1. LSMS Configuration Guide
  2. Integrating EAGLE Application B Card (E5-APP-B) into the LSMS Network

2 Integrating EAGLE Application B Card (E5-APP-B) into the LSMS Network

This chapter provides guidance for integrating the LSMS into your internal and external local area network (LAN) or wide area network (WAN).

Overview

This chapter provides guidance for integrating the LSMS into your internal and external local area network (LAN) or wide area network (WAN).

This chapter describes how to provide preliminary planning guidance, help you assemble the data for the LSMS Site Survey, and provide source material for installation and upgrade procedures.

Understanding the LSMS Network

LSMS provides a series of network connections to enable it to interact with NPACs, EMSs, and local and remote consoles. The following sets of network connections can be made to your network:

  • E5-APP-B

    LSMS blade server that is EAGLE Extension Shelf compatible.

  • NPAC

    Depending on your network configuration, a Gigabit Ethernet interface typically connects to an external WAN. This interface provides connectivity to one or more remote NPAC sites. These connections are shown going to the NPACWAN in Figure 2-1.

  • EMS

    Depending on your network configuration, a Gigabit Ethernet interface typically connects to your site’s secure WAN. This interface provides connectivity to the customer’s EMS (EAGLE) sites. These connections are shown going to the EMSWAN in Figure 2-1.

  • Application

    Depending on your network configuration, a Gigabit Ethernet interface typically connects to your site’s internal LAN or secure WAN. The internal LAN is also known as the customer LAN, and the application network operates on it. This interface provides connectivity for workstations that use the IP User Interface. These connections are shown going to the Application WAN in Figure 2-1.

  • OOBM (Only on Tekserver)

    Depending on your network configuration, a Gigabit Ethernet interface typically connects to your site’s internal LAN or secure WAN. This interface provides connectivity to the T1100 AS console port via the OOBM card.

  • Internal Networks

    Depending on your network configuration, a Gigabit Ethernet interface typically connects to your site’s internal LAN or secure WAN. These interfaces cross connect the two servers for use with heartbeats and database replication.

Understanding the Primary Protocols

The following primary protocols are used in LSMS network connections:

  • The Q.3 protocol employs standard TCP/IP at OSI layers 1 through 3, and the OSI protocol at levels 4 through 7. LSMS uses a TMN tool kit and Marben protocol stack to implement the OSI protocols for these interfaces. This protocol stack does not use the TSEL parameter in the LSMS configuration. This protocol is used for connections with NPACs.

    Note:

    The copying of both the runtime NETECH license at path /usr/local/netech/etc/license and the Marben OSI license at path /usr/TKLC/osi/conf/license is required.

  • The standard TCP/IP stack is used for:

    • Application network

    • Connections with ELAPs

Figure 2-1 shows the LSMS network Single Subnet backplane connections.

Figure 2-1 LSMS Configuration: Single Subnet Backplane Connections

LSMS Configuration: Single Subnet Backplane Connections

Understanding the Multiple Network Interfaces

Each external interface is connected to each LSMS server. Each interface has a redundant interface that can be used if there is a system failure. These multiple interfaces:

  • Provide network security by establishing a clear boundary between the various external networks

  • Provide dedicated bandwidth for each interface, reducing the risk of congestion while allowing growth

  • Aid in troubleshooting and isolating errors

Understanding the Physical Port Assignments

The number of active Ethernet connections for a server depends on which network configuration is used to implement the redundant connectivity between the servers and with external entities.

  • Single subnet: each server requires four Ethernet connections and five IP addresses (one for the VIP address and two for the cloud)

    The following figures and tables show E5-APP-B configuration. Figure 2-2 shows how to connect cables to the server in a single subnet configuration and Table 2-1 defines the physical port assignments.

Note:

A single subnet network configuration is recommended due to the ease of configuration and maintenance.

Figure 2-2 Physical Port Assignments - E5-APP-B Single Subnet Configuration

Physical Port Assignments - E5-APP-B Single Subnet Configuration

Table 2-1 Physical Port Assignments - E5-APP-B Single Subnet Configuration

LAN Interface Connections Speed
Eth0 NPAC, ELAP, GUI, EMS, SSH Gigabit Ethernet
Eth1 Direct connect to NAS Gigabit Ethernet
Eth2 Direct connect to Mate for Heartbeat and MySQL replication Gigabit Ethernet
Eth3 Direct connect to Mate for Heartbeat and MySQL replication Gigabit Ethernet

The NAS is directly connected with the LSMS in the single subnet configuration. The NAS is configured using dhcp.

Eth0 is used to configure the NPAC, ELAP and APP (GUI/SSH).

  • Segmented network: each server requires eight Ethernet connections and nine IP addresses (one for the VIP address and six for the clouds)

    Note:

    There are more switch/router ports required to enable the segmented configuration, which the customer is required to provide. The local switch needs one port for each LSMS Primary, Secondary and NAS. For E5-APP-B, Eth1 is no longer physically connected to the NAS. Eth1 must connect to a local switch for proper NAS performance. The dedicated switch ports must be set to 1Gbps.

    Figure 2-3 shows how to connect cables to the server in a segmented configuration and Table 2-2 defines the physical port assignments.

Figure 2-3 Physical Port Assignments - E5-APP-B Segmented Configuration

Physical Port Assignments - E5-APP-B Segmented Configuration

Table 2-2 Physical Port Assignments - E5-APP-B Segmented Configuration

LAN Interface Connections Speed
Eth0 NPAC Gigabit Ethernet
Eth1 NAS, ELAP, GUI, EMS, SSH, Query Server, SNMP Gigabit Ethernet
Eth2 Direct connect to Mate for Heartbeat and MySQL replication Gigabit Ethernet
Eth3 Direct connect to Mate for Heartbeat and MySQL replication Gigabit Ethernet

Figure 2-4 LSMS Configuration: Segmented Configuration

img/lsms-segmented-configuration.jpg

The NAS is connected to Eth1 via switch. The NAS is configured using dhcp.

The two aliases of Eth1 are Eth1:0 and Eth1:1, respectively.

Eth1:0 is used to configure APP (GUI/SSH via switch).

Eth1:1 is used to configure ELAP via switch.

Assigning the IP Addresses

For installation of the LSMS, you must provide a minimum of three IP addresses to configure the LSMS to single subnet configuration:

  • In a single subnet configuration, a minimum of 3 IP addresses (see Table 2-5.

  • In a segmented configuration, a minimum of 9 IP addresses (see Table 2-6.

The servers share the VIP address. During a switchover, the LSMS HA switches the VIP address to the newly active server.

Handling the VIP Address during a Switchover

The Virtual IP (VIP) address is constantly associated with whichever server is active. The VIP is used for the active server on the Application network only.

Note:

All query servers must use the Application Network so that they can continue to replicate from the active server when switchover occurs.

For more information about switchover, refer to Alarms and Maintenance Guide.

Table 2-3 compares how IP and MAC addresses are used in LSMS 9.0 or later and how they were used in previous releases of LSMS.

Table 2-3 Comparing LSMS 7.0 and 9.0 or later Addresses

Address LSMS 7.0 LSMS 9.0 or later
Configuration required How treated during switchover Configuration required How treated during switchover

Server MAC addresses

Changed ha.env file to configure FirstWatch with server MAC addresses

When switchover occurred, both the MAC addresses and the IP addresses were swapped between the primary server and the secondary server

(Not used for switchover)

IP address for primary server

Changed ha.env file to configure FirstWatch with primary server IP address

When switchover occurred, both the MAC addresses and the IP addresses were swapped between the primary server and the secondary server

Use lsmsmgr to specify IP address of server A

Assignment not changed (only the VIP address is switched over automatically to the new active server)

IP address for secondary server

Needed to configure FirstWatch with secondary server IP address

When switchover occurred, both the MAC addresses and the IP addresses were swapped between the primary server and the secondary server

Use lsmsmgr to specify IP address of server B

Assignment not changed (only the VIP address is switched over automatically to the new active server)

VIP (Virtual IP) address

N/A

N/A

Use lsmsmgr to specify VIP address

During switchover, VIP address is assigned to whichever server is active

NOTE: The server in the upper position in the frame is called server A and, by default, is assigned the hostname lsmspri; the other server is called server B and is assigned the hostname lsmssec. These hostnames can be changed. In LSMS 9.0 or later, lsmspri and lsmssec are merely hostnames; they do not indicate a primary/secondary relationship. In LSMS 9.0 or later, the servers are peers.
Assigning IP Addresses in LSMS 9.0 or later

The VIP address is another address, in addition to the IP addresses for each specific server. If customers desire to use the same IP addresses that they used for previous releases of LSMS, it is recommended that they configure the LSMS to use the IP address that was previously assigned to the primary server as the new VIP address, and assign the new IP address to one of the servers, as shown in Table 2-4.

Using the IP address that was previously used for the primary server as the VIP address prevents customers from having to reconfigure various applications that were configured to use that IP address.

Table 2-4 Reusing Existing Server IP Addresses

IP Address In LSMS 7.0, was assigned to: In LSMS 9.0 or later, assign to:

IP Address 1

lsmspri server

VIP

IP Address 2

lsmssec server

Either server

IP Address 3

N/A

Either server

Simplified Configuration Procedures

Most configuration procedures are performed by Oracle Communications employees. Details of the configuration tasks they perform are described later in this chapter. After initial configuration has been performed, customers may choose to use the lsmsmgr text interface to change some configuration details, such as changing NTP (Network Time Protocol) servers.

Query Server Configuration

Because the LSMS now uses database replication instead of shared storage systems, a variety of changes have been made to ensure that query servers always connect to the active server and that any database replication is performed properly. Some query server configuration procedures have changed.

For detailed information about how to configure the query server, refer to Configuring the Query Server.

Netmask and Broadcast

The LSMS netmask defaults to a mask matching the address class assigned to each interface. In the event of a class “C” interface, the default broadcast address is the interface address ORed with a mask of x000000FF. For example, an IP address of 192.168.89.40 would have a broadcast address of 192.168.89.255.

IP Address Provisioning

Table 2-5 and Table 2-6 details the addresses required for LSMS and their assignment to interfaces. In the following tables, interfaces marked with a dagger () are generally visible outside the immediate LSMS area (the customer-provided network), that is, typically they pass through routers and firewalls.

Table 2-5 IP Address Provisioning (Single Subnet Configuration)

IP Address Protocol Speed Assigned to

Active NPAC, EMS, and Application Network

Q.3 or TCP/IP

Gigabit Ethernet

Active LSMS Server eth0 port

Inactive NPAC, EMS, and Application Network

TCP/IP

Gigabit Ethernet

Inactive LSMS Server eth0 port (port for status monitoring purposes only)

Table 2-6 IP Address Provisioning (Segmented Configuration)

IP Address Protocol Speed Assigned to

Active NPAC network

Q.3

Gigabit Ethernet

Active LSMS server eth0 port

Active NAS, EMS network and Application Network

Q.3 or TCP/IP

Gigabit Ethernet

Active LSMS server eth1 port

Direct connect to Mate for Heartbeat and MySQL replication

TCP/IP

Gigabit Ethernet

Active LSMS server eth2 or eth3 port

Inactive NPAC network

TCP/IP

Gigabit Ethernet

Active LSMS server eth0 port

Inactive EMS and Application Network

TCP/IP

Gigabit Ethernet

Active LSMS server eth1 port

Inactive Application Network

TCP/IP

Gigabit Ethernet

Active LSMS server eth2 or eth3 port

Adding Additional Routes

If you use a multiport router or an Ethernet switch in your network, it is your responsibility to ensure that the network connection receiving packets for the destination end (typically the NPAC or EMS networks) has an address on the same subnet as each interface. Figure 2-5 illustrates the routing methodology.

Figure 2-5 LSMS Interface Routing in a Segmented Configuration

LSMS Interface Routing in a Segmented Configuration

For more routes for your network, use this procedure to define additional routes.

  1. Log in to the active server with username lsmsmgr.
    (For more information about logging into a server, refer to Using Login Sessions.)
  2. From the Main Menu, select Network Configuration and press Enter.

    Figure 2-6 Selecting the Network Configuration

    Selecting the Network Configuration
  3. From the Network Configuration Menu, select Routing and press Enter to display the existing routes.

    Figure 2-7 Selecting the Routing Menu

    img/t_adding_additional_routes_config_fig3.jpg
  4. Examine the current routes on the system.
    Consider any additional routes you may wish to add, and click the Edit button to start adding other routes.

    Figure 2-8 Displaying Current System Routes

    Displaying Current System Routes
  5. When you want to add another route, press the Edit button and see the Route Action Menu.
    Select the Add Route button and press Enter.

    Figure 2-9 Choosing to Add a New System Route

    Choosing to Add a New System Route
  6. In the Add Route screen, you can select the ( )net or ( )host entry by pressing the space bar, and press the OK button to bring up the screen to add a new route.

    Figure 2-10 Specifying a New System Route

    Specifying a New System Route
  7. In the Add net Route screen, you can define the server port, Address, Netmask, and Gateway for the new route you are adding.
    Select the device port to be used, and then fill in the additional fields in the display.

    Figure 2-11 Displaying the Add net Route Screen

    Displaying the Add net Route Screen
  8. Figure 2-12 shows the fields you defined to add the new route.
    Review and be certain your entries are accurate. When you are satisfied with this entry, click the OK button to accept your newly defined route.

    Figure 2-12 Entering a New Add net Route Screen

    Entering a New Add net Route Screen
  9. Once a new route is entered and accepted, the display returns to the Route Action Menu.
    At this point you can either continue adding more routes by clicking Add Route or you can press the Exit button and see the definition you have entered.

    Figure 2-13 Returning to the Route Action Menu Screen

    Returning to the Route Action Menu Screen
  10. When you press Exit on the preceding screen, the system displays the currently defined routes, including the one you just entered.
    At this point you can click Edit to change existing routes or click Exit to return to the Network Configuration Menu.

Understanding Firewall and Router Filtering

Firewall protocol filtering for the various interfaces is defined in the following table:

Table 2-7 LSMS External Ports and Their Use

Interface TCP/IP Port Use Inbound Outbound

To NPAC 100BASE-TX

(eth0)

102

OSI - TSAP

Yes

Yes

20

FTP data1

No

Yes

21

FTP1

No

Yes

22

TCP (ssh, sftp)

Yes2

Yes

To EMS 100BASE-TX

(eth0)

1030

TCP

Yes

Yes

22

TCP (ssh, sftp)

Yes4

Yes

123

NTP

Yes

Yes

80

Apache

Yes

No

8001

suEXEC

Yes

No

443

HTTPS/Apache

Yes

No

8473

GUI Server

Yes

Yes

1030

LSMS Bulk Download and High Speed Audit

Yes

Yes

7483

LSMS Provisioning Data

Yes

Yes

9691

Watcher Port (diagnostics)

Yes

Yes

To Application Network 100BASE-TX

(eth0)

123

NTP (time synchronization)

Yes

Yes

102

OSI - TSAP3

Yes

Yes

22

TCP (ssh, sftp)

Yes4

Yes

162

SNMP Trap

No

Yes

N/A

X Window Packets

Yes

Yes

20

FTP data2

No

Yes

21

FTP2

No

Yes

162

SNMP Trap

No

Yes

7079

Web GUI

Yes

Yes

7080

Web GUI

Yes

Yes

8200

Application

Yes

Yes

To Query Server

(only if Query Server Package is enabled)

3306

LSMS Database Replication

No

Yes
1FTP data normally is received from the NPAC. The option is left for the LSMS to transfer data with the NPAC and EMS. This assumes the firewall automatically opens the high numbered return port (the default behavior of firewalls such as Firewall-1). If you are using a basic packet filtering router, contact My Oracle Support (MOS)).

2The two-way TCP communication channel endpoints are the port number 22 and the Server spawned random port value.

3OSI transactions on the application network are used only to support Service Assurance.

4The two-way TCP communication channel endpoints are the port number 22 and the Server spawned random port value.

Note:

For a segmented configuration, eth1 is used for EMS/APP connections.

Changing Additional Network Information

There are additional changes to the network information that you may wish to define, including:

  • Changing LSMS System IP Addresses - If there are conflicts with defaults of IP addresses assigned to private networks, you can modify the system IP addresses.

  • Modifying a Netmask - If the netmask for a given network is different from the default for that network class (i.e., 255.255.255.0 for a Class C network), you can modify the netmask.

  • Configuring Critical Network Interfaces - Specify any network interface as a critical interface. Whenever the Surveillance feature determines that a critical interface on the active server cannot be reached, the automatic switchover feature switches over to the standby server (for more information, refer to the Alarms and Maintenance Guide).

To make any of these changes to your network information, use the following procedure (the entry of data changes occurs in 6)

  1. Log in to the active server with username lsmsmgr.
    (For more information about logging into a server, refer to Using Login Sessions.)
  2. From the Main Menu, select Network Configuration and press Enter.

    Figure 2-14 Selecting the Network Configuration Menu

    Selecting the Network Configuration Menu
  3. From the Network Configuration Menu, select Network Reconfiguration and press Enter to configure your network.

    Figure 2-15 Selecting Network Reconfiguration

    Selecting Network Reconfiguration
  4. Click Yes to confirm that you are initiating network configuration and are aware that this activity does impact service operations.

    Figure 2-16 Confirming Network Configuration Start-Up

    Confirming Network Configuration Start-Up
  5. Select the appropriate subnet type you want to configure: Single Subnet or Segmented.
    Figure 2-17 illustrates a Single Subnet configuration. A single subnet network configuration is recommended because it is easier to configure and to maintain.

    Figure 2-17 Selecting the Subnet Type - Single or Segmented

    Selecting the Subnet Type - Single or Segmented

  6. Enter text for the IP addresses for each network, the VIP (virtual IP) address where necessary, the default gateway, and the NTP server IP address. Press Enter.

    Note:

    You must supply a valid NTP server IP address to maintain a 5-minute synchronization with the NPAC.

    Figure 2-18 Entering Configuration Data

    Entering Configuration Data
  7. Submit the entered text you entered for checking by the lsmsnetAdm script.

    Figure 2-19 Submitting Network Information

    Submitting Network Information
  8. Review the information for accuracy, as shown in Figure 2-20.
    You may select Confirm if correct, or you may change the data by selecting Start Over.

    Figure 2-20 Reviewing Entered Network Information

    Reviewing Entered Network Information
  9. Figure 2-21 displays the confirmed data for the configuration.
    When the configuration is completed, enter q to quit and then y to confirm.

    Figure 2-21 Entering a New Add net Route Screen

    Entering a New Add net Route Screen
    You will return to the Network Configuration menu.
You have now completed this procedure.