_egressgateway_outgoing_ip_type{DestinationHost="sepp-stub",DestinationHostAddressType="IPv6",} 4.0`
Microservice	N32 Egress Gateway, PLMN Egress Gateway
Type	Gauge
Dimensions	destinationHost destinationHostAddressType

5.1.28.2.16 oc_egressgateway_dualstack_ip_rejected_total

Table 5-174 oc_egressgateway_dualstack_ip_rejected_total

Field	Details
Metric Details	Counts the total number of IP address rejections because the IP address type configured in the egressRoutingMode does not match the IP address type returned by DNS resolution. Example: `oc_egressgateway_dualstack_ip_rejected_total{"service":"sepp-svc1", "egressRoutingMode":"IPv6", "dnsRecivedIpType":"IPv4"} 10.0` `oc_egressgateway_dualstack_ip_rejected_total{"service":"sepp-svc1", "egressRoutingMode":"IPv4", "dnsRecivedIpType":"IPv6"} 5.0`
Microservice	N32 Egress Gateway, PLMN Egress Gateway
Type	Counter
Dimensions	service egressRoutingMode dnsReceivedIpType

5.1.28.2.17 oc_egressgateway_global_ratelimit_dropped_message_total

Table 5-175 oc_egressgateway_global_ratelimit_dropped_message_total

Field	Details
Metric Details	This depicts the total requests dropped when the traffic exceeds configured rate limiting values.
Microservice	N32 Egress Gateway, PLMN Egress Gateway
Type	Counter
Dimensions	Method Scheme

5.2 SEPP KPIs

This section provides information about the SEPP KPIs.

5.2.1 N32C Handshake Procedure KPIs

5.2.1.1 cn32c Handshake Requests Per Remote SEPP

Table 5-176 cn32c Handshake Requests Per Remote SEPP

Field	Details
KPI Detail	Measures the cn32c handshake requests per remote SEPP.
Metric Used for KPI	"sum(ocsepp_cn32c_handshake_requests_total{namespace=~\"$Namespace\"})by(peer_domain, peer_fqdn, peer_plmn_id , remote_sepp_name)"
Service Operation	n32c Handshake Request
Response Code	NA

5.2.1.2 cn32c Handshake Success Rate

Table 5-177 cn32c Handshake Success Rate

Field	Details
KPI Detail	Measures the cn32c handshake success rate.
Metric Used for KPI	(sum(ocsepp_cn32c_handshake_response_total{namespace=~"$Namespace",responseCode="200 OK"})/sum(ocsepp_cn32c_handshake_requests_total{namespace=~"$Namespace"}))*100
Service Operation	n32c handshake success rate
Response Code	200 OK

5.2.1.3 cn32c Handshake Response Per Remote SEPP

Table 5-178 cn32c Handshake Response Per Remote SEPP

Field	Details
KPI Detail	Measures the cn32c handshake response per remote SEPP.
Metric Used for KPI	"sum(ocsepp_cn32c_handshake_response_total{namespace=~\"$Namespace\"})by(peer_domain, peer_fqdn, peer_plmn_id, remote_sepp_name)"
Service Operation	n32c Handshake
Response Code	All

5.2.1.4 cn32c Handshake Failure Per Remote SEPP

Table 5-179 cn32c Handshake Failure Per Remote SEPP

Field	Details
KPI Detail	Measures the cn32c handshake failure per remote SEPP
Metric Used for KPI	"sum(ocsepp_n32c_handshake_failure_attempts_total{namespace=~\"$Namespace\",app=\"cn32c-svc\"})by(peer_domain, peer_fqdn, peer_plmn_id, remote_sepp_name)"
Service Operation	n32c Handshake
Response Code	4xx and 5xx

5.2.1.5 pn32c Handshake Requests Total Per Remote SEPP

Table 5-180 pn32c Handshake Requests Total Per Remote SEPP

Field	Details
KPI Detail	Measures the pn32c handshake requests total per remote SEPP
Metric Used for KPI	"sum(ocsepp_pn32c_handshake_requests_total{namespace=~\"$Namespace\"})by(peer_domain, peer_fqdn, peer_plmn_id, remote_sepp_name)"
Service Operation	n32c Handshake
Response Code	All

5.2.1.6 pn32c Handshake Response Total Per Remote SEPP

Table 5-181 pn32c Handshake Response Total Per Remote SEPP

Field	Details
KPI Detail	Measures the pn32c handshake response total per remote SEPP
Metric Used for KPI	"sum(ocsepp_pn32c_handshake_response_total{namespace=~\"$Namespace\"})by(peer_domain, peer_fqdn, peer_plmn_id, remote_sepp_name)"
Service Operation	n32c Handshake
Response Code	All

5.2.1.7 pn32c Handshake Success rate

Table 5-182 pn32c Handshake Success rate

Field	Details
KPI Detail	Measures the pn32c handshake success rate.
Metric Used for KPI	(sum(ocsepp_pn32c_handshake_response_total{namespace=~"$Namespace",responseCode="200 OK"})/sum(ocsepp_pn32c_handshake_requests_total{namespace=~"$Namespace"}))*100
Service Operation	n32c Handshake
Response Code	200

5.2.1.8 pn32c Handshake Failure Per Remote SEPP

Table 5-183 pn32c Handshake Failure Per Remote SEPP

Field	Details
KPI Detail	Measures the pn32c handshake failure total
Metric Used for KPI	sum(ocsepp_n32c_handshake_failure_attempts_total{namespace=~"$Namespace",app="pn32c-svc"})by(peer_domain, peer_fqdn, peer_plmn_id)
Service Operation	n32c Handshake
Response Code	4xx and 5xx

5.2.2 SEPP Common KPIs

5.2.2.1 Memory Usage per POD

Table 5-184 Memory Usage per POD

Field	Details
KPI Detail	Measures the memory usage per POD
Metric Used for KPI	sum(container_memory_usage_bytes{namespace=~"$Namespace",image!=""}/(102410241024)) by (pod)
Service Operation	NA
Response Code	NA

5.2.2.2 CPU Usage per POD

Table 5-185 CPU Usage per POD

Field	Details
KPI Detail	Measures the CPU usage per POD
Metric Used for KPI	sum(rate(container_cpu_usage_seconds_total{namespace=~"$Namespace",image!=""}[2m])) by (pod) * 1000
Service Operation	N/A
Response Code	N/A

5.2.2.3 Total Ingress gateway requests

Table 5-186 Total Ingress gateway requests

Field	Details
KPI Detail	Measures the total Ingress gateway requests
Metric Used for KPI	sum((oc_ingressgateway_http_requests_total{namespace=~"$Namespace"}))by(app,HttpVersion,Direction)

5.2.2.4 Total Egress gateway requests

Table 5-187 Total Egress gateway requests

Field	Details
KPI Detail	Measures the total egress gateway requests
Metric Used for KPI	sum((oc_egressgateway_http_requests_total{namespace=~"$Namespace"}))by(app,HttpVersion,Direction)

5.2.2.5 Total Ingress gateway responses

Table 5-188 Total Ingress gateway responses

Field	Details
KPI Detail	Measures the total Ingress gateway responses
Metric Used for KPI	sum((oc_ingressgateway_http_responses_total{namespace=~"$Namespace"}))by(app,HttpVersion,Direction)

5.2.2.6 Total Egress gateway responses

Table 5-189 Total Egress gateway responses

Field	Details
KPI Detail	Measures the total Egress gateway responses
Metric Used for KPI	sum((oc_egressgateway_http_responses_total{namespace=~"$Namespace"}))by(app,HttpVersion,Direction)

5.2.2.7 IGW Processing Time (ms)

Table 5-190 IGW Processing Time (ms)

Field	Details
KPI Detail	Measures the IGW Processing Time
Metric Used for KPI	sum(irate(oc_ingressgateway_request_latency_seconds_sum{namespace=~"$Namespace"}[2m])) by(Method,app) /sum(irate(oc_ingressgateway_request_latency_seconds_count{namespace=~"$Namespace"}[2m])) by(Method,app)

5.2.2.8 PercentageDiscard

Table 5-191 PercentageDiscard

Field

Details

KPI Detail

Measures the number of Discard requests for Percentage based scheme

Metric Used for KPI

oc_ingressgateway_route_overloadcontrol_discard_total

sum(irate(oc_ingressgateway_route_overloadcontrol_discard_total{DiscardAction="PercentageBased",Status="DISCARDED",namespace="$Namespace",}[2m]))

5.2.2.9 PriorityDiscard

Table 5-192 PriorityDiscard

Field

Details

KPI Detail

Measures the number of Discard requests for Priority based scheme

Metric Used for KPI

oc_ingressgateway_route_overloadcontrol_discard_total

sum(irate(oc_ingressgateway_route_overloadcontrol_discard_total{DiscardAction="PriorityBased",Status="DISCARDED",namespace="$Namespace",}[2m]))

5.2.3 CN32F Common KPIs

5.2.3.1 cn32f Routing Success Rate

Table 5-193 cn32f Routing Success Rate

Field	Details
KPI Detail	Measures the cn32f routing success rate.
Metric Used for KPI	(sum(ocsepp_cn32f_response_total{namespace=~"$Namespace"})/sum(ocsepp_cn32f_requests_total{namespace=~"$Namespace"}))*100
Service Operation	n32f message forward
Response Code	All

5.2.3.2 Total cn32f Requests

Table 5-194 Total cn32f Requests

Field	Details
KPI Detail	Measures the cn32f requests rate per remote SEPP.
Metric Used for KPI	sum((ocsepp_cn32f_requests_total{namespace=~"$Namespace", direction="egress"}))by(PEER_DOMAIN, PEER_FQDN, PLMN_ID)
Service Operation	n32f message forward
Response Code	All

5.2.3.3 cn32f Processing Time (ms)

Table 5-195 cn32f Processing Time (ms)

Field	Details
KPI Detail	Measures the cn32f processing time (ms)
Metric Used for KPI	sum(irate(ocsepp_cn32f_latency_seconds_sum{namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name) /sum(irate(ocsepp_cn32f_latency_seconds_count{namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name)
Service Operation	n32f message forward
Response Code	All

5.2.3.4 Total cn32f Responses

Table 5-196 Total cn32f Responses

Field	Details
KPI Detail	Measures the cn32f response rate per remote SEPP
Metric Used for KPI	sum((ocsepp_cn32f_response_total{namespace=~"$Namespace", direction="egress"})) by(PEER_DOMAIN, PEER_FQDN, PLMN_ID)
Service Operation	n32f message forward
Response Code	All

5.2.3.5 cn32f Failures

Table 5-197 cn32f Failures

Field	Details
KPI Detail	Measures the total cn32f request failures.
Metric Used for KPI	sum(ocsepp_cn32f_requests_failure_total{namespace=~"$Namespace"}) by (PEER_DOMAIN, PEER_FQDN, PLMN_ID, statusCode)
Service Operation	n32f message forward
Response Code	5xxx

5.2.4 PN32F Common KPIs

5.2.4.1 Total pn32f Requests

Table 5-198 Total pn32f Requests

Field	Details
KPI Detail	Measures the total pn32f requests
Metric Used for KPI	sum((ocsepp_pn32f_requests_total{namespace=~"$Namespace", direction="egress"}))by(PEER_DOMAIN, PEER_FQDN, PLMN_ID)
Service Operation	n32f message forward
Response Code	All

5.2.4.2 Total pn32f Responses

Table 5-199 Total pn32f Responses

Field	Details
KPI Detail	Measures the pn32f response rate per remote SEPP.
Metric Used for KPI	sum((ocsepp_pn32f_responses_total{namespace=~"$Namespace", direction="egress"})) by(PEER_DOMAIN, PEER_FQDN, PLMN_ID)
Service Operation	n32f message forward
Response Code	All

5.2.4.3 pn32f Processing Time (ms)

Table 5-200 pn32f Processing Time (ms)

Field	Details
KPI Detail	Measures the pn32f processing time in milli seconds
Metric Used for KPI	sum(irate(ocsepp_pn32f_latency_seconds_sum{namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name) /sum(irate(ocsepp_pn32f_latency_seconds_count{namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name)
Service Operation	n32f message forward
Response Code	All

5.2.4.4 pn32f Failures

Table 5-201 pn32f Failures

Field	Details
KPI Detail	Measures the pn32f request failures in total
Metric Used for KPI	sum(ocsepp_pn32f_requests_failure_total{namespace=~"$Namespace"}) by (PEER_DOMAIN, PEER_FQDN, PLMN_ID)
Service Operation	n32f message forward
Response Code	4xx and 5xx

5.2.4.5 pn32f Routing Success Rate

Table 5-202 pn32f Routing Success Rate

Field	Details
KPI Detail	Measures the pn32f routing success rate
Metric Used for KPI	(sum(ocsepp_pn32f_responses_total{namespace=~"$Namespace"})/sum(ocsepp_pn32f_requests_total{namespace=~"$Namespace"}))*100
Service Operation	n32f message forward
Response Code	All

5.2.5 Global Rate Limiting Feature KPIs

5.2.5.1 PLMN IGW Global Rate limit Traffic Rejected

Table 5-203 PLMN IGW Global Rate limit Traffic Rejected

Field

Details

KPI Detail

Measures the PLMN IGW Global rate limit traffic rejected

Metric Used for KPI

sum(irate(oc_ingressgateway_global_ratelimit_total{namespace=~"$Namespace",app="plmn-ingress-gateway", Status="dropped"}[2m]))

No. of messages rejected for traffic initiated from producer side

5.2.5.2 N32 IGW Global Rate limit Traffic Rejected

Table 5-204 N32 IGW Global Rate limit Traffic Rejected

Field

Details

KPI Detail

Measures the N32 IGW Global rate limit traffic rejected

Metric Used for KPI

sum(irate(oc_ingressgateway_global_ratelimit_total{namespace=~"$Namespace",app="n32-ingress-gateway", Status="dropped"}[2m]))

No. of messages rejected for traffic initiated from consumer side

5.2.6 Topology Hiding KPIs

5.2.6.1 CN32F Topology Egress Request Processing Time(ms)

Table 5-205 CN32F Topology Egress Request Processing Time(ms)

Field	Details
KPI Detail	Measures the cn32f topology Egress request processing time
Metric Used for KPI	sum(irate(ocsepp_topology_latency_seconds_sum{app="cn32f-svc",direction="egress",message_type="request",namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name) /sum(irate(ocsepp_topology_latency_seconds_count{app="cn32f-svc",direction="egress",message_type="request",namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name)
Service Operation	n32f message forward
Response Code	NA

5.2.6.2 CN32F Topology Ingress Response Processing Time

Table 5-206 CN32F Topology Ingress Response Processing Time

Field	Details
KPI Detail	Measures the cn32f topology Egress response processing time
Metric Used for KPI	sum(irate(ocsepp_topology_latency_seconds_sum{app="cn32f-svc",direction="ingress",message_type="response",namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name) /sum(irate(ocsepp_topology_latency_seconds_count{app="cn32f-svc",direction="ingress",message_type="response",namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name)
Service Operation	n32f message forward
Response Code	NA

5.2.6.3 CN32F Topology Hiding Success

Table 5-207 CN32F Topology Hiding Success

Field	Details
KPI Detail	Measures the n32f topology success by messages
Metric Used for KPI	sum(ocsepp_topology_success_total{app="cn32f-svc", namespace=~"$Namespace"})
Service Operation	n32f message forward
Response Code	NA

5.2.6.4 N32F Topology Success by headers

Table 5-208 N32F N32F Topology Success by headers

Field	Details
KPI Detail	Measures N32F Topology success by headers
Metric Used for KPI	sum(ocsepp_topology_header_success_total{app="cn32f-svc"}) by(header) Note : Update label app to "app=pn32f-svc" for PN32F microservice.
Service Operation	n32f message forward
Response Code	NA

5.2.6.5 CN32F Topology Hiding Missing Regex Configuration

Table 5-209 CN32F Topology Hiding Missing Regex Configuration

Field	Details
KPI Detail	Measures the cn32f topology hiding missing regex configuration
Metric Used for KPI	sum(ocsepp_topology_header_regex_not_configured_total{app="cn32f-svc", namespace=~"$Namespace"}) by(error_msg)
Service Operation	n32f message forward
Response Code	NA

5.2.6.6 CN32F Topology Hiding Invalid Header Regex

Table 5-210 CN32F Topology Hiding Invalid Header Regex

Field	Details
KPI Detail	Measures the cn32f topology hiding invalid header regex
Metric Used for KPI	sum(ocsepp_topology_invalid_header_regex_configured_total{app="cn32f-svc", namespace=~"$Namespace"}) by(error_msg)
Service Operation	n32f message forward
Response Code	NA

5.2.6.7 PN32F Topology Ingress Request Processing Time(ms)

Table 5-211 PN32F Topology Ingress Request Processing Time(ms)

Field	Details
KPI Detail	Measures the pn32f topology Ingress request processing time
Metric Used for KPI	sum(irate(ocsepp_topology_latency_seconds_sum{app="pn32f-svc",direction="ingress",message_type="request",namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name) /sum(irate(ocsepp_topology_latency_seconds_count{app="pn32f-svc",direction="ingress",message_type="request",namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name)
Service Operation	n32f message forward
Response Code	NA

5.2.6.8 PN32F Topology Egress Response Processing Time(ms)

Table 5-212 PN32F Topology Egress Response Processing Time(ms)

Field	Details
KPI Detail	Measures the pn32f topology Egress response processing time
Metric Used for KPI	sum(irate(ocsepp_topology_latency_seconds_sum{app="pn32f-svc",direction="egress",message_type="response",namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name) /sum(irate(ocsepp_topology_latency_seconds_count{app="pn32f-svc",direction="egress",message_type="response",namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name)
Service Operation	n32f message forward
Response Code	NA

5.2.6.9 PN32F Topology Hiding Invalid Header Regex

Table 5-213 PN32F Topology Hiding Invalid Header Regex

Field	Details
KPI Detail	Measures the pn32f topology hiding invalid header Regex
Metric Used for KPI	sum(ocsepp_topology_invalid_header_regex_configured_total{app="pn32f-svc", namespace=~"$Namespace"}) by(error_msg)
Service Operation	n32f message forward
Response Code	NA

5.2.6.10 PN32F Topology Hiding Missing Regex Configuration

Table 5-214 PN32F Topology Hiding Missing Regex Configuration

Field	Details
KPI Detail	Measures the pn32f topology hiding missing Regex configuration
Metric Used for KPI	sum(ocsepp_topology_header_regex_not_configured_total{app="pn32f-svc", namespace=~"$Namespace"}) by(error_msg)
Service Operation	n32f message forward
Response Code	NA

5.2.6.11 PN32F Topology Hiding Success

Table 5-215 PN32F Topology Hiding Success

Field	Details
KPI Detail	Measures the pn32f topology hiding success
Metric Used for KPI	sum(ocsepp_topology_success_total{app="pn32f-svc", namespace=~"$Namespace"})
Service Operation	n32f message forward
Response Code	NA

5.2.7 5G SBI Message Mediation Support KPIs

5.2.7.1 Mediation Requests Counters - N32 Egress Request

Table 5-216 Mediation Requests Counters - N32 Egress Request

Field	Details
KPI Detail	Measures the Mediation Requests Counters for N32 Egress Request
Metric Used for KPI	sum(ocsepp_n32f_mediation_requests_total{direction="N32_Egress_Request", namespace=~"$Namespace"})

5.2.7.2 Mediation Requests Counters - N32 Ingress Response

Table 5-217 Mediation Requests Counters - N32 Ingress Response

Field	Details
KPI Detail	Measures the Mediation Requests Counters for N32 Ingress Response
Metric Used for KPI	sum(ocsepp_n32f_mediation_requests_total{direction="N32_Ingress_Response", namespace=~"$Namespace"})

5.2.7.3 Mediation Requests Counters - N32 Ingress Request

Table 5-218 Mediation Requests Counters - N32 Ingress Request

Field	Details
KPI Detail	Measures the Mediation Requests Counters for N32 Ingress Request
Metric Used for KPI	sum(ocsepp_n32f_mediation_requests_total{direction="N32_Ingress_Request", namespace=~"$Namespace"})

5.2.7.4 Mediation Requests Counters - N32 Egress Response

Table 5-219 Mediation Requests Counters - N32 Egress Response

Field	Details
KPI Detail	Measures the Mediation Requests Counters for N32 Egress Response
Metric Used for KPI	sum(ocsepp_n32f_mediation_requests_total{direction="N32_Egress_Response", namespace=~"$Namespace"})

5.2.7.5 Mediation Response Counters - N32 Egress Request

Table 5-220 Mediation Response Counters - N32 Egress Request

Field	Details
KPI Detail	Measures the Mediation Response Counters for N32 Egress Request
Metric Used for KPI	sum(ocsepp_n32f_mediation_response_total{direction="N32_Egress_Request", namespace=~"$Namespace"})

5.2.7.6 Mediation Response Counters - N32 Ingress Response

Table 5-221 Mediation Response Counters - N32 Ingress Response

Field	Details
KPI Detail	Measures the Mediation Response Counters for N32 Ingress Response
Metric Used for KPI	sum(ocsepp_cn32f_mediation_response_total{direction="N32_Ingress_Response",namespace=~"$Namespace"})

5.2.7.7 Mediation Response Counters - N32 Ingress Request

Table 5-222 Mediation Response Counters - N32 Ingress Request

Field	Details
KPI Detail	Measures the Mediation Response Counters for N32 EIngress Request
Metric Used for KPI	sum(ocsepp_pn32f_mediation_response_total{direction="N32_Ingress_Request",namespace=~"$Namespace"})

5.2.7.8 Mediation Response Counters - N32 Egress Response

Table 5-223 Mediation Response Counters - N32 Egress Response

Field	Details
KPI Detail	Measures the Mediation Response Counters for N32 Egress Response
Metric Used for KPI	sum(ocsepp_pn32f_mediation_response_total{direction="N32_Egress_Response",namespace=~"$Namespace"})

5.2.7.9 Mediation Response Failure

Table 5-224 Mediation Response Failure

Field

Details

KPI Detail

Measures the Mediation Response Failure

Metric Used for KPI

sum(ocsepp_cn32f_mediation_response_failure{namespace=~"$Namespace"}) by (Direction, status_code)

sum(ocsepp_pn32f_mediation_response_failure{namespace=~"$Namespace"}) by (Direction, status_code)

5.2.7.10 Mediation Applied Total

Table 5-225 Mediation Applied Total

Field	Details
KPI Detail	Measures the Mediation Applied Total
Metric Used for KPI	(sum(ocsepp_n32f_mediation_requests_total{namespace=~"$Namespace"})*100)/(sum(ocsepp_n32f_mediation_not_applied_total{namespace=~"$Namespace"})+sum(ocsepp_n32f_mediation_requests_total{namespace=~"$Namespace"}))

5.2.7.11 Mediation Response Time At PN32F

Table 5-226 Mediation Response Time At PN32F

Field	Details
KPI Detail	Measures the Mediation Response Time at PN32F
Metric Used for KPI	sum(irate(ocsepp_pn32f_mediation_latency_seconds_sum{namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name) /sum(irate(ocsepp_pn32f_mediation_latency_seconds_count{namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name)

5.2.7.12 Mediation Response Time At CN32F

Table 5-227 Mediation Response Time At CN32F

Field	Details
KPI Detail	Measures the Mediation Response Time at CN32F
Metric Used for KPI	sum(irate(ocsepp_cn32f_mediation_latency_seconds_sum{namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name) /sum(irate(ocsepp_cn32f_mediation_latency_seconds_count{namespace=~"$Namespace"}[2m])) by(peer_fqdn,remote_sepp_name)

5.2.8 Ingress Gateway Message Copy KPIs

5.2.8.1 Total Requests Data sent towards DD for Ingress Gateway

Table 5-228 Total Requests Data sent towards DD for Ingress Gateway

Field	Details
KPI Detail	Measures the total requests data sent towards DD for Ingress Gateway.
Metric Used for KPI	sum(irate(oc_egressgateway_msgcopy_requests_total{namespace="$Namespace",type="req"}[2m])) by(app)

5.2.8.2 Total Ack received from DD for Requests for Ingress Gateway

Table 5-229 Total Ack received from DD for Requests for Ingress Gateway

Field	Details
KPI Detail	Measures the total Ack received from DD for requests for Ingress Gateway.
Metric Used for KPI	sum(irate(oc_egressgateway_msgcopy_requests_total{namespace="$Namespace",type="ack"}[2m])) by(app)

5.2.9 Egress Gateway Message Copy KPIs

5.2.9.1 Total Requests Data sent towards DD for Egress Gateway

Table 5-230 Total Requests Data sent towards DD for Egress Gateway

Field	Details
KPI Detail	Measures the total Requests Data sent towards DD for Egress Gateway.
Metric Used for KPI	sum(irate(oc_egressgateway_msgcopy_requests_total{namespace="$Namespace",type="req"}[2m])) by(app)

5.2.9.2 Total Ack received from DD for Requests for Egress Gateway

Table 5-231 Total Ack received from DD for Requests for Egress Gateway

Field	Details
KPI Detail	Measures the total acknowledgement received from DD on Egress Gateway.
Metric Used for KPI	sum(irate(oc_egressgateway_msgcopy_requests_total{namespace="$Namespace",type="ack"}[2m])) by(app)

5.2.10 Hosted SEPP KPIs

5.2.10.1 CN32F Allowed P-RSS Validation Failure Count

Table 5-232 CN32F Allowed P-RSS Validation Failure Count

Field	Details
KPI Detail	Measures the number of messages failed due to incorrect routing rules configured at cn32f microservice.
Metric Used for KPI	sum(ocsepp_allowed_p_rss_routing_failure_total{app="cn32f-svc", namespace=~"$Namespace"}) by (app)

5.2.10.2 PN32F Allowed P-RSS Validation Failure Count

Table 5-233 PN32F Allowed P-RSS Validation Failure Count

Field	Details
KPI Detail	Measures the number of messages failed due to incorrect routing rules configured at pn32f microservice
Metric Used for KPI	sum(ocsepp_allowed_p_rss_routing_failure_total{app="pn32f-svc", namespace=~"$Namespace"}) by (app)

5.2.11 SoR KPIs

5.2.11.1 Pn32f to SoR Request count total

Table 5-234 Pn32f to SoR Request count total

Field	Details
KPI Detail	Number of messages sent to SOR from SEPP
Metric Used for KPI	sum(ocsepp_pn32f_sor_requests_total{direction="egress", namespace=~"$Namespace"})

5.2.11.2 SoR to Pn32f Response count total

Table 5-235 SoR to Pn32f Response count total

Field	Details
KPI Detail	Number of responses received from SOR to SEPP
Metric Used for KPI	sum(ocsepp_pn32f_sor_responses_total{direction="ingress", namespace=~"$Namespace"})

5.2.12 Rate Limiting for Ingress Roaming Signaling per Remote SEPP Set KPIs

5.2.12.1 Average No of messages discarded for a particular RSS

Table 5-236 Average No of messages discarded for a particular RSS

Field	Details
KPI Detail	Measures the average number of messages discarded for a particular RSS.
Metric used for KPI	sum(irate(oc_ingressgateway_rss_ratelimit_total{namespace=“namespace”,Remote_SEPP_Set=“<Remote SEPP Set name>", Status=“dropped”}[2m]))

5.2.12.2 Average No of messages accepted for a particular RSS

Table 5-237 Average No of messages accepted for a particular RSS

Field	Details
KPI Detail	Measures the average number of messages accepted for a particular RSS.
Metric used for KPI	sum(irate(oc_ingressgateway_rss_ratelimit_total{namespace=“namespace”,Remote_SEPP_Set=“<Remote SEPP Set name>”, Status=“accepted”}[2m]))

5.2.12.3 Average No of messages for which feature not applied

Table 5-238 Average No of messages for which feature not applied

Field	Details
KPI Detail	Measures the average number of messages for which feature not applied.
Metric used for KPI	sum(irate(oc_ingressgateway_rss_ratelimit_total{namespace=“namespace”,Status=“ratelimit not applied”}[2m]))

5.2.12.4 Average of all messages by Status

Table 5-239 Average of all messages by Status

Field	Details
KPI Detail	Measures the average of all messages by Status
Metric used for KPI	sum(irate(oc_ingressgateway_rss_ratelimit_total{namespace=“namespace”}[2m])) by (Status)

5.2.12.5 List of Average number of messages dropped for all RSS

Table 5-240 List of Average number of messages dropped for all RSS

Field	Details
KPI Detail	Lists the average number of messages dropped for all RSS
Metric used for KPI	sum(irate(oc_ingressgateway_rss_ratelimit_total{namespace=“namespace”, Status=“dropped”}[2m])) by (Remote_SEPP_Set)

5.2.12.6 List of Average number of messages accepted for all RSS

Table 5-241 List of Average number of messages accepted for all RSS

Field	Details
KPI Detail	Lists the average number of messages accepted for all RSS
Metric used for KPI	sum(irate(oc_ingressgateway_rss_ratelimit_total{namespace=“namespace”, Status=“accepted”}[2m])) by (Remote_SEPP_Set)

5.2.13 Cat 0 - SBI Message Schema Validation KPIs

5.2.13.1 Message validation applied requests on cn32f

Table 5-242 Message validation applied requests on cn32f

Field	Details
KPI Detail	Measures the total number of requests at CN32F on which message validation has been applied by request path.
Metric Used for KPI	sum(ocsepp_message_validation_applied_total{namespace=~"$Namespace",app="cn32f-svc"}) by (requestPath)

5.2.13.2 Cn32f message validation failure on request body

Table 5-243 Cn32f message validation failure on request body

Field	Details
KPI Detail	Measures the total number of message validation failure(s) on request body by request path.
Metric Used for KPI	sum(ocsepp_message_validation_on_body_failure_total{namespace=~"$Namespace",app="cn32f-svc"}) by (request_path)

5.2.13.3 Cn32f message validation failures on request query parameter(s)

Table 5-244 Cn32f message validation failures on request query parameter(s)

Field	Details
KPI Detail	Measures the total number of message validation failures on request query parameter(s) by request path.
Metric Used for KPI	sum(ocsepp_message_validation_on_header_failure_total{namespace=~"$Namespace",app="cn32f-svc"}) by (request_path)

5.2.13.4 Message validation applied requests on pn32f

Table 5-245 Message validation applied requests on pn32f

Field	Details
KPI Detail	Measures the total number of requests at pn32f on which message validation has been applied by request path.
Metric Used for KPI	sum(ocsepp_message_validation_applied_total{namespace=~"$Namespace",app="pn32f-svc"}) by (requestPath)

5.2.13.5 Pn32f message validation failure on request body

Table 5-246 Pn32f message validation failure on request body

Field	Details
KPI Detail	Measures the total number of message validation failure(s) on request body by request path.
Metric Used for KPI	sum(ocsepp_message_validation_on_body_failure_total{namespace=~"$Namespace",app="pn32f-svc"}) by (request_path)

5.2.13.6 Pn32f message validation failures on request query parameter(s)

Table 5-247 Pn32f message validation failures on request query parameter(s)

Field	Details
KPI Detail	Measures the total number of message validation failures on request query parameter(s) by request path.
Metric Used for KPI	sum(ocsepp_message_validation_on_header_failure_total{namespace=~"$Namespace",app="pn32f-svc"}) by (request_path)

5.2.14 Rate Limiting for Egress Roaming Signaling per PLMN KPIs

5.2.14.1 Average Number of Messages Rejected for a Particular PLMN

Table 5-248 Average Number of Messages Rejected for a Particular PLMN

Field	Details
KPI Detail	Measures the average number of messages rejected for a particular PLMN
Metric used for KPI	sum(rate(oc_ingressgateway_plmn_egress_ratelimit_total{namespace=“namespace”,PLMN_ID="PLMN ID", Status="ERL_MATCH_NO_TOKEN_LOW_PRI_REJECT"}[2m]))

5.2.14.2 Average Number of Messages Accepted for a Particular PLMN

Table 5-249 Average Number of Messages Accepted for a Particular PLMN

Field	Details
KPI Detail	Measures the average number of messages accepted for a particular PLMN
Metric used for KPI	sum(rate(oc_ingressgateway_plmn_egress_ratelimit_total{namespace=“namespace”,PLMN_ID="PLMN ID", Status=~"ERL_MATCH_TOKEN_AVAILABLE_FWD\|ERL_MATCH_NO_TOKEN_HIGH_PRI_FWD"}[2m])

5.2.14.3 Average Number of Messages for which Feature not Applied

Table 5-250 Average Number of Messages for which Feature not Applied

Field	Details
KPI Detail	Measures the average number of messages for which feature not applied
Metric used for KPI	sum(rate(oc_ingressgateway_plmn_egress_ratelimit_total{namespace=“namespace”,Status!~"ERL_MATCH_TOKEN_AVAILABLE_FWD\|ERL_MATCH_NO_TOKEN_HIGH_PRI_FWD\|ERL_MATCH_NO_TOKEN_LOW_PRI_REJECT"}[2m]))

5.2.14.4 Average of all Messages by Status

Table 5-251 Average of all Messages by Status

Field	Details
KPI Detail	Measures the average of all messages by status
Metric used for KPI	sum(rate(oc_ingressgateway_plmn_egress_ratelimit_total{namespace=“namespace”}[2m])) by (Status)

5.2.14.5 Average Number of Messages Rejected per PLMN

Table 5-252 Average Number of Messages Rejected per PLMN

Field	Details
KPI Detail	Measures the average number of messages rejected per PLMN
Metric used for KPI	sum(rate(oc_ingressgateway_plmn_egress_ratelimit_total{namespace="namespace", Status="ERL_MATCH_NO_TOKEN_LOW_PRI_REJECT"}[2m])) by (PLMN_ID)

5.2.14.6 Average Number of Messages Accepted per PLMN

Table 5-253 Average Number of Messages Accepted per PLMN

Field	Details
KPI Detail	Measures the average number of messages accepted per PLMN
Metric used for KPI	sum(rate(oc_ingressgateway_plmn_egress_ratelimit_total{namespace="namespace", Status=~"ERL_MATCH_TOKEN_AVAILABLE_FWD\|ERL_MATCH_NO_TOKEN_HIGH_PRI_FWD"}[2m])) by (PLMN_ID)

5.2.15 Integrating SEPP with 5G Network Intelligence Fabric (5G NIF) Feature KPIs

5.2.15.1 Discovery Requests Sent Towards NRF for NIF

Table 5-254 Discovery Requests Sent Towards NRF for NIF

Field	Details
KPI Detail	sum(irate(ocsepp_nif_requests_total{namespace="seppsvc"}[2m]))
Metric Used for KPI	ocsepp_nif_requests_total
Service Operation	Discovery requests sent towards NRF for NIF.
Response Code	NA

5.2.15.2 Response Received from NRF for NIF Discovery

Table 5-255 Response Received from NRF for NIF Discovery

Field	Details
KPI Detail	sum(irate(ocsepp_nif_responses_total{namespace="seppsvc"}[2m]))
Metric Used for KPI	ocsepp_nif_responses_total
Service Operation	Total Response received from NRF for NIF Discovery.
Response Code	NA

5.2.15.3 Rejected Message Copied towards NIF

Table 5-256 Rejected Message Copied towards NIF

Field	Details
KPI Detail	sum(irate(ocsepp_pn32f_nif_error_copy_requests_total{namespace="seppsvc"}[2m]))
Metric Used for KPI	ocsepp_pn32f_nif_error_copy_requests_total
Service Operation	Total messages copied towards NIF.
Response Code	NA

5.2.15.4 Responses Received from NIF for Copied Messages

Table 5-257 Responses Received from NIF for Copied Messages

Field	Details
KPI Detail	sum(irate(ocsepp_pn32f_nif_error_copy_responses_total{namespace="seppsvc"}[2m])) by (status_code)
Metric Used for KPI	ocsepp_pn32f_nif_error_copy_responses_total
Service Operation	Responses received from NIF for copied messages.
Response Code	NA

5.3 SEPP Alerts

This section provides information about the SEPP alerts and their configuration.

Note:

For CNE1.8.4 or earlier versions:

namespace: {{$labels.kubernetes_namespace}}
podname: {{$labels.kubernetes_pod_name}}

For CNE 1.9.x or later versions:

namespace: {{$labels.namespace}}
podname: {{$labels.pod}}

5.3.1 System Level Alerts

5.3.1.1 SEPPPodMemoryUsageAlert

Table 5-258 SEPPPodMemoryUsageAlert

Field	Details
Trigger Condition	Pod memory usage is above the threshold (70% )
Severity	Warning
Alert details provided	Summary 'namespace: {{$labels.namespace}}, podname: {{$labels.pod}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}: Memory usage is {{ $value \| printf "%.2f" }} which is above 70% (current value is: {{ $value }})' Expression: (sum by(namespace,container,pod) (container_memory_usage_bytes{container=~".cn32c-svc.\|.pn32c-svc.\|.cn32f-svc.\|.pn32f-svc.\|.config-mgr-svc.\|.n32-egress-gateway.\|.n32-ingress-gateway.\|.plmn-egress-gateway.\|.plmn-ingress-gateway.\|.nf-mediation."})) / (sum by (namespace,container,pod)(kube_pod_container_resource_limits{resource="memory",container=~".cn32c-svc.\|.pn32c-svc.\|.cn32f-svc.\|.pn32f-svc.\|.config-mgr-svc.\|.n32-egress-gateway.\|.n32-ingress-gateway.\|.plmn-egress-gateway.\|.plmn-ingress-gateway.\|.nf-mediation."}) ) * 100 >= 70
OID	1.3.6.1.4.1.323.5.3.46.1.2.4003
Metric Used	kube_pod_container_resource_limits Note: This is a Kubernetes metric used for instance availability monitoring. If the metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert gets cleared when the memory utilization falls below the critical threshold. Note: The threshold is configurable in the SeppAlertrules.yaml file. If guidance is required, contact My Oracle Support.

5.3.1.2 SEPPPodCpuUsageAlert

Table 5-259 SEPPPodCpuUsageAlert

Field	Details
Trigger Condition	Pod CPU usage is above the threshold ( 70% )
Severity	Warning
Alert details provided	Summary 'namespace: {{$labels.namespace}}, podname: {{$labels.pod}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}: CPU usage is {{ $value \| printf "%.2f" }} which is usage is above 70% (current value is: {{ $value }})' Expression: (sum by (namespace,container) (rate(container_cpu_usage_seconds_total{container=~".cn32c-svc.\|.pn32c-svc.\|.cn32f-svc.\|.pn32f-svc.\|.config-mgr-svc.\|.n32-egress-gateway.\|.n32-ingress-gateway.\|.plmn-egress-gateway.\|.plmn-ingress-gateway.\|.nf-mediation."}[2m])) ) / (sum by (container, namespace) (kube_pod_container_resource_limits{resource="cpu",container=~".cn32c-svc.\|.pn32c-svc.\|.cn32f-svc.\|.pn32f-svc.\|.config-mgr-svc.\|.n32-egress-gateway.\|.n32-ingress-gateway.\|.plmn-egress-gateway.\|.plmn-ingress-gateway.\|.nf-mediation."}) ) * 100 >= 70
OID	1.3.6.1.4.1.323.5.3.46.1.2.4002
Metric Used	container_cpu_usage_seconds_total Note : This is a Kubernetes metric used for instance availability monitoring. If the metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert gets cleared when the CPU utilization is below the critical threshold. Note: The threshold is configurable in the SeppAlertrules.yaml file. If guidance is required, contact My Oracle Support.

5.3.1.3 ocseppPodsRestart

Table 5-260 ocseppPodsRestart

Field	Description
Trigger Condition	Triggered when a pod belonging to any of the SEPP services in a namespace has been restarted.
Severity	Major
Alert Details Provided	Summary 'kubernetes_namespace: {{$labels.namespace}}, podname: {{$labels.pod}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : A Pod has restarted' Expression `increase(kube_pod_container_status_restarts_total{namespace="sepp-namespace"}[2m]) > 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4071
Metric Name	kube_pod_container_status_restarts_total Note: This is a Kubernetes metric. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared automatically if the specific pod is up. Steps: Refer to the application logs on Kibana and filter based on the pod name. Check for database related failures such as connectivity, Kubernetes secrets, and so on. Run the following command to check orchestration logs for liveness or readiness probe failures: `kubectl get po -n <namespace>` Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <desired full pod name> -n <namespace>` Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.4 ocseppAppinfoServiceDown

Table 5-261 ocseppAppinfoServiceDown

Field	Description
Trigger Condition	Triggered when appinfo services is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="appinfo",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="appinfo",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4072
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the appinfo services is available. Steps: Run the following command to check the orchestration log of appinfoservice and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.5 ocseppCn32cServiceDown

Table 5-262 ocseppCn32cServiceDown

Field	Description
Trigger Condition	Triggered when cn32c-svc service is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="cn32c-svc",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="cn32c-svc",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4073
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the cn32c-svc services are available. Steps: Run the following command to check the orchestration log of cn32c-svc and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.6 ocseppCn32fServiceDown

Table 5-263 ocseppCn32fServiceDown

Field	Description
Trigger Condition	Triggered when cn32f-svc service is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="cn32f-svc",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="cn32f-svc",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4074
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the cn32f-svc services are available. Steps: Run the following command to check the orchestration log of cn32f-svc and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.7 ocseppConfigMgrServiceDown

Table 5-264 ocseppConfigMgrServiceDown

Field	Description
Trigger Condition	Triggered when config-mgr-svc services is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="config-mgr-svc",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="config-mgr-svc",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4075
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the config-mgr-svc services are available. Steps: Run the following command to check the orchestration log of config-mgr-svc and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.8 ocseppN32EgwServiceDown

Table 5-265 ocseppN32EgwServiceDown

Field	Description
Trigger Condition	Triggered when n32-egress-gateway is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="n32-egress-gateway",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="n32-egress-gateway",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4076
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the n32-egress-gateway services are available. Steps: Run the following command to check the orchestration log of appinfoservice and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.9 ocseppN32IgwServiceDown

Table 5-266 ocseppN32IgwServiceDown

Field	Description
Trigger Condition	Triggered when n32-ingress-gateway is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="n32-ingress-gateway",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="n32-ingress-gateway",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4077
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the n32-egress-gateway services are available. Steps: Run the following command to check the orchestration log of n32-ingress-gateway and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.10 ocseppConfigserverServiceDown

Table 5-267 ocseppConfigserverServiceDown

Field	Description
Trigger Condition	Triggered when config-server(ocpm) service is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="config-server",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="config-server",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4078
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the config-server(ocpm) services are available. Steps: Run the following command to check the orchestration log of config-server(ocpm) and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.11 ocseppPerfinfoServiceDown

Table 5-268 ocseppPerfinfoServiceDown

Field	Description
Trigger Condition	Triggered when perf-info service is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="perf-info",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="perf-info",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4079
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the perf-info services are available. Steps: Run the following command to check the orchestration log of perf-info services and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.12 ocseppPlmnEgwServiceDown

Table 5-269 ocseppPlmnEgwServiceDown

Field	Description
Trigger Condition	Triggered when plmn-egress-gateway service is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="perf-info",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="perf-info",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4080
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the plmn-egress-gateway services are available. Steps: Run the following command to check the orchestration log of plmn-egress-gateway services and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.13 ocseppPlmnIgwServiceDown

Table 5-270 ocseppPlmnIgwServiceDown

Field	Description
Trigger Condition	Triggered when plmn-ingress-gateway service is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="plmn-ingress-gateway",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="plmn-ingress-gateway",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4081
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the plmn-ingress-gateway services are available. Steps: Run the following command to check the orchestration log of plmn-ingress-gateway services and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.14 ocseppPn32cServiceDown

Table 5-271 ocseppPn32cServiceDown

Field	Description
Trigger Condition	Triggered when pn32c-svc service is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="pn32c-svc",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="pn32c-svc",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4082
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the pn32c-svc services are available. Steps: Run the following command to check the orchestration log of pn32c-svc services and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.15 ocseppPn32fServiceDown

Table 5-272 ocseppPn32fServiceDown

Field	Description
Trigger Condition	Triggered when pn32f-svc service is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="pn32f-svc",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="pn32f-svc",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4083
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the pn32f-svc services are available. Steps: Run the following command to check the orchestration log of pn32f-svc services and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.16 ocseppNrfdiscServiceDown

Table 5-273 ocseppNrfdiscServiceDown

Field	Description
Trigger Condition	Triggered when nrf-client-nfdiscovery service is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="nrf-client-nfdiscovery",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="nrf-client-nfdiscovery",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4084
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the nrf-client-nfdiscovery services are available. Steps: Run the following command to check the orchestration log of nrf-client-nfdiscovery services and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.17 ocseppNrfmgmServiceDown

Table 5-274 ocseppNrfmgmServiceDown

Field	Description
Trigger Condition	Triggered when nrf-client-nfmanagement service is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="nrf-client-nfmanagement",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="nrf-client-nfmanagement",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4085
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the nrf-client-nfmanagement services are available. Steps: Run the following command to check the orchestration log of nrf-client-nfmanagement services and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.18 ocseppAlternrouteServiceDown

Table 5-275 ocseppAlternrouteServiceDown

Field	Description
Trigger Condition	Triggered when alternate-route service is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="alternate-route",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="alternate-route",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4086
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the appinfo services are available. Steps: Run the following command to check the orchestration log of appinfo services and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.19 ocseppMediationServiceDown

Table 5-276 ocseppMediationServiceDown

Field	Description
Trigger Condition	Triggered when nf-mediation service is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="nf-mediation",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="nf-mediation",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4087
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the nf-mediation services are available. Steps: Run the following command to check the orchestration log of nf-mediation services and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.20 ocseppCoherenceServiceDown

Table 5-277 ocseppCoherenceServiceDown

Field	Description
Trigger Condition	Triggered when coherence-svc service is unavailable.
Severity	Critical
Alert Details Provided	Summary 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : OCSEPP {{$labels.app_kubernetes_io_name}} service down' Expression `absent(up{app_kubernetes_io_name="coherence-svc",namespace="sepp-namespace"}) or sum by(namespace, app_kubernetes_io_name) (up{app_kubernetes_io_name="coherence-svc",namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4088
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared when the coherence-svc services are available. Steps: Run the following command to check the orchestration log of coherence-svc services and check for liveness or readiness probe failures: kubectl get po -n <namespace> Note the full name of the pod that is not running, and use it in the following command: `kubectl describe pod <specific desired full pod name> -n <namespace>` Refer to the application logs on Kibana and filter based on above service name. Check for ERROR and WARNING logs related to this service. Check the database status. For more information, see Oracle Communications Cloud Native Core, cnDBTier User Guide. Depending on the failure reason, take the resolution steps. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.1.21 ocseppNfStatusUnavailable

Table 5-278 ocseppNfStatusUnavailable

Field	Description
Trigger Condition	Triggered when all the SEPP services are unavailable, either because the SEPP is getting deployed or purged.
Severity	Critical
Alert Details Provided	Summary namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} : All OCSEPP services are unavailable.' Expression `absent(up{app_kubernetes_io_part_of="ocsepp",namespace="sepp-namespace"}) or sum(up{app_kubernetes_io_part_of="ocsepp", namespace="sepp-namespace"}) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4089
Metric Name	up Note: This is a Prometheus metric used for instance availability monitoring. If this metric is not available, use the similar metric as exposed by the monitoring system.
Resolution	The alert is cleared automatically when the SEPP services start becoming available. Steps: Check for service specific alerts which may be causing the issues with service exposure. Run the following command to check if the pod’s status is in “Running” state: kubectl –n <namespace> get pod If it is not in running state, capture the pod logs and events. Run the following command to fetch the events as follows: `kubectl get events --sort-by=.metadata.creationTimestamp -n <namespace>` Refer to the application logs on Kibana and check for database related failures such as connectivity, invalid secrets, and so on. The logs can be filtered based on the services. Run the following command to check Helm status and make sure there are no errors: `helm status <helm release name of the desired NF> -n <namespace>` If it is not in “STATUS: DEPLOYED”, then again capture logs and events. If the issue persists, capture all the outputs from the above steps and contact My Oracle Support.

5.3.2 Application Level Alerts

5.3.2.1 Common Alerts

5.3.2.1.1 SEPPN32fRoutingFailure

Table 5-279 SEPPN32fRoutingFailure

Field	Details
Trigger Condition	N32f service not able to forward message
Severity	Info
Alert details provided	Summary namespace: {{ $labels.namespace}}, podname: {{ $labels.pod}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} Expression: idelta(ocsepp_cn32f_requests_failure_total{namespace="sepp-namespace"}[2m]) > 0 or (ocsepp_cn32f_requests_failure_total{namespace="sepp-namespace"} unless ocsepp_cn32f_requests_failure_total{namespace="sepp-namespace"} offset 2m)
OID	1.3.6.1.4.1.323.5.3.46.1.2.4001
Metric Used	ocsepp_cn32f_requests_failure_total
Resolution	The alert gets cleared when Consumer SEPP accepts request only if producer NF domain and PLMN match the Remote SEPP configured. Steps: The failure reason is present in the alert. Possible Resolutions : Check whether the Remote SEPP is present in database. Validate the Remote SEPP PLMN which is configured. Validate the handshake is completed with the remote SEPP and context is present in database. Validate the producer NF Domain. Check whether the Remote SEPP Set for required Remote SEPP is present in the database. Check whether the N32F route is present in database (common_configuration table).

5.3.2.1.2 SEPPConfigMgrRouteFailureAlert

Table 5-280 SEPPConfigMgrRouteFailureAlert

Field	Details
Trigger Condition	When routing failure occurs while posting remote SEPP or roaming partner set, this alert will be raised.
Severity	Major
Alert Details Provided	Summary namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}: Route Failure has occurred because {{ $labels.http_error_message }} Expression sum(increase(ocsepp_configmgr_routefailure_total{app="config-mgr-svc"}[5m]) >0 or (ocsepp_configmgr_routefailure_total{app="config-mgr-svc"} unless ocsepp_configmgr_routefailure_total{app="config-mgr-svc"} offset 5m )) by (namespace,app,http_status,http_error_message) > 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4038
Metric Name	ocsepp_configmgr_routefailure_total
Resolution	The alert is cleared if no new failures are observed in 5 minutes window. Possible resolutions: Ensure that the correct Remote Partner Profile (RPP) profile has been used. Ensure that the correct Remote SEPP Set (RSS) profile has been used.

5.3.2.1.3 EgressSbiErrorRateAbove1Percent

Table 5-281 EgressSbiErrorRateAbove1Percent

Field	Details
Trigger Condition	Sbi Transaction Error Rate exceeded configured threshold
Severity	Major
Alert details provided	Summary "Sbi Transaction Error Rate detected above 1 Percent of Total Sbi Transactions" Expression sum(rate(oc_egressgateway_sbiRouting_http_responses_total{Status!~"2."}[5m])) by (app,pod, namespace) /sum(rate(oc_egressgateway_sbiRouting_http_responses_total[5m])) by (app,pod, namespace) 100 >= 1
OID	1.3.6.1.4.1.323.5.3.46.1.2.7001
Metric Used	oc_egressgateway_sbiRouting_http_responses_total
Resolution	This alert will be raised when the total SBI transaction error rate will be above 1% of the total transaction done during 5 minute time period. Metric will be cleared when the error rate will be below 1%.

5.3.2.1.4 ocseppNfProfileStatusInNRFDown

Table 5-282 ocseppNfProfileStatusInNRFDown

Field	Details
Trigger Condition	SEPP registration with configured NRF gets failed.
Severity	Critical
Alert details provided	Summary 'The OCSEPP NF profile status with the NRF is currently down' Expression nrfclient_nf_status_with_nrf{app_kubernetes_io_part_of="ocsepp",namespace="sepp-namespace"} != 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4090
Metric Used	nrfclient_nf_status_with_nrf
Resolution	The alert will be raised if the SEPP does not get registered in the configured NRF . The alert will be cleared when the SEPP status with NRF getsregistered.

Note:

This alert is not applicable for the Roaming Hub mode.

5.3.2.2 Handshake Alerts

5.3.2.2.1 SEPPCn32cHandshakeFailureAlert

Table 5-283 SEPPCn32cHandshakeFailureAlert

Field	Details
Trigger Condition	Handshake procedure has failed on Consumer SEPP
Severity	Major
Alert details provided	Summary 'namespace: {{ $labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}' Expression: sum(increase(ocsepp_n32c_handshake_failure_attempts_total{app="cn32c-svc",namespace="sepp-namespace"}[5m]) >0 or (ocsepp_n32c_handshake_failure_attempts_total{app="cn32c-svc",namespace="sepp-namespace"} unless ocsepp_n32c_handshake_failure_attempts_total{app="cn32c-svc",namespace="sepp-namespace"} offset 5m )) by (namespace,remote_sepp_name,nf_instance_id,peer_fqdn,app,container,reason)> 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.2001
Metric Used	ocsepp_n32c_handshake_failure_attempts_total filtered by app=cn32-svc
Resolution 1	The alert gets cleared when the N32C Handshake is established after successful TCP connection to remote SEPP. Failure reason: Release name used while helm installation is other than `ocsepp-release`. Error Verification: Check the failure reason in the alert. If the failure reason is 404 –route not found or Route not found, follow the recovery steps: Run the following command to get pod details: `$ kubectl get pods –n <namespace>` Example: # kubectl get pods -n csepp NAME READY STATUS RESTARTS AGE ocsepp-release-appinfo-6cdc48fc47-c9gfv 1/1 Running 0 8d ocsepp-release-cn32c-svc-6547db777d-76gwd 1/1 Running 0 8d ocsepp-release-cn32f-svc-7cd54bdf68-czbnb 1/1 Running 0 8d ocsepp-release-config-mgr-svc-79c95d4b9d-8stk7 1/1 Running 0 8d ocsepp-release-n32-egress-gateway-54c658b947-s5f9m 0/2 Pending 0 23h ocsepp-release-n32-egress-gateway-54c658b947-scvvp 2/2 Running 0 7d23h ocsepp-release-n32-ingress-gateway-777c68cb9-8jsdc 0/2 Pending 0 23h ocsepp-release-n32-ingress-gateway-777c68cb9-98t7x 0/2 Init:ImagePullBackOff 0 23h ocsepp-release-pn32c-svc-58bff857f-jmfdd 1/1 Running 0 8d ocsepp-release-pn32f-svc-784d5c7568-rh24g Run the following command to navigate to the pod: `$ kubectl exec –it <config-mgr-pod name> –n <namespace> bash` Example: `$ kubectl exec -it ocsepp-release-config-mgr-svc-79c95d4b9d-8stk7 -n csepp bash` Run the command to get the existing route details present on N32 Egress Gateway: `curl -X GET http://<config-manager-service-name>:9090/sepp/nf-common-component/v1/egw/n32/routesconfiguration` Example: `curl -X GET http://ocsepp-release-config-mgr-svc:9090/sepp/nf-common-component/v1/egw/n32/routesconfiguration` If this output is null, add the configuration details in `config-mgr-svc` deployment. For more information about the configuration details, see the Deployment Configuration for Config-mgr-svc section in Oracle Communications Cloud Native Core Security Edge Protection Proxy Installation Guide. After the `config-mgr-svc` pod is restarted, run the step1 to step3 again. After adding the configuration, rerun the curl command mentioned in step3 to get the route details. Delete and add the RemoteSepp and reinitiate the handshake. If the value is still null, contact My Oracle Support.
Resolution 2	The alert gets cleared when the N32C Handshake is established after successful TCP connection to remote SEPP. Steps: The failure reason is present in the alert. Possible Resolutions: Disable the Remote SEPP. Delete the Remote SEPP. Update and reinitiate Handshake.

5.3.2.2.2 SEPPPn32cHandshakeFailureAlert

Table 5-284 SEPPPn32cHandshakeFailureAlert

Field	Details
Trigger Condition	Handshake procedure has failed on Producer sepp
Severity	Major
Alert details provided	Summary 'namespace: {{$labels.namespace}}, podname: {{$labels.pod}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}: Handshake procedure has failed on Producer side because {{ $labels.error_msg }}' Expression: sum(increase(ocsepp_n32c_handshake_failure_attempts_total{app="pn32c-svc",namespace="sepp-namespace"}[5m]) >0 or (ocsepp_n32c_handshake_failure_attempts_total{app="pn32c-svc",namespace="sepp-namespace"} unless ocsepp_n32c_handshake_failure_attempts_total{app="pn32c-svc",namespace="sepp-namespace"} offset 5m )) by (namespace,remote_sepp_name,nf_instance_id,peer_fqdn,app,reason) > 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.3001
Metric Used	ocsepp_n32c_handshake_failure_attempts_total filtered by app=pn32-svc
Resolution	The alert gets cleared when the N32C Handshake is successful due to TCP connection success of Producer to consumer SEPP. Steps: The failure reason is present in the alert. Possible Resolution: Update and reinitiate the Handshake.

5.3.2.3 Upgrade Alerts

5.3.2.3.1 SEPPUpgradeStartedAlert

Table 5-285 SEPPUpgradeStartedAlert

Field	Details
Trigger Condition	Rest API trigger at start of Upgrade
Severity	NA
Alert details provided	applicationname alertname servicename releasename namespace oid severity vendor sourcerelease targetrelease
OID	1.3.6.1.4.1.323.5.3.46.1.2.8001
Metric Used	NA
Resolution	If a success alert is generated then start and failure alerts will be cleared.

5.3.2.3.2 SEPPUpgradeFailedAlert

Table 5-286 SEPPUpgradeFailedAlert

Field	Details
Trigger Condition	Rest API trigger at failure of Upgrade
Severity	NA
Alert details provided	applicationname alertname servicename releasename namespace oid severity vendor sourcerelease targetrelease
OID	1.3.6.1.4.1.323.5.3.46.1.2.8002
Metric Used	NA
Resolution	If a success alert is generated then start and failure alerts will be cleared. Possible resolutions: Check the pre or post upgrade logs in Kibana to analyze the cause of failure. Filter the upgrade logs using the pod name filter. Example: ocsepp-release-update-db. If the cause of upgrade failure is database or network connectivity issue, contact the system administrator. If the upgrade failure occurs during the preupgrade phase, resolve the issue, then perform an upgrade. Do not perform rollback because SEPP deployment remains in the source or older release. If the upgrade failure occurs during the postupgrade phase, for example, post upgrade hook failure due to target release pod not moving to ready state, then perform a rollback.

5.3.2.3.3 SEPPUpgradeSuccessfulAlert

Table 5-287 SEPPUpgradeSuccessfulAlert

Field	Details
Trigger Condition	Rest API trigger at success of Upgrade
Severity	NA
Alert details provided	applicationname alertname servicename releasename namespace oid severity vendor sourcerelease targetrelease
OID	1.3.6.1.4.1.323.5.3.46.1.2.8003
Metric Used	NA
Resolution	This is an information alert raised when software upgrade is successful. This alert will auto clear after the duration set in resolve_timeout value of AlertManager.

5.3.2.4 Rollback Alerts

5.3.2.4.1 SEPPRollbackStartedAlert

Table 5-288 SEPPRollbackStartedAlert

Field	Details
Trigger Condition	Rest API trigger at start of Rollback
Severity	NA
Alert details provided	applicationname alertname servicename releasename namespace oid severity vendor sourcerelease targetrelease
OID	1.3.6.1.4.1.323.5.3.46.1.2.8004
Metric Used	NA
Resolution	If a success alert is generated then start and failure alerts will be cleared.

5.3.2.4.2 SEPPRollbackFailedAlert

Table 5-289 SEPPRollbackFailedAlert

Field	Details
Trigger Condition	Rest API trigger at failure of Rollback
Severity	NA
Alert details provided	applicationname alertname servicename releasename namespace oid severity vendor sourcerelease targetrelease
OID	1.3.6.1.4.1.323.5.3.46.1.2.8005
Metric Used	NA
Resolution	If a success alert is generated then start and failure alerts will be cleared. Possible resolutions: Check the rollback logs in Kibana to analyze the cause of failure. Filter the rollback logs using the pod name filter. Example: ocsepp-release-update-db. If the cause of rollback failure is database or network connectivity issue, contact the system administrator.

5.3.2.4.3 SEPPRollbackSuccessfulAlert

Table 5-290 SEPPRollbackSuccessfulAlert

Field	Details
Trigger Condition	Rest API trigger at success of Rollback
Severity	NA
Alert details provided	applicationname alertname servicename releasename namespace oid severity vendor sourcerelease targetrelease
OID	1.3.6.1.4.1.323.5.3.46.1.2.8006
Metric Used	NA
Resolution	Cleared after DEFAULT_DURATION_FOR_ALERT_EXPIRY minutes

5.3.2.5 Global Rate Limiting on Ingress Gateway of SEPP Alerts

5.3.2.5.1 IngressGlobalMessageDropAbovePointOnePercent

Table 5-291 IngressGlobalMessageDropAbovePointOnePercent

Field	Details
Trigger Condition	Ingress Global Message Drop Rate detected greater than or equal to 0.1 Percent of Total Transactions.
Severity	Warning
Alert details provided	Summary "Ingress Global Message Drop Rate detected above 0.1 Percent of Total Transactions" Expression `sum(rate(oc_ingressgateway_global_ratelimit_total{namespace="sepp-namespace",Status="dropped"}[5m])) by (namespace,app)/sum(rate(oc_ingressgateway_global_ratelimit_total{namespace="sepp-namespace"}[5m])) by (namespace,app) *100 >= 0.1 < 1`
OID	1.3.6.1.4.1.323.5.3.46.1.2.7002
Metric Used	oc_ingressgateway_global_ratelimit_total
Resolution	The alert will be raised when the percentage of messages rejected for Global Rate Limit will be greater than or equal to 0.1% of the total messages received. This will get cleared once percentage of message rejected is below 0.1% or greater than or equal to 1%. Possible resolutions: If the message drop percentage is different from the expected value, verify the configuration. For all the configuration related information, refer 'Troubleshooting Steps for Rate Limiting Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.5.2 IngressGlobalMessageDropAbove1Percent

Table 5-292 IngressGlobalMessageDropAbove1Percent

Field	Details
Trigger Condition	Ingress Global Message Drop Rate detected greater than or equal to 1 Percent of Total Transactions.
Severity	Warning
Alert details provided	Summary "Ingress Global Message Drop Rate detected above 1 Percent of Total Transactions" Expression `sum(rate(oc_ingressgateway_global_ratelimit_total{namespace="sepp-namespace",Status="dropped"}[5m])) by (namespace,app)/sum(rate(oc_ingressgateway_global_ratelimit_total{namespace="sepp-namespace"}[5m])) by (namespace,app) *100 >= 1 < 10`
OID	1.3.6.1.4.1.323.5.3.46.1.2.7003
Metric Used	oc_ingressgateway_global_ratelimit_total
Resolution	The alert will be raised when the percentage of messages rejected for Global Rate Limit will be greater than or equal to 1% of the total messages received. This will get cleared once percentage of message rejected is below 1% greater than or equal to 10%. Possible resolutions: If the message drop percentage is different from the expected value, verify the configuration. For all the configuration related information, refer 'Troubleshooting Steps for Rate Limiting Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.5.3 IngressGlobalMessageDropAbove10Percent

Table 5-293 IngressGlobalMessageDropAbove10Percent

Field	Details
Trigger Condition	Ingress Global Message Drop Rate detected greater than or equal to 10 Percent of Total Transactions.
Severity	Minor
Alert details provided	Summary "Ingress Global Message Drop Rate detected above 10 Percent of Total Transactions" Expression `sum(rate(oc_ingressgateway_global_ratelimit_total{namespace="sepp-namespace",Status="dropped"}[5m])) by (namespace,app)/sum(rate(oc_ingressgateway_global_ratelimit_total{namespace="sepp-namespace"}[5m])) by (namespace,app) *100 >= 10 < 25`
OID	1.3.6.1.4.1.323.5.3.46.1.2.7004
Metric Used	oc_ingressgateway_global_ratelimit_total
Resolution	The alert will be raised when the percentage of messages rejected for Global Rate Limit will be greater than or equal to 10% of the total messages received. This will get cleared once percentage of message rejected is below 10% or greater than or equal to 25% . Possible resolutions: If the message drop percentage is different from the expected value, verify the configuration. For all the configuration related information, refer 'Troubleshooting Steps for Rate Limiting Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.5.4 IngressGlobalMessageDropAbove25Percent

Table 5-294 IngressGlobalMessageDropAbove25Percent

Field	Details
Trigger Condition	Ingress Global Message Drop Rate detected greater than or equal to 25 Percent of Total Transactions
Severity	Major
Alert details provided	Summary "Ingress Global Message Drop Rate detected above 25 Percent of Total Transactions" Expression `sum(rate(oc_ingressgateway_global_ratelimit_total{namespace="sepp-namespace",Status="dropped"}[5m])) by (namespace,app)/sum(rate(oc_ingressgateway_global_ratelimit_total{namespace="sepp-namespace"}[5m])) by (namespace,app) *100 >= 10 < 25`
OID	1.3.6.1.4.1.323.5.3.46.1.2.7005
Metric Used	oc_ingressgateway_global_ratelimit_total
Resolution	The alert will be raised when the percentage of messages rejected for Global Rate Limit will be greater than or equal to 25% of the total messages received.This will get cleared once percentage of message rejected is below 25% or greater than or equal to 50%. Possible resolutions: If the message drop percentage is different from the expected value, verify the configuration. For all the configuration related information, refer 'Troubleshooting Steps for Rate Limiting Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.5.5 IngressGlobalMessageDropAbove50Percent

Table 5-295 IngressGlobalMessageDropAbove50Percent

Field	Details
Trigger Condition	Ingress Global Message Drop Rate detected greater than or equal to 50 Percent of Total Transactions
Severity	Critical
Alert details provided	Summary "Ingress Global Message Drop Rate detected above 50 Percent of Total Transactions" Expression `sum(rate(oc_ingressgateway_global_ratelimit_total{namespace="sepp-namespace",Status="dropped"}[5m])) by (namespace,app)/sum(rate(oc_ingressgateway_global_ratelimit_total{namespace="sepp-namespace"}[5m])) by (namespace,app) *100 >= 50`
OID	1.3.6.1.4.1.323.5.3.46.1.2.7006
Metric Used	oc_ingressgateway_global_ratelimit_total
Resolution	The alert will be raised when the percentage of messages rejected for Global Rate Limit will be greater than or equal to 50% of the total messages received.This will get cleared once percentage of message rejected is below 50%. Possible resolutions: If the message drop percentage is different from the expected value, verify the configuration. For all the configuration related information, refer 'Troubleshooting Steps for Rate Limiting Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.6 Topology Hiding Alerts

5.3.2.6.1 SEPPN32fTopologyOperationFailureAlert

Table 5-296 SEPPN32fTopologyOperationFailureAlert

Field	Details
Trigger Condition	Topology Hiding or Recovery Failure exceeded configured threshold (1%)
Severity	Major
Alert details provided	Summary "Topology hiding/recovery operation failres reached more than configured threshold" Expression delta(ocsepp_topology_header_failure_total[2m])>0 or (ocsepp_topology_header_failure_total unless ocsepp_topology_header_failure_total offset 2m)
OID	1.3.6.1.4.1.323.5.3.46.1.2.4004
Metric Used	ocsepp_topology_header_failure_total, ocsepp_topology_header_success_total
Resolution	This alert will be raised when the total Topology Hiding or Recovery failures reach more than 1%. Alert will be cleared when the error rate is below 1%. Possible Resolutions: Check the header for which alert is raised, header name present in alert label. Verify the error_msg using "ocsepp_topology_header_failure_total" metric and KPI. Fix or add configuration for the header. Note: The alert will be cleared only if the corresponding success metric is pegged.

5.3.2.6.2 SEPPN32fTopologyBodyOperationFailureAlert

Table 5-297 SEPPN32fTopologyBodyOperationFailureAlert

Field	Details
Trigger Condition	Topology Operation failed and exceeds defined threshold
Severity	Major
Alert details provided	Summary "Topology Hiding/Recovery Operation failures reached more than configured threshold" Expression: delta(ocsepp_topology_body_failure_total[2m])>0 or (ocsepp_topology_body_failure_total unless ocsepp_topology_body_failure_total offset 2m)
OID	1.3.6.1.4.1.323.5.3.46.1.2.4006
Metric Used	ocsepp_topology_body_failure_total ocsepp_topology_body_success_total
Resolution	This alert will be raised when the total Topology Hiding or Recovery for message body failures reach more than 1%. Alert will be cleared when the error rate will be below 1%. Possible Resolutions: Check the apiUrl, method for which alert is raised, apiUrl present in alert label. Verify the error_msg using "ocsepp_topology_body_failure_total" metric and KPI. Fix or add configuration for the body Identifiers. Note: The alert will be cleared only if the corresponding success metric is pegged.

5.3.2.7 5G SBI Message Mediation Support Alerts

5.3.2.7.1 SEPPCN32fMediationFailure

Table 5-298 SEPPCN32fMediationFailure

Field	Details
Trigger Condition	Mediation processing Failure
Severity	Info
Alert details provided	Summary "Mediation processing Failure" Expression: increase(ocsepp_cn32f_mediation_response_failure{status_code!="504 GATEWAY_TIMEOUT"}[10m]) > 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4007
Metric Used	ocsepp_cn32f_mediation_response_failure
Resolution	This alert will be raised when Mediation microservice is unable to apply rules on the incoming request & response from SEPP. Possible Resolution: Check if the Mediation Rules exist. Check the Agenda Group in the mediation rule is matching from the request and response sent from SEPP.

5.3.2.7.2 SEPPCN32fMediationUnreachable

Table 5-299 SEPPCN32fMediationUnreachable

Field	Details
Trigger Condition	Mediation service is not accessible
Severity	Critical
Alert details provided	Summary "Mediation service is not accessible" Expression: increase(ocsepp_cn32f_mediation_response_failure {status_code="504 GATEWAY_TIMEOUT"}[10m]) > 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4008
Metric Used	ocsepp_cn32f_mediation_response_failure
Resolution	This alert will be raised when Mediation microservice is not accessible. Possible Resolution: Check if the Mediation microservice pod is up. Check if Mediation Service Name and servicePort number is correct.

5.3.2.7.3 SEPPPN32fMediationFailure

Table 5-300 SEPPPN32fMediationFailure

Field	Details
Trigger Condition	Mediation processing Failure
Severity	Info
Alert details provided	Summary "Mediation processing Failure" Expression: increase(ocsepp_pn32f_mediation_response_failure {status_code!="504 GATEWAY_TIMEOUT"}[10m]) > 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4009
Metric Used	ocsepp_pn32f_mediation_response_failure
Resolution	This alert will be raised when Mediation microservice is unable to apply rules on the incoming request & response from SEPP. Possible Resolution: Check if the Mediation Rules exist. Check the Agenda Group in the mediation rule is matching from the request and response sent from SEPP.

5.3.2.7.4 SEPPPN32fMediationUnreachable

Table 5-301 SEPPPN32fMediationUnreachable

Field	Details
Trigger Condition	Mediation service is not accessible
Severity	Critical
Alert details provided	Summary "Mediation service is not accessible" Expression: increase(ocsepp_pn32f_mediation_response_failure {status_code="504 GATEWAY_TIMEOUT"}[10m]) > 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4010
Metric Used	ocsepp_pn32f_mediation_response_failure
Resolution	This alert will be raised when Mediation microservice is not accessible. Possible Resolution: Check if the Mediation microservice pod is up. Check if Mediation Service Name and servicePort number is correct.

5.3.2.8 Overload Control Alerts

5.3.2.8.1 SEPPServiceOverload65Percent

Table 5-302 SEPPServiceOverload65Percent

Field	Details
Trigger Condition	CPU memory of pn32f-svc more than 65%
Severity	Warning
Alert details provided	Summary Backend service is in overload with load level > 65% Expression service_resource_overload_level == 1
OID	1.3.6.1.4.1.323.5.3.46.1.2.7007
Metric Used	service_resource_overload_level
Resolution	The alert will be cleared when CPU Memory for backend-svc goes below 65%. Possible resolutions: Users can configure threshold levels for CPU and memory usage. When usage reaches the defined limits, data is discarded based on the configured thresholds. If the discarded data differs from what is expected, please verify the threshold configurations. To monitor current CPU and memory usage, check the statistics on Grafana or Prometheus. For configuration-related details and other information, refer to the 'Overload Control Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.8.2 SEPPServiceOverloadMinor

Table 5-303 SEPPServiceOverloadMinor

Field	Details
Trigger Condition	CPU memory of pn32f-svc more than 70%
Severity	Minor
Alert details provided	Summary Backend service is in overload with load level > 70% Expression `service_resource_overload_level{namespace="sepp-namespace"} == 2`
OID	1.3.6.1.4.1.323.5.3.46.1.2.7008
Metric Used	service_resource_overload_level
Resolution	The alert will be cleared when CPU Memory for backend-svc goes below 70%. Possible resolutions: Users can configure threshold levels for CPU and memory usage. When usage reaches the defined limits, data is discarded based on the configured thresholds. If the discarded data differs from what is expected, please verify the threshold configurations. To monitor current CPU and memory usage, check the statistics on Grafana or Prometheus. For configuration-related details and other information, refer to the 'Overload Control Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.8.3 SEPPServiceOverload80Percent

Table 5-304 SEPPServiceOverload80Percent

Field	Details
Trigger Condition	CPU memory of pn32f-svc more than 80%
Severity	Major
Alert details provided	Summary Backend service is in overload with load level > 80% Expression service_resource_overload_level == 3
OID	1.3.6.1.4.1.323.5.3.46.1.2.7009
Metric Used	service_resource_overload_level
Resolution	The alert will be cleared when CPU Memory for backend-svc goes below 80%. Possible resolutions: Users can configure threshold levels for CPU and memory usage. When usage reaches the defined limits, data is discarded based on the configured thresholds. If the discarded data differs from what is expected, please verify the threshold configurations. To monitor current CPU and memory usage, check the statistics on Grafana or Prometheus. For configuration-related details and other information, refer to the 'Overload Control Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.8.4 SEPPServiceOverload90Percent

Table 5-305 SEPPServiceOverload90Percent

Field	Details
Trigger Condition	CPU memory of pn32f-svc more than 90%
Severity	Critical
Alert details provided	Summary Backend service is in overload with load level > 90% Expression service_resource_overload_level == 4
OID	1.3.6.1.4.1.323.5.3.46.1.2.7010
Metric Used	service_resource_overload_level
Resolution	The alert will be cleared when CPU Memory for backend-svc goes below 90%. Possible resolutions: Users can configure threshold levels for CPU and memory usage. When usage reaches the defined limits, data is discarded based on the configured thresholds. If the discarded data differs from what is expected, please verify the threshold configurations. To monitor current CPU and memory usage, check the statistics on Grafana or Prometheus. For configuration-related details and other information, refer to the 'Overload Control Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.9 Hosted SEPP Alerts

5.3.2.9.1 SEPPPn32fHSRoutingFailureAlert

Table 5-306 SEPPPn32fHSRoutingFailureAlert

Field	Details
Trigger Condition	When the routing failure rate at Pn32f service is greater than 20 percentage.
Severity	Major
Alert details provided	Allowed P-RSS Validation failure at Roaming Hub Expression ((sum by(namespace, app, nfInstanceId, pod) (ocsepp_allowed_p_rss_routing_failure_total) ) / (sum by(namespace, app, nfInstanceId, pod) (ocsepp_pn32f_requests_total))) > 0.2
OID	1.3.6.1.4.1.323.5.3.46.1.2.4013
Metric Used	ocsepp_allowed_p_rss_routing_failure_total , ocsepp_pn32f_requests_total
Resolution	The alert gets automatically cleared when the failure rate at pn32f microservice goes below 20 percent. Possible resolutions: If a request gets rejected due to Remote SEPP Set not being present in allowed list, add the corresponding entry for the same. For further details, refer 'Hosted SEPP' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.9.2 SEPPCn32fHSRoutingFailureAlertMinor

Table 5-307 SEPPCn32fHSRoutingFailureAlertMinor

Field	Details
Trigger Condition	When the routing failure rate at Cn32f service is greater than 50 percentage.
Severity	Minor
Alert details provided	Allowed P-RSS Validation failure at Roaming Hub for Consumer SEPP. Expression ((sum by(namespace, app, nfInstanceId, pod, sourceRss) (ocsepp_allowed_p_rss_routing_failure_total) ) / (sum by(namespace, app, nfInstanceId, pod, sourceRss) (ocsepp_cn32f_requests_total))) > 0.5
OID	1.3.6.1.4.1.323.5.3.46.1.2.4014
Metric Used	ocsepp_allowed_p_rss_routing_failure_total , ocsepp_cn32f_requests_total
Resolution	The alert gets automatically cleared when the failure rate at cn32f microservice goes below 50 percent. Possible resolutions: If a request gets rejected due to Remote SEPP Set not being present in allowed list, add the corresponding entry for the same. For further details, refer 'Hosted SEPP' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.9.3 SEPPCn32fHSRoutingFailureAlertMajor

Table 5-308 SEPPCn32fHSRoutingFailureAlertMajor

Field	Details
Trigger Condition	When the routing failure rate at Cn32f service is greater than 60 percentage.
Severity	Major
Alert details provided	Allowed P-RSS Validation failure at Roaming Hub for Consumer SEPP. Expression ((sum by(namespace, app, nfInstanceId, pod, sourceRss) (ocsepp_allowed_p_rss_routing_failure_total) ) / (sum by(namespace, app, nfInstanceId, pod, sourceRss) (ocsepp_cn32f_requests_total))) > 0.6
OID	1.3.6.1.4.1.323.5.3.46.1.2.4015
Metric Used	ocsepp_allowed_p_rss_routing_failure_total, ocsepp_cn32f_requests_total
Resolution	The alert gets automatically cleared when the failure rate at cn32f microservice goes below 60 percent. Possible resolutions: If a request gets rejected due to Remote SEPP Set not being present in allowed list, add the corresponding entry for the same. For further details, refer 'Hosted SEPP' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.9.4 SEPPCn32fHSRoutingFailureAlertCritical

Table 5-309 SEPCn32fHSRoutingFailureAlertCritical

Field	Details
Trigger Condition	When the routing failure rate at Cn32f service is greater than 65 percentage.
Severity	Critical
Alert details provided	Allowed P-RSS Validation failure at Roaming Hub for Consumer SEPP. Expression ((sum by(namespace, app, nfInstanceId, pod, sourceRss) (ocsepp_allowed_p_rss_routing_failure_total) ) / (sum by(namespace, app, nfInstanceId, pod, sourceRss) (ocsepp_cn32f_requests_total))) > 0.65
OID	1.3.6.1.4.1.323.5.3.46.1.2.4016
Metric Used	ocsepp_allowed_p_rss_routing_failure_total, ocsepp_cn32f_requests_total
Resolution	The alert gets automatically cleared when the failure rate at cn32f microservice goes below 65 percent. Possible resolutions: If a request gets rejected due to Remote SEPP Set not being present in allowed list, add the corresponding entry for the same. For further details, refer 'Hosted SEPP' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.9.5 SEPPCn32fHSRoutingFailureAlertWarning

Table 5-310 SEPCn32fHSRoutingFailureAlertWarning

Field	Details
Trigger Condition	When the routing failure rate at Cn32f service is greater than 25 percentage.
Severity	Warning
Alert details provided	Allowed P-RSS Validation failure at Roaming Hub for Consumer SEPP. Expression ((sum by(namespace, app, nfInstanceId, pod, sourceRss) (ocsepp_allowed_p_rss_routing_failure_total) ) / (sum by(namespace, app, nfInstanceId, pod, sourceRss) (ocsepp_cn32f_requests_total))) > 0.25
OID	1.3.6.1.4.1.323.5.3.46.1.2.4017
Metric Used	ocsepp_allowed_p_rss_routing_failure_total, ocsepp_cn32f_requests_total
Resolution	The alert gets automatically cleared when the failure rate at cn32f microservice goes below 25 percent. Possible resolutions: If a request gets rejected due to Remote SEPP Set not being present in allowed list, add the corresponding entry for the same. For further details, refer 'Hosted SEPP' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.10 SEPP Message Feed Alerts

5.3.2.10.1 DDUnreachableFromN32IGW

Table 5-311 DDUnreachableFromN32IGW

Field	Details
Trigger Condition	This alarm is raised when Data Director is not reachable from N32 Ingress Gateway.
Severity	major
Alert details provided	Summary (oc_ingressgateway_dd_unreachable{app="n32-ingress-gateway"} == 1)
OID	1.3.6.1.4.1.323.5.3.46.1.2.4018
Metric Used	oc_ingressgateway_dd_unreachable
Resolution	Alert gets cleared automatically when the connection with Data Director is established. Possible Resolutions: Check whether Kafka broker pods are up and running. `Kafka.bootstrapAddress` parameter must be set to correct listener IP and port. All the values must be checked for DD configuration in `ocsepp_custom_values_<version>.yaml` file, as this is a Helm based feature. For more details and configuration related issues, refer to 'Message Feed Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.10.2 DDUnreachableFromPLMNIGW

Table 5-312 DDUnreachableFromPLMNIGW

Field	Details
Trigger Condition	This alarm is raised when Data Director is not reachable from PLMN Ingress Gateway.
Severity	major
Alert details provided	Summary (oc_ingressgateway_dd_unreachable{app="plmn-ingress-gateway"} == 1)
OID	1.3.6.1.4.1.323.5.3.46.1.2.4019
Metric Used	oc_ingressgateway_dd_unreachable
Resolution	Alert gets cleared automatically when the connection with Data Director is established. Possible Resolutions: Check whether Kafka broker pods are up and running. `Kafka.bootstrapAddress` parameter must be set to correct listener IP and port. All the values must be checked for DD configuration in `ocsepp_custom_values_<version>.yaml` file, as this is a Helm based feature. For more details and configuration related issues, refer to Message Feed Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.10.3 DDUnreachableFromN32EGW

Table 5-313 DDUnreachableFromN32EGW

Field	Details
Trigger Condition	This alarm is raised when Data Director is not reachable from N32 Egress Gateway.
Severity	major
Alert details provided	Summary (oc_egressgateway_dd_unreachable{app="n32-egress-gateway"} == 1)
OID	1.3.6.1.4.1.323.5.3.46.1.2.4020
Metric Used	oc_egressgateway_dd_unreachable
Resolution	Alert gets cleared automatically when the connection with Data Director is established. Possible Resolutions: Check whether Kafka broker pods are up and running. `Kafka.bootstrapAddress` parameter must be set to correct listener IP and port. All the values must be checked for DD configuration in `ocsepp_custom_values_<version>.yaml` file, as this is a Helm based feature. For more details and configuration related issues, refer to Message Feed Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.10.4 DDUnreachableFromPLMNEGW

Table 5-314 DDUnreachableFromPLMNEGW

Field	Details
Trigger Condition	This alarm is raised when Data Director is not reachable from PLMN Egress Gateway.
Severity	major
Alert details provided	Summary (oc_egressgateway_dd_unreachable{app="plmn-egress-gateway"} == 1)
OID	1.3.6.1.4.1.323.5.3.46.1.2.4021
Metric Used	oc_egressgateway_dd_unreachable
Resolution	Alert gets cleared automatically when the connection with Data Director is established. Possible Resolutions: Check whether Kafka broker pods are up and running. `Kafka.bootstrapAddress` parameter must be set to correct listener IP and port. All the values must be checked for DD configuration in `ocsepp_custom_values_<version>.yaml` file, as this is a Helm based feature. For more details and configuration related issues, refer to Message Feed Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.11 Steering of Roaming (SOR) Alerts

5.3.2.11.1 SEPPPn32fSORFailureAlertPercent30to40

Table 5-315 SEPPPn32fSORFailureAlertPercent30to40

Field	Details
Trigger Condition	30% to 40% of SOR traffic results in failure.
Severity	Minor
Alert details provided	Summary: 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}' Expression: sum(rate(ocsepp_pn32f_sor_failure_total[2m]))by(namespace,nf_instance_id,app)/sum(rate(ocsepp_pn32f_sor_requests_total[2m]))by(namespace,nf_instance_id,app)>=0.3 and sum(rate(ocsepp_pn32f_sor_failure_total[2m]))by(namespace,nf_instance_id,app)/sum(rate(ocsepp_pn32f_sor_requests_total[2m]))by(namespace,nf_instance_id,app)<0.4
OID	1.3.6.1.4.1.323.5.3.46.1.2.4022
Metric Used	ocsepp_pn32f_sor_failure_total and ocsepp_pn32f_sor_requests_total
Resolution	This alert will be raised when the percentage failure of SOR responses is in the range 30%-40%, in the sample collected in last 2 min. Possible Resolutions : Check the below headers in the response coming from SOR server. If any of these is missing, it will cause SOR Failure: Server Header Location Header Check if the redirection code (3xx) received from SOR should be the same as the one configured through CNC Console. This code can be viewed in the metricocsepp_pn32f_sor_failure_total. Check if the SOR Server is sending the response code 5xx and whether the code is not configured through CNC Console or retry to Producer NF is disabled. This code can be viewed in the metric ocsepp_pn32f_sor_failure_total. Check if any client error(4xx) is coming while connecting to SoR. This code can be viewed in the metricocsepp_pn32f_sor_failure_total.

5.3.2.11.2 SEPPPn32fSORFailureAlertPercent40to50

Table 5-316 SEPPPn32fSORFailureAlertPercent40to50

Field	Details
Trigger Condition	40% to 50% of SOR traffic results in failure.
Severity	Major
Alert details provided	Summary: 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}' Expression: sum(rate(ocsepp_pn32f_sor_failure_total[2m]))by(namespace,nf_instance_id,app)/sum(rate(ocsepp_pn32f_sor_requests_total[2m]))by(namespace,nf_instance_id,app)>=0.4 and sum(rate(ocsepp_pn32f_sor_failure_total[2m]))by(namespace,nf_instance_id,app)/sum(rate(ocsepp_pn32f_sor_requests_total[2m]))by(namespace,nf_instance_id,app)<0.5
OID	1.3.6.1.4.1.323.5.3.46.1.2.4023
Metric Used	ocsepp_pn32f_sor_failure_total and ocsepp_pn32f_sor_requests_total
Resolution	This alert will be raised when the percentage failure of SOR responses is in the range 40%-50%, in the sample collected in last 2 min. Possible Resolutions : Check the below headers in the response coming from SoR server, if any of these is missing, it will cause SOR Failure: Server Header Location Header Check if the redirection code (3xx) received from SOR should be same as one configured through CNC Console. This code can be viewed in the metricocsepp_pn32f_sor_failure_total. Check if SOR Server is sending response code 5xx and the code is not configured through CNC Console or Retry to Producer NF is disabled. This code can be viewed in the metricocsepp_pn32f_sor_failure_total. Check if any client error (4xx) is coming while connecting to SOR. This code can be viewed in the metricocsepp_pn32f_sor_failure_total.

5.3.2.11.3 SEPPPn32fSORFailureAlertPercentAbove50

Table 5-317 SEPPPn32fSORFailureAlertPercentAbove50

Field	Details
Trigger Condition	50% of SOR traffic results in failure
Severity	Critical
Alert details provided	Summary: 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}' Expression: sum(rate(ocsepp_pn32f_sor_failure_total[2m]))by(namespace,nf_instance_id,app)/sum(rate(ocsepp_pn32f_sor_requests_total[2m]))by(namespace,nf_instance_id,app)>=0.5
OID	1.3.6.1.4.1.323.5.3.46.1.2.4024
Metric Used	ocsepp_pn32f_sor_failure_total and ocsepp_pn32f_sor_requests_total
Resolution	This alert will be raised when the percentage failure of SOR responses is above 50%, in the sample collected in last 2 min. Possible Resolutions : Check the below headers in the response coming from SOR server, if any of these is missing, it will cause SOR Failure: Server Header Location Header Check if the redirection code(3xx) received from SOR should be same as one configured via CNC Console. This code can be viewed in the metricocsepp_pn32f_sor_failure_total. Check if SOR Server is sending response code 5xx and the code is not configured through CNC Console or retry to Producer NF is disabled. This code can be viewed in the metricocsepp_pn32f_sor_failure_total. Check if any client error(4xx) is coming while connecting to SOR. This code can be viewed in the metricocsepp_pn32f_sor_failure_total.

5.3.2.11.4 SEPPPn32fSORTimeoutFailureAlert

Table 5-318 SEPPPn32fSORTimeoutFailureAlert

Field	Details
Trigger Condition	Increase of more than five timeout errors in last two minutes for SOR.
Severity	critical
Alert details provided	Summary: 'namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}' Expression: idelta(ocsepp_pn32f_sor_timeout_failure_total[2m]) > 5 or (ocsepp_pn32f_sor_timeout_failure_total unless ocsepp_pn32f_sor_timeout_failure_total offset 2m)
OID	1.3.6.1.4.1.323.5.3.46.1.2.4025
Metric Used	ocsepp_pn32f_sor_timeout_failure_total
Resolution	This alert will be raised when the response received from SOR Server suggests that server is either down or unreachable for more than five error counts in the sample collected in last two minutes. Possible Resolutions : Check and fix if the SOR server is unreachable. Check and fix if the configuration made through CNC Console has wrong values for server. Check if the FQDN and port configured are correct. The scheme selected must be supported by SOR server.

5.3.2.12 Rate Limiting for Ingress Roaming Signaling per Remote SEPP Set Alerts

5.3.2.12.1 IngressRssRateLimitPerRSSMessageDropAbovePointOnePercent

Table 5-319 IngressRssRateLimitPerRSSMessageDropAbovePointOnePercent

Field	Details
Trigger Condition	If a request has to be dropped when all the tokens in the bucket are exhausted and drop rate per RSS is detected above 0.1 percent of total transactions of that RSS, this metric will be pegged and corresponding alert will be raised.
Severity	Warning
Alert Details Provided	Summary: Ingress RSS Based Rate Limiting Message Drop Rate per RSS detected above 0.1 Percent of Total Transactions of that RSS. Expression: sum(rate(oc_ingressgateway_rss_ratelimit_total{Status="dropped"}[5m])) by (Remote_SEPP_Set,namespace)/sum(rate(oc_ingressgateway_rss_ratelimit_total[5m])) by (Remote_SEPP_Set,namespace) *100 >= 0.1 < 10
OID	1.3.6.1.4.1.323.5.3.46.1.2.7011
Metric Name	oc_ingressgateway_rss_ratelimit_total
Resolution	The alerts gets cleared when the drop rate per RSS is detected below 0.1 percent of total transactions. Possible resolutions: In the CNC Console GUI, navigate to SEPP and then click Rate limiting and then Ingress Rate Limiting. The Remote SEPP Set appears underneath, click Remote SEPP Set, the Options appears. Check the header configured in `Originating Network ID Header` parameter. For all configuration related and additional information, refer 'Rate Limiting for Ingress Roaming Signaling per Remote SEPP Set Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.12.2 IngressRssRateLimitPerRSSMessageDropAbove10Percent

Table 5-320 IngressRssRateLimitPerRSSMessageDropAbove10Percent

Field	Details
Trigger Condition	If a request has to be dropped when all the tokens in the bucket are exhausted and drop rate per RSS is detected above 10 percent of total transactions of that RSS, this metric will be pegged and corresponding alert will be raised.
Severity	Minor
Alert Details Provided	Summary: Ingress RSS Based Rate Limiting Message Drop Rate per RSS detected above 10 Percent of Total Transactions of that RSS. Expression: sum(rate(oc_ingressgateway_rss_ratelimit_total{Status="dropped"}[5m])) by (Remote_SEPP_Set,namespace)/sum(rate(oc_ingressgateway_rss_ratelimit_total[5m])) by (Remote_SEPP_Set,namespace) *100 >= 10 < 25
OID	1.3.6.1.4.1.323.5.3.46.1.2.7012
Metric Name	oc_ingressgateway_rss_ratelimit_total
Resolution	The alerts gets cleared when the drop rate per RSS is detected below 10 percent of total transactions. Possible resolutions: In the CNC Console GUI, navigate to SEPP and then click Rate limiting and then Ingress Rate Limiting. The Remote SEPP Set appears underneath, click Remote SEPP Set, the Options appears. Check the header configured in `Originating Network ID Header` parameter. For all configuration related and additional information, refer 'Rate Limiting for Ingress Roaming Signaling per Remote SEPP Set Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.12.3 IngressRssRateLimitPerRSSMessageDropAbove25Percent

Table 5-321 IngressRssRateLimitPerRSSMessageDropAbove25Percent

Field	Details
Trigger Condition	If a request has to be dropped when all the tokens in the bucket are exhausted and drop rate per RSS is detected above 25 percent of total transactions of that RSS, this metric will be pegged and corresponding alert will be raised.
Severity	Major
Alert Details Provided	Summary: Ingress RSS Based Rate Limiting Message Drop Rate per RSS detected above 25 Percent of Total Transactions of that RSS Expression: sum(rate(oc_ingressgateway_rss_ratelimit_total{Status="dropped"}[5m])) by (Remote_SEPP_Set,namespace)/sum(rate(oc_ingressgateway_rss_ratelimit_total[5m])) by (Remote_SEPP_Set,namespace) *100 >= 25 < 50
OID	1.3.6.1.4.1.323.5.3.46.1.2.7013
Metric Name	oc_ingressgateway_rss_ratelimit_total
Resolution	The alerts gets cleared when the drop rate per RSS is detected below 25 percent of total transaction. Possible resolutions: In the CNC Console GUI, navigate to SEPP and then click Rate limiting and then Ingress Rate Limiting. The Remote SEPP Set appears underneath, click Remote SEPP Set, the Options appears. Check the header configured in `Originating Network ID Header` parameter. For all configuration related and additional information, refer 'Rate Limiting for Ingress Roaming Signaling per Remote SEPP Set Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.12.4 IngressRssRateLimitPerRSSMessageDropAbove50Percent

Table 5-322 IngressRssRateLimitPerRSSMessageDropAbove50Percent

Field	Details
Trigger Condition	If a request has to be dropped when all the tokens in the bucket are exhausted and drop rate per RSS is detected above 50 percent of total transactions of that RSS, this metric will be pegged and corresponding alert will be raised.
Severity	Critical
Alert Details Provided	Summary: Ingress RSS Based Rate Limiting Message Drop Rate per RSS detected above 50 Percent of Total Transactions of that RSS. Expression: sum(rate(oc_ingressgateway_rss_ratelimit_total{Status="dropped"}[5m])) by (Remote_SEPP_Set,namespace)/sum(rate(oc_ingressgateway_rss_ratelimit_total[5m])) by (Remote_SEPP_Set,namespace) *100 >= 50
OID	1.3.6.1.4.1.323.5.3.46.1.2.7014
Metric Name	oc_ingressgateway_rss_ratelimit_total
Resolution	The alerts gets cleared when the drop rate per RSS is detected below 50 percent of total transactions. Possible resolutions: In the CNC Console GUI, navigate to SEPP and then click Rate limiting and then Ingress Rate Limiting. The Remote SEPP Set appears underneath, click Remote SEPP Set, the Options appears. Check the header configured in `Originating Network ID Header` parameter. For all configuration related and additional information, refer 'Rate Limiting for Ingress Roaming Signaling per Remote SEPP Set Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.12.5 IngressRssRateLimitMessageDropAbovePointOnePercent

Table 5-323 IngressRssRateLimitMessageDropAbovePointOnePercent

Field	Details
Trigger Condition	If a request has to be dropped when all the tokens in the bucket are exhausted and drop rate is detected above 0.1 percent of total transactions, this metric will be pegged and corresponding alert will be raised.
Severity	Warning
Alert Details Provided	Summary: Ingress RSS Based Rate Limiting Message Drop Rate detected above 0.1 Percent of Total Transaction Expression: sum(rate(oc_ingressgateway_rss_ratelimit_total{Status="dropped"}[5m])) by (namespace)/sum(rate(oc_ingressgateway_rss_ratelimit_total[5m])) by (namespace) *100 >= 0.1 < 1
OID	1.3.6.1.4.1.323.5.3.46.1.2.7015
Metric Name	oc_ingressgateway_rss_ratelimit_total
Resolution	The alerts gets cleared when the drop rate is detected below 0.1 percent of total transactions. Possible resolutions: In the CNC Console GUI, navigate to SEPP and then click Rate limiting and then Ingress Rate Limiting. The Remote SEPP Set appears underneath, click Remote SEPP Set, the Options appears. Check the header configured in `Originating Network ID Header` parameter. For all configuration related and additional information, refer 'Rate Limiting for Ingress Roaming Signaling per Remote SEPP Set Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.12.6 IngressRssRateLimitMessageDropAboveOnePercent

Table 5-324 IngressRssRateLimitMessageDropAboveOnePercent

Field	Details
Trigger Condition	If a request has to be dropped when all the tokens in the bucket are exhausted and drop rate is detected above 1 percent of total transactions, this metric will be pegged and corresponding alert will be raised.
Severity	Warning
Alert Details Provided	Summary: Ingress RSS Based Rate Limiting Message Drop Rate detected above 1 Percent of Total Transactions Expression: sum(rate(oc_ingressgateway_rss_ratelimit_total{Status="dropped"}[5m])) by (namespace)/sum(rate(oc_ingressgateway_rss_ratelimit_total[5m])) by (namespace) *100 >= 1 < 10
OID	1.3.6.1.4.1.323.5.3.46.1.2.7016
Metric Name	oc_ingressgateway_rss_ratelimit_total
Resolution	The alerts gets cleared when the drop rate is detected below 1 percent of total transactions. Possible resolutions: In the CNC Console GUI, navigate to SEPP and then click Rate limiting and then Ingress Rate Limiting. The Remote SEPP Set appears underneath, click Remote SEPP Set, the Options appears. Check the header configured in `Originating Network ID Header` parameter. For all configuration related and additional information, refer 'Rate Limiting for Ingress Roaming Signaling per Remote SEPP Set Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.12.7 IngressRssRateLimitMessageDropAbove10Percent

Table 5-325 IngressRssRateLimitMessageDropAbove10Percent

Field	Details
Trigger Condition	If a request has to be dropped when all the tokens in the bucket are exhausted and drop rate is detected above 10 percent of total transactions, this metric will be pegged and corresponding alert will be raised.
Severity	Minor
Alert Details Provided	Summary: Ingress RSS Based Rate Limiting Message Drop Rate detected above 10 Percent of Total Transactions. Expression: sum(rate(oc_ingressgateway_rss_ratelimit_total{Status="dropped"}[5m])) by (Remote_SEPP_Set,namespace)/sum(rate(oc_ingressgateway_rss_ratelimit_total[5m])) by (Remote_SEPP_Set,namespace) *100 >= 10 < 25
OID	1.3.6.1.4.1.323.5.3.46.1.2.7017
Metric Name	oc_ingressgateway_rss_ratelimit_total
Resolution	The alerts gets cleared when the drop rate is detected below 10 percent of total transactions. Possible resolutions: In the CNC Console GUI, navigate to SEPP and then click Rate limiting and then Ingress Rate Limiting. The Remote SEPP Set appears underneath, click Remote SEPP Set, the Options appears. Check the header configured in `Originating Network ID Header` parameter. For all configuration related and additional information, refer 'Rate Limiting for Ingress Roaming Signaling per Remote SEPP Set Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.12.8 IngressRssRateLimitMessageDropAbove25Percent

Table 5-326 IngressRssRateLimitMessageDropAbove25Percent

Field	Details
Trigger Condition	If a request has to be dropped when all the tokens in the bucket are exhausted and drop rate is detected above 25 percent of total transactions, this metric will be pegged and corresponding alert will be raised.
Severity	Major
Alert Details Provided	Summary: Ingress RSS Based Rate Limiting Message Drop Rate detected above 25 Percent of Total Transactions Expression: sum(rate(oc_ingressgateway_rss_ratelimit_total{Status="dropped"}[5m])) by (Remote_SEPP_Set,namespace)/sum(rate(oc_ingressgateway_rss_ratelimit_total[5m])) by (Remote_SEPP_Set,namespace) *100 >= 25 < 50
OID	1.3.6.1.4.1.323.5.3.46.1.2.7018
Metric Name	oc_ingressgateway_rss_ratelimit_total
Resolution	The alerts gets cleared when the drop rate is detected below 25 percent of total transactions. Possible resolutions: In the CNC Console GUI, navigate to SEPP and then click Rate limiting and then Ingress Rate Limiting. The Remote SEPP Set appears underneath, click Remote SEPP Set, the Options appears. Check the header configured in `Originating Network ID Header` parameter. For all configuration related and additional information, refer 'Rate Limiting for Ingress Roaming Signaling per Remote SEPP Set Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.12.9 IngressRssRateLimitMessageDropAbove50Percent

Table 5-327 IngressRssRateLimitMessageDropAbove50Percent

Field	Details
Trigger Condition	If a request has to be dropped when all the tokens in the bucket are exhausted and drop rate is detected above 50 percent of total transactions, this metric will be pegged andcorresponding alert will be raised.
Severity	Critical
Alert Details Provided	Summary: Ingress RSS Based Rate Limiting Message Drop Rate detected above 50 Percent of Total Transactions. Expression: sum(rate(oc_ingressgateway_rss_ratelimit_total{Status="dropped"}[5m])) by (Remote_SEPP_Set,namespace)/sum(rate(oc_ingressgateway_rss_ratelimit_total[5m])) by (Remote_SEPP_Set,namespace) *100 >= 50
OID	1.3.6.1.4.1.323.5.3.46.1.2.7019
Metric Name	oc_ingressgateway_rss_ratelimit_total
Resolution	The alerts gets cleared when the drop rate is detected below 50 percent of total transactions. Possible resolutions: In the CNC Console GUI, navigate to SEPP and then click Rate limiting and then Ingress Rate Limiting. The Remote SEPP Set appears underneath, click Remote SEPP Set, the Options appears. Check the header configured in `Originating Network ID Header` parameter. For all configuration related and additional information, refer 'Rate Limiting for Ingress Roaming Signaling per Remote SEPP Set Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.13 Cat-0 SBI Message Schema Validation Alerts

5.3.2.13.1 SEPPN32fMessageValidationOnHeaderFailureMinorAlert

Table 5-328 SEPPN32fMessageValidationOnHeaderFailureMinorAlert

Field	Details
Trigger Condition	Message validation failed for request query parameters for 40 % of requests (on which message validation was applied) in last 2 minutes.
Severity	minor
Alert Details Provided	Summary: Namespace: {{ $labels.kubernetes_namespace }}, Podname: {{$labels.kubernetes_pod_name}}, App: {{ $labels.app }}, Nfinstanceid: {{ $labels.nfInstanceId }} Expression: (sum(rate(ocsepp_message_validation_on_header_failure_total[2m])) by (app, pod, namespace, nf_instance_id) /sum(rate(ocsepp_message_validation_applied_total[2m])) by (app, pod, namespace, nf_instance_id))*100 >= 40 < 60
OID	1.3.6.1.4.1.323.5.3.46.1.2.4026
Metric Used	ocsepp_message_validation_on_header_failure_total
Resolution	The alerts gets cleared when the count is not between 40 to 60. Possible Resolutions: Check Logs or Metrics: Review the following metrics for message validation failures: `ocsepp_message_validation_on_body_failure` `ocsepp_message_validation_on_header_failure` To identify the Failing Resource URI and HTTP Method, do the following: For request body validation failures, search for the text: "Message validation failed for request body for request" For query parameter validation failures, search for: "Message validation failed for request query parameter(s) for request" For more detailed information about logs, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide. In CNC Console GUI, navigate to SEPP and select Security Countermeasure from the left-hand menu. Click Cat 0 - SBI Message Schema Validation to open the Message Validation List. Search for the relevant resource URI to retrieve the corresponding schema. Compare the request body or query parameters against the schema to ensure the request complies with the schema. If necessary, update the schema to reflect the correct structure.

5.3.2.13.2 SEPPN32fMessageValidationOnHeaderFailureMajorAlert

Table 5-329 SEPPN32fMessageValidationOnHeaderFailureMajorAlert

Field	Description
Trigger Condition	Message validation failed for request query parameters for 60 % of requests(on which message validation was applied) in last 2 minutes.
Severity	major
Alert Details Provided	Summary: Namespace: {{ $labels.kubernetes_namespace }}, Podname: {{$labels.kubernetes_pod_name}}, App: {{ $labels.app }}, Nfinstanceid: {{ $labels.nfInstanceId }} Expression: (sum(rate(ocsepp_message_validation_on_header_failure_total[2m])) by (app, pod, namespace, nf_instance_id) /sum(rate(ocsepp_message_validation_applied_total[2m])) by (app, pod, namespace, nf_instance_id))*100 >= 60 < 80
OID	1.3.6.1.4.1.323.5.3.46.1.2.4027
Metric Name	ocsepp_message_validation_on_header_failure_total
Resolution	The alerts gets cleared when the count is not between 60 to 80.Possible Resolutions: Check Logs or Metrics: Review the following metrics for message validation failures: `ocsepp_message_validation_on_body_failure` `ocsepp_message_validation_on_header_failure` To identify the Failing Resource URI and HTTP Method, do the following: For request body validation failures, search for the text: "Message validation failed for request body for request" For query parameter validation failures, search for: "Message validation failed for request query parameter(s) for request" For more detailed information about logs, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide. In CNC Console GUI, navigate to SEPP and select Security Countermeasure from the left-hand menu. Click Cat 0 - SBI Message Schema Validation to open the Message Validation List. Search for the relevant resource URI to retrieve the corresponding schema. Compare the request body or query parameters against the schema to ensure the request complies with the schema. If necessary, update the schema to reflect the correct structure.

5.3.2.13.3 SEPPN32fMessageValidationOnHeaderFailureCriticalAlert

Table 5-330 SEPPN32fMessageValidationOnHeaderFailureCriticalAlert

Field	Description
Trigger Condition	Message validation failed for request query parameters for 80 % of requests(on which message validation was applied) in last 2 minutes.
Severity	critical
Alert Details Provided	Summary: Namespace: {{ $labels.kubernetes_namespace }}, Podname: {{$labels.kubernetes_pod_name}}, App: {{ $labels.app }}, Nfinstanceid: {{ $labels.nfInstanceId }} Expression: (sum(rate(ocsepp_message_validation_on_header_failure_total[2m])) by (app, pod, namespace, nf_instance_id) /sum(rate(ocsepp_message_validation_applied_total[2m])) by (app, pod, namespace, nf_instance_id))*100 >= 80
OID	1.3.6.1.4.1.323.5.3.46.1.2.4028
Metric Name	ocsepp_message_validation_on_header_failure_total
Resolution	The alerts gets cleared when the count is not between 80 to 100.Possible Resolutions: Check Logs or Metrics: Review the following metrics for message validation failures: `ocsepp_message_validation_on_body_failure` `ocsepp_message_validation_on_header_failure` To identify the Failing Resource URI and HTTP Method, do the following: For request body validation failures, search for the text: "Message validation failed for request body for request" For query parameter validation failures, search for: "Message validation failed for request query parameter(s) for request" For more detailed information about logs, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide. In CNC Console GUI, navigate to SEPP and select Security Countermeasure from the left-hand menu. Click Cat 0 - SBI Message Schema Validation to open the Message Validation List. Search for the relevant resource URI to retrieve the corresponding schema. Compare the request body or query parameters against the schema to ensure the request complies with the schema. If necessary, update the schema to reflect the correct structure.

5.3.2.13.4 SEPPN32fMessageValidationOnBodyFailureMinorAlert

Table 5-331 SEPPN32fMessageValidationOnBodyFailureMinorAlert

Field	Description
Trigger Condition	Message validation failed for request body for 40 % of requests(on which message validation was applied) in last 2 minutes.
Severity	minor
Alert Details Provided	Summary: Namespace: {{ $labels.kubernetes_namespace }}, Podname: {{$labels.kubernetes_pod_name}}, App: {{ $labels.app }}, Nfinstanceid: {{ $labels.nfInstanceId }} Expression: (sum(rate(ocsepp_message_validation_on_body_failure_total[2m])) by (app, pod, namespace, nf_instance_id) /sum(rate(ocsepp_message_validation_applied_total[2m])) by (app, pod, namespace, nf_instance_id))*100 >= 40 < 60
OID	1.3.6.1.4.1.323.5.3.46.1.2.4029
Metric Name	ocsepp_message_validation_on_body_failure_total
Resolution	The alerts gets cleared when the count is not between 60 to 100. Possible Resolutions: Check Logs or Metrics: Review the following metrics for message validation failures: `ocsepp_message_validation_on_body_failure` `ocsepp_message_validation_on_header_failure` To identify the Failing Resource URI and HTTP Method, do the following: For request body validation failures, search for the text: "Message validation failed for request body for request" For query parameter validation failures, search for: "Message validation failed for request query parameter(s) for request" For more detailed information about logs, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide. In CNC Console GUI, navigate to SEPP and select Security Countermeasure from the left-hand menu. Click Cat 0 - SBI Message Schema Validation to open the Message Validation List. Search for the relevant resource URI to retrieve the corresponding schema. Compare the request body or query parameters against the schema to ensure the request complies with the schema. If necessary, update the schema to reflect the correct structure.

5.3.2.13.5 SEPPN32fMessageValidationOnBodyFailureMajorAlert

Table 5-332 SEPPN32fMessageValidationOnBodyFailureMajorAlert

Field	Details
Trigger Condition	Message validation failed for request body for 60 % of requests(on which message validation was applied) in last 2 minutes.
Severity	major
Alert Details Provided	Summary: Namespace: {{ $labels.kubernetes_namespace }}, Podname: {{$labels.kubernetes_pod_name}}, App: {{ $labels.app }}, Nfinstanceid: {{ $labels.nfInstanceId }} Expression: (sum(rate(ocsepp_message_validation_on_body_failure_total[2m])) by (app, pod, namespace, nf_instance_id) /sum(rate(ocsepp_message_validation_applied_total[2m])) by (app, pod, namespace, nf_instance_id))*100 >= 60 < 80
OID	1.3.6.1.4.1.323.5.3.46.1.2.4030
Metric Name	ocsepp_message_validation_on_body_failure_total
Resolution	The alerts gets cleared when the count is not between 80 to 100. Possible Resolutions: Check Logs or Metrics: Review the following metrics for message validation failures: `ocsepp_message_validation_on_body_failure` `ocsepp_message_validation_on_header_failure` To identify the Failing Resource URI and HTTP Method, do the following: For request body validation failures, search for the text: "Message validation failed for request body for request" For query parameter validation failures, search for: "Message validation failed for request query parameter(s) for request" For more detailed information about logs, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide. In CNC Console GUI, navigate to SEPP and select Security Countermeasure from the left-hand menu. Click Cat 0 - SBI Message Schema Validation to open the Message Validation List. Search for the relevant resource URI to retrieve the corresponding schema. Compare the request body or query parameters against the schema to ensure the request complies with the schema. If necessary, update the schema to reflect the correct structure.

5.3.2.13.6 SEPPN32fMessageValidationOnBodyFailureCriticalAlert

Table 5-333 SEPPN32fMessageValidationOnBodyFailureCriticalAlert

Field	Details
Trigger Condition	Message validation failed for request body for 80 % of requests(on which message validation was applied) in last 2 minutes.
Severity	critical
Alert Details Provided	Summary: Namespace: {{ $labels.kubernetes_namespace }}, Podname: {{$labels.kubernetes_pod_name}}, App: {{ $labels.app }}, Nfinstanceid: {{ $labels.nfInstanceId }} Expression:(sum(rate(ocsepp_message_validation_on_body_failure_total[2m])) by (app, pod, namespace, nf_instance_id) /sum(rate(ocsepp_message_validation_applied_total[2m])) by (app, pod, namespace, nf_instance_id))*100 >= 80
OID	1.3.6.1.4.1.323.5.3.46.1.2.4031
Metric Name	ocsepp_message_validation_on_body_failure_total
Resolution	The alerts gets cleared when the count is not between 80 to 100. Possible Resolutions: Check Logs or Metrics: Review the following metrics for message validation failures: `ocsepp_message_validation_on_body_failure` `ocsepp_message_validation_on_header_failure` To identify the Failing Resource URI and HTTP Method, do the following: For request body validation failures, search for the text: "Message validation failed for request body for request" For query parameter validation failures, search for: "Message validation failed for request query parameter(s) for request" For more detailed information about logs, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide. In CNC Console GUI, navigate to SEPP and select Security Countermeasure from the left-hand menu. Click Cat 0 - SBI Message Schema Validation to open the Message Validation List. Search for the relevant resource URI to retrieve the corresponding schema. Compare the request body or query parameters against the schema to ensure the request complies with the schema. If necessary, update the schema to reflect the correct structure.

5.3.2.14 Cat-1 Service API Validation Alerts

5.3.2.14.1 SEPPN32fServiceApiValidationFailureAlert

Table 5-334 SEPPN32fServiceApiValidationFailureAlert

Field	Details
Trigger Condition	Service API not in allowed list
Severity	Major
Alert details provided	Summary N32f : Service API not in allowed list Expression: "delta(ocsepp_topology_body_failure_total[2m])>0or(ocsepp_topology_body_failure_totalunlessocsepp_topology_body_failure_totaloffset2m)"
OID	1.3.6.1.4.1.323.5.3.46.1.2.4005
Metric Used	ocsepp_security_service_api_failure_total
Resolution 1	This alert will be raised when there is difference of at least 1 between first and last data point in sample collected in last 2 minutes. Alert will be cleared after 2 minutes. Possible Resolutions: Check the Resource URI + Method for which alert is raised. Verify the error_msg using "ocsepp_security_service_api_failure_total" metric and KPI. Fix or add configuration for the Resource URI + Method in Service API's and Allowed List.
Resolution 2	The alert gets cleared when the N32C Handshake is established after successful TCP connection to remote SEPP. Steps: The failure reason is present in the alert. Possible Resolutions: Disable the Remote SEPP. Delete the Remote SEPP. Update and reinitiate Handshake.

5.3.2.15 Cat-1 NRF Service API Query Parameters Validation Alerts

5.3.2.15.1 seppN32fSrvcApiQryPrmValFailAltWarn

Table 5-335 seppN32fSrvcApiQryPrmValFailAltWarn

Field	Description
Trigger Condition	Triggered as a warning in case of a failure of Cat-1 NRF service API query parameters validation feature when the rate of failure goes above 5.
Severity	Warning
Alert Details Provided	Summary namespace: {{ $labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}: Service Api Query Param Validation has failed because {{ $labels.cause }} Expression `"sum(rate(ocsepp_security_service_api_query_param_validation_failure_total[2m]))by(namespace,nf_instance_id,app,pod) > 0 and sum(rate(ocsepp_security_service_api_query_param_validation_failure_total[2m]))by(namespace,nf_instance_id,app,pod) <= 5"`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4067
Metric Name	ocsepp_security_service_api_query_param_validation_failure_total
Resolution	The alert gets automatically cleared when the rate of failure goes down below 5. Possible Resolutions: Verify that both the Cat-1 NRF Service API Query Parameters Validation feature and the Cat-1 Service API Validation feature are enabled. For configuration-related issues, refer to 'Cat-1 NRF Service API Query Parameters Validation Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide. Ensure that the same list-name is selected across all lists configured for query parameter validation. Check the pair of Network Functions and the values included in the request. Make sure they match the configuration defined for this feature. Confirm that the request is an NRF discovery request using the GET method.

5.3.2.15.2 seppN32fSrvcApiQryPrmValFailAltMinor

Table 5-336 seppN32fSrvcApiQryPrmValFailAltMinor

Field	Description
Trigger Condition	Triggered as a minor alert in case of a failure of Cat-1 NRF service API query parameters validation feature when the rate of failure goes between 5 to 10.
Severity	Minor
Alert Details Provided	Summary namespace: {{ $labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}: Service Api Query Param Validation has failed because {{ $labels.cause }} Expression `"sum(rate(ocsepp_security_service_api_query_param_validation_failure_total[2m]))by(namespace,nf_instance_id,app,pod) > 5 and sum(rate(ocsepp_security_service_api_query_param_validation_failure_total[2m]))by(namespace,nf_instance_id,app,pod) <= 10"`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4068
Metric Name	ocsepp_security_service_api_query_param_validation_failure_total
Resolution	The alert gets automatically cleared when the rate of failure goes down below 5 or over 10. Possible Resolutions: Verify that both the Cat-1 NRF Service API Query Parameters Validation feature and the Cat-1 Service API Validation feature are enabled. For configuration-related issues, refer to 'Cat-1 NRF Service API Query Parameters Validation Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide. Ensure that the same list-name is selected across all lists configured for query parameter validation. Check the pair of Network Functions and the values included in the request. Make sure they match the configuration defined for this feature. Confirm that the request is an NRF discovery request using the GET method.

5.3.2.15.3 seppN32fSrvcApiQryPrmValFailAltMajor

Table 5-337 seppN32fSrvcApiQryPrmValFailAltMajor

Field	Description
Trigger Condition	Triggered as a major alert in case of a failure of Cat-1 NRF service API query parameters validation feature when the rate of failure goes between 10 to 100.
Severity	Major
Alert Details Provided	Summary namespace:{{ $labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}: Service Api Query Param Validation has failed because {{ $labels.cause }} Expression `"sum(rate(ocsepp_security_service_api_query_param_validation_failure_total[2m]))by(namespace,nf_instance_id,app,pod) > 10 and sum(rate(ocsepp_security_service_api_query_param_validation_failure_total[2m]))by(namespace,nf_instance_id,app,pod) <= 100"`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4069
Metric Name	ocsepp_security_service_api_query_param_validation_failure_total
Resolution	The alert gets automatically cleared when the rate of failure goes down below 10 or over 100. Possible Resolutions: Verify that both the Cat-1 NRF Service API Query Parameters Validation feature and the Cat-1 Service API Validation feature are enabled. For configuration-related issues, refer to 'Cat-1 NRF Service API Query Parameters Validation Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide. Ensure that the same list-name is selected across all lists configured for query parameter validation. Check the pair of Network Functions and the values included in the request. Make sure they match the configuration defined for this feature. Confirm that the request is an NRF discovery request using the GET method.

5.3.2.15.4 seppN32fSrvcApiQryPrmValFailAltCritical

Table 5-338 seppN32fSrvcApiQryPrmValFailAltCritical

Field	Description
Trigger Condition	Triggered as a critical alert in case of a failure of Cat-1 NRF service API query parameters validation feature when the rate of failure goes above 100.
Severity	Critical
Alert Details Provided	Summary namespace:{{ $labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}: Service Api Query Param Validation has failed because {{ $labels.cause }} Expression `"sum(rate(ocsepp_security_service_api_query_param_validation_failure_total[2m]))by(namespace,nf_instance_id,app,pod) > 100"`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4070
Metric Name	ocsepp_security_service_api_query_param_validation_failure_total
Resolution	The alert gets automatically cleared when the rate of failure goes down below 100. Possible Resolutions: Verify that both the Cat-1 NRF Service API Query Parameters Validation feature and the Cat-1 Service API Validation feature are enabled. For configuration-related issues, refer to 'Cat-1 NRF Service API Query Parameters Validation Feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide. Ensure that the same list-name is selected across all lists configured for query parameter validation. Check the pair of Network Functions and the values included in the request. Make sure they match the configuration defined for this feature. Confirm that the request is an NRF discovery request using the GET method.

5.3.2.16 Cat-2 Network ID Validation Alerts

5.3.2.16.1 SEPPN32fNetworkIDValidationHeaderFailureAlert

Table 5-339 SEPPN32fNetworkIDValidationHeaderFailureAlert

Field	Details
Trigger Condition	If Network ID Validation for Header fails, this metrics will be pegged and corresponding alert will be raised.
Severity	Major
Alert details provided	Summary: 'namespace: {{ $labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}: Network ID Validation has failed because {{ $labels.cause }}' Expression: sum(increase(ocsepp_network_id_validation_header_failure_total[2m]) >0 or (ocsepp_network_id_validation_header_failure_total unless ocsepp_network_id_validation_header_failure_total offset 2m )) by (namespace, remote_sepp_name, nf_instance_id, peer_fqdn, plmn_identifier, app, resource_uri, pod) > 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4011
Metric Used	ocsepp_network_id_validation_header_failure_total
Resolution	The alerts gets cleared when the count goes below 0. Possible Resolutions: Review CN32F logs for error codes SEPP-CN32FSEPP-ERROR-0013 or SEPP-CN32FSEPP-ERROR-0014 (indicating the incoming request was rejected with error code 406 by the CN32F microservice). Similarly, check PN32F logs for error codes SEPP-PN32FSEPP-ERROR-0016 or SEPP-PN32FSEPP-ERROR-0017 (indicating the request was rejected with error code 406 by the PN32F microservice). Ensure the correct regular expression is configured under Header/Body IE in the Cat 2 – Network ID Validation section (located under the Security Countermeasure tab in SEPP). Confirm that the PLMN ID specified in the request headers is included in the SEPP’s configured PLMN ID List. For issues related to invalid PLMN ID configurations in the body or headers, refer to 'Cat-2 Network ID Validation Feature' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.16.2 SEPPN32fNetworkIDValidationBodyIEFailureAlert

Table 5-340 SEPPN32fNetworkIDValidationBodyIEFailureAlert

Field	Details
Trigger Condition	If Network ID Validation for Body fails, this metrics will be pegged and corresponding alert will be raised.
Severity	Major
Alert details provided	Summary: 'namespace: {{ $labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}: Network ID Body Validation has failed because {{ $labels.cause }}' Expression: sum(increase(ocsepp_network_id_validation_body_failure_total[2m]) >0 or (ocsepp_network_id_validation_body_failure_total unless ocsepp_network_id_validation_body_failure_total offset 2m )) by (namespace, remote_sepp_name, nf_instance_id, peer_fqdn, plmn_identifier, app, resource_uri, pod) > 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4012
Metric Used	ocsepp_network_id_validation_body_failure_total
Resolution	The alerts gets cleared when the count goes below 0. Possible Resolutions: Review CN32F logs for error codes SEPP-CN32FSEPP-ERROR-0013 or SEPP-CN32FSEPP-ERROR-0014 (indicating the incoming request was rejected with error code 406 by the CN32F microservice). Similarly, check PN32F logs for error codes SEPP-PN32FSEPP-ERROR-0016 or SEPP-PN32FSEPP-ERROR-0017 (indicating the request was rejected with error code 406 by the PN32F microservice). Ensure the correct regular expression is configured under Header/Body IE in the Cat 2 – Network ID Validation section (located under the Security Countermeasure tab in SEPP). Confirm that the PLMN ID specified in the request headers is included in the SEPP’s configured PLMN ID List. For issues related to invalid PLMN ID configurations in the body or headers, refer to 'Cat-2 Network ID Validation Feature' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.17 Cat-3 Previous Location Check Alerts

5.3.2.17.1 SEPPPn32fPreviousLocationCheckValidationFailureAlertMinor

Table 5-341 SEPPPn32fPreviousLocationCheckValidationFailureAlertMinor

Field	Details
Trigger Condition	When previous location check validation failure error is detected between 30 to 40 Percent of total transactions, this alert will be raised.
Severity	Minor
Alert Details Provided	Summary Previous location check validation failure detected between 30 to 40 Percent of Total Transactions Expression sum(rate(ocsepp_previous_location_validation_failure_total[2m]))by(namespace)/sum(rate(ocsepp_previous_location_validation_requests_total[2m]))by(namespace)>=0.3 and sum(rate(ocsepp_previous_location_validation_failure_total[2m]))by(namespace)/sum(rate(ocsepp_previous_location_validation_requests_total[2m]))by(namespace)<0.4
OID	1.3.6.1.4.1.323.5.3.46.1.2.4032
Metric Name	ocsepp_previous_location_validation_failure_total
Resolution	The alerts gets cleared when the previous location check validation failure error does not lie between 30 to 40 percent of total transactions. Possible Resolutions: Look for the following error codes in the PN32F microservice logs: SEPP-PREVIOUS-LOCATION-CHECK-VALIDATION-ERROR-0019 SEPP-PN32FSEPP-ERROR-0018 SEPP-PREVIOUS-LOCATION-CHECK-VALIDATION-EXCEPTION-0020 Ensure that the correct regex is configured for UE ID and Serving Network ID under the Header or Body IE configuration within the Cat 3 – Previous Location Check section of the Security Countermeasure tab in the SEPP CNC Console. Check that the MCC and MNC values (configured in either the header or body) match the serving network name. These values are returned in the UDR response, so also confirm that the UDR response is successful. If Cat 3 – Previous Location Check is enabled, ensure the SUPI is present in the incoming request message. Verify the following: Confirm the UDR discovery procedure completes successfully. Ensure the FQDN or IP of the UDR is reachable. Verify the Coherence service is up and running. Make sure the SUPI falls within the IMSI range defined in the UDR profile. Ensure that DNS resolution is properly configured for the UDR discovery call, specifically for the pn32f-svc service used in subscription use cases.

5.3.2.17.2 SEPPPn32fPreviousLocationCheckValidationFailureAlertMajor

Table 5-342 SEPPPn32fPreviousLocationCheckValidationFailureAlertMajor

Field	Details
Trigger Condition	When previous location check validation failure error is detected between 40 to 50 Percent of total transactions, this alert will be raised.
Severity	Major
Alert Details Provided	Summary Previous location check validation failure detected between 40 to 50 Percent of Total Transactions Expression sum(rate(ocsepp_previous_location_validation_failure_total[2m]))by(namespace)/sum(rate(ocsepp_previous_location_validation_requests_total[2m]))by(namespace)>=0.4 and sum(rate(ocsepp_previous_location_validation_failure_total[2m]))by(namespace)/sum(rate(ocsepp_previous_location_validation_requests_total[2m]))by(namespace)<0.5
OID	1.3.6.1.4.1.323.5.3.46.1.2.4033
Metric Name	ocsepp_previous_location_validation_failure_total
Resolution	The alerts gets cleared when the previous location check validation failure error does not lie between 40 to 50 percent of total transactions. Possible Resolutions: Look for the following error codes in the PN32F microservice logs: SEPP-PREVIOUS-LOCATION-CHECK-VALIDATION-ERROR-0019 SEPP-PN32FSEPP-ERROR-0018 SEPP-PREVIOUS-LOCATION-CHECK-VALIDATION-EXCEPTION-0020 Ensure that the correct regex is configured for UE ID and Serving Network ID under the Header or Body IE configuration within the Cat 3 – Previous Location Check section of the Security Countermeasure tab in the SEPP CNC Console. Check that the MCC and MNC values (configured in either the header or body) match the serving network name. These values are returned in the UDR response, so also confirm that the UDR response is successful. If Cat 3 – Previous Location Check is enabled, ensure the SUPI is present in the incoming request message. Verify the following: Confirm the UDR discovery procedure completes successfully. Ensure the FQDN or IP of the UDR is reachable. Verify the Coherence service is up and running. Make sure the SUPI falls within the IMSI range defined in the UDR profile. Ensure that DNS resolution is properly configured for the UDR discovery call, specifically for the pn32f-svc service used in subscription use cases.

5.3.2.17.3 sEPPPn32fPrevLocChkValFailAlrtCritical

Table 5-343 sEPPPn32fPrevLocChkValFailAlrtCritical

Field	Details
Trigger Condition	When previous location check validation failure error is detected above 50 Percent of total transactions, this alert will be raised.
Severity	Critical
Alert Details Provided	Summary Previous location check validation failure detected above 50 Percent of Total Transactions Expression sum(rate(ocsepp_previous_location_validation_failure_total[2m]))by(namespace)/sum(rate(ocsepp_previous_location_validation_requests_total[2m]))by(namespace)>=0.5"
OID	1.3.6.1.4.1.323.5.3.46.1.2.4034
Metric Name	ocsepp_previous_location_validation_failure_total
Resolution	The alerts gets cleared when the previous location check validation failure error does not lie above 50 percent of total transactions. Possible Resolutions: Look for the following error codes in the PN32F microservice logs: SEPP-PREVIOUS-LOCATION-CHECK-VALIDATION-ERROR-0019 SEPP-PN32FSEPP-ERROR-0018 SEPP-PREVIOUS-LOCATION-CHECK-VALIDATION-EXCEPTION-0020 Ensure that the correct regex is configured for UE ID and Serving Network ID under the Header or Body IE configuration within the Cat 3 – Previous Location Check section of the Security Countermeasure tab in the SEPP CNC Console. Check that the MCC and MNC values (configured in either the header or body) match the serving network name. These values are returned in the UDR response, so also confirm that the UDR response is successful. If Cat 3 – Previous Location Check is enabled, ensure the SUPI is present in the incoming request message. Verify the following: Confirm the UDR discovery procedure completes successfully. Ensure the FQDN or IP of the UDR is reachable. Verify the Coherence service is up and running. Make sure the SUPI falls within the IMSI range defined in the UDR profile. Ensure that DNS resolution is properly configured for the UDR discovery call, specifically for the pn32f-svc service used in subscription use cases.

5.3.2.17.4 SEPPPn32fPreviousLocationCheckExceptionFailureAlertMinor

Table 5-344 SEPPPn32fPreviousLocationCheckExceptionFailureAlertMinor

Field	Details
Trigger Condition	When previous location check exception failure is detected between 30 to 40 Percent of total transactions, this alert will be raised.
Severity	Minor
Alert Details Provided	Summary Previous location check exception failure detected between 30 to 40 Percent of Total Transactions Expression sum(rate(ocsepp_previous_location_exception_failure_total[2m]))by(namespace)/sum(rate(ocsepp_previous_location_validation_requests_total[2m]))by(namespace)>=0.3 and sum(rate(ocsepp_previous_location_exception_failure_total[2m]))by(namespace)/sum(rate(ocsepp_previous_location_validation_requests_total[2m]))by(namespace)<0.4
OID	1.3.6.1.4.1.323.5.3.46.1.2.4035
Metric Name	ocsepp_previous_location_exception_failure_total
Resolution	The alerts gets cleared when the previous location check exception failure does not lie between 30 to 40 percent of total transactions. Possible Resolutions: Look for the following error codes in the PN32F microservice logs: SEPP-PREVIOUS-LOCATION-CHECK-VALIDATION-ERROR-0019 SEPP-PN32FSEPP-ERROR-0018 SEPP-PREVIOUS-LOCATION-CHECK-VALIDATION-EXCEPTION-0020 Ensure that the correct regex is configured for UE ID and Serving Network ID under the Header or Body IE configuration within the Cat 3 – Previous Location Check section of the Security Countermeasure tab in the SEPP CNC Console. Check that the MCC and MNC values (configured in either the header or body) match the serving network name. These values are returned in the UDR response, so also confirm that the UDR response is successful. If Cat 3 – Previous Location Check is enabled, ensure the SUPI is present in the incoming request message. Verify the following: Confirm the UDR discovery procedure completes successfully. Ensure the FQDN or IP of the UDR is reachable. Verify the Coherence service is up and running. Make sure the SUPI falls within the IMSI range defined in the UDR profile. Ensure that DNS resolution is properly configured for the UDR discovery call, specifically for the pn32f-svc service used in subscription use cases.

5.3.2.17.5 SEPPPn32fPreviousLocationCheckExceptionFailureAlertMajor

Table 5-345 SEPPPn32fPreviousLocationCheckExceptionFailureAlertMajor

Field	Details
Trigger Condition	When previous location check exception failure error is detected between 40 to 50 Percent of Total Transactions , this alert will be raised.
Severity	Major
Alert Details Provided	Summary Previous location check exception failure detected between 40 to 50 Percent of Total Transactions Expression sum(rate(ocsepp_previous_location_exception_failure_total[2m]))by(namespace)/sum(rate(ocsepp_previous_location_validation_requests_total[2m]))by(namespace)>=0.4 and sum(rate(ocsepp_previous_location_exception_failure_total[2m]))by(namespace)/sum(rate(ocsepp_previous_location_validation_requests_total[2m]))by(namespace)<0.5
OID	1.3.6.1.4.1.323.5.3.46.1.2.4036
Metric Name	ocsepp_previous_location_exception_failure_total
Resolution	The alerts gets cleared when the previous location check exception failure error does not lie between 40 to 50 percent of total transactions. Possible Resolutions: Look for the following error codes in the PN32F microservice logs: SEPP-PREVIOUS-LOCATION-CHECK-VALIDATION-ERROR-0019 SEPP-PN32FSEPP-ERROR-0018 SEPP-PREVIOUS-LOCATION-CHECK-VALIDATION-EXCEPTION-0020 Ensure that the correct regex is configured for UE ID and Serving Network ID under the Header or Body IE configuration within the Cat 3 – Previous Location Check section of the Security Countermeasure tab in the SEPP CNC Console. Check that the MCC and MNC values (configured in either the header or body) match the serving network name. These values are returned in the UDR response, so also confirm that the UDR response is successful. If Cat 3 – Previous Location Check is enabled, ensure the SUPI is present in the incoming request message. Verify the following: Confirm the UDR discovery procedure completes successfully. Ensure the FQDN or IP of the UDR is reachable. Verify the Coherence service is up and running. Make sure the SUPI falls within the IMSI range defined in the UDR profile. Ensure that DNS resolution is properly configured for the UDR discovery call, specifically for the pn32f-svc service used in subscription use cases.

5.3.2.17.6 sEPPPn32fPrevLoChkExcepFailAlrtCritical

Table 5-346 sEPPPn32fPrevLoChkExcepFailAlrtCritical

Field	Details
Trigger Condition	When previous location check exception failure error is detected above 50 Percent of total transactions, this alert will be raised.
Severity	Critical
Alert Details Provided	Summary Previous location check exception failure detected above 50 Percent of Total Transactions Expression sum(rate(ocsepp_previous_location_exception_failure_total[2m]))by(namespace)/sum(rate(ocsepp_previous_location_validation_requests_total[2m]))by(namespace)>=0.5
OID	1.3.6.1.4.1.323.5.3.46.1.2.4037
Metric Name	ocsepp_previous_location_exception_failure_total
Resolution	The alerts gets cleared when the previous location check exception failure error does not lie above 50 percent of total transactions. Possible Resolutions: Look for the following error codes in the PN32F microservice logs: SEPP-PREVIOUS-LOCATION-CHECK-VALIDATION-ERROR-0019 SEPP-PN32FSEPP-ERROR-0018 SEPP-PREVIOUS-LOCATION-CHECK-VALIDATION-EXCEPTION-0020 Ensure that the correct regex is configured for UE ID and Serving Network ID under the Header or Body IE configuration within the Cat 3 – Previous Location Check section of the Security Countermeasure tab in the SEPP CNC Console. Check that the MCC and MNC values (configured in either the header or body) match the serving network name. These values are returned in the UDR response, so also confirm that the UDR response is successful. If Cat 3 – Previous Location Check is enabled, ensure the SUPI is present in the incoming request message. Verify the following: Confirm the UDR discovery procedure completes successfully. Ensure the FQDN or IP of the UDR is reachable. Verify the Coherence service is up and running. Make sure the SUPI falls within the IMSI range defined in the UDR profile. Ensure that DNS resolution is properly configured for the UDR discovery call, specifically for the pn32f-svc service used in subscription use cases.

5.3.2.18 Cat-3 Time Check for Roaming Subscribers

5.3.2.18.1 pn32fTimeUnauthLocChkValFailAlrtMinor

Table 5-347 pn32fTimeUnauthLocChkValFailAlrtMinor

Field	Details
Trigger Condition	Triggered in case of a minor failure for Cat-3Time Unauthenticated Location Check.
Severity	Minor
Alert Details Provided	Summary namespace: {{ $labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} Expression sum by (namespace, nf_instance_id, app, pod) (increase(ocsepp_time_unauthenticated_location_validation_failure_total[2m]) or ocsepp_time_unauthenticated_location_validation_failure_total unless ocsepp_time_unauthenticated_location_validation_failure_total offset 2m) >= 1 and sum by (namespace, nf_instance_id, app, pod) (increase(ocsepp_time_unauthenticated_location_validation_failure_total[2m]) or ocsepp_time_unauthenticated_location_validation_failure_total unless ocsepp_time_unauthenticated_location_validation_failure_total offset 2m) <= 10
OID	1.3.6.1.4.1.323.5.3.46.1.2.4055
Metric Name	ocsepp_time_unauthenticated_location_validation_failure_total
Resolution	The alert gets cleared when the failure count is above 10. Possible Resolutions: Ensure that the Cat-3 Time Check for Roaming Subscribers is enabled at both the global and remote levels. For configuration issues and detailed analysis, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide . Confirm that SUPI or SUCI is included in the incoming message. The UDM and UDR discovery procedures (FQDN or IP of UDR) must be successful and reachable. Verify the following: Verify that the Coherence service is operational. Ensure the SUPI falls within the IMSI range defined in the UDR profile. Confirm that the routing indicator from the SUCI matches the routingIndicator in the UDM profile. DNS Resolution Confirm proper DNS resolution for the UDR discovery call, particularly for the pn32f-svc service used in subscription scenarios. Ensure the supi Or Suci and servingNetworkName (including MCC/MNC) are present in the NAUSF request JSON body. Verify that the UDR response is successful and that the servingNetworkName values match. If the request is rejected, verify whether the rejection might be caused by mismatched units of measurement.

5.3.2.18.2 pn32fTimeUnauthLocChkValFailAlrtMajor

Table 5-348 pn32fTimeUnauthLocChkValFailAlrtMajor

Field	Details
Trigger Condition	Triggered in case of a major failure for Cat-3 Time Unauthenticated Location Check.
Severity	Major
Alert Details Provided	Summary namespace: {{ $labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} Expression sum by (namespace, nf_instance_id, app, pod) (increase(ocsepp_time_unauthenticated_location_validation_failure_total[2m]) or ocsepp_time_unauthenticated_location_validation_failure_total unless ocsepp_time_unauthenticated_location_validation_failure_total offset 2m) >= 11 and sum by (namespace, nf_instance_id, app, pod) (increase(ocsepp_time_unauthenticated_location_validation_failure_total[2m]) or ocsepp_time_unauthenticated_location_validation_failure_total unless ocsepp_time_unauthenticated_location_validation_failure_total offset 2m) <= 50
OID	1.3.6.1.4.1.323.5.3.46.1.2.4056
Metric Name	ocsepp_time_unauthenticated_location_validation_failure_total
Resolution	The alert gets cleared when the failure count is not in between 10 and 50. Possible Resolutions: Ensure that the Cat-3 Time Check for Roaming Subscribers is enabled at both the global and remote levels. For configuration issues and detailed analysis, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide . Confirm that SUPI or SUCI is included in the incoming message. The UDM and UDR discovery procedures (FQDN or IP of UDR) must be successful and reachable. Verify the following: Verify that the Coherence service is operational. Ensure the SUPI falls within the IMSI range defined in the UDR profile. Confirm that the routing indicator from the SUCI matches the routingIndicator in the UDM profile. DNS Resolution Confirm proper DNS resolution for the UDR discovery call, particularly for the pn32f-svc service used in subscription scenarios. Ensure the supi Or Suci and servingNetworkName (including MCC/MNC) are present in the NAUSF request JSON body. Verify that the UDR response is successful and that the servingNetworkName values match. If the request is rejected, verify whether the rejection might be caused by mismatched units of measurement.

5.3.2.18.3 pn32fTimeUnauthLocChkValFailAlrtCritical

Table 5-349 pn32fTimeUnauthLocChkValFailAlrtCritical

Field	Details
Trigger Condition	Triggered in case of a critical failure for Cat-3 Time Unauthenticated Location Check.
Severity	Critical
Alert Details Provided	Summary namespace: {{ $labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} Expression `sum(increase(ocsepp_time_unauthenticated_location_validation_failure_total[2m]) or ocsepp_time_unauthenticated_location_validation_failure_total unless ocsepp_time_unauthenticated_location_validation_failure_total offset 2m ) by (namespace,nf_instance_id,app,pod) >=51`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4057
Metric Name	ocsepp_time_unauthenticated_location_validation_failure_total
Resolution	The alert gets cleared when the failure count is below 51. Possible Resolutions: Ensure that the Cat-3 Time Check for Roaming Subscribers is enabled at both the global and remote levels. For configuration issues and detailed analysis, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide . Confirm that SUPI or SUCI is included in the incoming message. The UDM and UDR discovery procedures (FQDN or IP of UDR) must be successful and reachable. Verify the following: Verify that the Coherence service is operational. Ensure the SUPI falls within the IMSI range defined in the UDR profile. Confirm that the routing indicator from the SUCI matches the routingIndicator in the UDM profile. DNS Resolution Confirm proper DNS resolution for the UDR discovery call, particularly for the pn32f-svc service used in subscription scenarios. Ensure the supi Or Suci and servingNetworkName (including MCC/MNC) are present in the NAUSF request JSON body. Verify that the UDR response is successful and that the servingNetworkName values match. If the request is rejected, verify whether the rejection might be caused by mismatched units of measurement.

5.3.2.18.4 pn32fTimeUnauthLocChkExcepFailAlrtMinor

Table 5-350 pn32fTimeUnauthLocChkExcepFailAlrtMinor

Field	Details
Trigger Condition	Triggered in case of a minor exception for Cat-3 Time Unauthenticated Location Check.
Severity	Minor
Alert Details Provided	Summary namespace: {{ $labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} Expression sum by (namespace, nf_instance_id, app, pod) (increase(ocsepp_time_unauthenticated_location_exception_failure_total[2m]) or ocsepp_time_unauthenticated_location_exception_failure_total unless ocsepp_time_unauthenticated_location_exception_failure_total offset 2m) >= 1 and sum by (namespace, nf_instance_id, app, pod) (increase(ocsepp_time_unauthenticated_location_exception_failure_total[2m]) or ocsepp_time_unauthenticated_location_exception_failure_total unless ocsepp_time_unauthenticated_location_exception_failure_total offset 2m) <= 10
OID	1.3.6.1.4.1.323.5.3.46.1.2.4058
Metric Name	ocsepp_time_unauthenticated_location_exception_failure_total
Resolution	The alert gets cleared when the exception count is above 10. Possible Resolutions: Ensure that the Cat-3 Time Check for Roaming Subscribers is enabled at both the global and remote levels. For configuration issues and detailed analysis, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide . Confirm that SUPI or SUCI is included in the incoming message. The UDM and UDR discovery procedures (FQDN or IP of UDR) must be successful and reachable. Verify the following: Verify that the Coherence service is operational. Ensure the SUPI falls within the IMSI range defined in the UDR profile. Confirm that the routing indicator from the SUCI matches the routingIndicator in the UDM profile. DNS Resolution Confirm proper DNS resolution for the UDR discovery call, particularly for the pn32f-svc service used in subscription scenarios. Ensure the supi Or Suci and servingNetworkName (including MCC/MNC) are present in the NAUSF request JSON body. Verify that the UDR response is successful and that the servingNetworkName values match. If the request is rejected, verify whether the rejection might be caused by mismatched units of measurement.

5.3.2.18.5 pn32fTimeUnauthLocChkExcepFailAlrtMajor

Table 5-351 pn32fTimeUnauthLocChkExcepFailAlrtMajor

Field	Details
Trigger Condition	Triggered in case of a major exception for Cat-3 Time Unauthenticated Location Check.
Severity	Major
Alert Details Provided	Summary namespace: {{ $labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} Expression sum by (namespace, nf_instance_id, app, pod) (increase(ocsepp_time_unauthenticated_location_exception_failure_total[2m]) or ocsepp_time_unauthenticated_location_exception_failure_total unless ocsepp_time_unauthenticated_location_exception_failure_total offset 2m) >= 11 and sum by (namespace, nf_instance_id, app, pod) (increase(ocsepp_time_unauthenticated_location_exception_failure_total[2m]) or ocsepp_time_unauthenticated_location_exception_failure_total unless ocsepp_time_unauthenticated_location_exception_failure_total offset 2m) <= 50
OID	1.3.6.1.4.1.323.5.3.46.1.2.4059
Metric Name	ocsepp_time_unauthenticated_location_exception_failure_total
Resolution	The alert gets cleared when the exception count is not in between 10 and 50. Possible Resolutions: Ensure that the Cat-3 Time Check for Roaming Subscribers is enabled at both the global and remote levels. For configuration issues and detailed analysis, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide . Confirm that SUPI or SUCI is included in the incoming message. The UDM and UDR discovery procedures (FQDN or IP of UDR) must be successful and reachable. Verify the following: Verify that the Coherence service is operational. Ensure the SUPI falls within the IMSI range defined in the UDR profile. Confirm that the routing indicator from the SUCI matches the routingIndicator in the UDM profile. DNS Resolution Confirm proper DNS resolution for the UDR discovery call, particularly for the pn32f-svc service used in subscription scenarios. Ensure the supi Or Suci and servingNetworkName (including MCC/MNC) are present in the NAUSF request JSON body. Verify that the UDR response is successful and that the servingNetworkName values match. If the request is rejected, verify whether the rejection might be caused by mismatched units of measurement.

5.3.2.18.6 pn32fTimeUnauthLocChkExcepFailAlrtCritical

Table 5-352 pn32fTimeUnauthLocChkExcepFailAlrtCritical

Field	Details
Trigger Condition	Triggered in case of a critical exception for Cat-3 Time Unauthenticated Location Check.
Severity	Critical
Alert Details Provided	Summary namespace: {{ $labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }} Expression `sum(increase(ocsepp_time_unauthenticated_location_exception_failure_total[2m]) or ocsepp_time_unauthenticated_location_exception_failure_total unless ocsepp_time_unauthenticated_location_exception_failure_total offset 2m ) by (namespace,nf_instance_id,app,pod) >=51`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4060
Metric Name	ocsepp_time_unauthenticated_location_exception_failure_total
Resolution	The alert gets cleared when the exception count is below 51. Possible Resolutions: Ensure that the Cat-3 Time Check for Roaming Subscribers is enabled at both the global and remote levels. For configuration issues and detailed analysis, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide . Confirm that SUPI or SUCI is included in the incoming message. The UDM and UDR discovery procedures (FQDN or IP of UDR) must be successful and reachable. Verify the following: Verify that the Coherence service is operational. Ensure the SUPI falls within the IMSI range defined in the UDR profile. Confirm that the routing indicator from the SUCI matches the routingIndicator in the UDM profile. DNS Resolution Confirm proper DNS resolution for the UDR discovery call, particularly for the pn32f-svc service used in subscription scenarios. Ensure the supi Or Suci and servingNetworkName (including MCC/MNC) are present in the NAUSF request JSON body. Verify that the UDR response is successful and that the servingNetworkName values match. If the request is rejected, verify whether the rejection might be caused by mismatched units of measurement.

5.3.2.19 Rate Limiting for Egress Roaming Signaling per PLMN Alerts

5.3.2.19.1 EgressRequestRateLimitDropAbove10Percent

Table 5-353 EgressRequestRateLimitDropAbove10Percent

Field	Details
Trigger Condition	If a request is dropped due to the tokens in the bucket are exhausted and drop rate per PLMN is detected above 10 percent of total transactions of that PLMN, oc_ingressgateway_plmn_egress_ratelimit_total metric will be pegged and corresponding alert will be raised.
Severity	Minor
Alert Details Provided	Summary Egress Rate Limiting Request Drop Rate detected per PLMN above 10 Percent of Total Transactions Expression sum(rate(oc_ingressgateway_plmn_egress_ratelimit_total{Status="ERL_MATCH_NO_TOKEN_LOW_PRI_REJECT"}[5m])) by (EgressRateLimitList,PLMN_ID,namespace)/sum(rate(oc_ingressgateway_plmn_egress_ratelimit_total[5m])) by (EgressRateLimitList,PLMN_ID,namespace) *100 >= 10 < 25
OID	1.3.6.1.4.1.323.5.3.46.1.2.4039
Metric Name	oc_ingressgateway_plmn_egress_ratelimit_total
Resolution	The alerts gets cleared when the count goes down. Possible resolutions: If the traffic is being forwarded even if tokens for the Egress Rate Limiting List are exhausted, do the following: Verify the 3gpp-Sbi-Message-Priority header of the request. If the priority in the header is less than Discard Message Priority property of the message in the Egress Rate Limiting List, then the message is not dropped. If the 3gpp-Sbi-Message-Priority header is not present, then the priority is checked in the route configuration. If a value for 3gpp-Sbi-Message-Priority is present in the route configuration, then the above mentioned condition is considered and the same solution is applied. If the priority is unknown for the request, 24 is considered as the default value for the request priority, then, the same condition as above is applied. 2. For further details and configuration related issues, please <refer troubleshooting> For all configuration related and additional information, refer ' Rate Limiting for Egress Roaming Signaling per PLMN feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.19.2 EgressRequestRateLimitDropAbove25Percent

Table 5-354 EgressRequestRateLimitDropAbove25Percent

Field	Details
Trigger Condition	If a request is dropped due to the tokens in the bucket are exhausted and drop rate per PLMN is detected above 25 percent of total transactions of that PLMN, oc_ingressgateway_plmn_egress_ratelimit_total metric will be pegged and corresponding alert will be raised.
Severity	Major
Alert Details Provided	Summary Egress Rate Limiting Request Drop Rate detected per PLMN above 25 Percent of Total Transactions Expression sum(rate(oc_ingressgateway_plmn_egress_ratelimit_total{Status="ERL_MATCH_NO_TOKEN_LOW_PRI_REJECT"}[5m])) by (EgressRateLimitList,PLMN_ID,namespace)/sum(rate(oc_ingressgateway_plmn_egress_ratelimit_total[5m])) by (EgressRateLimitList,PLMN_ID,namespace) *100 >= 10 < 25
OID	1.3.6.1.4.1.323.5.3.46.1.2.4040
Metric Name	oc_ingressgateway_plmn_egress_ratelimit_total
Resolution	The alerts gets cleared when the count goes down. Possible resolutions: If the traffic is being forwarded even if tokens for the Egress Rate Limiting List are exhausted, do the following: Verify the 3gpp-Sbi-Message-Priority header of the request. If the priority in the header is less than Discard Message Priority property of the message in the Egress Rate Limiting List, then the message is not dropped. If the 3gpp-Sbi-Message-Priority header is not present, then the priority is checked in the route configuration. If a value for 3gpp-Sbi-Message-Priority is present in the route configuration, then the above mentioned condition is considered and the same solution is applied. If the priority is unknown for the request, 24 is considered as the default value for the request priority, then, the same condition as above is applied. 2. For further details and configuration related issues, please <refer troubleshooting> For all configuration related and additional information, refer ' Rate Limiting for Egress Roaming Signaling per PLMN feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.19.3 EgressRequestRateLimitDropAbove50Percent

Table 5-355 EgressRequestRateLimitDropAbove50Percent

Fields	Details
Trigger Condition	If a request is dropped due to the tokens in the bucket are exhausted and the drop rate per PLMN is detected above 50 percent of total transactions of that PLMN, oc_ingressgateway_plmn_egress_ratelimit_total metric will be pegged and corresponding alert will be raised.
Severity	Critical
Alert Details Provided	Summary Egress Rate Limiting Request Drop Rate detected per PLMN above 50 Percent of Total Transactions Expression sum(rate(oc_ingressgateway_plmn_egress_ratelimit_total{Status="ERL_MATCH_NO_TOKEN_LOW_PRI_REJECT"}[5m])) by (EgressRateLimitList,PLMN_ID,namespace)/sum(rate(oc_ingressgateway_plmn_egress_ratelimit_total[5m])) by (EgressRateLimitList,PLMN_ID,namespace) *100 >= 50
OID	1.3.6.1.4.1.323.5.3.46.1.2.4041
Metric Name	oc_ingressgateway_plmn_egress_ratelimit_total
Resolution	The alerts gets cleared when the count goes down. Possible resolutions: If the traffic is being forwarded even if tokens for the Egress Rate Limiting List are exhausted, do the following: Verify the 3gpp-Sbi-Message-Priority header of the request. If the priority in the header is less than Discard Message Priority property of the message in the Egress Rate Limiting List, then the message is not dropped. If the 3gpp-Sbi-Message-Priority header is not present, then the priority is checked in the route configuration. If a value for 3gpp-Sbi-Message-Priority is present in the route configuration, then the above mentioned condition is considered and the same solution is applied. If the priority is unknown for the request, 24 is considered as the default value for the request priority, then, the same condition as above is applied. 2. For further details and configuration related issues, please <refer troubleshooting> For all configuration related and additional information, refer ' Rate Limiting for Egress Roaming Signaling per PLMN feature' section in the Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.20 Separate Port Configurations for N32c and N32f on the Egress Routes Alerts

5.3.2.20.1 EgressInterfaceConnectionFailure

Table 5-356 EgressInterfaceConnectionFailure

Field	Details
Trigger Condition	If the destination host and port mentioned in the Remote profile are unreachable or not available, then the alert will be raised.
Severity	Major
Alert Details Provided	Summary: Egress connection failure on the interface Expression: sum(increase(oc_egressgateway_connection_failure_total{app="n32-egress-gateway"}[5m])) by (namespace,app,Host,Port) >0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4042
Metric Name	oc_egressgateway_connection_failure_total
Resolution	Possible resolutions: If the Remote SEPP is changed with new fields of N32F configuration, and the traffic is uneven after changing the profile, check: whether the Remote SEPP Set is created correctly. if the configuration is stored inside the database correctly. Verify in the database that the routes at n32-egress-gateway are updated according to the new configuration done at Remote SEPP. For more details, refer 'Separate Port Configurations for N32c and N32f on the Egress Routes' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.21 Support for TLS 1.3

5.3.2.21.1 SEPPConnectionFailurePLMNIGWAlert

Table 5-357 SEPPConnectionFailurePLMNIGWAlert

Field	Details
Trigger Condition	Connection failure occurs for incoming traffic at PLMN Ingress Gateway
Severity	Major
Alert details provided	Summary: `namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}: Incoming connection failure on plmn-ingress-gateway due to {{ $labels.error_reason }}` Expression: `sum(increase(oc_ingressgateway_connection_failure_total{app="plmn-ingress-gateway"}[5m]) >0 or (oc_ingressgateway_connection_failure_total{app="plmn-ingress-gateway"} unless oc_ingressgateway_connection_failure_total{app="plmn-ingress-gateway"} offset 5m )) by (namespace,app) > 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4043
Metric used	oc_ingressgateway_connection_failure_total
Resolution	After resolving the reason for the connection failure, this alert will be removed. Possible resolutions: If SSLHandshakeException or SSLException error is observed, verify that both the server and client have one common TLS version supported. If a common TLS version is supported, then check if both the client and server have compatible cipher suites. Also, ensure that CA certificate of server must be present inside client's truststore. For more details, refer 'Support for TLS 1.3' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.21.2 SEPPConnectionFailureN32IGWAlert

Table 5-358 SEPPConnectionFailureN32IGWAlert

Field	Details
Trigger Condition	Connection failure occurs for incoming traffic at N32 Ingress Gateway
Severity	Major
Alert details provided	Summary: `namespace: {{$labels.namespace}}, timestamp: {{ with query "time()" }}{{ . \| first \| value \| humanizeTimestamp }}{{ end }}: Incoming connection failure on n32-ingress-gateway due to {{ $labels.error_reason }}` Expression: `sum(increase(oc_ingressgateway_connection_failure_total{app="n32-ingress-gateway"}[5m]) >0 or (oc_ingressgateway_connection_failure_total{app="n32-ingress-gateway"} unless oc_ingressgateway_connection_failure_total{app="n32-ingress-gateway"} offset 5m )) by (namespace,app) > 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4044
Metric used	oc_ingressgateway_connection_failure_total
Resolution	After resolving the reason for connection failure, this alert will be removed. Possible resolutions: If SSLHandshakeException or SSLException error is observed, verify that both the server and client have one common TLS version supported. If a common TLS version is supported, then check if both the client and server have compatible cipher suites. Also, ensure that CA certificate of server must be present inside client's truststore. For more details, refer 'Support for TLS 1.3' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.21.3 SEPPX509CertificateExpiryAlertMinor

Table 5-359 SEPPX509CertificateExpiryAlertMinor

Field	Details
Trigger Condition	When TLS certificate is valid for only 6 months before expiration.
Severity	Minor
Alert details provided	Summery: `Certificate expiry in less than 6 months` Expression: `security_cert_x509_expiration_seconds - time() <= 15724800`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4045
Metric used	security_cert_x509_expiration_seconds
Resolution	Only after certificates have been updated, this alert will be removed. Possible resolutions: If SSLHandshakeException or SSLException error is observed, verify that both the server and client have one common TLS version supported. If a common TLS version is supported, then check if both the client and server have compatible cipher suites. Also, ensure that CA certificate of server must be present inside client's truststore. For more details, refer 'Support for TLS 1.3' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.21.4 SEPPX509CertificateExpiryAlertMajor

Table 5-360 SEPPX509CertificateExpiryAlertMajor

Field	Details
Trigger Condition	When TLS certificate is valid for only 3 months before expiration.
Severity	Major
Alert details provided	Summery: `Certificate expiry in less than 3 months` Expression: `security_cert_x509_expiration_seconds - time() <= 7862400`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4046
Metric used	security_cert_x509_expiration_seconds
Resolution	Only after certificates have been updated, this alert will be removed. Possible resolutions: If SSLHandshakeException or SSLException error is observed, verify that both the server and client have one common TLS version supported. If a common TLS version is supported, then check if both the client and server have compatible cipher suites. Also, ensure that CA certificate of server must be present inside client's truststore. For more details, refer 'Support for TLS 1.3' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.21.5 SEPPX509CertificateExpiryAlertCritical

Table 5-361 SEPPX509CertificateExpiryAlertCritical

Field	Details
Trigger Condition	When TLS certificate is valid for only 1 month before expiration.
Severity	Critical
Alert details provided	Summery: `Certificate expiry in less than 1 month` Expression: `security_cert_x509_expiration_seconds - time() <= 2592000`
OID	`1.3.6.1.4.1.323.5.3.46.1.2.4047`
Metric used	security_cert_x509_expiration_seconds
Resolution	Only after certificates have been updated, this alert will be removed. Possible resolutions: If SSLHandshakeException or SSLException error is observed, verify that both the server and client have one common TLS version supported. If a common TLS version is supported, then check if both the client and server have compatible cipher suites. Also, ensure that CA certificate of server must be present inside client's truststore. For more details, refer 'Support for TLS 1.3' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.22 Multiple SEPP Instances on Shared cnDBTier Cluster Alerts

5.3.2.22.1 Cn32fConnectionFailureWithDatabaseAlert

Table 5-362 Cn32fConnectionFailureWithDatabaseAlert

Field	Details
Trigger Condition	ocsepp_cn32f_database_connectivity_healthy = 0
Severity	Major
Alert Details Provided	Summary: Alert is raised when connectivity is broken between CN32f and cnDBTier. Metric value is pegged as 0 and then alert is raised. Expression: ocsepp_cn32f_database_connectivity_healthy == 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4050
Metric Name	ocsepp_cn32f_database_connectivity_healthy
Resolution	Possible resolutions: Verify services status to ensure that all services are running in the namespace where cnDBTier is deployed. Check table creation to confirm that required tables are created in the database. To verify whether the services are connected to correct database and namespace, run `kubectl get deploy deploymentName -n namespace` , and search for `spring.datasource.url` parameter and check the value. For more details, refer 'Multiple SEPP instances on Shared cnDBTier Cluster' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.22.2 Cn32cConnectionFailureWithDatabaseAlert

Table 5-363 Cn32cConnectionFailureWithDatabaseAlert

Field	Details
Trigger Condition	ocsepp_cn32c_database_connectivity_healthy == 0
Severity	Major
Alert Details Provided	Summary: Alert is raised when connectivity is broken between CN32c and cnDBTier for more than 30 seconds. Metric value is pegged as 0 and then alert is raised. Expression: ocsepp_cn32c_database_connectivity_healthy == 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4051
Metric Name	ocsepp_cn32c_database_connectivity_healthy
Resolution	Possible resolutions: Verify services status to ensure that all services are running in the namespace where cnDBTier is deployed. Check table creation to confirm that required tables are created in the database. To verify whether the services are connected to correct database and namespace, run `kubectl get deploy deploymentName -n namespace` , and search for `spring.datasource.url` parameter and check the value. For more details, refer 'Multiple SEPP instances on Shared cnDBTier Cluster' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.22.3 Pn32fConnectionFailureWithDatabaseAlert

Table 5-364 Pn32fConnectionFailureWithDatabaseAlert

Field	Details
Trigger Condition	ocsepp_pn32f_database_connectivity_healthy == 0
Severity	Major
Alert Details Provided	Summary: Alert is raised when connectivity is broken between PN32F and cnDBTier for more than 30 seconds. Metric value is pegged as 0 and then alert is raised. Expression: ocsepp_pn32f_database_connectivity_healthy == 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4052
Metric Name	ocsepp_pn32f_database_connectivity_healthy
Resolution	Possible resolutions: Verify services status to ensure that all services are running in the namespace where cnDBTier is deployed. Check table creation to confirm that required tables are created in the database. To verify whether the services are connected to correct database and namespace, run `kubectl get deploy deploymentName -n namespace` , and search for `spring.datasource.url` parameter and check the value. For more details, refer 'Multiple SEPP instances on Shared cnDBTier Cluster' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.22.4 Pn32cConnectionFailureWithDatabaseAlert

Table 5-365 Pn32cConnectionFailureWithDatabaseAlert

Field	Details
Trigger Condition	ocsepp_pn32c_database_connectivity_healthy == 0
Severity	Major
Alert Details Provided	Summary: Alert is raised when connectivity is broken between PN32C and cnDBTier for more than 30 seconds. Metric value is pegged as 0 and then alert is raised. Expression: ocsepp_pn32c_database_connectivity_healthy == 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4053
Metric Name	ocsepp_pn32c_database_connectivity_healthy
Resolution	Possible resolutions: Verify services status to ensure that all services are running in the namespace where cnDBTier is deployed. Check table creation to confirm that required tables are created in the database. To verify whether the services are connected to correct database and namespace, run `kubectl get deploy deploymentName -n namespace` , and search for `spring.datasource.url` parameter and check the value. For more details, refer 'Multiple SEPP instances on Shared cnDBTier Cluster' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.22.5 cfgMgrConnFailureWithDBAlert

Table 5-366 cfgMgrConnFailureWithDBAlert

Field	Details
Trigger Condition	ocsepp_configmgr_database_connectivity_healthy == 0
Severity	Major
Alert Details Provided	Summary: Alert is raised when connectivity is broken between PN32C and cnDBTier for more than 30 seconds. Metric value is pegged as 0 and then alert is raised. Expression: ocsepp_configmgr_database_connectivity_healthy == 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4054
Metric Name	ocsepp_configmgr_database_connectivity_healthy== 0
Resolution	Possible resolutions: Verify services status to ensure that all services are running in the namespace where cnDBTier is deployed. Check table creation to confirm that required tables are created in the database. To verify whether the services are connected to correct database and namespace, run `kubectl get deploy deploymentName -n namespace` , and search for `spring.datasource.url` parameter and check the value. For more details, refer 'Multiple SEPP instances on Shared cnDBTier Cluster' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.22.6 cn32fIncorrectDbConf

Table 5-367 cn32fIncorrectDbConf

Field	Details
Trigger Condition	This alert will be raised when incorrect database configuration provided for cn32f service and resulting in connection failure with database.
Severity	Major
Alert Details Provided	Summary: Due to incorrect database configuration, connection failed with database. Expression: (up{app="cn32f-svc"} unless on (namespace) absent(hikaricp_connections{app="cn32f-svc"})) == 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4057
Metric Name	NA
Resolution	Possible resolutions: Verify the `ocsepp_custom_values_<version>.yaml` file to ensure that the correct namespace where cnDBTier is installed is specified, and the database names are also correct. Example: `seppDbName: &dbNameRef "seppdb_user1_sepp" seppBackupDbName: &backupDbNameRef "seppbackupdb_user1_sepp" mysql: primary: host: &mySqlHostRef "mysql-connectivity-service.cndb-sepp" # Ensure the namespace is correct in which cndb should get installed.` For more details, refer 'Multiple SEPP instances on Shared cnDBTier Cluster' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.22.7 cn32cIncorrectDbConf

Table 5-368 cn32cIncorrectDbConf

Field	Details
Trigger Condition	This alert will be raised when incorrect database configuration provided for cn32c service and resulting in connection failure with database.
Severity	Major
Alert Details Provided	Summary: Due to incorrect database configuration, connection failed with database. Expression: (up{app="cn32c-svc"} unless on (namespace) absent(hikaricp_connections{app="cn32c-svc"})) == 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4056
Metric Name	NA
Resolution	Possible resolutions: Verify the `ocsepp_custom_values_<version>.yaml` file to ensure that the correct namespace where cnDBTier is installed is specified, and the database names are also correct. Example: `seppDbName: &dbNameRef "seppdb_user1_sepp" seppBackupDbName: &backupDbNameRef "seppbackupdb_user1_sepp" mysql: primary: host: &mySqlHostRef "mysql-connectivity-service.cndb-sepp" # Ensure the namespace is correct in which cndb should get installed.` For more details, refer 'Multiple SEPP instances on Shared cnDBTier Cluster' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.22.8 pn32fIncorrectDbConf

Table 5-369 pn32fIncorrectDbConf

Field	Details
Trigger Condition	This alert will be raised when incorrect database configuration provided for pn32f service and resulting in connection failure with database.
Severity	Major
Alert Details Provided	Summary: Due to incorrect database configuration, connection failed with database. Expression: (up{app="pn32f-svc"} unless on (namespace) absent(hikaricp_connections{app="pn32f-svc"})) == 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4058
Metric Name	NA
Resolution	Possible resolutions: Verify the `ocsepp_custom_values_<version>.yaml` file to ensure that the correct namespace where cnDBTier is installed is specified, and the database names are also correct. Example: `seppDbName: &dbNameRef "seppdb_user1_sepp" seppBackupDbName: &backupDbNameRef "seppbackupdb_user1_sepp" mysql: primary: host: &mySqlHostRef "mysql-connectivity-service.cndb-sepp" # Ensure the namespace is correct in which cndb should get installed.` For more details, refer 'Multiple SEPP instances on Shared cnDBTier Cluster' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.22.9 pn32cIncorrectDbConf

Table 5-370 pn32cIncorrectDbConf

Field	Details
Trigger Condition	This alert will be raised when incorrect database configuration provided for pn32c service and resulting in connection failure with database.
Severity	Major
Alert Details Provided	Summary: Due to incorrect database configuration, connection failed with database. Expression: (up{app="pn32c-svc"} unless on (namespace) absent(hikaricp_connections{app="pn32c-svc"})) == 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4059
Metric Name	NA
Resolution	Possible resolutions: Verify the `ocsepp_custom_values_<version>.yaml` file to ensure that the correct namespace where cnDBTier is installed is specified, and the database names are also correct. Example: `seppDbName: &dbNameRef "seppdb_user1_sepp" seppBackupDbName: &backupDbNameRef "seppbackupdb_user1_sepp" mysql: primary: host: &mySqlHostRef "mysql-connectivity-service.cndb-sepp" # Ensure the namespace is correct in which cndb should get installed.` For more details, refer 'Multiple SEPP instances on Shared cnDBTier Cluster' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.22.10 cfgMgrIncorrectDbConf

Table 5-371 cfgMgrIncorrectDbConf

Field	Details
Trigger Condition	This alert will be raised when incorrect database configuration provided for config manager service and resulting in connection failure with database.
Severity	Major
Alert Details Provided	Summary: Due to incorrect database configuration, connection failed with database. Expression: (up{app="config-mgr-svc"} unless on (namespace) absent(hikaricp_connections{app="config-mgr-svc"})) == 0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4055
Metric Name	NA
Resolution	Possible resolutions: Verify the `ocsepp_custom_values_<version>.yaml` file to ensure that the correct namespace where cnDBTier is installed is specified, and the database names are also correct. Example: `seppDbName: &dbNameRef "seppdb_user1_sepp" seppBackupDbName: &backupDbNameRef "seppbackupdb_user1_sepp" mysql: primary: host: &mySqlHostRef "mysql-connectivity-service.cndb-sepp" # Ensure the namespace is correct in which cndb should get installed.` For more details, refer 'Multiple SEPP instances on Shared cnDBTier Cluster' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.22.11 coherenceIncorrectDbConf

Table 5-372 coherenceIncorrectDbConf

Field	Details
Trigger Condition	This alert will be raised when incorrect database configuration provided for coherence service and resulting in connection failure with database.
Severity	Major
Alert details provided	Summary: Due to incorrect database configuration, connection failed with database. Expression: `(up{app="coherence-svc",namespace="sepp-namespace"} unless on (namespace) absent(hikaricp_connections{app="coherence-svc"})) == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4091
Metric Used	NA
Resolution	Possible Resolutions: Verify the `ocsepp_custom_values_<version>.yaml` file to ensure that the correct namespace where cnDBTier is installed is specified, and the database names are also correct. Example: `seppDbName: &dbNameRef "seppdb_user1_sepp" seppBackupDbName: &backupDbNameRef "seppbackupdb_user1_sepp" mysql: primary: host: &mySqlHostRef "mysql-connectivity-service.cndb-sepp" # Ensure the namespace is correct in which cndb should get installed.` For more details, refer 'Multiple SEPP instances on Shared cnDBTier Cluster' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.22.12 coherenceConnFailureWithDBAlert

Table 5-373 coherenceConnFailureWithDBAlert

Field	Details
Trigger Condition	This alert will be raised when connectivity is broken between coherence and cnDBTier for more than 30 seconds. Metric value is pegged as 0 and then alert is raised.
Severity	Major
Alert details provided	Expression: `ocsepp_coherence_database_connectivity_healthy{namespace="sepp-namespace"} == 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4092
Metric Used	NA
Resolution	Possible Resolutions: Verify services status to ensure that all services are running in the namespace where cnDBTier is deployed. Check table creation to confirm that required tables are created in the database. Run the following command to check table creation to confirm that required tables are created in the database: `kubectl get deploy deploymentName -n namespace` and search for `spring.datasource.url` parameter and check the value. For more details, refer 'Multiple SEPP instances on Shared cnDBTier Cluster' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.23 Proactive Status Updates on SEPP Alerts

5.3.2.23.1 EgressGatewayPeerUnhealthyAlert

Table 5-374 EgressGatewayPeerUnhealthyAlert

Field	Details
Trigger Condition	When a peer becomes unhealthy or `oc_egressgateway_peer_health_status` for a peer value = 1
Severity	Major
Alert Details Provided	Summary Peer is unhealthy Expression sum(oc_egressgateway_peer_health_status{app="n32-egress-gateway"}) by (namespace,app,peer) >0
OID	1.3.6.1.4.1.323.5.3.46.1.2.4048
Metric Name	`oc_egressgateway_peer_health_status`
Resolution	Possible resolutions: Check whether the peer SEPP is unreachable. If it's reachable and still it's showing as unhealthy, Refer to 'Proactive status updates on SEPP' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide. The alert gets cleared once the particular peer becomes reachable, that is, the `oc_egressgateway_peer_health_status` for the peer becomes 0.

5.3.2.23.2 EgressGatewayAllPeersUnhealthyAlert

Table 5-375 EgressGatewayAllPeersUnhealthyAlert

Field	Details
Trigger Condition	When all peers in a peerset become unhealthy.
Severity	Critical
Alert Details Provided	Summary All peers unhealthy Expression (sum(oc_egressgateway_peer_count) by (namespace) -sum(oc_egressgateway_peer_available_count) by (namespace))==sum(oc_egressgateway_peer_count) by (namespace)
OID	1.3.6.1.4.1.323.5.3.46.1.2.4049
Metric Name	`oc_egressgateway_peer_count,oc_egressgateway_peer_available_count`
Resolution	Possible resolutions: Check if all the peers are unreachable. If any peer is reachable and reachable and still this alert is raised, Refer to 'Proactive status updates on SEPP' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide. The alert gets cleared once all peers become reachable, that is, the difference between the available peer count and total peer count becomes less than total peer count.

5.3.2.24 Integrating SEPP with 5G Network Intelligence Fabric (5G NIF) Feature Alerts

5.3.2.24.1 configMgrNoHealthyNIFAlert

Table 5-376 configMgrNoHealthyNIFAlert

Field	Details
Trigger Condition	Raised when there is no healthy NIF found from NRF discovery for NIF.
Severity	Critical
Alert details provided	Expression: `(sum(ocsepp_nif_registration_status{namespace="sepp-namespace"}) by (namespace)) <= 0`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4070
Metric Used	ocsepp_network_id_validation_header_failure_total
Resolution	Cleared when there is at least one healthy NIF for forwarding traffic, Possible Resolutions: Review CN32F logs for error codes SEPP-CN32FSEPP-ERROR-0013 or SEPP-CN32FSEPP-ERROR-0014 (indicating the incoming request was rejected with error code 406 by the CN32F microservice). Similarly, check PN32F logs for error codes SEPP-PN32FSEPP-ERROR-0016 or SEPP-PN32FSEPP-ERROR-0017 (indicating the request was rejected with error code 406 by the PN32F microservice). Ensure the correct regular expression is configured under Header/Body IE in the Cat 2 – Network ID Validation section (located under the Security Countermeasure tab in SEPP). Confirm that the PLMN ID specified in the request headers is included in the SEPP’s configured PLMN ID List. For issues related to invalid PLMN ID configurations in the body or headers, refer to 'Cat-2 Network ID Validation Feature' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.25 Egress Gateway Alerts

5.3.2.25.1 egressGlobalMessageDropInfo

Table 5-377 egressGlobalMessageDropInfo

Field	Details
Trigger Condition	Egress global message drop rate detected greater than or equal to point 1 percent of total transactions.
Severity	Warn
Alert details provided	Expression: `sum(rate(oc_egressgateway_global_ratelimit_dropped_message_total{kubernetes_namespace="sepp-namespace"}[5m])) by (app)/sum(rate(oc_egressgateway_http_requests_total{kubernetes_namespace="sepp-namespace"}[5m])) by (app) *100 >= 0.1 < 1`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4091
Metric Used	oc_egressgateway_global_ratelimit_dropped_message_total
Resolution	Possible Resolutions: The alert will be raised when the percentage of messages rejected for global rate limit will be greater than or equal to 0.1% of the total messages received. This will get cleared once percentage of message rejected is below 0.1% or greater than or equal to 1%. If the message drop percentage different from expected value, please verify the configuration. For all configuration related details, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.25.2 egressGlobalMessageDropWarn

Table 5-378 egressGlobalMessageDropWarn

Field	Details
Trigger Condition	Egress global message drop rate detected greater than or equal to 1 percent of total transactions.
Severity	Warn
Alert details provided	Expression: `sum(rate(oc_egressgateway_global_ratelimit_dropped_message_total{kubernetes_namespace="sepp-namespace"}[5m])) by (app)/sum(rate(oc_egressgateway_http_requests_total{kubernetes_namespace="sepp-namespace"}[5m])) by (app) *100 >= 1 < 10`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4092
Metric Used	oc_egressgateway_global_ratelimit_dropped_message_total
Resolution	Possible Resolutions: The alert will be raised when the percentage of messages rejected for global rate limit will be greater than or equal to 1% of the total messages received. This will get cleared once percentage of message rejected is below 1% or greater than or equal to 10%. If the message drop percentage different from expected value, please verify the configuration. For all configuration related details, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.25.3 egressGlobalMessageDropMinor

Table 5-379 egressGlobalMessageDropMinor

Field	Details
Trigger Condition	Egress global message drop rate detected greater than or equal to 10 percent of total transactions.
Severity	Minor
Alert details provided	Expression: `sum(rate(oc_egressgateway_global_ratelimit_dropped_message_total{kubernetes_namespace="sepp-namespace"}[5m])) by (app)/sum(rate(oc_egressgateway_http_requests_total{kubernetes_namespace="sepp-namespace"}[5m])) by (app) *100 >= 10 < 25`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4093
Metric Used	oc_egressgateway_global_ratelimit_dropped_message_total
Resolution	Possible Resolutions: The alert will be raised when the percentage of messages rejected for Global Rate Limit will be greater than or equal to 10% of the total messages received. This will get cleared once percentage of message rejected is below 10% or greater than or equal to 25%. If the message drop percentage different from expected value, please verify the configuration. For all configuration related details, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.25.4 egressGlobalMessageDropMajor

Table 5-380 egressGlobalMessageDropMajor

Field	Details
Trigger Condition	Egress global message drop rate detected greater than or equal to 25 percent of total transactions.
Severity	Major
Alert details provided	Expression: `sum(rate(oc_egressgateway_global_ratelimit_dropped_message_total{kubernetes_namespace="sepp-namespace"}[5m])) by (app)/sum(rate(oc_egressgateway_http_requests_total{kubernetes_namespace="sepp-namespace"}[5m])) by (app) *100 >= 10 < 25`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4094
Metric Used	oc_egressgateway_global_ratelimit_dropped_message_total
Resolution	Possible Resolutions: The alert will be raised when the percentage of messages rejected for global rate limit will be greater than or equal to 25% of the total messages received. This will get cleared once percentage of message rejected is below 25% or greater than or equal to 50%. If the message drop percentage different from expected value, please verify the configuration. For all configuration related details, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.3.2.25.5 egressGlobalMessageDropCritical

Table 5-381 egressGlobalMessageDropCritical

Field	Details
Trigger Condition	Egress global message drop rate detected greater than or equal to 50 percent of total transactions.
Severity	Critical
Alert details provided	Expression: `sum(rate(oc_egressgateway_global_ratelimit_dropped_message_total{kubernetes_namespace="sepp-namespace"}[5m])) by (app)/sum(rate(oc_egressgateway_http_requests_total{kubernetes_namespace="sepp-namespace"}[5m])) by (app) *100 >= 50`
OID	1.3.6.1.4.1.323.5.3.46.1.2.4095
Metric Used	oc_egressgateway_global_ratelimit_dropped_message_total
Resolution	Possible Resolutions: The alert will be raised when the percentage of messages rejected for global rate limit will be greater than or equal to 50% of the total messages received. This will get cleared once percentage of message rejected is below 50%. If the message drop percentage different from expected value, please verify the configuration. For all configuration related details, refer to Oracle Communications Cloud Native Core, Security Edge Protection Proxy Troubleshooting Guide.

5.4 SEPP Alert Configuration

This section describes the measurement based Alert rules configuration for SEPP. The Alert Manager uses the Prometheus measurements values as reported by microservices in conditions under alert rules to trigger alerts.

Note:

Alert file is packaged with SEPP custom templates. Perform the following steps before configuring alert file:

Download the SEPP CSAR package from MOS. For more information, refer 'Downloading SEPP' section in Oracle Communications Cloud Native Core, Security Edge Protection Proxy Installation, Upgrade, and Fault Recovery Guide.
Unzip the SEPP CSAR package file to get the ocsepp_alertrules_promha_<version>.yaml and ocsepp_alertrules_<version>.yaml files.
By default, kubernetes_namespace or namespace is configured as Kubernetes namespace in which SEPP is deployed. Default value of Kubernetes namespace is "sepp-namespace". Update it to the namesapace in which SEPP is deployed.
Set the namespace parameter in ocsepp_alertrules_promha_<release version>.yaml file to SEPP Namespace.
That is, set Namespace as <SEPP Namespace>
Example:
```
namespace="sepp-namespace" Where namespace name is ‘sepp-namespace’
```
Set the kubernetes_namespace parameter in ocsepp_alertrules_<release version>.yaml file to SEPP Namespace.
That is, set kubernetes_namespace as <SEPP Namespace>
Example:
```
kubernetes_namespace="sepp-namespace" Where kubernetes_namespace name is ‘sepp-namespace’
```
Set the deployment parameter in ocsepp_alertrules_promha_<release version>.yaml and ocsepp_alertrules_<release version>.yamlfile.
That is, set app_kubernetes_io_part_of as "<deployment name>"
Example:
```
app_kubernetes_io_part_of="ocsepp”, Where deployment name is 'ocsepp'
```

5.4.1 Configuring SEPP Alerts for OCCNE 1.8.x and Previous Versions

The following procedure describes how to configure the SEPP alerts for OCCNE version 1.8.x and previous versions:

Run the following command to find the config map to configure alerts in the Prometheus server:
```
kubectl get configmap -n <Namespace>
```
where, <Namespace> is the prometheus server namespace used in helm install command.
Run the following command to take backup of current config map of prometheus server:
```
kubectl get configmaps <NAME>-server -o yaml -n <Namespace> > /tmp/tempConfig.yaml
```
where, <Namespace> is the prometheus server namespace used in helm install command.
For example, assuming chart name is "prometheus-alert", so "_NAME_-server" becomes "prometheus-alert-server", run the following command to find the config map:
```
kubectl get configmaps prometheus-alert-server -o yaml -n prometheus-alert2 > /tmp/tempConfig.yaml
```
Run the following command to check if alertssepp is present in the tempConfig.yaml file:
```
cat /tmp/t_mapConfig.yaml  | grep alertssepp
```
Run the following command to delete the alertssepp entry from the t_mapConfig.yaml file, if the alertssepp is present :
```
sed -i '/etc\/config\/alertssepp/d' /tmp/t_mapConfig.yaml
```
Run the following command to add the alertssepp entry in the t_mapConfig.yaml file, if the alertssepp is not present :
```
sed -i '/rule_files:/a\    \- /etc/config/alertssepp'  /tmp/t_mapConfig.yaml
```
Run the following command to reload the config map with the modifed file:
```
kubectl replace configmap <Name> -f /tmp/t_mapConfig.yaml
```
Run the following command to add seppAlertRules.yaml file into prometheus config map under filename of SEPP alert file :
```
kubectl patch configmap <Name> -n <Namespace> --type merge --patch
"$(cat <PATH>/seppAlertRules.yaml)"
```
Restart prometheus-server pod.
Verify the alerts in prometheus GUI.

Note:

Prometheus takes about 20 seconds to apply the updated Config
    map.

5.4.2 Configuring SEPP Alerts for OCCNE 1.9.x and Higher Versions

The following procedure describes how to configure the SEPP alerts for OCCNE 1.9.x and higher versions:

Run the following command to apply the Prometheus rules Custom Resource Definition (CRD):
```
kubectl apply -f <file_name> -n <sepp namespace>
```
Where,
- <file_name> is the SEPP alerts file
- <sepp namespace> is the SEPP namespace
Example:
```
$ kubectl apply -f ocsepp_alerting_rules_promha.yaml -n seppsvc
```
Run the following command to check if SEPP alert file is added to Prometheus rules:
```
$ kubectl get prometheusrules --namespace <namespace> 
```
Example:
```
$ kubectl get prometheusrules --namespace seppsvc
```
Log in to Prometheus GUI and verify the alerts section.

Note:
The Prometheus server takes an updated config map that is automatically reloaded after approximately 60 seconds. Refresh the Prometheus GUI to confirm that the SEPP alerts have been reloaded.

5.4.3 Configuring SEPP Alerts in OCI

The following procedure describes how to configure the SEPP alerts for OCI. The OCI supports metric expressions written in MQL (Metric Query Language) and thus, requires a new SEPP alert file for configuring alerts in OCI observability platform.

The following are the steps:

Run the following command to extract the .zip file:
```
unzip ocsepp_oci_alertrules_<version>.zip
```
The ocsepp_oci and ocsepp_oci_resources folders are available in the zip file.

Note:
The zip file is available in the Scripts folder of CSAR package.
Open the ocsepp_oci folder, in the notifications.tf file, update the parameter endpoint with the email id of the user.
Open the ocsepp_oci_resources folder, in the notifications.tf file, update the parameter endpoint with the email id of the user.
Log in to the OCI Console.

Note:
For more details about logging in to the OCI, refer to Signing In to the OCI Console.
Open the navigation menu and select Developer Services. The Developer Services window appears on the right pane.
Under the Developer Services, select Resource Manager.
Under Resource Manager, select Stacks. The Stacks window appears.
Click Create Stack.
Select the default My Configuration radio button.
Under Stack configuration, select the folder radio button and upload the ocsepp_oci folder.
Enter the Name and Description and select the compartment.
Select the latest Terraform version from the Terraform version drop-down.
Click Next. The Edit Stack screen appears.
Enter the required inputs to create the SEPP alerts or alarms and click Save and Run Apply.
Verify that the alarms are created in the Alarm Definitions screen (OCI Console> Observability & Management> Monitoring>Alarm Definitions) provided.
The required inputs are:
- Alarms Configuration
  - Compartment Name - Choose name of compartment from the drop-down
  - Metric namespace - Metric namespace that the user provided while deploying OCI Adaptors.
  - Topic Name - Any user configurable name. Must contain fewer than 256 characters. Only alphanumeric characters plus hyphens (-) and underscores (_) are allowed.
  - Message Format - Keep it as ONS_OPTIMIZED. (This is pre-populated)
  - Alarm is_enabled - Keep it as True. (This is pre-populated)
The steps 6 to 15 must be repeated for uploading the ocsepp_oci_resources folder. Here, Metric namespace will be pre-populated.

For more details, see Oracle Communications Cloud Native Core, OCI Adaptor Deployment Guide.