Viewing ETC NIU Statistics
The following ACLI commands are NOT supported by the ETC NIU; they continue to be supported on the HiFN-based NIU.
- show sec srtp spd
- show security srtp status
- show security srtp statistics
The following ACLI commands have been modified when used in conjunction with the ETC NIU; these commands continue to operate as described in previous documentation releases when used in conjunction with the HiFN-based NIU.
- show sa stats
The srtp option (show sa stats srtp) is not available for the ETC NIU; the option continues to be supported on the HiFN NIU.
- show security srtp sad
Only the brief option (show security srtp sad intName brief) is supported for the ETC NIU; the sal-index and sad-index, which are HiFN-specific values, along the ssrc (session source) values are not available.
ORACLE# show security srtp sad M00:33 brief
WARNING: This action might affect system performance and take a long time to finish.
Are you sure [y/n]?: y
SRTP security-association-database for interface 'M00:33':
Displaying SA's that match the following criteria -
direction : both
src-addr-prefix : any
src-port : any
dst-addr-prefix : any
dst-port : any
trans-proto : ALL
Inbound:
destination-address : 192.168.203.51
destination-port : 10022
vlan-id : 33
mode : srtp
encr-algo : aes-128-ctr
auth-algo : hmac-sha1
auth-tag-length : 80
mki : 0
mki length : 0
roll over count : 0
Outbound:
destination-address : 192.168.200.254
destination-port : 10000
vlan-id : 33
mode : srtp
encr-algo : aes-128-ctr
auth-algo : hmac-sha1
auth-tag-length : 80
mki : 0
ORACLE#The following ACLI commands have been augmented for use with the ETC HIU.
show nat flow-info srtp statistics
The show nat flow-info srtp statistics ACLI command displays global statistics for all SRTP flows.
ORACLE# show nat flow-info srtp statistics
PPM_ID_SRTP_E:
PPX Global Statistics
---------------------
alloc_count : 34768
dealloc_count : 34732
input-packets : 0
output-packets : 0
sessions-count : 602
init-requests : 1798
init-success : 1798
init-fail : 0
modify-requests : 600
modify-success : 600
modify-fail : 0
delete-requests : 1796
delete-success : 1796
delete-fail : 0
query-requests : 2
query-success : 2
query-fail : 0
resources-error : 0
protect-fail : 0
unprotect-fail : 0
status-err : 0
bad-param : 0
alloc-fail : 0
dealloc-fail : 0
terminus : 0
auth-fail : 0
cipher-fail : 0
replay-fail : 0
replay-old : 0
algo-fail : 0
no-such-op : 0
no-ctx : 0
cant-check : 0
key-expired : 0
nonce-bad : 0
read-failed : 0
write-failed : 0
parse-err : 0
encode-err : 0
pfkey-err : 0
mki-changed : 0
srtp-pkt-too-small : 0
srtcp-pkt-too-small : 0
PPM_ID_SRTP_D:
PPX Global Statistics
---------------------
alloc_count : 34768
dealloc_count : 34732
input-packets : 0
output-packets : 0
sessions-count : 602
init-requests : 2398
init-success : 2398
init-fail : 0
modify-requests : 600
modify-success : 600
modify-fail : 0
delete-requests : 2396
delete-success : 2396
delete-fail : 0
query-requests : 2
query-success : 2
query-fail : 0
resources-error : 0
protect-fail : 0
unprotect-fail : 0
status-err : 0
bad-param : 0
alloc-fail : 0
dealloc-fail : 0
terminus : 0
auth-fail : 0
cipher-fail : 0
replay-fail : 0
replay-old : 0
algo-fail : 0
no-such-op : 0
no-ctx : 0
cant-check : 0
key-expired : 0
nonce-bad : 0
read-failed : 0
write-failed : 0
parse-err : 0
encode-err : 0
pfkey-err : 0
mki-changed : 0
srtp-pkt-too-small : 0
srtcp-pkt-too-small : 0
ORACLE#show nat flow-info srtp by-addr
The show nat flow-info srtp by-addr ACLI command displays cryptographic details for a specific SRTP data flow, as identified by an IPv4 address specifying the data flow source.
Alternatively, you can use the all argument in place of a specific IP address to display cryptographic details for all SRTP data flows.
ORACLE# show nat flow-info srtp by-addr 172.16.28.1
Crypto Parameters 172.16.28.1:7000 -> 172.16.28.3:8000
=================
Collapsed : true
SRTCP Only : false
Crypto In
------------------
destination-address : 172.16.28.2
destination-port : 10036
vlan-id : 0
encr-algo : aes-128-ctr
auth-algo : hmac-sha1
auth-tag-length : 80
key index : 0
mki : none
roll-over-count : 0
Crypto Out
------------------
destination-address : 172.16.28.3
destination-port : 8000
vlan-id : 0
encr-algo : aes-128-ctr
auth-algo : hmac-sha1
auth-tag-length : 80
key index : 0
mki : none
roll-over-count : 0
PPM_ID_SRTP_E:
PPX Statistics
--------------
Stream #1
ssrc : 3735928559
rtp-cipher-id : AES-128-ICM
rtp-auth-id : HMAC-SHA1
rtp-security-level : Crypto + Auth
rtp-total-packets : 9
rtp-total-bytes : 178
rtp-cipher-bytes : 70
rtp-auth-bytes : 178
rtcp-cipher-id : AES-128-ICM
rtcp-auth-id : HMAC-SHA1
rtcp-security-level : Crypto + Auth
rtcp-total-packets : 0
rtcp-total-bytes : 0
rtcp-cipher-bytes : 0
rtcp-auth-bytes : 0
key-lifetime : 4294967295
direction : Sender
PPM_ID_SRTP_D:
PPX Statistics
--------------
Stream #1
ssrc : 3735928559
rtp-cipher-id : AES-128-ICM
rtp-auth-id : HMAC-SHA1
rtp-security-level : Crypto + Auth
rtp-total-packets : 8
rtp-total-bytes : 240
rtp-cipher-bytes : 64
rtp-auth-bytes : 160
rtcp-cipher-id : AES-128-ICM
rtcp-auth-id : HMAC-SHA1
rtcp-security-level : Crypto + Auth
rtcp-total-packets : 0
rtcp-total-bytes : 0
rtcp-cipher-bytes : 0
rtcp-auth-bytes : 0
key-lifetime : 4294967295
direction : Receiver
ORACLE# show mbcd errors
The show mbcd errors ACLI command provides new counters tracking SRTP error conditions.
ORACLE# show mbcd errors
11:42:37-198
MBC Errors/Events ---- Lifetime ----
Recent Total PerMax
Client Errors 0 0 0
Client IPC Errors 0 0 0
Open Streams Failed 0 0 0
Drop Streams Failed 0 0 0
Monitor Streams Failed 0 0 0
Exp Flow Events 0 0 0
Exp Flow Not Found 0 0 0
Transaction Timeouts 0 0 0
Server Errors 0 0 0
Server IPC Errors 0 0 0
Flow Dup Replace Faile 0 0 0
Flow Duplicated 0 0 0
NatFlow install Errors 0 0 0
NatFlow apply Errors 0 0 0
NatFlow destry Errors 0 0 0
Flow Add Failed 0 0 0
Flow Delete Failed 0 0 0
Flow Update Failed 0 0 0
Flow Latch Failed 0 0 0
Pending Flow Expired 0 0 0
ARP Wait Errors 0 0 0
Exp CAM Not Found 0 0 0
Drop Unknown Exp Flow 0 0 0
Drop/Exp Flow Missing 0 0 0
Exp Notify Failed 0 0 0
Unacknowledged Notify 0 0 0
No Flows In Chain 0 0 0
Main Flow Notify Skips 0 0 0
Notify Not Sent (Skip) 0 0 0
Drop Chain Failures 0 0 0
ACL Deletes 0 0 0
Saved Flows 0 0 0
NoTimeout on otherFlow 0 0 0
Ignore TimerOn Relatch 0 0 0
Relatching Timeouts 0 0 0
Invalid Realm 0 0 0
No Ports Available 0 0 0
Insufficient Bandwidth 0 0 0
Stale Ports Reclaimed 0 0 0
Stale Flows Replaced 0 0 0
Telephone Events Gen 0 0 0
Media Playback Fails 0 0 0
Playback Exh Resources 0 0 0
Playback Flow Inactive 0 0 0
Playback Mismatch 0 0 0
Pipe Alloc Errors 0 0 0
Pipe Write Errors 0 0 0
Not Found In Flows 0 0 0
MPO Realm Mismatch 0 0 0
XCode Internal Errors 0 0 0
XCode Alloc Errors 0 0 0
XCode Update Errors 0 0 0
XCode Delete Errors 0 0 0
XCode Over Cap Errors 0 0 0
XCode Over License Cap 0 0 0
SRTP Flow Add Failed 0 0 0
SRTP Flow Delete Faile 0 0 0
SRTP Flow Update Faile 0 0 0
SRTP Capacity Exceeded 0 0 0
Adds 0 0 0
Deletes 0 0 0
Updates 0 0 0show mbcd statistics
The show mbcd statistics ACLI command displays additional counters enumerating the number of active SRTP/SRTCP flows, as well as the number of SRTP sessions.
The SRTP flow count indicates the number of flows that require either SRTP encryption or decryption on either side of the flow.
The SRTP session count indicates the number of concurrent SRTP/SRTCP sessions on the Oracle Communications Session Border Controller. An SRTP session is counted as a full SRTP plus SRTCP crypto context, including both an encryption and decryption context. Note that a collapsed flow containing SRTP and SRTCP will count as one SRTP Session, and two uncollapsed flows for SRTP and the corresponding SRTCP will also count as one SRTP session.
Note that a hairpin connection counts as two SRTP sessions, one for each SRTP/SRTCP pair on each call leg, and two SRTP collapsed flows.
ORACLE# show mbcd statistics
18:13:14-126
MBCD Status -- Period -- -------- Lifetime --------
Active High Total Total PerMax High
Client Sessions 1 1 0 18 3 4
Client Trans 0 0 0 75 6 3
Contexts 2 2 0 19 3 5
Flows 4 4 0 38 6 10
Flow-Port 2 2 0 36 6 8
Flow-NAT 4 4 0 74 12 10
Flow-RTCP 0 0 0 0 0 0
Flow-Hairpin 0 0 0 0 0 0
Flow-Released 0 0 0 0 0 0
MSM-Release 0 0 0 0 0 0
Rel-Port 0 0 0 0 0 0
Rel-Hairpin 0 0 0 0 0 0
NAT Entries 4 4 0 74 12 10
Free Ports 1998 1998 0 2070 2002 2002
Used Ports 4 4 0 72 12 16
Port Sorts - - 0 0 0 0
Queued Notify 0 0 0 0 0 0
MBC Trans 0 0 0 75 6 5
MBC Ignored - - 0 0 0 0
ARP Trans 0 0 0 0 0 0
Relatch NAT 0 0 0 0 0 0
Media Playback 0 0 0 0 0 0
MSM-SRTP-Passthrough 0 0 0 0 0 0
Flow MSRP 0 0 0 0 0 0
SRTP Only Flows 0 0 0 0 0 0
SRTCP Only Flows 0 0 0 0 0 0
SRTP Collapsed Flows 0 0 0 2 2 2
SRTP Sessions 0 0 0 2 2 2
DTLS-SRTP Sessions 0 0 0 0 0 0
ICE-STUN Sessions 0 0 0 0 0 0
Flow Rate = 0.0
Load Rate = 0.0
ORACLE# show mbcd all
The show mbcd all ACLI command provides new counters tracking SRTP data flow additions, updates, and deletions.
ORACLE# show mbcd statistics
18:18:14-111
MBCD Status -- Period -- -------- Lifetime --------
Active High Total Total PerMax High
Client Sessions 0 0 0 0 0 0
Client Trans 0 0 0 0 0 0
Contexts 1 1 0 1 1 1
Flows 2 2 0 2 2 2
Flow-Port 0 0 0 0 0 0
Flow-NAT 2 2 0 2 2 2
Flow-RTCP 0 0 0 0 0 0
Flow-Hairpin 0 0 0 0 0 0
Flow-Released 0 0 0 0 0 0
MSM-Release 0 0 0 0 0 0
Rel-Port 0 0 0 0 0 0
Rel-Hairpin 0 0 0 0 0 0
NAT Entries 2 2 0 2 2 2
Free Ports 2002 2002 0 2002 2002 2002
Used Ports 0 0 0 0 0 0
Port Sorts - - 0 0 0
Queued Notify 0 0 0 0 0 0
MBC Trans 0 0 0 0 0 0
MBC Ignored - - 0 0 0
ARP Trans 0 0 0 0 0 0
Relatch NAT 0 0 0 0 0 0
Relatch RTCP 0 0 0 0 0 0
SRTP Only Flows 0 0 0 0 0 0
SRTCP Only Flows 0 0 0 0 0 0
SRTP Collapsed Flows 0 0 0 2 2 2
SRTP Sesssions 0 0 0 2 2 2
Flow Rate = 0.0
Load Rate = 0.0
18:18:14-111
NAT Entries ---- Lifetime ----
Recent Total PerMax
Adds 0 2 2
Deletes 0 0 0
Updates 0 0 0
Non-Starts 0 0 0
Stops 0 0 0
Timeouts 0 0 0
18:18:14-111
ACL Entries -- Period -- -------- Lifetime --------
Active High Total Total PerMax High
Static Trusted 0 0 0 0 0 0
Static Blocked 0 0 0 0 0 0
Dynamic Trusted 0 0 0 0 0 0
Dynamic Blocked 0 0 0 0 0 0
ACL Operations ---- Lifetime ----
Recent Total PerMax
App Requests 0 0 0
Added 0 0 0
Removed 0 0 0
Dropped 0 0 0
18:18:14-111
MBC Errors/Events ---- Lifetime ----
Recent Total PerMax
Client Errors 0 0 0
Client IPC Errors 0 0 0
Open Streams Failed 0 0 0
Drop Streams Failed 0 0 0
Exp Flow Events 0 0 0
Exp Flow Not Found 0 0 0
Transaction Timeouts 0 0 0
Server Errors 0 0 0
Server IPC Errors 0 0 0
Flow Add Failed 0 0 0
Flow Delete Failed 0 0 0
Flow Update Failed 0 0 0
Flow Latch Failed 0 0 0
Pending Flow Expired 0 0 0
ARP Wait Errors 0 0 0
Exp CAM Not Found 0 0 0
Drop Unknown Exp Flow 0 0 0
Drop/Exp Flow Missing 0 0 0
Exp Notify Failed 0 0 0
Unacknowledged Notify 0 0 0
Invalid Realm 0 0 0
No Ports Available 0 0 0
Insufficient Bandwidth 0 0 0
Stale Ports Reclaimed 0 0 0
Stale Flows Replaced 0 0 0
Telephone Events Gen 0 0 0
Pipe Alloc Errors 0 0 0
Pipe Write Errors 0 0 0
Not Found In Flows 0 0 0
SRTP Flow Add Failed 0 0 0
SRTP Flow Delete Failed 0 0 0
SRTP Flow Update Failed 0 0 0
SRTP Capacity Exceeded 0 0 0
SRTP Flows ---- Lifetime ----
Recent Total PerMax
Adds 0 2 2
Deletes 0 0 0
Updates 0 0 0
ORACLE# show sipd errors
The show sipd errors ACLI command provides a counter tracking the number of SIP sessions that failed because of SRTP signaling problems.
ORACLE# show sipd errors
16:56:32-110
SIP Errors/Events ---- Lifetime ----
Recent Total PerMax
SDP Offer Errors 0 0 0
SDP Answer Errors 0 0 0
Drop Media Errors 0 0 0
Transaction Errors 0 0 0
Application Errors 0 0 0
Media Exp Events 0 2 1
Early Media Exps 0 0 0
Exp Media Drops 0 0 0
Expired Sessions 0 1 1
Multiple OK Drops 0 0 0
Multiple OK Terms 0 0 0
Media Failure Drops 0 0 0
Non-ACK 2xx Drops 0 0 0
Invalid Requests 0 0 0
Invalid Responses 0 0 0
Invalid Messages 0 0 0
CAC Session Drop 0 0 0
Nsep User Exceeded 0 0 0
Nsep SA Exceeded 0 0 0
CAC BW Drop 0 0 0
SRTP Errors 0 0 0
ORACLE# show sipd errors show security srtp sessions
The show security srtp sessions ACLI command displays summary information for currently active SRTP sessions.
ORACLE# show security srtp sessions
16:31:52-199 Capacity=10000
SRTP Session Statistics -- Period -- -------- Lifetime --------
Active High Total Total PerMax High
SRTP Sessions 100 55 100 17264 100 75
ORACLE#