NetXplorer Install_Admin Guide R5

NetXplorer Centralized NetEnforcer and Service Gateway

Management Software

Installation and Administration Guide

P/N D354005 R5

NetXplorer Installation and Administration Guide i

NetXplorer Installation and Administration Guide ii

Important Notice Allot Communications Ltd. ("Allot") is not a party to the purchase agreement under which NetEnforcer was purchased, and will not be liable for any damages of any kind whatsoever caused to the end users using this manual, regardless of the form of action, whether in contract, tort (including negligence), strict liability or otherwise.

SPECIFICATIONS AND INFORMATION CONTAINED IN THIS MANUAL ARE FURNISHED FOR INFORMATIONAL USE ONLY, AND ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE, AND

SHOULD NOT BE CONSTRUED AS A COMMITMENT BY ALLOT OR ANY OF ITS SUBSIDIARIES. ALLOT

ASSUMES NO RESPONSIBILITY OR LIABILITY FOR ANY ERRORS OR INACCURACIES THAT MAY APPEAR IN THIS MANUAL, INCLUDING THE PRODUCTS AND SOFTWARE DESCRIBED IN IT.

Please read the End User License Agreement and Warranty Certificate provided with this product before using the product.

Please note that using the products indicates that you accept the terms of the End User License Agreement and Warranty

Certificate.

WITHOUT DEROGATING IN ANY WAY FROM THE AFORESAID, ALLOT WILL NOT BE LIABLE FOR ANY SPECIAL, EXEMPLARY, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND,

REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, LOSS OF REVENUE OR

ANTICIPATED PROFITS, OR LOST BUSINESS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Copyright Copyright © 1997-2009 Allot Communications. All rights reserved. No part of this document may

be reproduced, photocopied, stored on a retrieval system, transmitted, or translated into any other

language without a written permission and specific authorization from Allot Communications Ltd.

Trademarks Products and corporate names appearing in this manual may or may not be registered trademarks or

copyrights of their respective companies, and are used only for identification or explanation and to

the owners' benefit, without intent to infringe.

Allot and the Allot Communications logo are registered trademarks of Allot Communications Ltd.

NetXplorer Installation and Administration Guide iii

Version History

Doc Revision

Internal Build

Product Version

Published

4b v4b4 NX9.2.0 (Beta) 07.04.09

4 v4b6 NX9.2.1 25.06.09 (GA)

5 v5b1 NX10.1.0 26.09.09

5 v5b2 NX10.1.0 29.09.09

5 v5b3 NX10.1.0 30.09.09

5 v5b4 NX10.1.0 05.10.09

5 v5b5 NX10.1.0 18.10.09

5 v5b6 NX10.1.1 20.10.09 (GA)

5 v5b8 NX10.1.1 19.11.09 (Post GA)

5 V5b9 NX10.1.1 27.12.09 (Post GA)

5 V5b10 NX10.1.1 13.01.10 (Post GA)

NetXplorer Installation and Administration Guide iv

Important Notice ........................................................................................................................... ii Version History ............................................................................................................................. iii

CHAPTER 1: GETTING STARTED .......................................................................... 1-1 Overview...................................................................................................................................... 1-1 Terms and Concepts ................................................................................................................... 1-1 NetXplorer Architecture ............................................................................................................ 1-4 Administration Role ................................................................................................................... 1-6

CHAPTER 2: INSTALLATION .................................................................................. 2-1 NetXplorer Server Installation .................................................................................................. 2-1

Windows Installation ................................................................................................................ 2-1 Linux Installation ...................................................................................................................... 2-7

NetXplorer Client Installation................................................................................................. 2-10 Java, WebStart and the NetXplorer Client .............................................................................. 2-10 Accessing NetXplorer ............................................................................................................. 2-13 Enabling NetXplorer Servers .................................................................................................. 2-14

NX Accounting Installation ..................................................................................................... 2-16 Windows Server ...................................................................................................................... 2-16 Linux Server ........................................................................................................................... 2-20

NPP Installation ........................................................................................................................ 2-23 Windows Server ...................................................................................................................... 2-23 Linux Server ........................................................................................................................... 2-26

NX High Availability Platform Installation ........................................................................... 2-30 Connecting the HAP ............................................................................................................... 2-30 Network Configuration ........................................................................................................... 2-31

CHAPTER 3: CONFIGURATION .............................................................................. 3-1 Overview...................................................................................................................................... 3-1 Working with Devices ................................................................................................................ 3-1 Configuring NetXplorer Users .................................................................................................. 3-8

CHAPTER 4: MONITORING COLLECTORS ........................................................ 4-1 Overview...................................................................................................................................... 4-1

Data Collection Process ............................................................................................................ 4-2 Collector Redundancy ............................................................................................................... 4-2 NetXplorer Support................................................................................................................... 4-4

Installing Monitoring Collectors ............................................................................................... 4-5 Collector Groups ....................................................................................................................... 4-8

Configuring Monitoring Collectors .......................................................................................... 4-9 Troubleshooting the Collector ................................................................................................. 4-12

Command Line Interface ........................................................................................................ 4-12

NetXplorer Installation and Administration Guide v

Processes ................................................................................................................................. 4-12 Logs and Snapshots ................................................................................................................ 4-12 Recreating Databases .............................................................................................................. 4-13 Changing IP Addresses ........................................................................................................... 4-13

CHAPTER 5: DATABASE MANAGEMENT ............................................................ 5-1 Backup Terms ........................................................................................................................... 5-1 Using Backups to Achieve NX Redundancy ............................................................................ 5-1

Database Management on Windows ......................................................................................... 5-2 Cold Backup ............................................................................................................................. 5-2 Hot Backup ............................................................................................................................... 5-4

Database Management on Linux ............................................................................................ 5-16 Cold Backup ........................................................................................................................... 5-16 Hot Backup ............................................................................................................................. 5-17

CHAPTER 6: COMMAND LINE INTERFACE (CLI) ............................................ 6-1 Provisioning CLI ........................................................................................................................ 6-1

Topology CLI ........................................................................................................................... 6-2 Catalogs CLI ............................................................................................................................. 6-3 Policy CLI ............................................................................................................................... 6-10 Web Updates CLI ................................................................................................................... 6-15

Monitoring CLI ........................................................................................................................ 6-16 Export to CLI .......................................................................................................................... 6-17

CHAPTER 7: TROUBLESHOOTING ....................................................................... 7-1 Troubleshooting Basics .............................................................................................................. 7-1

First Steps ................................................................................................................................. 7-1 Processes ................................................................................................................................... 7-1 Log Files ................................................................................................................................... 7-2 Snapshots .................................................................................................................................. 7-5 How to restore CFG (allot_cfg) database from the Snapshot-File ............................................ 7-6

Login Errors ............................................................................................................................... 7-6 Incorrect Java Version .............................................................................................................. 7-6 Lack of Connectivity ................................................................................................................ 7-7 Antivirus Conflict ..................................................................................................................... 7-7

Policy Saving Errors .................................................................................................................. 7-8 Data Display Errors ................................................................................................................... 7-9

Data Transmission .................................................................................................................. 7-10 Data Reception ........................................................................................................................ 7-11 Data Loss ................................................................................................................................ 7-11 Stress ....................................................................................................................................... 7-12

Add Device Errors .................................................................................................................... 7-13 NX-HAP Troubleshooting ....................................................................................................... 7-15

Monitoring the Cluster Status ................................................................................................. 7-15 Viewing Available Resources ................................................................................................. 7-16

NetXplorer Installation and Administration Guide vi

Stopping Heartbeat Service .................................................................................................... 7-17

CHAPTER 8: APPENDICES ....................................................................................... 8-1 Upgrading NetXplorer Server ................................................................................................... 8-1

Standard Upgrade Procedure .................................................................................................... 8-1 Manual Upgrade Procedure ...................................................................................................... 8-3

Upgrading NX-HAP ................................................................................................................... 8-6 Upgrading Distributed Monitoring Collector .......................................................................... 8-8 Events .......................................................................................................................................... 8-9

NetXplorer Installation and Administration Guide vii

FIGURES

Figure ‎1-1: System Architecture .................................................................................................. 1-5

Figure ‎2-1: Security Warning ....................................................................................................... 2-3

Figure ‎2-2: NetXplorer InstallShield Wizard Welcome Window ................................................ 2-4

Figure ‎2-3: Choose Setup Type .................................................................................................... 2-4

Figure ‎2-4: Choose Destination Location - Custom ..................................................................... 2-5

Figure ‎2-5: Choose NTP configuration option - Custom ............................................................. 2-5

Figure ‎2-6: Choose Destination Location - Typical ..................................................................... 2-6

Figure ‎2-7: Ready to Install the Program ..................................................................................... 2-6

Figure ‎2-8: Setup Initializing........................................................................................................ 2-6

Figure ‎2-9: NetXplorer InstallShield Wizard Complete ............................................................... 2-7

Figure ‎2-10: NetXplorer Java Installation Screen ...................................................................... 2-12

Figure ‎2-11: NetXplorer Log On Window ................................................................................. 2-13

Figure ‎2-12 – NetXplorer Log On Dialog Box .......................................................................... 2-14

Figure ‎2-13: NetXplorer Application Server Registration Dialog ............................................. 2-15

Figure ‎2-14: Security Warning ................................................................................................... 2-17

Figure ‎2-15: Accounting Manager InstallShield Welcome Window ......................................... 2-18

Figure ‎2-16: Choose Destination Location ................................................................................. 2-18

Figure ‎2-17: Ready to Install Window ....................................................................................... 2-19

Figure ‎2-18: NetXplorer InstallShield Wizard Complete ........................................................... 2-19

Figure ‎2-19: Security Warning ................................................................................................... 2-24

Figure ‎2-20: NetPolicy Provisioner InstallShield Welcome Window ........................................ 2-25

Figure ‎2-21: Choose Destination Location ................................................................................. 2-25

Figure ‎2-22: NetXplorer IP Address Window ............................................................................ 2-25

Figure ‎2-23: Ready to Install Window ....................................................................................... 2-26

Figure ‎2-24: NPP InstallShield Wizard Complete ..................................................................... 2-26

Figure ‎2-25: Cable Connections for NX High Availability Platform......................................... 2-30

Figure ‎2-26: RedHat Network Configuration Dialog ................................................................. 2-32

NetXplorer Installation and Administration Guide viii

Figure ‎2-27: Updating /etc/hosts file .......................................................................................... 2-33

Figure ‎2-28: Updating /etc/ha.d/ha.cf file – Default Gateway ................................................... 2-33

Figure ‎2-29: Updating /etc/ha.d/ha.cf file – Enable SNMP Traps ............................................. 2-33

Figure ‎2-30: Updating crm-mon ................................................................................................. 2-34

Figure ‎2-31: Updating cib.xml ................................................................................................... 2-35

Figure ‎2-32: Specifying NX-HAP IP for Receipt of SNMP Traps ............................................ 2-38

Figure ‎3-1: NetEnforcer Properties – New Dialog ....................................................................... 3-2

Figure ‎3-2: NetEnforcer Properties – Import Dialog .................................................................... 3-2

Figure ‎3-3: Monitoring Collector Properties – New Dialog ......................................................... 3-3

Figure ‎3-4: Monitoring Collector Properties – New Dialog ......................................................... 3-4

Figure ‎3-5: Collector Group Properties – New Dialog ................................................................. 3-4

Figure ‎3-6: SMP Properties – New Dialog ................................................................................... 3-5

Figure ‎3-7: Device Properties Update dialog ............................................................................... 3-6

Figure ‎3-8: System Message ........................................................................................................ 3-6

Figure ‎3-9: NetEnforcer Configuration ........................................................................................ 3-7

Figure ‎3-10: Users Configuration Editor ...................................................................................... 3-9

Figure ‎3-11: User Editor ............................................................................................................... 3-9

Figure ‎4-1: Collector – Front View ............................................................................................. 4-1

Figure ‎4-2: Collector– Rear View ............................................................................................... 4-1

Figure ‎4-3 N+1 Collector Redundancy ....................................................................................... 4-3

Figure ‎4-4 1+1 Collector Redundancy ......................................................................................... 4-3

Figure ‎4-5: Connecting the Collector – Rear View ..................................................................... 4-5

Figure ‎4-6: Monitoring Collectors Properties dialog – General tab ............................................. 4-6

Figure ‎4-7: NetEnforcer Properties dialog ................................................................................... 4-7

Figure ‎4-8: Monitoring Collector Properties - Update ................................................................. 4-8

Figure ‎4-9: Collector Group Properties – New Dialog ................................................................. 4-8

Figure ‎4-10: Collector Configuration Window - General Tab ..................................................... 4-9

Figure ‎4-11: SNMP Tab ............................................................................................................... 4-9

Figure ‎4-12: Date/Time Tab ....................................................................................................... 4-10

NetXplorer Installation and Administration Guide ix

Figure ‎4-13: IP Properties Tab ................................................................................................... 4-10

Figure ‎4-14: Securities Tab ........................................................................................................ 4-11

Figure ‎4-15: Monitoring Collector Properties – Update Dialog ................................................. 4-11

Figure ‎6-1: Database Logs............................................................................................................ 7-2

Figure ‎6-2: Key Database Logs .................................................................................................... 7-3

Figure ‎6-3: Application Server Logs ............................................................................................ 7-3

Figure ‎6-4: NMS.log Example ..................................................................................................... 7-4

Figure ‎6-5: Install Log .................................................................................................................. 7-4

Figure ‎6-6: Snapshot File ............................................................................................................. 7-5

Figure ‎6-7: Restore Policy and Catalogs Dialog .......................................................................... 7-9

Figure ‎6-8: Events Log ............................................................................................................... 7-10

Figure ‎6-9: Bucket Manifest ....................................................................................................... 7-11

Figure ‎6-10: Data Logs ............................................................................................................... 7-12

NetXplorer Installation and Administration Guide 1-1

Chapter 1: Getting Started

Overview

NetXplorer is a highly scalable Network Business Intelligence system that enables

strategic decision-making based on comprehensive network application and subscriber

traffic analysis.

NetXplorer configures NetEnforcer or Service Gateway devices and a central catalog,

which enables global policy provisioning. Many network topologies can benefit from

more than one NetEnforcer or Service Gateway. In addition, NetXplorer provides a

centralized management system for all NetEnforcers or Service Gateways on the

network. It provides easy access to devices and configuration parameters via the device

tree.

By enabling real time monitoring of network troubleshooting and problem analysis,

NetXplorer provides long term reporting for capacity planning, tracking usage and trend

analysis; it allows for the proactive management of traffic and system-wide alarms; and

it allows for the collection and export of auditing data for billing and quota purposes.

Terms and Concepts This section introduces some of the basic terms and concepts used in NetXplorer.

NetXplorer

NetXplorer is a highly scalable Network Business Intelligence system that centrally

manages the NetEnforcer and Service Gateway product line. It enables strategic

decision-making based on comprehensive network application and subscriber traffic

analysis.

The NetXplorer server can be installed on any server running Windows Server 2003 or

Windows XP SP2.

‎Chapter 1: Getting Started


NetEnforcer

NetEnforcers are the traffic management devices that inspect and monitor network

traffic.

Monitoring Collector

The Monitoring Collector is an Allot appliance that can be added between the

NetXplorer Servers and the NetEnforcers or Service Gateways in order to support large

numbers of NetEnforcers or Service Gateways or those installed in remote geographic

locations.

QoS

QoS (Quality of Service) is the ability to define a level of performance in a data

communications system. In NetXplorer, QoS is an action applied to a connection when

the conditions of a filter are satisfied.

The QoS specified can include the following:

Prioritized Bandwidth: Delivers levels of service based on class levels.

During peak traffic periods, the NetXplorer will slow down lower

priority applications, resulting in increased bandwidth delivery to higher

priority applications.

Guaranteed Bandwidth: Enables the assignment of fixed minimum

and maximum amounts of bandwidth to specific Pipes, Virtual Channels

and connections. By borrowing excess bandwidth when it is available,

connections are able to burst above guaranteed minimum limits, up to

the maximum guaranteed rate. Guaranteed rates also assure predictable

service quality by enabling time-critical applications to receive constant

levels of service during peak and non-peak traffic periods.

Reserved Bandwidth on Demand: Enables the reservation of the

minimum bandwidth from the first packet of a connection until the

connection ends. This is useful when the bottleneck is not at the link

governed by the NetEnforcer or Service Gateway. By limiting other

connections (non-guaranteed), the NetEnforcer or Service Gateway

reserves enough bandwidth for the required Pipe or Virtual Channel.

TOS Marking: Enables the user to set the ToS bytes in the transmitted

frame according to the DiffServ standard or free format.

Access Control: Determines whether a connection is accepted, dropped

or rejected. For example, you can specify the following policy: accept

1000 ICMP connections to Server1 and drop the rest. A NetEnforcer or

Service Gateway policy can also be to drop all P2P connections or

accept new connections with a lower priority

Admission Control: Determines the bandwidth granted to a flow based

on your demand (for example, allocated minimum of 10kbps) and the

available bandwidth on the line.



Catalog Editors

Catalog Editors enable you to define values to define your policy. The possible values

for each condition of a filter and for actions are defined in the Catalog entries in the

Catalog Editors. A Catalog Editor enables you to give a logical name to a

comprehensive set of parameters (a Catalog entry). This logical name then becomes a

possible value for a condition or action

Lines

A Line represents a physical or logical media in the system. A line provides a way of

classifying traffic that enables you to divide the total bandwidth and then manage every

Line as if it was an independent link. A Line consists of one or more sets of conditions

and a set of actions that apply when all of the conditions are met. A line is an address-

based or VLAN-based entity, and is not service-based.

A Line can aggregate several Pipes, acting like a container of Pipes from a QoS point of

view. The filter of the Fallback Line cannot be modified or deleted. A connection

coming into the NetEnforcer or Service Gateway is matched to a Line according to

whether the characteristics of the connection match all of the Conditions of the Line.

The connection is then further matched to the Conditions of a Pipe under the Line. The

actions defined for the Line influence all the Pipes under the Line. The actions defined

for a Pipe are enforced together with the actions of the Line.

Pipes

A Pipe provides a way of classifying traffic that enables you to divide the total

bandwidth and then manage every Pipe as if it was an independent link. Pipes cannot

stand alone and are always contained within a Line. A Pipe consists of one or more sets

of conditions and a set of actions that apply when all of the conditions are met. A Pipe

can aggregate several Virtual Channels, acting like a container of Virtual Channels from

a QoS point of view.

When you add a new Pipe, it always includes at least one Virtual Channel, the Fallback

Virtual Channel. The Fallback Virtual Channel filter cannot be modified or deleted. A

connection coming into a line is matched to a Pipe according to whether the

characteristics of the connection match all of the Conditions of the Pipe. The connection

is then further matched to the Conditions of a Virtual Channel under the Pipe. The

actions defined for the Pipe influence all the Virtual Channels under the Pipe. The

actions defined for a Virtual Channel are enforced together with the actions of the Pipe.

Virtual Channels

A Virtual Channel provides a way of classifying traffic and consists of one or more sets

of Conditions and a set of actions that apply when all of the Conditions are met. A

Virtual Channel is defined within a Pipe and cannot stand alone. A connection matched

to a Pipe is further matched to a Virtual Channel according to whether the

characteristics of the connection match all of the Conditions of the Virtual Channel.

Conditions



A Condition is defined at the Line level, Pipe level or Virtual Channel level. NetXplorer

matches connections to conditions, first at the Line level then at Pipe level and then

again at the Virtual Channel level within a Pipe.

Templates

Templates enable you to create a "master" Pipe or Virtual Channel that upon saving will

create multiple Pipes or Virtual Channels similar to one another. Templates work with

host group entries defined in the Host Catalog. For example, if a host group entry in the

Host Catalog called Gold Customers consists of Company X, Company Y and

Company Z, you could define a Pipe template to be expanded for Gold Customers. This

would result in Pipes being created for Company X, Company Y and Company Z when

the Policy Editor is saved.

A Pipe or Virtual Channel template enables the fast creation of Pipes and Virtual

Channels on source/destination differentiation. This means that you do not need to

define similar Pipes and Virtual Channels when the only difference between them is the

IP address in the source or destination.

NetXplorer Architecture

This section introduces the NetXplorer concept and explains its components and

architecture.

NetXplorer uses a highly scalable architecture that enables the monitoring of all

NetEnforcer or Service Gateway devices from a single user interface. In addition,

NetXplorer can utilize distributed monitoring collectors, which increase the scalability

of your deployment. The collectors gather short-term network usage statistics from the

NetEnforcers or Service Gateways.

NetXplorer's server-based, distributed architecture consists of four tiers: multiple

NetEnforcer or Service Gateways and associated distributed collectors, a NetXplorer

server and GUI clients.



Figure ‎1-1: System Architecture

NetXplorer architecture consists of four layers:

1. NetEnforcer layer: NetEnforcers or Service Gateways are the traffic

management devices that inspect and monitor network traffic. There can be one

or more NetEnforcers or Service Gateways on a network. They manage network

policies and collect network usage data.

2. Monitoring Collectors: Monitoring collectors increase scalability by supporting

large numbers of NetEnforcers or Service Gateways or those installed in remote

geographic locations. Monitoring collectors are fully managed via the NetXplorer

GUI.

3. Server Layer: The NetXplorer server is the actual application, which includes

the databases and an integrated data collector. The NetXplorer server manages

and communicates with the different clients that access the system, and facilitates

NetEnforcer or Service Gateway configuration, policy provisioning, alarms,

monitoring and reporting. The integrated data collector included in the

NetXplorer streamlines the required collection of data from the managed

NetEnforcer or Service Gateway devices. The Server layer includes additional

servers such as SMP Servers, NPP Servers and stand along Accounting Servers.



4. User Interface Layer: The different clients connected to the NetXplorer Server

are the NetXplorer GUI application users. Any network computer capable of

connecting to the NetXplorer server can support the GUI interface.

The system offers simple integration with external systems using a wide range of

interfaces, including SNMP, CSV Files (for report data export), XML and CLI.

Administration Role NetXplorer uses a role-based security model. The role defined for each authorized user

indicates the scope of operations that can be performed by that user. The Administrator

role gives Admin users complete read/write privileges in the NetXplorer application

including read/write configuration privileges.

The main functions of the Administrator role include:

1. User Registration

2. Device and Network Management

3. Monitoring Collectors Management

4. Database Maintenance

This document defines the main concepts and describes the various activities related to

the installation and configuration of NetEnforcer or Service Gateways and the

NetXplorer, Monitoring Collectors, as well as the main tasks associated with Database

Maintenance, such as backup and restore, changing location and installing the

NetXplorer on a remote data base.


Chapter 2: Installation

NetXplorer Server Installation

Windows Installation

Installation Prerequisites

This section describes the minimum hardware and software requirements for installing

NetXplorer on a Windows Server.

Server Hardware Requirements

Minimum Specifications for Managing 1-2 NetEnforcer AC-400/800/1000/2500

Devices

Intel Pentium 4 2.8 GHz and up

Intel Chipset based (925 or 955)

2 GB RAM DDR Dual channel

1 x 80 GB HDD, 8 MB Cache (SATA interface recommended)

Windows XP Professional Service Pack 2

Minimum Specifications for Managing an Allot Service gateway, AC-10000, AC-

5000 or more than 2 NetEnforcer AC-400/800/1000/2500 Devices

Dual Xeon 3.0 GHz and up


RAID (0 or 10) Controller with 256MB Battery Backed Write Cache

(BBWC)

5x36 GB HDD SCSI U320 15k RPM or larger (capacity depends on

overall storage needs, allowing for 100 GB per Service Gateway or AC-

10000/AC-5000, 20 GB per AC-2500/AC-1000 and 10 GB per AC-

800/AC-400)

Windows Server 2003 Enterprise Edition Service Pack 1or Windows

Server 2003 Standard Edition Service Pack 1

Software Requirements

Any Real-Time Virus Protection programs or automatic

Defragmentation/Backup software must be disabled on the NetXplorer

server or the Allot folder needs to be excluded from

protection/defragmentation.

‎Chapter 2: Installation


Java SDK 1.6 should be installed on the Server machine. For details on

how to install the Java SDK see Installing Java 1.6 SDK on page 2-2

No other database applications (for example, SQL database) should be

installed on the NetXplorer server machine.

No application should be listening to port 80 at the time of the

installation.

Pre-Installation Checklist

Before you begin the installation process, it is important that you perform the following

steps.

1. Verify that the minimum required space is available on the hard

disk.

2. Verify that there is at least 4 GB of available Virtual Memory.

NOTE: Set the Virtual Memory on your computer by selecting Start/Settings/Control Panel/System. Open the Advanced tab and click the Performance Settings button. Open the Advanced tab and click the Change button under Virtual Memory to select a new value.

3. Verify that the Java SDK 1.6 is installed, including runtime

environment. If it is not installed, install it now, as described in

Installing Java 1.6 SDK below.

Installing Java 1.6 SDK

The Java 1.6 SDK, including the run time environment, must be installed before you

can install NetXplorer.

To install the Java SDK:

1. Browse to <target folder> and run the jdk-1_6_0_10-windows-

i586-p.exe file on the installation CD. The Security Warning is

displayed.

2. Click Run. The License Agreement is displayed.

3. Read the license agreement and select I accept the terms … to

indicate your agreement, and then click Next. The Custom Setup

dialog is displayed.

4. Click Next to accept the default installation location,

OR

Click Change to browse and select an alternate installation location, and then

click Next.



NOTE The necessary program features are selected by default. You do not need to change these default settings.

The Browser Registration dialog is displayed.

5. Verify that Microsoft Internet Explorer is selected and click

Install. The Installing Java SDK dialog is displayed. The progress

bar indicates the status of the installation process.

6. When the installation process is done, the Complete window is

displayed.

7. Click Finish.

Installation Instructions

After you have performed the pre-installation checks and have verified that the Java

SDK is installed, you are ready to install NetXplorer.

To install NetXplorer:

1. Run the setup.exe file on the installation CD or from a net-

mounted disk.

NOTE Do not attempt to run the setup file from a net long address, such as \\file_server\.

2. The following dialog is displayed.

Figure ‎2-1: Security Warning



3. Click Run. The following window is displayed.

Figure ‎2-2: NetXplorer InstallShield Wizard Welcome Window

Click Next to continue.

4. The NetXplorer License Agreement is displayed.

Click Next to continue

5. Read the license agreement and select I accept the term … to

indicate your agreement, and then click Next. The Choose Setup

Type dialog is displayed.

Figure ‎2-3: Choose Setup Type

6. To install all program components in a single location, select

Typical and click Next. Then skip ahead to step 10.

OR

To install each component in a different location, select Custom and click

Next.

NOTE Allot strongly recommends using the Custom installation option.



7. If you selected Custom in step 5, the following dialogs are

displayed.

Figure ‎2-4: Choose Destination Location - Custom

8. Accept the default destination locations or browse and select an

alternate location for one or more of the components, and then

click Next. The Choose NTP configuration option dialog is

displayed.

NOTE If alternate locations are chosen for one or more components, they must be in a subdirectory on one of the root directories (like C:\Allot or D:\Allot) and not on the root directory itself (C:\ or D:\).

NOTE It is recommended that the system files and the different monitoring files be installed on different physical drives in order to improve overall performance.

Figure ‎2-5: Choose NTP configuration option - Custom

9. Select either the Use local clock or the Use External NTP server

radio button. If you select an external NTP server, enter the

server‟s IP address in the field provided. Click Next.

NOTE Allot strongly recommends using an external NTP server.



10. If you selected Typical in step 5 the following dialog is displayed.

Figure ‎2-6: Choose Destination Location - Typical

11. Accept the default destination location or browse and select an

alternate location, and then click Next.

Figure ‎2-7: Ready to Install the Program

12. Click Install to begin the installation. The Setup Status dialog is

displayed.

After a few moments the following popup is displayed.

Figure ‎2-8: Setup Initializing

NOTE The installation may take up to 30 minutes to complete.



13. When the installation is complete the following dialog is

displayed.

Figure ‎2-9: NetXplorer InstallShield Wizard Complete

14. Select Yes, I want to restart my computer now and click

Finish. The installation process is complete.

Linux Installation



NetXplorer on a Linux Server.


Minimum Specifications for Managing 1-2 NetEnforcer AC-400/800/1000/2500

Devices




1 x 100 GB HDD, 8 MB Cache (SATA interface recommended)

Red Hat Enterprise Linux Server 5.2 or 5.3, 32 or 64 bit installed

Minimum Specifications for Managing an Allot Service Gateway, AC-10000, AC-

5000 or more than 2 NetEnforcer AC-400/800/1000/2500 Devices

DUAL Xeon 2.8 GHz and up


RAID (0 or 10) Controller with 256MB Battery Backed Write Cache

(BBWC)



5x36 GB HDD SCSI U320 15k RPM or larger (capacity depends on

overall storage needs, allowing for 100 GB per Service Gateway or AC-

10000/AC-5000, 20 GB per AC-2500/AC-1000 and 10 GB per AC-

800/AC-400)

Red Hat Enterprise Linux Server 5.2 or 5.3, 32 or 64 bit installed


NetXplorer Server should be installed on a machine running

Red Hat Enterprise Linux Server 5 32 or 64 bit.

NetXplorer Client software should be installed on a machine

running Windows XP Professional and Microsoft Internet

Explorer.


Defragmentation/Backup software must be disabled on the

NetXplorer server or the Allot folder needs to be excluded

from protection/defragmentation.

No other database applications (for example, SQL database)

should be installed on the NetXplorer server machine.


installation.

FQDN of the server should be defined (to check run

„hostname -f‟).

Check that NTP service is installed. The Config ntp service should be

configured to start when the unit is rebooted by entering the following

command:

chkconfig --levels 35 ntpd on

NTP service should be configured to update the time from an

external NTP server and deliver the time service to Allot

devices.

If the OS is not installed yet, configure the server so that the

CD is the first boot device, insert the RedHat5 Installation CD

#1 and reboot the host. Follow the on-screen instructions

using the default installation options on all steps except for the

steps listed below

Hostname: give fully qualified host name (e.g.,

NXlinx.allot.local)

Firewall: disabled (during configuration after reboot)

SELinux: disabled (during configuration after reboot)

Time: configure correct time according to time zone chosen



NTP server: may be configured during configuration after the

IP address is configured (select the checkbox about

synchronize before starting)


To install the software:

1. Confirm all the hardware and software requirements.

2. Confirm that there is at least 20GB of free space on the /opt

directory.

3. Run rpm -ivh <filename>.rpm

Example: rpm -ivh NetXplorer-8.1-1.i386.rpm

NOTE You may discover the filename by using the following command: cd / find|grep -i netxplorer-

Package dependencies are checked, and error message issued if

additional are packages needed. The JDK 6 (Java development

kit) package is included in the installation set.

4. To install the packages, run rpm –ivh <JDK filename>.rpm

(version numbers may differ).

5. Configure the NTP service to start on system start by entering the

following command: chkconfig --levels 35 ntpd on

6. Manually edit the /etc/host files as follows: 127.0.0.1 localhost.localdomain localhost

10.50.18.1 NX1-lin.allot.local NX1-lin

7. Reboot the machine. Confirm that NTP and NetXplorer services

are running.

8. To start/stop/check the status of the services use commands such

as:

service ntpd start

service netxplorer stop

service netxplorer status



Uninstallation Instructions

1. Check what version of software is installed on the server by

running the following command: rpm -qa |grep netxplorer

2. To uninstall NetXplorer run the following command rpm -e <netxplorer version>

Example: [root@REDHATNX NX811b10]# rpm -e netxplorer-8.1.1-10

NetXplorer Client Installation

Java, WebStart and the NetXplorer Client

NetXplorer works with a technology known as WebStart from Sun Microsystems.

WebStart enables you to run the NetXplorer Client software by simply double-clicking

an icon on your computer‟s desktop. This mode of operation is more convenient than

having to access the NetXplorer Client through an Internet browser.

Hardware Requirements

It is recommended that the NetXplorer Client be installed on a machine with the

following minimum specifications:

Pentium 4

512MB RAM

Windows XP/Microsoft Internet Explorer


NetXplorer Client software should be installed on a machine running

Windows XP Professional and Microsoft Internet Explorer.


Defragmentation/Backup software must be disabled on the NetXplorer

client or the Allot folder needs to be excluded from

protection/defragmentation.

Java JRE 1.6 should be installed on the client machine. For

details on how to install the Java JRE see Installing Java 1.6

JRE on page 2-17.


installation.



Firewall Settings

In some networks, workstations running the NetXplorer GUI and NetEnforcers or

Service Gateway can be separated from the NetXplorer server by a firewall for security

reasons. In order to allow the client to communicate with the NetXplorer server the

following ports should be opened in the Firewall:

TCP/80 HTTP

TCP/1098 The RMI service bind address

TCP/1099 JNP server bind address

TCP/4444 RMI Object ports

To enable the communication between the NetXplorer and the NetEnforcer or Service

Gateways the following ports in the Firewall should be opened:

TCP/80 HTTP

UDP/161 SNMP

UDP/162 SNMP Trap

UDP/123 NTP

TCP/123 NTP

Installing Java 1.6 JRE

The Java 1.6 JRE must be installed on your computer as a prerequisite to working with

the NetXplorer User Interface.

To install Java 1.6 JRE:

1. Open your Internet browser, and access http://<<NetX-addr>>

The following window is displayed.



Figure ‎2-10: NetXplorer Java Installation Screen

2. Click the Install Java JRE First link if you do not have Java 1.6

JRE installed on your computer.

3. Click on the appropriate link and follow the on-screen instructions

to install the Java 1.6 JRE on your computer.

Initializing WebStart

1. With the Java 1.6 JRE installed, access http://<<NetXplorer-IP-

address> once again. The Application Starting window is

displayed.

When the loading process is complete for the first time, the Security Warning

is displayed, prompting you to confirm that you want to allow NetXplorer User

Interface software access to your computer.



2. The NetXplorer Log On window is displayed.

Figure ‎2-11: NetXplorer Log On Window

A shortcut icon to the NetXplorer installation is placed on your desktop and in your

system‟s Start menu.

Accessing NetXplorer

Once you have completed the initial setup, as described in the previous chapter, you can

access to NetEnforcer or Service Gateway via your Web browser. The first time that

you connect to NetEnforcer or Service Gateway, you may be prompted to install Java

plug-in 1.6. Refer to Installing Java 1.6 JRE, page 2-16, for further information.

To connect to NetXplorer:

1. In Internet Explorer, browse to http:<<NetXplorer IP>> and

select Launch NetXplorer in the NetXplorer Control Panel.

OR

Double click the shortcut icon on the desktop or in the system‟s Start menu.



2. The Java Application Starting window is displayed.

3. The NetXplorer Log On dialog is displayed.

Figure ‎2-12 – NetXplorer Log On Dialog Box

4. In the User Name field, enter admin and in the Password field,

enter allot or the password that was established at set up. This is

the default user name and password. They may be different if you

changed them during the initial configuration.

5. Click Log On. The NetXplorer GUI is displayed.

NOTE It may take a few moments for the NetXplorer GUI to load.

Enabling NetXplorer Servers

In order to manage more than one NetEnforcer or Service Gateway as well as certain

features using NetXplorer, NetXplorer Server must be enabled by entering the

appropriate key. This key may be entered at installation or at any time following. For

more information concerning the NetXplorer Server contact Allot Customer Support at

[email protected].

To enable NetXplorer Server:

mailto:[email protected]



1. Select Tools > NetXplorer Application Server Registration

from the NetXplorer Menu bar.

The NetXplorer Application Server Registration dialog box

appears.

Figure ‎2-13: NetXplorer Application Server Registration Dialog

2. Enter the Server Registration Key and Serial Number provided by

Allot to enable the NetXplorer Server functionality.

3. An Expiration Date will be generated automatically after clicking

Save.

4. If Subscriber Management is enabled by the key that has been

entered, it will be indicated (along with the type and the maximum

number of subscribers) after SMP Enabled. For more

information, see the SMP User Guide.

5. If Policy Provisioning is enabled by the key that has been entered,

it will be indicated (along with the maximum number of accounts)

after NPP Enabled. For more information, see the NPP User

Guide.

6. If Classification of Hosts by Country is enabled by the key that

has been entered, it will be indicated after Host Catalog Country

Classification Enabled.

7. If Accounting information is enabled by the key that has been

entered, it will be indicated after Accounting Enabled.

8. If Service Catalog updates via the web are enabled by the key that

has been entered, it will be indicated after Protocol Updates

Enabled.



9. The Maximum number of devices covered by the entered key is

indicated.

10. Click Save to enter the key and close the dialog box.

NX Accounting Installation

Windows Server



Minimum Specifications




1 x 80 GB HDD, 8 MB Cache (SATA interface

recommended)


Software Requirements NetXplorer Accounting software should be installed on a

machine running Windows 2003 Server or Windows XP

Professional.





Java SDK 1.6 should be installed on the Accounting Server.

For details on how to install the Java SDK see Installing Java

1.6 SDK on page 2-2.


should be installed on the NetXplorer Accounting machine.


installation.


Before you begin the installation process, it is important that you perform the following steps.



1. Verify that a minimum of 20 GB is available on the disk.


NOTE Set the Virtual Memory on your computer by selecting Start/Settings/Control Panel/System. Open the Advanced tab and click the Performance Settings button. Open the Advanced tab and click the Change button under Virtual Memory to select a new value.



Installing Java 1.6 SDK on page 2-2.


NX Accounting may be installed on the same machine as NetXplorer Server, or on a

separate machine. In either case you need to identify the IP address of the NetXplorer

during the installation process.

NOTE Be sure that all the Ports are operable as detailed in the Firewall section in this Installation and User Guide, and that Java SDK is installed.

On the NetXplorer CD (or in a folder supplied to the End-User) the installation files are

in a directory called ACCT.

To install the accounting manager:

1. Browse to the ACCT directory and run the setup.exe file on the

installation CD or from a net-mounted disk.

NOTE Do not attempt to run the setup file from a long address






Figure ‎2-15: Accounting Manager InstallShield Welcome Window

4. Click Next.

The NetXplorer License Agreement is displayed.


indicate your agreement, and then click Next. The Choose

Destination Location window is displayed.

Figure ‎2-16: Choose Destination Location


alternate location, and then click Next.

The Enter NetXplorer Server IP Address window is displayed.



7. Type in the IP address of the NetXplorer Server, and click Next.

Figure ‎2-17: Ready to Install Window

8. Click Install to begin the installation. The Setup Status window is

displayed.

When the installation is complete the following dialog is displayed.

Figure ‎2-18: NetXplorer InstallShield Wizard Complete

9. Select Yes, I want to restart my computer now and click Finish.

The installation process is complete.

10. The NX Accounting functionality must be enabled by entering the

appropriate key in the NetXplorer GUI. This key may be entered

at installation or at any time following. For information, see the

NetXplorer Operations Guide.

NOTE NetXplorer Accounting cannot be upgraded directly. The old version must be uninstalled and the new version of Accounting may then be installed.



Linux Server










recommended)

Red Hat Enterprise Linux Server 5.2 or 5.3, 32 or 64 bit

installed






Explorer.








installation.


„hostname -f‟).

Check that NTP service is installed. The Config ntp service

should be configured to start when the unit is rebooted by

entering the following command:




devices.







steps listed below


NXlinx.allot.local);

Firewall: disabled (during configuration after reboot),

SELinux: disabled (during configuration after reboot),






To install the accounting manager server in Linux:

1. Confirm all the software and disc pre-installation requirements are

available.

2. Run the rpm -ivh <Accounting filename>.rpm Package.

Dependencies are checked and error message issued if additional

packages are needed. JDK 6 (Java development kit) is included in

the installation set.



3. To install the packages, run rpm -ivh <JDK filename>.rpm

(version numbers may differ). After the installation is finished,

you see the following:

rpm -ivh Accounting-Manager-8.1.0-5.i386.rpm

Preparing...

########################################### [100%]

1: Accounting-Manager ########################################### [100%]

Installation finished.

Please set NetXplorer IP Address by running

accounting/bin/set_acct_nx_ip.sh.

Than, please reboot your device.

4. Manually edit the /etc/host files as follows:

127.0.0.1 localhost.localdomain localhost


5. To set the NetXplorer IP address, run the following:

/opt/allot/accounting/bin/set_acct_nx_ip.sh

6. Reboot the machine.

7. Check that NTP and NetXplorer services are running.


as:

service ntpd start

service accounting_manager stop

service accounting_manager status

9. The NX Accounting functionality must be enabled by entering the

appropriate key in the NetXplorer GUI. This key may be entered

at installation or at any time following. For information, see the

NetXplorer Operations Guide.




NPP Installation

Windows Server

By default, the NetPolicy Provisioner is installed on the same machine as NetXplorer

Server during the standard NetXplorer installation. NPP functionality is then enabled by

entering the appropriate License Key.

The following procedure is for installing NPP on another Windows Server, without

NetXplorer.








recommended)


Software Requirements NetPolicy Provisioner software should be installed on a

machine running Windows 2003 Server or Windows XP

Professional.





Java SDK 1.6 should be installed on the NPP Server. For

details on how to install the Java SDK see Installing Java 1.6

SDK on page 2-2.


should be installed on the NPP machine.


installation.


Before you begin the installation process, it is important that you perform the following steps.



1. Verify that a minimum of 20 GB is available on the disk.


NOTE: Set the Virtual Memory on your computer by selecting Start/Settings/Control Panel/System. Open the Advanced tab and click the Performance Settings button. Open the Advanced tab and click the Change button under Virtual Memory to select a new value.



Installing Java 1.6 SDK on page 2-2.


NPP may be installed on the same machine as NetXplorer Server, or on a separate

machine. In either case you need to identify the IP address of the NetXplorer during the

installation process.

NOTE Be sure that all the Ports are operable as detailed in the Firewall section in this Installation and User Guide, and that Java SDK is installed.

On the NetXplorer CD (or in a folder supplied to the End-User) the installation files are

in a directory called NPP.

To install NPP:

1. Browse to the NPP directory and run the setup.exe file on the

installation CD or from a net-mounted disk.

NOTE Do not attempt to run the setup file from a long address






Figure ‎2-20: NetPolicy Provisioner InstallShield Welcome Window

4. Click Next.

The NetXplorer License Agreement is displayed.


indicate your agreement, and then click Next. The Choose

Destination Location window is displayed.

Figure ‎2-21: Choose Destination Location


alternate location for one or more of the components, and then

click Next. The Enter NetXplorer Server IP Address window is

displayed.

Figure ‎2-22: NetXplorer IP Address Window



7. Type in the IP address of the NetXplorer Server, and click Next.

Figure ‎2-23: Ready to Install Window

8. Click Install to begin the installation. The Setup Status window is

displayed.

When the installation is complete the following dialog is displayed.

Figure ‎2-24: NPP InstallShield Wizard Complete

9. Select Yes, I want to restart my computer now and click Finish.

The installation process is complete.

10. NPP functionality must be enabled by entering the appropriate key

in the NetXplorer GUI. This key may be entered at installation or

at any time following. For information, see the NetXplorer

Operations Guide.

Linux Server

By default, the NetPolicy Provisioner is installed on the same machine as NetXplorer

Server during the standard NetXplorer installation. NPP functionality is then enabled by

entering the appropriate License Key.

The following procedure is for installing NPP on another Linux Server, without

NetXplorer.












recommended)

Red Hat Enterprise Linux Server 5.2 or 5.3, 32 or 64 bit

installed






Explorer.








installation.


„hostname -f‟).

Check that NTP service is installed. The Config ntp service

should be configured to start when the unit is rebooted by

entering the following command:




devices.







steps listed below


NXlinx.allot.local);

Firewall: disabled (during configuration after reboot),

SELinux: disabled (during configuration after reboot),






To install the NPP on Linux:

1. Confirm all the software and disc pre-installation requirements are

available.

2. Run the rpm –ivh <NPP filename>.rpm Package. Dependencies

are checked, and error message issued if additional packages are

needed. JDK 6 (Java development kit) is included in the

installation set.



3. To install the packages, run rpm -ivh >JDK filename>.rpm

(version numbers may differ). After the installation is finished,

you see the following:

rpm -ivh NetPolicy-Provisioner-8.1.0-5.i386.rpm

Preparing...

########################################### [100%]

1:NetPolicy-Provisioner

########################################### [100%]

Installation finished.

Please set NetXplorer IP Address by running

/opt/allot/npp/bin/set_npp_nx_ip.sh.

Then, please reboot your device.

4. Manually edit the /etc/host files as follows:



5. To set the NetXplorer IP address, run the following:

/opt/allot/accounting/bin/set_acct_nx_ip.sh

6. Reboot the machine.

7. Check that NTP and NetXplorer services are running.


as:

service ntpd start

service npp stop

service npp status

9. NPP functionality must be enabled by entering the appropriate key

in the NetXplorer GUI. This key may be entered at installation or

at any time following. For information, see the NetXplorer

Operations Guide.



NX High Availability Platform Installation

When a NetXplorer High Availability Platform is supplied, the customer will receive

the following hardware components with the necessary software pre-installed:

2 x NetXplorer Servers

1 x NetXplorer Shared Storage Device

The administrator responsible for installation needs to connect the devices and then

perform a basic network configuration as outlined below.

Connecting the HAP

In a High Availability Cluster configuration, the NX servers are connected by two

physical links. In addition, each NX server is connected to each of the controllers on the

RAID Storage device with dedicated SAS cables).

The diagram below shows the rear-views of the RAID storage server and the 2 x

NetXplorer servers that make up the NX-HAP solution. The physical connections are

shown below:

Figure ‎2-25: Cable Connections for NX High Availability Platform

The connections are as follows:



1. A straight copper cable is used to connect between eth2 on one

NX server and eth2 on the second NX server. (illustrated in green

above)

2. A null modem serial cable (RS 232) is used to connect between

the Serial COM port on one NX server and the Serial COM port

on the second NX server. (illustrated in red above)

3. Two Serial SCSI (SAS) cables connect between the first controller

on the RAID storage device and the SAS HBA connection in the

first PCIe low profile slot of each NX server (illustrated in orange

above)

4. Two further Serial SCSI (SAS) cables connect between the second

controller on the RAID storage device and the SAS HBA

connection in the second PCIe low profile slot of each NX server

(illustrated in orange above)

5. Each NX server is connected to the management network via eth0

(illustrated in blue above) with an additional link via eth1, as

required.

6. Each controller on the storage device is connected to the

management network by a copper Ethernet link (illustrated in blue

above)

Network Configuration

Follow the step-by-step instructions below to give an IP address to each NX in the

cluster and a virtual IP address to the High Availability Cluster itself.

NOTE Allot strongly recommends that this procedure be carried out by or under the supervision of an Allot engineer.

To update NX IPs in the Network Configuration Dialog:

1. On NX-1, from the RedHat OS Start menu, choose Administration

/ Network

2. Choose the Devices tab on the Network Configuration dialog

3. Double click on the bond0 interface. Unlike the screen capture

below, eth0 will be inactive and bond0 will be active.



Figure ‎2-26: RedHat Network Configuration Dialog

4. Enter the following details:

IP address

Subnet

Default Gateway

5. From the DNS tab, enter the Primary DNS address.

6. Save the configuration change by choosing SAVE from the file

menu.

7. Repeat steps 1-6 above for NX-2

To update NX IPs in the /etc/hosts file:

1. On NX-1 edit the /etc/hosts file by entering vi/etc/hosts

2. Change the IP address of each NetXplorer from the default

addresses:



Figure ‎2-27: Updating /etc/hosts file

3. Restart the “network” service on RedHat operating system

a) From the System menu choose Administrator/Server

Settings/Services

b) Ensure that the “network” service is checked, and choose

Restart


To update the Default Gateway IP in ha.cf file:

1. On NX-1 edit the /etc/ha.d/ha.cf file

2. Insert the default gateway address in the “ping 11.0.0.1” field,

instead of 11.0.0.1

Figure ‎2-28: Updating /etc/ha.d/ha.cf file – Default Gateway

3. Ensure that the unmarked lines (in bold below) are indeed

unmarked to enable SNMP traps to be sent from the NX Cluster:

Figure ‎2-29: Updating /etc/ha.d/ha.cf file – Enable SNMP Traps

4. Restart the heartbeat service by entering service heartbeat

restart

5. Repeat steps 1-4 on NX-2

#respawn hacluster /usr/lib/heartbeat/ipfail

respawn root /usr/lib64/heartbeat/pingd -m 100 -d 5s

respawn root /usr/lib64/heartbeat/hbagent

#

# Access control for client api

#

ping 11.0.0.1

#

# Do not remove the following line, or various programs

# that require network functionality will fail.


11.0.0.1 nx1.allot.com nx1

11.0.0.2 nx1.allot.com nx2



<nodes>

<node id="a4fb160c-30be-4744-8822-a9f1f790f675" uname="nx2.allot.com" type="normal"/>

<node id="37f206c8-a973-48db-bfbe-a7db915fefed" uname="nx1.allot.com" type="normal"/>

<expression attribute="#uname" id="a4fb160c-30be-4744-8822-a9f1f790f675"

operation="eq" value="nx2.allot.com"/>

<expression attribute="#uname" id="37f206c8-a973-48db-bfbe-a7db915fefed"

operation="eq" value="nx1.allot.com"/>

To update NX IPs in the cib.xml file:

1. On either NetXplorer, enter crm_mon

2. In the crm_mon output, note and record the HEX value listed for:

Node: NX-1

Node: NX-2

3. Stop the heartbeat service on NX-1 by entering service heartbeat

stop

4. Stop the heartbeat service on NX-2 by entering service heartbeat

stop

5. On NX-1 go to the directory called /home/install/new and edit the

cib.xml file

6. The HEX values for both NX-1 and NX-2 appear in two places in

the file – firstly under “node id” and secondly under “expression

attribute”. In both places, replace the HEX values with the new

values for NX-1 and NX-2 noted from the crm_mon output in step

2 above

Figure ‎2-30: Updating crm-mon

7. Repeat steps 5-6 above on NX-2

To update the Virtual IP in the cib.xml file:

1. On On NX-1 go to the directory called /home/install/new and edit

the cib.xml file

2. Look for the line beginning: nvpair ID. Edit the virtual IP value

here.

3. Repeat steps 1-2 on NX-2



Figure ‎2-31: Updating cib.xml

4. Delete all files from the directory /var/lib/heartbeat/crm

5. Copy the newly edited cib.xml file to /var/lib/heartbeat/crm

6. Change the owner of the file by entering:

chown hacluster:haclient /var/lib/heartbeat/crm/*

7. Change the rights to the cib.xml file by entering: chmod 600

cib.xml (in /var/lib/heartbeat/crm)

To verify a successful completion:

1. Start the heartbeat service on node NX-1 by entering service

heartbeat start

2. Now that just heartbeat is running on NX-1 alone, verify that the

GUI can be accessed from the virtual IP

3. Stop the service on node NX-1 by entering service heartbeat stop

4. Start the heartbeat service on node NX-2 by entering service

heartbeat start

5. Now that just heartbeat is running on NX-2 alone, verify that the

GUI can be accessed from the virtual IP

6. Restart the heartbeat service on node NX-1 by entering service

heartbeat start

NOTE The heartbeat process typically takes approx. 5 minutes to start

To verify that NX-HAP is prepared to perform backups:

1. Check that the directory /opt/Sybase/data has sybase.allot as its

owner. If sybase.allot is not the owner, change this by entering

the command: chown sybase.allot /opt/sybase/data

2. If the /opt/Sybase/data/backup directory exists, check that this

directory and its subdirectories all have sybase.allot as its owner.

If sybase.allot is not the owner, change this by entering the

command: chown –R sybase.allot /opt/sybase/data/backup

<nvpair id="39163b78-bf63-47dc-bb7a-7e1557d29a5b" name="ip" value="10.4.60.112"/>



Configuring Redundancy of the NX Management Interfaces

1. On NX-1, locate the following two files from

/etc/sysconfig/network-scripts/

ifcfg-eth0

ifcfg-eth1

2. Change ifcfg-eth0 as shown in BOLD and RED below. You will

need to remove the remark from several fields and add the

“master” and “slave” lines. (NOTE: The HWADDR MAC

address value in the output below is just an example – do not

change the value on your device)

3. Change ifcfg-eth1 as shown in BOLD below. You will need to

remove the remark from several fields and add the “master” and

“slave” lines. (The HWADDR MAC address value in the output

below is just an example – do not change the value on your

device)

# Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet

#DEVICE=eth0

#BOOTPROTO=none

#BROADCAST=10.255.255.255

#HWADDR=00:1A:64:08:6D:86

#IPADDR=10.90.90.67

#IPV6INIT=yes

#IPV6_AUTOCONF=yes

#NETMASK=255.0.0.0

#NETWORK=10.0.0.0

#ONBOOT=yes

#GATEWAY=10.0.0.1

#TYPE=Ethernet

DEVICE=eth0

BOOTPROTO=none

HWADDR=00:1A:64:08:6D:86

ONBOOT=yes

MASTER=bond0

SLAVE=yes

USERCTL=no

TYPE=Ethernet



4. Take the file ifcfg-bond0 from the Allot Knowledge Base and

copy it to /etc/sysconfig/network-scripts/

5. Unmark the lines shown in bold/red below and enter the IP

Address of the NX Server (IPADDR), the Default Gateway

(GATEWAY), Subnet (Network) of the NX server as shown

below:

6. Reboot the NX Server by entering Reboot.


DEVICE=bond0

USERCTL=no

ONBOOT=yes

BROADCAST=10.255.255.255

NETWORK=10.0.0.0

NETMASK=255.0.0.0

GATEWAY=10.0.0.1

IPADDR=10.90.90.67

TYPE=Ethernet

#MTU=1500

# Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet

#DEVICE=eth1

#BOOTPROTO=dhcp

#HWADDR=00:1A:64:08:6D:88

#ONBOOT=no

#DHCP_HOSTNAME=nx-1.allot.com

#TYPE=Ethernet

DEVICE=eth1

BOOTPROTO=none

HWADDR=00:1A:64:08:6D:88

ONBOOT=yes

MASTER=bond0

SLAVE=yes

USERCTL=no

TYPE=Ethernet



To add Virtual IP Target for receipt of SNMP traps:

1. Open the NetXplorer GUI.

2. From Network in the Network Pane, right click and choose

Configuration

3. Select the SNMP Tab

4. In the “IP Target For Receipt Of SNMP Traps” section, choose

“Other IP target” and enter the Virtual IP address of the NX-HAP

cluster to ensure that traps are sent here.

Figure ‎2-32: Specifying NX-HAP IP for Receipt of SNMP Traps


Chapter 3: Configuration

Overview

This chapter describes the processes used to configure, add and change NetEnforcers,

Service Gateways and other devices as well as how to register and maintain users.

The NetXplorer, once installed on the network, enables the central configuration of

managed NetEnforcers, Service Gateways and Monitoring Collectors. It has an easy

GUI interface that provides access to all the devices via a device tree. All available

configuration parameters can be accessed via the GUI.

Monitoring Collectors may be added between the NetXplorer Servers and the

NetEnforcers or Service Gateways, in order to support sparse and remote geographic

regions.

In order to manage more than one NetEnforcer or Service Gateway device using

NetXplorer, the NetXplorer Server must be enabled by entering the appropriate key.

This key may be entered at installation or at any time following.

Working with Devices

In order for NetXplorer to manage a Device (NetEnforcer or Service Gateway, SMP,

etc), it must be added to the NetXplorer's network and properly configured. The IP

address of the NetEnforcer or Service Gateway is required for this procedure.

NOTE Initial configuration of the NetEnforcer or Service Gateway should be performed on the NetEnforcer or Service Gateway (via the CLI interface) before it is added to the NetXplorer configuration. Refer to the hardware manual for the specific NetEnforcer or Service Gateway model for details.

To add a NetEnforcer or Service Gateway:

1. In the Navigation pane, right-click Network in the Network of the

Navigation tree and select New NetEnforcer from the popup

menu.

OR

Select Network in the Network pane of the Navigation tree and then select New

NetEnforcer from the Actions menu.

The NetEnforcer Properties - New dialog is displayed.

‎Chapter 3: Configuration


Figure ‎3-1: NetEnforcer Properties – New Dialog

2. Enter the User Name and Password of the NetXplorer

administrator and the IP address of the NetEnforcer or Service

Gateway in the designated fields.

3. Assign a Monitoring Collector or Collector Group to the

NetEnforcer or Service Gateway from the drop down menus. This

means that the new NetEnforcer or Service Gateway will transmit

its monitoring data to that Collector or Group only. If it does not

matter which Collector is used, select <system defined>. If you

do not have any Monitoring Collectors on the Network, select No

Collector.

4. Click OK. The NetEnforcer or Service Gateway is added to the

Navigation tree. The Add NetEnforcer operation can take up to a

couple of minutes to complete.

To Import a NetEnforcer or Service Gateway:

1. A NetEnforcer or Service Gateway can be imported into

NetXplorer if it already exists on the network but has not

previously been part of this NetXplorer network or had

NetXplorer enabled. When a NetEnforcer or Service Gateway is

imported, its policy tables and catalogs remain intact and are

imported into the NetXplorer database.

2. Select Import NetEnforcer from the Tools menu.

The NetEnforcer Properties - Import dialog is displayed.

Figure ‎3-2: NetEnforcer Properties – Import Dialog



3. Enter the User Name and Password of the NetXplorer

administrator and the IP address of the NetEnforcer or Service

Gateway in the designated fields.

4. Assign a Monitoring Collector or Collector Group to the

NetEnforcer or Service Gateway from the drop down menus. This

means that the new NetEnforcer or Service Gateway will transmit

its monitoring data to that Collector or Group only. If it does not

matter which Collector is used, select <system defined>. If you

do not have any Monitoring Collectors on the Network, select No

Collector.

5. Click OK. The NetEnforcer or Service Gateway is added to the

Navigation tree. The Import NetEnforcer operation can take up to

a couple of minutes to complete.

To add a Monitoring Collector

1. In the Navigation pane, right-click Servers in the Network pane

of the Navigation tree and select New Collector from the popup

menu.

OR

Select Servers in the Network pane of the Navigation tree and

then select New Collector from the Actions menu.

The Monitoring Collector Properties - New dialog is displayed.

Figure ‎3-3: Monitoring Collector Properties – New Dialog

2. On the General tab, enter the Name and IP address of the

Monitoring Collector.

3. In the Backup if Monitoring Collector Fails area, select one of the

two radio buttons, No Backup or On Failure, Transfer To…. If

On Failure, Transfer To… is selected, select the backup

Monitoring Collector from the drop down menu.



Figure ‎3-4: Monitoring Collector Properties – New Dialog

4. In the Associated NetEnforcers tab, a list of all NetEnforcer or

Service Gateways transmitting monitoring information to this

Collector appears. They are assigned by right clicking on a

NetEnforcer or Service Gateway in the Network pane and

selecting Properties.

5. Click Save. The Monitoring Collector is added to the Navigation

tree. The Add Monitoring Collector operation can take up to a

couple of minutes to complete.

NOTE For more information concerning Monitoring Collectors, see the NetXplorer Administration Guide.

To add a Collector Group

Collector Groups are made up of two Collectors, providing 1+1 redundancy.

1. In the Navigation pane, right-click Servers in the Network pane of

the Navigation tree and select New Collector Group from the

popup menu.

The Collector Group Properties - New dialog is displayed.

Figure ‎3-5: Collector Group Properties – New Dialog

2. In the Collector Group tab Select the two Collectors (already part

of the network) to be included in the group. Collector 2 will act as

the backup for Collector 1.

3. Those NetEnforcer or Service Gateways associated to the added

Collectors will be listed in the Associated NetEnforcers tab.



4. Click Save. The Collector Group is added to the Navigation tree.

The Add Collector Group operation can take up to a couple of

minutes to complete.

To add an SMP

NOTE This feature is only available with the appropriate license key, enabling Subscriber Management. Contact Allot Customer Support at [email protected] for more information concerning your license.


the Navigation tree and select New SMP from the popup menu.

OR

Select Servers in the Network pane of the Navigation tree and

then select New SMP from the Actions menu.

The SMP Properties - New dialog is displayed.

Figure ‎3-6: SMP Properties – New Dialog

2. Enter the Name and IP address of the SMP.

3. Select the SMP Type using the radio buttons. Select either

Subscriber Mapping, Subscriber Mapping Short Term Collector or

Subscriber Mapping Short Term Collector Quota Management.

4. Click Save. The SMP is added to the Navigation tree. The Add

SMP operation can take up to a couple of minutes to complete.

NOTE For more information concerning SMPs, see the Allot SMP User’s Manual.

To change the IP of a NetEnforcer or Service Gateway:

1. Select the NetEnforcer or Service Gateway device in the

Navigation tree and then select Properties from the Actions menu.

The Device Properties-Update dialog is displayed.




Figure ‎3-7: Device Properties Update dialog

2. Enter the User name, Password of the NetXplorer administrator

3. Enter the new IP address of the NetEnforcer or Service Gateway

in the designated field

4. Click Save

NOTE If you change the IP of the NetEnforcer or Service Gateway, you must also change the IP in the device configuration of the NetXplorer.

To Remove a NetEnforcer or Service Gateway from the network:

1. Right-click Network and select a NetEnforcer or Service Gateway

and select Delete.

The following Delete message is displayed.

Figure ‎3-8: System Message

2. Click Yes to delete the NetEnforcer or Service Gateway.

To configure a NetEnforcer or Service Gateway via the NetXplorer:

1. In the Navigation pane, select and right-click the NetEnforcer or

Service Gateway in the Navigation tree and select Configuration

from the popup menu.

OR

Select the NetEnforcer or Service Gateway in the Navigation tree and then

select Configuration from the View menu.

OR



Select the NetEnforcer or Service Gateway in the Navigation tree and then

click the Configuration icon on the toolbar.

The Configuration window for the selected NetEnforcer or Service Gateway is

displayed.

Figure ‎3-9: NetEnforcer Configuration

2. Configure the NetEnforcer or Service Gateway parameters, as

required.

3. Click or select Save from the File menu to save the changes

to the NetEnforcer or Service Gateway configuration.

NOTE For detailed descriptions of the parameters in each of the NetEnforcer Configuration tabs, refer to NetEnforcer Configuration Parameters in the NetXplorer Operations Manual.

The NetEnforcer Configuration parameters available in the NetEnforcer Configuration

window are grouped on the following tabs:

General – indicates the NetEnforcer or Service Gateway‟s bypass status.

Identification and Keys – includes parameters that provide system information

and activation keys

SNMP – enter the contact person, location, system name and description for

SNMP purposes

Security – includes security and authorization parameters

NIC – includes parameters to configure the system interfaces to either

automatically sense the direction and speed of traffic or use default parameters

as well as parameters to define ports



Networking – includes parameters that enable you to configure network

topology

IP Properties – enables you to modify the IP and host name configuration of

your network interfaces as well as the DNS and connection control parameters

Date/Time – includes the date, time and NTP server settings for the

NetEnforcer or Service Gateway

Service Activation - includes IP and Port Redirection Parameters

Slots and Boards- includes device layout to provide schematic device

components layout (when applicable) and status information

After modifying configuration parameters you must select Save in order for the changes

to take effect. The save process prompts a rebooting of the NetEnforcer or Service

Gateway. Rebooting is required to ensure that some saved parameter values are

committed and activated on the NetEnforcer or Service Gateway.

Configuring NetXplorer Users

NetXplorer implements a role-based security model. The role defined for each

authorized user indicates the scope of operations that can be performed by the user.

There are three types of NetXplorer roles, as follows:

Regular: Read/write privileges in the NetXplorer application not

including User Configuration definitions.

Monitor: Read-only access.

Administrator: Read/write privileges in the NetXplorer application,

which includes read/write privileges to define User Configurations.

This section describes the processes used to register and maintain users. It includes how

to add a new user, change a user‟s information and how to delete a user.

To Add a New User:

1. Select the Users Configuration Editor from the Tools menu.

2. The Users Configuration Editor dialog is displayed, listing all

currently defined NetXplorer users.



Figure ‎3-10: Users Configuration Editor

3. Click Add.

The User Editor dialog is displayed.

Figure ‎3-11: User Editor

4. Enter the name of the user in the User Name field.

5. Enter a password for the user in the Password field and then again

in the Confirm PW field.

NOTE The user password must be at least six characters in length and include at least one numerical digit.

6. Set the permissions level of the user by selecting the radio button

for the required role (Administrator, Regular or Monitor).

7. (Optional) Enter the user's contact information in the Email and

phone fields. You can also enter a brief description in the

designated field.



8. Click OK.

9. The new user has been added to the list of users in the Users

Configuration Editor dialog.

To edit user information:

1. In the Users Configuration Editor dialog (Figure 3-18), select the

user whose information you want to edit

2. Click Edit.

The User Editor dialog is displayed.

3. Edit the user parameters, as required

4. Click OK.

To delete a user:

1. In the Users Configuration Editor dialog, select the user(s) to be

deleted

2. Click Delete.

3. A confirmation message is displayed.

4. Click Yes to confirm the deletion.

The user is no longer able to access the NetXplorer.

WARNING There must be at least one Administrator user in the system.


Chapter 4: Monitoring Collectors

Overview

Figure ‎4-1: Collector – Front View

Figure ‎4-2: Collector– Rear View

Allot‟s NetXplorer utilizes Distributed Monitoring Collectors. The collectors gather

short-term network usage statistics from the NetEnforcer or Service Gateways.

Distributed monitoring collectors increase the scalability of your deployment. Each

collector can support several NetEnforcers or Service Gateways. By deploying

distributed collectors, you can increase the total number of NetEnforcers or Service

Gateways supported by a single NetXplorer server. This is possible because the

NetXplorer can split the storage of the real-time monitoring data between several short-

term databases.

A second reason for using distributed monitoring collectors is to overcome connectivity

issues in distributed networks. In order to support data collection, the line speed

between the NetEnforcer or Service Gateway and the collector must be at least 10Mbps

mainly for the high throughput devices such as AC-1000 and 2500. If you are working

with a low throughput device, for example an AC-400 with 2 or 10 Mbps, statistics can

be collected over slower connections without the need for distributed collectors.

‎Chapter 4: Monitoring Collectors


Up until now, the collectors have always been situated on the NetXplorer server.

However, some cases the networks have topology that does not allow for a 10Mbps line

between the NetEnforcer or Service Gateway and the server. This can happen for

example when the network is spread out over remote geographical locations. In such

cases, the use of collectors is necessary. The line between the NetEnforcers or Service

Gateways and their collectors will be at least 10Mbps. The line between the collectors

and the NetXplorer server can be of lower capacity however, a collector is needed for

each network zone that cannot guarantee a 10Mbps connection to the server.

A third reason for deploying distributed monitoring collectors is redundancy. If a

collector is unavailable, data from the NetEnforcer or Service Gateways, which this

collector supports, can automatically be collected by a defined backup collector.

Data Collection Process

In addition to any external collectors which may be deployed, the NetXplorer server has

its own internal short-term collector.

NOTE This short-term collector cannot be deleted even if there are external collectors.

Traffic statistics are collected in buckets. There are 30-second buckets and 5-minute

buckets. The buckets are imported into the database by the collector per sample period.

In a NetXplorer implementation, which does not include external collectors, the buckets

are loaded into the short-term database, located on the NetXplorer, every 30 seconds or

5 minutes. Long-term buckets are created every hour on the NetXplorer and are then

loaded into the long-term database on the same machine.

Implementations with external monitoring Collectors also collect samples in 30-second

buckets and 5-minute buckets. The buckets are imported to the collector at every sample

period. The data contained in the buckets is stored in the short-term database of the

collector. The samples in the Database are aggregated into one-hour buckets, which are

then loaded into the long-term database on the NetXplorer once an hour. Therefore, a

NetXplorer implementation that includes external collectors will have additional traffic

sent once an hour, namely, the long-term bucket. The short-term data, however, arriving

every 30 seconds, will have a shorter distance to travel. This could be of great

importance when NetEnforcers or Service Gateways do not have constant connectivity

to the server. External monitoring collectors can significantly lower the burden on the

NetXplorer server.

The monitoring data is saved on the NetXplorer server, and can be displayed in the GUI

Collector Redundancy

In case a collector is unavailable, data from the NetEnforcers or Service Gateways that

this collector supports can automatically be collected by a defined backup collector.

There are two types of redundancy models possible:



One type of redundancy model is the N+1 model. In this case, several collectors are all

backed up by a single collector dedicated to this purpose. This solution takes into

account that the probability of more than one collector failing is very low. However, it

may be difficult to locate the backup collector in close proximity to all of the configured

collectors.

Figure ‎4-3 N+1 Collector Redundancy

Where high performance redundancy is of particular importance, or where the network

topology does not allow for the use of a single collector for backup, you will need to use

the 1 to 1 redundancy model. In this situation, each collector has a dedicated backup

collector as part of a Collector Group.

Figure ‎4-4 1+1 Collector Redundancy



NetXplorer Support

Each NetXplorer server can support up to five external short-term collectors in addition

to its one built-in internal collector.

Each collector can support a single Service Gateway (SG-Omega or SG-Sigma) or

NetEnforcer AC-10000, up to two (2) NetEnforcers of the AC-5000 series, up to five

(5) NetEnforcers of the AC-2500 or AC-10000 series, up to ten (10) NetEnforcers of the

AC-800 or up to fifteen (15) NetEnforcers of the AC-400 series.

You can also combine NetEnforcers of different models according to this formula. For

example, one collector can support three AC-1000s and six more AC-400s.

The NetXplorer‟s built in short-term collector can support additional NetEnforcers

according to the same ratios.

NOTE This is a simple calculation based on a series of conservative assumptions. It is important to consult with Allot HQ to verify the exact number of collectors required.



Installing Monitoring Collectors

Once the Collector has been physically installed, the following steps must be taken in

installing Monitoring Collectors:

Set the collector‟s initial parameters

Physically connect the Collector to the network

Add the Collector to the NetXplorer using the NetXplorer user interface

Associate NetEnforcers or Service Gateways to the Collector.

To set initial parameters of the Monitoring Collector:

1. Connect a monitor and keyboard to the appropriate connectors of

the Monitoring Collector.

Figure ‎4-5: Connecting the Collector – Rear View

2. When prompted, enter admin for the login and allot for the

password.

3. Enter the following command to set the IP address, network mask

and default gateway: go config ips –ip <IP ADDRESS>:<NETWORK MASK> -g <DEFAULT GATEWAY>

4. The Collector should be set to STC (short term collector) mode.

This can be checked by running the following command: dev_setup.sh –v command.

If the device mode is not set to STC use the following command

to set it as an STC appliance: dev_setup.sh –m stc



Change the password by entering the following command: passwd

5. When prompted, enter a new password, between 5 and 8

characters in length and press <enter>.

6. Enter the new password a second time when prompted to confirm

the change.

To add the new Monitoring Collector to the network:

1. Open NetXplorer.

2. In the Navigation pane, right-click Servers in the Network pane in

the Navigation tree and select New Collector from the popup

menu.

The Monitoring Collector Properties - New dialog is displayed.

Figure ‎4-6: Monitoring Collectors Properties dialog – General tab

3. On the General tab, enter the IP address of the Monitoring

Collector.

4. Enter a name for the Monitoring Collector.

5. In the Backup if Monitoring Collector Fails area, select one of the

two radio buttons, No Backup or On Failure, Transfer To

6. If you select On Failure, Transfer To, select the backup

Monitoring Collector from the drop down menu.

7. Click Save. The Monitoring Collector is added to the Navigation

tree. The New Collector operation can take up to a couple of


NOTE There are no NetEnforcers or Service Gateways associated with this collector yet, therefore the Associated NetEnforcers tab is disabled.

8. Repeat this process as often as required to add further Collectors

to the network.



To assign NetEnforcers to the new Monitoring Collector:

1. In the Navigation pane, right-click a NetEnforcer or Service

Gateway in the Navigation tree and select Properties from the

popup menu.

The NetEnforcer Properties - Update dialog is displayed.

Figure ‎4-7: NetEnforcer Properties dialog

2. Assign a Monitoring Collector to the NetEnforcer or Service

Gateway from the drop down menu. This means that the

NetEnforcer or Service Gateway will transmit its monitoring data

to that Collector only. If it does not matter which Collector is

used, select <system defined>.

3. If there is currently a collector associated with this NetEnforcer or

Service Gateway, its unique name is displayed. Select a new

monitoring collector from the drop down menu.

4. Click Save.

To verify that the new collector has been associated with the NetEnforcer or Service

Gateway, select the collector in the Navigator pane and click Properties. You should see

the NetEnforcer or Service Gateway in the Associated NetEnforcer tab.

NOTE: You cannot change the association from this dialog, only from the NetEnforcer properties dialog.

To view the NetEnforcers or Service Gateways associated with a Monitoring Collector

1. Right-click the selected collector and choose properties. The

Associated NetEnforcers tab is not disabled and you can view a

list of all NetEnforcer or Service Gateways transmitting

monitoring information to this Collector.



Figure ‎4-8: Monitoring Collector Properties - Update

Collector Groups

Collector Groups are made up of two Collectors, providing 1+1 redundancy for each

other.

To add a Collector Group


the Navigation tree and select New Collector Group from the

popup menu.

The Collector Group Properties - New dialog is displayed.

Figure ‎4-9: Collector Group Properties – New Dialog

2. In the Collector Group tab Select the two Collectors (already part

of the network) to be included in the group. Collector 2 will act as

the backup for Collector 1.

3. Those NetEnforcers or Service Gateway‟s associated to the added

Collectors will be listed in the Associated NetEnforcers tab.

4. Click Save. The Collector Group is added to the Navigation tree.

The Add Collector Group operation can take up to a couple of




Configuring Monitoring Collectors

To configure a Monitoring collector, you will use two dialogs. The first is the

Configuration dialog and the second is the Properties dialog.

To configure the Collector’s Settings - Configuration

1. In the Navigation pane, right-click the Collector and select

Configuration

The configuration window for that collector is displayed.

The dialog shows the following tabs:

General – View the collector‟s serial number, software version and model

Figure ‎4-10: Collector Configuration Window - General Tab

SNMP - Add a contact person, location and system name for SNMP purposes

NOTE The Collector, as well as the NetEnforcer or Service Gateway supports SNMP (Simple Network Management Protocol) that includes standard MIB II traps.

Figure ‎4-11: SNMP Tab

Date/Time – Configure the time zone according to the geographical location of the

collector



NOTE The NTP server cannot be changed

Figure ‎4-12: Date/Time Tab

IP Properties – Inset the IP Address, Network Mask, Default Gateway, Host Name,

Domain Name, Primary Server and the Secondary Server

NOTE If you change the Collector’s IP address, you must make the NetXplorer server aware of this change by changing the IP in the Collector’s Properties dialog.

Figure ‎4-13: IP Properties Tab

Security – Check the appropriate boxes to apply general security attributes. Select

the radio button to limit access to specific hosts

NOTE If you select Unrestricted Access Allowed, any host can access the system.



Figure ‎4-14: Securities Tab

To configure the Collector’s Settings - Properties

1. In the Navigation pane, right-click the Collector and select

Properties

2. The Monitoring Collectors Properties dialog is displayed.

Figure ‎4-15: Monitoring Collector Properties – Update Dialog

The dialog shows two tabs:

General – Set the name, IP and backup setting of the Collector

Associated NetEnforcers - View the NetEnforcer or Service Gateways

currently associated with this collector.

NOTE Collector Role shows the collectors as configured. It will show a collector as backup only if the configured collector is unavailable and the backup collector is operating instead.



Troubleshooting the Collector

Command Line Interface

To connect to the collector using an SSH connection

1. Login as user admin with the password allot.

2. Enter go config, with no additional parameters, to view all the

available configuration commands

3. Enter go config plus parameter to view the available commands

for that parameter

For example, enter go config ips to view the available CLI options for ips

Processes

To check that all of the collector's processes are running, enter the command

keeperMgr –l

The processes that should be running include:

dbserv9

AllSnmpAgent

The following processes must be running to insure proper data collection

Converter.exe

Loader.exe

Poller.exe

Logs and Snapshots

Log files for the collector are located in the following directory: opt/allot/log.

To take a snapshot of a Collector, run the following script on the Collector: host:/opt/allot/bin$ create_snapshot_logs.sh

Snapshots can be found in the tmp folder located at: host:/opt/allot/tmp$



Recreating Databases

To recreate the default database of the collector, login to the collector as root user and

use the following command: ./recreate_db.sh stc

Output Example

NetXplorerCollector:/opt/allot/bin# ./recreate_db.sh stc

Create(initialization) database - allot_stc

Adaptive Server Anywhere Initialization Utility Version

9.0.2.3397

Creating system tables

Collation sequence: ISO1LATIN1

Creating system views

Setting permissions on system tables and views

Setting option values

Initializing UltraLite deployment option

Database "/opt/sybase/data/db/stc/allot_stc.db" created

successfully

Create user - nms

Create dbspaces

Create tables

Load default data into database

Get mediation device type for stc database

Mediation device type is 1

Configure parameters

Version name is 8.1.0b07

Create stored procedures and user defined functions

Add common STC/LTC stored procedures and user defined

functions

Create database events

Create database remote server/table

Configure database

Pre-allocate space for dbspaces

Fri Jan 23 18:44:13 GMT 2009

!!! This script will work up to 60-120 minutes !!!

Fri Jan 23 19:39:03 GMT 2009

NetXplorerCollector:/opt/allot/bin# reboot

Changing IP Addresses

To change the IP address of the NetEnforcer or Service Gateway and Collector:

1. Stop the NX Server process (in Windows Services).



2. Copy the original CFG folder on the server to another place for

backup. It is located in $Allot\data\db.

3. Start the NX Server process again.

4. Login and delete the NEs and Collector from the NX server (that

enables us not to affect the device policy on the NetEnforcer or

Service Gateways during the process). The NE's must be deleted

before the collector (right-click on each and choose delete).

5. Stop the NX Server process again.

6. Change the IP address and reboot the server.

7. Now logon to the collector as admin. Reboot it with the command

'reboot'.

8. Log back onto the Collector again and change the IP address and

gateway – to change the ip on the collector run the follow

command:

go config ips -ip oob:<CURRENT COLLECTOR

IP>:255.255.255.0 -g <NEW COLLECTOR IP>

9. Reboot the collector.

10. Log back onto the NX Server, stop the service, and copy the

backup CFG folder back to its original location.

11. Start the NX server process.

12. Right click on the configuration of the collector and change it to

the new IP address.


Chapter 5: Database Management

The NetXplorer is a centralized management system, which enables the ongoing

collection and consolidation of data from multiple NetEnforcer or Service Gateway

devices that enable users to produce consolidated reports. The key to a centralized

system is the ability to consolidate information from all the managed groups that are

being monitored. Because NetXplorer allows for the ongoing collection and

consolidation of data from multiple NetEnforcer or Service Gateway devices, users are

able to produce consolidated reports based the information collected.

In order to manage the collected data, there are three databases:

CFG Tables - Configuration parameters

STC Database – Short term database

LTC Tables – Long term database

Backup Terms

Full Backup – A backup process that copies all of the data to a location from

which we can create an entire database.

Incremental Backup – A process that preserves only the changes made since

the latest backup, either full or incremental, the latest of them.

Database Restore – A process to create a database using the backup copy.

Typically, the restore process consists of copying the latest full backup to the

restore directory, and then “applying” the incremental backups that were

performed after that last full backup.

Backup generation –Backups are kept cyclically as generations. Each

generation is a full set of backup files capable of restoring the database to the

point in time in which its last iteration was created. Each generation typically

consists of one full backup and several incremental backups.

Incremental Backup serial number – Within a certain generation, incremental

backups are performed one after another, each one being part of a certain serial

number.

Using Backups to Achieve NX Redundancy

The following scenario is one suggestion for using backups to achieve NetXplorer

redundancy:

‎Chapter 5: Database Management


1. Install two NetXplorer servers, one used exclusively as backup.

2. Schedule regular backups for the CFG and STC databases.

3. Perform a manual backup of the LTC database once per

day/week/months (depending on the requirements)

4. In the event that the main NetXplorer server fails, assign the same

IP to the backup NetXplorer server.

5. Restore the CFG, STC, and LTC database backups to the new

NetXplorer.

Database Management on Windows

Backup Types

Cold backup – Performed with the NetXplorer server offline.

Hot backup – Performed without interrupting NetXplorer operation

Cold Backup

To perform a Cold backup:

1. Stop the NetXplorer Service.

Click Start on the Windows Task Bar and select Settings > Control

Panel.

Double-click Administrative Tools and open Services.

Right-click NetXplorer Server in the list of Services and select Stop

from the drop-down menu.

Check the allot_ltc.txt, allot_stc.txt log files located under Allot Home

Directory\Logs in order to verify that NetXplorer services are not

running:

The following lines should appear in both allot_ltc.txt, allot_stc.txt log

files:

"Disable all events"

"End of current events"

2. Copy Allot Home Directory\data\db folder to a backup directory

3. Restart the NetXplorer Service.




Panel.


Right-click NetXplorer Server in the list of Services and select Start


NOTE If a customer is upgrading from a previous NetXplorer version the backup directory will be located at Allot Home Directory\data\db.

To restore the Cold backup:



Panel.






running:


files:



2. Restore the database by copying the backup to the following

folder: /opt/sybase/data/backup/cfg OR d:\allot\data\backup.

If you get a "Confirm Folder Replace" pop-up window, then press

"Yes to All".



Panel.






Hot Backup

Database Types

Configuration Tables (CFG) –Full backup and periodical

incremental backups, manually or scheduled. Full backup is

performed once a day while the incremental backup is performed

every hour. All values are configurable by the user and can be

changed according to requirements.

Short Term Collector Database (STC) –Full backups only,

manually or scheduled. STC full backup only backs up a set of

files that hold the values kept in key tables (such as param) but the

actual traffic data is NOT saved. The restore process, therefore,

recreates a new database from scratch, performs a delete and then

loads the key tables mentioned.

Long Term Collector table (LTC) – Full backups only. This is a

manual process only. This is due to the database‟s potential size.

Backing up CFG Tables

NOTE The following commands should not be cut and pasted into the DOS window, but typed in. They may not function properly unless entered manually.

To perform an incremental hot backup manually:

1. Open a Microsoft DOS window on the NetXplorer Server.

2. Open the Allot\Bin directory (by default D:\Allot\bin).

3. At the prompt enter the following command:

db_maint –a backup –n cfg –t incremental

To perform a full hot backup manually:




db_maint –a backup –n cfg –t full

To check the hot backup parameters:






db_maint –a backup_status –n cfg –sa list

The backup parameters will indicate what scheduled backups are enabled, when they

are scheduled, and how many generations will be backed up.

To enable incremental scheduled hot backups:

NOTE Incremental scheduled hot backup is enabled by default.




db_maint –a backup_status –n cfg –t incremental –sa enable

To schedule an incremental hot backup for a specific time:




db_maint –a backup_status –n cfg –t incremental –sa change_sched –ns <TIME>



To set the amount of time between scheduled incremental hot backups:



3. Enter the following command:

db_maint –a backup_status –n cfg –t incremental –sa change_sched –ni <VALUE> –nt <UNIT OF TIME>

For example, to set a period of 2 hours between incremental backups, enter the

following command

db_maint –a backup_status –n cfg –t incremental –sa change_sched –ni 2 –nt hours

To schedule a full hot backup for a specific time:




db_maint –a backup_status –n cfg –t full –sa change_sched –ns <TIME>



To set the amount of time between scheduled full hot backups:




db_maint –a backup_status –n cfg –t full –sa change_sched –ni <VALUE> –nt <UNIT OF TIME>

For example, to set a period of 20 hours between full backups, enter the following

command

db_maint –a backup_status –n cfg –t full –sa change_sched –ni 20 –nt hours

To change the backup directory:




db_maint –a backup_status –n cfg –sa change_dir –nd <NEW LOCATION PATH>

For example, to change the database directory to cfg1, enter the following command

db_maint –a backup_status –n cfg –sa change_dir –nd D:\backup\cfg1



To change the number of generations:




db_maint –a backup_status –n cfg –sa change_gen –ng <VALUE>

Restoring CFG Tables





db_maint –a backup_status –n cfg –sa list

The backup parameters will indicate the generation numbers of the backups.

The increment number must be found in the correct folder under the backup folder (for

example: D:\Allot\backup\cfg\5\incremental).

To restore the database:



Panel.






running:


files:








db_maint –a restore –n cfg –s <D:\Allot\backup\cfg or LOCATION PATH> –g <GENERATION NUMBER> –i <INCREMENT NUMBER> –d <D:\Allot\data\db\cfg or LOCATION PATH> -b <TEMP LOCATION TO KEEP CURRENT CONFIGURATION>



Panel.






Backing up STC Databases





db_maint –a backup –n stc –t full





db_maint –a backup_status –n stc –sa list







db_maint –a backup_status –n stc –t full –sa change_sched –ns <TIME>







db_maint –a backup_status –n stc –t full –sa change_sched –ni <VALUE> –nt <UNIT OF TIME>


command

db_maint –a backup_status –n stc –t full –sa change_sched –ni 20 –nt hours

To change the hot backup directory:




db_maint –a backup_status –n stc –sa change_dir –nd <NEW LOCATION PATH>


db_maint –a backup_status –n cfg –sa change_dir –nd D:\backup\cfg1







db_maint –a backup_status –n stc –sa change_gen –ng <VALUE>

Restoring STC Databases





db_maint –a backup_status –n stc –sa list

The backup parameters will indicate the generation numbers of the backups




Panel.






running:


files:








db_maint –a restore –n stc –s <D:\Allot\backup\stc or LOCATION PATH> –g <GENERATION NUMBER> –i 0 –d <D:\Allot\data\db\stc or LOCATION PATH>



Panel.






Backing up LTC Tables





db_maint –a backup –n ltc –t full





db_maint –a backup_status –n ltc –sa list





db_maint –a backup_status –n ltc –sa change_dir –nd <NEW LOCATION PATH>


db_maint –a backup_status –n ltc –sa change_dir –nd D:\backup\cfg1




1. Access the NetXplorer via Telnet.



db_maint –a backup_status –n ltc –sa change_gen –ng <VALUE>

Restoring LTC Tables


1. Access the NetXplorer via Telnet.



db_maint –a backup_status –n ltc –sa list





Panel.






running:


files:








db_maint –a restore –n ltc –s <D:\Allot\backup\ltc or LOCATION PATH> –g <GENERATION NUMBER> –d <D:\Allot\data\db\ltc or LOCATION PATH>



Panel.




Database Management on Linux

Backup Types

Cold backup – Performed with the NetXplorer server offline.

Hot backup – Performed without interrupting NetXplorer operation

Cold Backup

To perform a Cold backup:

1. Telnet to the NetXplorer Server


As root user run the following command: service netxplorer stop

Wait for the following message - Stopping NetXplorer Server (this may take a few minutes) [OK]

3. Copy the /opt/Sybase/data/db directory to a backup directory

4. Restart the NetXplorer Service

As root user run the following command: service netxplorer start

To restore the Cold backup:







3. Copy the backup directory to /opt/Sybase/data/db



Hot Backup

Database Types

Configuration Tables (CFG) –Full backup and periodical

incremental backups, manually or scheduled. Full backup is

performed once a day while the incremental backup is performed

every hour. All values are configurable by the user and can be

changed according to requirements.

Short Term Collector Database (STC) –Full backups only,

manually or scheduled. STC full backup only backs up a set of

files that hold the values kept in key tables (such as param) but the

actual traffic data is NOT saved. The restore process, therefore,

recreates a new database from scratch, performs a delete and then

loads the key tables mentioned.

Long Term Collector table (LTC) – Full backups only. This is a

manual process only. This is due to the database‟s potential size.

Backing up CFG Tables

NOTE The following commands should not cut and pasted into the telnet session, but typed in. They may not function properly unless entered manually.

To perform an incremental hot backup manually:

1. Telnet to the NetXplorer Server.

2. Open the /opt/allot/bin/ directory.

3. Enter the following command as the root user:

./db_maint_sudo.sh –a backup –n cfg –t incremental







./db_maint_sudo.sh –a backup –n cfg –t full





./db_maint_sudo.sh –a backup_status –n cfg –sa list



To enable incremental scheduled hot backups:




./db_maint_sudo.sh –a backup_status –n cfg –t incremental –sa enable

To schedule an incremental hot backup for a specific time:




./db_maint_sudo.sh –a backup_status –n cfg –t incremental –sa change_sched –ns <TIME>



To set the amount of time between scheduled incremental hot backups:




./db_maint_sudo.sh –a backup_status –n cfg –t incremental –sa change_sched –ni <VALUE> –nt <UNIT OF TIME>

For example, to set a period of 2 hours between incremental backups, enter the

following command

./db_maint_sudo.sh –a backup_status –n cfg –t incremental –sa change_sched –ni 2 –nt hours





./db_maint_sudo.sh –a backup_status –n cfg –t full –sa change_sched –ns <TIME>





./db_maint_sudo.sh –a backup_status –n cfg –t full –sa change_sched –ni <VALUE> –nt <UNIT OF TIME>


command

./db_maint_sudo.sh –a backup_status –n cfg –t full –sa change_sched –ni 20 –nt hours

To change the backup directory:






./db_maint_sudo.sh –a backup_status –n cfg –sa change_dir –nd <NEW LOCATION PATH>





./db_maint_sudo.sh –a backup_status –n cfg –sa change_gen –ng <VALUE>

Restoring CFG Tables





./db_maint_sudo.sh –a backup_status –n cfg –sa list

The backup parameters will indicate the generation numbers of the backups.

The increment number must be found in the correct folder under the backup folder (for

example: /opt/Sybase/data/db/cfg/5/incremental).








./db_maint_sudo.sh –a restore –n cfg –s <LOCATION PATH> –g <GENERATION NUMBER> –i <INCREMENT NUMBER> –d <LOCATION PATH> -b <TEMP LOCATION TO KEEP CURRENT CONFIGURATION>







Backing up STC Databases





./db_maint_sudo.sh –a backup –n stc –t full





./db_maint_sudo.sh –a backup_status –n stc –sa list







./db_maint_sudo.sh –a backup_status –n stc –t full –sa change_sched –ns <TIME>







./db_maint_sudo.sh –a backup_status –n stc –t full –sa change_sched –ni <VALUE> –nt <UNIT OF TIME>


command

./db_maint_sudo.sh –a backup_status –n stc –t full –sa change_sched –ni 20 –nt hours





./db_maint_sudo.sh –a backup_status –n stc –sa change_dir –nd <NEW LOCATION PATH>





./db_maint_sudo.sh –a backup_status –n stc –sa change_gen –ng <VALUE>

Restoring STC Databases





./db_maint_sudo.sh –a backup_status –n stc –sa list










./db_maint_sudo.sh –a restore –n stc –s <LOCATION PATH> –g <GENERATION NUMBER> –i 0 –d <LOCATION PATH>





Backing up LTC Tables





./db_maint_sudo.sh –a backup –n ltc –t full





./db_maint_sudo.sh –a backup_status –n ltc –sa list





./db_maint_sudo.sh –a backup_status –n ltc –sa change_dir –nd <NEW LOCATION PATH>







./db_maint_sudo.sh –a backup_status –n ltc –sa change_gen –ng <VALUE>

Restoring LTC Tables





./db_maint_sudo.sh –a backup_status –n ltc –sa list





As root user run the following command:

service netxplorer stop



./db_maint_sudo.sh –a restore –n ltc –s <LOCATION PATH> –g <GENERATION NUMBER> –d <LOCATION PATH>


As root user run the following command:

service netxplorer start


Chapter 6: Command Line Interface (CLI)

The Server CLI described in this chapter enables you to modify the NetEnforcer,

Service Gateway or NetXplorer database from the command line rather than the GUI.

The CLI supplies a set of commands to add, change, rename and remove NetEnforcer or

Service Gateway entities, such as, Pipes, Virtual Channels or other Catalog entries and

change the configuration of the NetEnforcer or Service Gateway. You can also use the

CLI to set system parameters and device settings.

There are two types of NetXplorer Server CLI:

Provisioning CLI, which enables you to create traffic policies

via CLI without using the NX GUI

Monitoring CLI, which enables you to generate .csv based

traffic and subscriber network usage reports via CLI without

using the NX GUI

The Allot Command Line Interface is available in both Windows and Linux format.

When NetXplorer Server is installed on a Linux server, either format may be used.

However, if NetXplorer is installed on a server running Windows, only the Windows

CLI is available.

NOTE The computer used to send CLI commands to the NetXplorer or to NetEnforcer or Service Gateway devices must have Java installed and be included in the allowedHosts.properties.

Scripts

Scripts can contain CLI commands in order to automate the data entry process.

Provisioning CLI

To use the provisioning CLI in Windows:

1. Unzip the file \<VERSION NUMBER>\RnD\WSCli.zip on the

NetXplorer Software CD to a folder on the computer from which

you wish to access the statistics.

2. The newly created folder contains 4 batch files: topologyCLI.bat,

policyCLI.bat, catalogsCLI.bat and wuCLI.bat. Each of these

files needs to be edited. Open a .bat file using a text editor. Look

for the -Dserver parameter. It is set by default to the local host,

127.0.0.1. Change the value to the IP Address of the NetXplorer

Server you wish to work with.

3. The NetXplorer server must be configured to allow your computer

to use its web services. On the NetXplorer server machine go to:

<allot home>\netxplorer\jboss-4.0.2\server\allot\conf. Open the

‎Chapter 6: Command Line Interface (CLI)


file allowedHosts.properties with a text editor. Add the IP of the

machine the CLI is going to be run on in the following format:

<IP>=<IP>.

4. Open cmd and go to the folder to which you extracted the files,

run the batch files you require and enter CLI commands.

To use the provisioning CLI in Linux:

1. Go to the /opt/allot/netxplorer/jboss-4.0.5/server/allot/conf

directory.

2. Edit the allowedHosts.properties to show either

127.0.0.1=127.0.0.1 OR the IP of the server.

3. Unzip the file \<VERSION NUMBER>\RnD\WSCli.zip on the

NetXplorer Server.

4. The newly created folder contains four .sh files: topologyCLI.sh,

policyCLI.sh, catalogsCLI.sh and wuCLI.sh.

5. From the NetXplorer client machine, telnet to the folder on the

server to which you extracted the files and enter CLI commands.

There are 4 types of provisioning CLI:

Topology CLI is used to add, import or remove NetEnforcer or Service

Gateway devices from the managed network.

Catalog CLI is used to create, delete or modify the catalogs used to build

traffic policies

Policy CLI is used to create lines, pipes and VCs (collectively known as

“tubes”) and to add and remove catalogs from them.

WU CLI is used to update the service catalog to the latest protocol pack and

roll-back if necessary.

Topology CLI

Topology CLI commands are used to add, import of remove NetEnforcers and Service

Gateways to the Network

The Topology CLI syntax on Windows is:

topologyCLI <action> <option> <value> [<value>] [<option> <value> [<value>]] …

The Topology CLI syntax on Linux is:

./topologyCLI.sh -<action> <option> -<value> [<value>] [<option> <value> [<value>]] …



The following actions are possible:

1. addDevice

2. importDevice

3. deleteDevice

4. help

Add Device

topologyCLI –addDevice

options:

o -uiName <value: name>

o -netAddress <value: ip>

o -password <value: password>

Import Device

topologyCLI –importDevice

options:

o -uiName <value: name>

o -netAddress <value: ip>

o -password <value: password>

Delete Device

topologyCLI –deleteDevice

options:

o -uiName <value: device name>

Catalogs CLI

Catalogs CLI is used to add, modify and delete catalogs

The Catalogs CLI Syntax in Windows is:

catalogsCLI -<action> -<catalog> [<-option> <value>]

The Catalogs CLI Syntax in Linux is:

./catalogsCLI.sh -<action> -<catalog> [<-option> <value>]

Actions

List All

catalogsCLI –list_all

No required arguments

Get catalog



catalogsCLI –get – catalog name

Required arguments:

o -name –existing name of the required catalog

Delete catalog

catalogsCLI –delete –catalog name

Required arguments:

o -name – existing name of the required catalog

Add catalog

catalogsCLI –add –catalog name

Required arguments:

o –name - existing name of the required catalog

Arguments:

o See Options for the specific catalog and global options.

Update catalog

catalogsCLI – update –catalog name

Required arguments:

o -name – existing catalog name

Arguments:

o See Options for the specific catalog and global options.

Catalogs

o tos

o dos

o qos

o vlan

o alert

o action

o time

o host

o host group

o service



o service group

Options

Global

ARGUMENT NAME OPTION REMARKS

Name Catalog name

access_right Access right 0-read only

1-provisioned user

2-super user

3-super provisioned user

Admin Desirable source status 0-unknown

1-enabled

2-disabled

3–deleted

description Catalog description

DoS Catalog Arguments


max_connections Connections limitation

max_CER Connection establishment

rate limitation

violation_action Violation action 2 – drop

3 - reject

Vlan Catalog Arguments


vlan_type Vlan type 0-Do not ignore

1-Ignore Vlan id

2-Ignore priority bits

3–Ignore Vlan id and

priority bits

vlan_tag Vlan value

For example, to list all VLAN catalogs, use the following command:

catalogsCLI -list_all –vlan

For example, to change the value of an existing VLAN catalog, use the following:

catalogsCLI -update –vlan –name vlan_name –tag 256



For example, to add a VLAN catalog called “vlan_name” with a VLAN tag of 128 and

set to ignore VLAN ID and priority bits, use the following command

catalogsCLI -add -vlan –name vlan_name – description “vlan description” –vlan_type 3 -tag 128

For example, to delete a VLAN catalog called vlan_name, use the

following command:

catalogsCLI -delete –vlan –name vlan_name

ToS Catalog Arguments


tos_type 0-Ignore Tos bytes

1-Differentiated services

2-Free format

tos_byte Tos value

Alert Catalog Arguments


alert_type Event Name From

EVENT_DEF_CORE table

oid OID of the corresponding

MIB counter

From ALERT_COUNTER

table

is_alarm Alert is an alarm 0-not an alarm

1-is an alarm

mode Alert mode 0-regular

1-applies to every template

instance

severity 0-unknown

1-cleared

2-indeterminate

3-critical

4-major

5-minor

6-warning

relation 0-equal

1-greater

2-less

3-not equal

threshold Bad value

normal Normal value




register % time in the sample to

start the event (start barrier)

unregister % time in the sample to

stop the event(stop_barrier)

Qos Catalog Arguments


qos_type 1-ignore

2-each VC

3-both VC

4-each pipe

5-both pipe

6-half duplex pipe

7-each line

8-both line

9-half duplex line

10-PCMM

11-SDX

12 -ENH_EACH_VC

13 -ENH_BOTH_VC

14 -ENH_EACH_PIPE

15 - ENH_BOTH_PIPE

16 - ENH_EACH_LINE

17 - ENH_BOTH_LINE

18 - ENH_EACH_SLINE

19 - ENH_BOTH_SLINE

qos_action

direction 0-for both direction

1-for internal (outbound)

2-for external (inbound)

mode

is_reserved Minimum reserved

bandwidth on use

Only for pipe

min_bw

max_bw

min_bw_conn




max_bw_conn

mode 0-burst

1- CBR (constant bit rate)

delay if mode=CBR, then max

time in microsecond for

the package to be in the

system (box)

burst for all flows of this VC

bw_type bandwidth type measure 0-absolute value

1- percent from max

priority

Action Catalog Arguments


location Action source 0 –Application server

1-device

action_type action type 1-script

2-email

3-sms

4-stored procedure

actor Script, stored procedure

name ; e-mail address

Host Catalog Arguments


host_type Host type 0 - regular (entries)

1 - data source (queries)

2 - NE for the compression

(entries)

device_id host device For common host – device

ID is null

add_entry New host-entries Syntax: TYPE:value[,…]

TYPE values are:

Name / ip_address / subnet

/ range /

Mac_address / all_address

remove_entry Entries to remove

For example, to change the value of an existing host catalog called testA, use the

following:



catalogsCLI -update –host –name testA -add_entry ip_address:1.1.1.1

As a further example, to add a new host catalog called testB, use the following:

catalogsCLI -add –host –name testB -add_entry ip_address:2.2.2.2

Host – Group Catalog Arguments ARGUMENT NAME OPTION REMARKS

add_host Host list that will be added

to the host group

Syntax hostname[,…]

remove_host Host list that will be

removed from the host

group

For example, to remove existing hosts from a host group, use the

following:

catalogsCLI -update -host_group -name group1 -remove_host host1,host2 -add_host host3

Service Catalog Arguments


service_type Service type 0 - secondary service -

content definition

1-primary service - ports

characteristics

application An existing application

name

Null for all.

add_port Protocol:port_type:from-

port:[to-port] [,…]

Protocols

{TCP,UDP,IP,NON_IP}.

Port types:

{SIGNATURE,DEFAULT

,PORT_BASED}

remove_port

parent Parent service For service content only.

add_content_item For service content use.

Syntax:

content_key:content_value remove_content_item

For example, to add a port based citrix service, use the following

command:



catalogsCLI -add -service -service_type PRIMARY -name service1 -type 1 -application "Citrix ICA" -add_port TCP:PORT_BASED:1000:1000,UDP:DEFAULT:1100:1111

For example, to add a service content item for uploading 100BAO Peer to

peer traffic, use the following command:

catalogsCLI -add -service –service_type CONTENT -name "lilach by CLI" -description "added by CLI" -parent "100BAO" -add_item Direction:Upload

Service – Group Catalog Arguments


add_service service list that will be

added to the service group

Syntax service-name[,…]

Remove_service service list that will be

removed from the service

group

Time Catalog Arguments


add_item Time items that will be

added time catalog

Syntax service-

TYPE:DAY[:TIME] [,…]

while Type is

{DAILY,WEEKLY,MON

THLY,ANUALLY}, DAY

is the day number in

week/month/year, Time

format: hh:mm-hh:mm

Remove_item Time items that will be

removed from the time

catatlog

For example to add a time catalog (called time_name), daily at 10-100am,

use the following command

catalogsCLI -add -time -name time_name -add_item DAILY:10:00-11:00,WEEKLY:2:10:00-11:00

Policy CLI

Policy CLI commands are used to create or remove rules from the policy table. For the

purposes of Policy CLI, a line, pipe or VC rule is known as a “tube”. In addition, Policy

CLI is used to add pre-defined catalogs or alarms to these rules. For the purposes of

Policy CLI, a condition catalog is known as a “filter” and an action catalog is known as

an “action”

The Policy CLI Syntax on Windows is:



policyCLI <action> <option> <value> [<value>] [<option> <value> [<value>]] …

The Policy CLI Syntax on Linux is:

./policyCLI.sh -<action> <option> -<value> [<value>] [<option> <value> [<value>]] …

Actions

o help

o addTube

o addFilter

o addAlarm

o listTube

o listPolicy

o deleteTube

o deleteFilter

o deleteAlarm

o updateTube

Options


tubeDeviceName Device Name Only active devices

tubeType Tube Type line, pipe, VC

tubeName Tube Name

tubeOffset Tube Offset (location) First filter is offset 0

tubeLineName Tube Line Name

tubePipeName Tube Pipe Name

tubeId Tube ID

tubeVcName Tube VC Name

tubePolicyId Policy ID Currently all options work with




active

filterId Filter ID

filterDirection Direction 0-Bi, 1-Int. to Ext.,2- Ext to Int

filterService Service ID

filterServiceGroup Service Group ID

filterExternalHost External Host ID

filterExternalHostGroup External Host Group ID

filterInternalHost Internal Host ID

filterInternalHostGroup Internal Host Group ID

filterTime Time Catalog ID

filterTos Filter Tos ID

filterVlan Vlan ID

actionQos Qos ID

actionDos Dos ID

actionTos Action Tos ID

actionAccess Action Access

actionId Action ID

Alarmed alarm ID

alarmActionId alarms‟ action ID

alarmAlertId Alarms‟ Alert ID

alarmParams Alarm Params



Add Tube

policyCLI – addTube

For example: To add a line called “newline” (12th in the list) to NetEnforcer 73, you

would use the following command:

policyCLI -addTube -tubeDeviceName 73 -tubeType line -tubeOffset 11 -tubeName newLine

Required Arguments:

o -tubeDeviceName Device Name

o -tubeType Tube Type (line, pipe, VC)

o -tubeName Tube Name (unique in its level)

o -tubeOffset Tube Offset (starting at 0)

o -tubeLineName required for pipe and VC only

o -tubePipeName required for VC only

Optional Arguments (if not specified, defaults apply):

o All filter options except filterId

o All action options except actionId

o All alarm options except alarmed

Add Filter

policyCLI - addFilter

Required Arguments:

o -tubeDeviceName

o -tubeType

o - tubeLineName

o - tubePipeName - Required for pipe and VC

o - tubeVcName – Required for VC only

Optional Arguments:

o All filter options except filterId

Add Alarm

policyCLI -addAlarm

Required Arguments:

o -tubeDeviceName

o -tubeType



o - tubeLineName



o - alarmActionId

o - alarmAlertId

Optional Arguments:

o alarmParams

List Tube

policyCLI -listTube

Required Arguments:

o -tubeDeviceName

o -tubeType

o - tubeLineName



List Policy

policyCLI -listPolicy

Required Arguments:

o -deviceId

Delete Tube/Filter/Alarm

PolicyCLI -deleteTube/-deleteFilter/-deleteAlarm

For example, to delete a VC called VV1 from the fallback pipe in the

fallback line of NE 73, you would use the following command:

policyCLI -deleteTube -tubeType vc -tubeDeviceName 73 -tubeLineName Fallback -tubePipeName Fallback -tubeVcName vv1

Required Arguments:

o -tubeDeviceName

o -tubeType

o - tubeLineName





o -filterId - For delete Filter only

o -alarmId - For delete Alarm only

Update Tube

policyCLI –updateTube

For example, to change the action catalog of the “newVc” VC on the

“newPipe” pipe on the “newline” line of NE 73 to a “Best Effort” ToS

catalog, enter the following

-updateTube -tubeDeviceName 73 -tubeType vc -tubeLineName newLine -tubePipeName newPipe -tubeVcName newVc -actionTos “Best Effort”

Required Arguments:

o -tubeDeviceName

o - tubeType

o - tubeLineName



o -filterId – If filter fields were modified

o -alarmId – if alarm fields were modified

Optional Arguments:

o tubeName

o All filter options

o All alarm options

All action options

Web Updates CLI

The Web Updates CLI Syntax in Windows is:

wuCLI <option> [<value>] [<option> <value> [<value>]] …

The Web Updates CLI Syntax in Linux is:

./wuCLI.sh -<option> [<value>] [-<option> <value> [<value>]] …

Device ID

wuCLI -deviceId



ID number of the device to be updated/rolled back

Update Server

wuCLI -updateServer

Updates the Service catalog of the NetXplorer Server

Update Device

wuCLI -updateDevice

Updates the Service Catalog of the selected device

Update Number

wuCLI -updateNumber

Selects the Protocol Pack to be used in the update.

For example, to update NE2 to protocol pack 2, use the following

wuCLI -updateDevice -deviceId 2 -updateNumber 2

Help

wuCLI -help

Provides usage and help information.

Rollback Server

wuCLI -rollbackServer

Rolls back the last update to the Services Catalog of the NetXplorer Server

Rollback Device

wuCLI -rollbackDevice

Rolls back the last update to the Services Catalog of the selected device

For example to rollback NE2 to the last update, use the following command:

wuCLI -rollbackDevice -deviceId 2

Monitoring CLI

The NetXplorer GUI may only display up to 50 items in a monitoring graph. Using

monitoring CLI, reports may be generated as CSV files that include hundreds or

thousands of items.



By using the Export to CLI function in the NetXplorer GUI, you can create a template

for the monitoring CLI command and then simply change the parameters later.

NOTE The computer used to send CLI commands to the NetXplorer or to NetEnforcer or Service Gateway devices must have Java installed and be included in the allowedHosts.properties.

To enable the monitoring CLI in Windows:

1. Unzip the file \<VERSION NUMBER>\RnD\monitorCLI.zip

on the NetXplorer Software CD to a folder on the computer from

which you wish to access the statistics.

2. In the newly created folder, open monitorCLI.bat with a text

editor and change the value of the parameter SERVER_URL to

the IP address or domain name of the NetXplorer server.

3. Open a DOS window, run monitorCli.bat and enter a command

requesting monitoring CLI command. The command is sent to the

NetXplorer server. Any monitoring data returned by the

NetXplorer server is stored in a .csv file.

The Monitoring CLI Syntax in Windows is:

monitorCLI <option> [<value>] [<option> <value> [<value>]] …

To enable the monitoring CLI in Linux:

1. Unzip the file \<VERSION NUMBER>\RnD\monitorCLI.zip

on the NetXplorer Server.

2. The newly created folder contains monitorCLI.sh.

3. From the NetXplorer client machine, telnet to the folder on the

server to which you extracted the file and enter CLI commands.

The Monitoring CLI Syntax in Linux is:

./monitorCLI.sh -<option> [<value>] [-<option> <value> [<value>]] …

Export to CLI

It is possible to create a monitoring CLI command by first creating the report definition

in the NetXplorer GUI and then generated a code string which may be edited and

entered into the CLI.

To export a graph definition to CLI:

1. Create a graph definition using the NetXplorer user interface



2. Right click on the graph and select Export to CLI from the drop

down menu.

3. The report definition is saved as a .txt file in whatever directory

you choose.

4. You may edit the file to alter the report definition.

For example if the graph shows the 10 most active Pipes, you can

edit the .text file so that the CLI command will generate a graph

showing the 100 most active Pipes simply by changing the value.

5. The file may now be used as input for the monitoring CLI

To run the file, open a Command Prompt and run the

monitoringCLI.

6. Use the –inputFile parameter to specify the path to the .txt file and

use the –outputFile parameter to specify the location and name of

the output (.CSV) file (as shown below).

NOTE This method is supported on servers running NX8.1.1 and later.



Monitoring Arguments


-dayDefinitionArray DayDefinitionList Day Definition List in UTC

used by Typical (50):

[Day(1-sun,2-mon,7-sat,0-

all),startHour0,endHour0,start

Hour1,endHour1,

,startHourn,endHourn]

[Day,startHour0,endHour0,star

tHour1,endHour1,startHourn,e

ndHourn]

-allSubjectsInScope Regular req All Subjects in

scope.

-inputFile <file> Input request file

-help Provides usage and help

information.

-longTermRequest Long Term Reporting.

-mostActive Most Active Request.

-relativeTimeUnit <relativeTimeId> Relative Time (default 1) :

[RelativeTimeUnit[Seconds=7],

RelativeTimeUnit[Minutes=6],

RelativeTimeUnit[Hours=1],

RelativeTimeUnit[Days=2],

RelativeTimeUnit[Weeks=3],

RelativeTimeUnit[Months=4],

RelativeTimeUnit[Years=5]]

-typicalType <TypicalTypeId> Request Typical Type :

[TypicalType [Day=1],

TypicalType[Week=2]]




-subject <subjectId> Request Subject (default 0) :

[SubjectType[Enterprise=0],

SubjectType[NetEnforcer=1],

SubjectType[Line=2],

SubjectType[Pipe=3],

SubjectType[Virtual

Channel=4],

SubjectType[Host=5],

SubjectType[Internal Host=6],

SubjectType[External

Host=7],

SubjectType[Protocol=8],

SubjectType[Conversation=9],

SubjectType[Subscriber=10]]

-time fromDate/Time

toDate/Time

Request Date & Time

{dd/MM/yyyy,HH:mm:ss}.

-relativeTimeCount relativeTimeCount Relative Time count (default 0)

: 1..50.

-allAsOne Regular req All as one.

-sortingCriteria <statisticId> Most Active req Sort Based On (default 1) :

[StatisticType[TotalBandwidth=1], StatisticType[BandwidthIn=2],

StatisticType[BandwidthOut=3], StatisticType[LiveConnections=4],

StatisticType[DroppedConnections=6],

StatisticType[NewConnections=5],

StatisticType[PacketsIn=7],

StatisticType[PacketsOut=8],

StatisticType[HostCount=9], StatisticType[BurstIn1=20],

StatisticType[BurstIn2=21],

StatisticType[BurstIn3=22], StatisticType[BurstIn4=23],

StatisticType[BurstIn5=24], StatisticType[BurstOut1=25],

StatisticType[BurstOut2=26],

StatisticType[BurstOut3=27], StatisticType[BurstOut4=28],

StatisticType[BurstOut5=29]]




-subjectCapacity <capacity> Most Active req Subject

capacity (default 5) : 1..50.

-distributor <distributorId> Most Active req Stack result by

element:

[DistributorType[NetEnforcer=

1], DistributorType[Line=2],

DistributorType[Pipe=3],

DistributorType[Virtual

Channel=4],

DistributorType[Host=5],

DistributorType[Protocol=6],

DistributorType[Subscriber=7]]

-outputFile <file> Output file result

-hostFilerArray <hostFilterList> Host Filter List(50): [hostIp or

hostName] ... [hostIp

or hostName]

-subjectArray <subjectDefinerList> Regular req Subject Definer

List Inluded in Graph(50) :

[NE,Line,Pipe,Vc]

[NE,Line,Pipe,Vc] or [hostIp or

hostName]

[hostIp or hostName] or

[serviceId]

[serviceId] or

[hostIpIn,hostIpOut]

[hostIpIn,hostIpOut]




-scopeLimiterType <ScopeLimiterId> Request Scope Limiter (Most

active default 0) :

[ScopeLimiterType[Enterprise

=0],

ScopeLimiterType[NetEnforce

r=1],

ScopeLimiterType[Line=2],

ScopeLimiterType[Pipe=3],

ScopeLimiterType[Virtual

Channel=4]]

-scopeLimiterArray

<ScopeLimiterList>

Scope Limiter List(50):

[NE,Line,Pipe,Vc] ...

[NE,Line,Pipe,Vc]

-isAllOthers Most Active req All Others

-splitter <splitterId> Most Active req Display

Separately for each element:

[SplitterType[Host=1],

SplitterType[Protocol=2],

SplitterType[Subscriber=7],

SplitterType[NetEnforcer=3],

SplitterType[Line=4],

SplitterType[Pipe=5],

SplitterType[Virtual Channel=6

]]

-resolution <resolutionId> Request Resolution (default 1) :

[AggregationResType[Level

0=1],

AggregationResType[Level

1=2],

AggregationResType[Hour=3],

AggregationResType[Day=4],

AggregationResType[Month=5

]]

-serviceFilerArray <serviceFilterList> Service Filter List(50):

[serviceId] [serviceId]




-adjustTime Adjust Time

Links Format

[NE,Line,Pipe,Vc] / [NE,Line,Pipe,Vc,Template] /

[NE,Line,Pipe,Vc,InstanceType,instanceValue]:

1) [NE,Line,Pipe,Vc] simple VC = 1,2,3,4 ; simple Line = 1,2,0,0

2) [NE,Line,Pipe,Vc,Template] VC Template = 1,2,3,4,T ; Pipe Template = 1,2,3,0,T

3) [NE,Line,Pipe,Vc,InstanceType,instanceValue] VC Instance = 1,2,3,4,2,9999 ; Pipe

Instance = 1,2,3,0,1,9999 [InstanceType[Pipe=1], InstanceType[Virtual Channel=2]]

Examples

5 Most Active NEs on Level0 resolution :

monitorCLI -mostActive -subject 1 -resolution 1 -time 22/11/2005,11:20:00

5 Most Active Hosts on Days resolution scope limited to NE #32 & #37 :

monitorCLI -mostActive -subject 5 -longTermRequest -resolution 4 –time 20/11/2005,00:00:00 23/11/2005,23:59:59 -scopeLimiterType 1 -scopeLimiterArray 32,0,0,0 37,0,0,0

10 Most Active VCs on Level0 resolution scope limited to NE #32 stack result by

Protocol

monitorCLI -subjectCapacity 10 -mostActive -subject 4 -resolution 1 -time 22/11/2005,11:20:00 22/11/2005,11:25:00 -scopeLimiterArray 32,0,0,0 -distributor 6

Statistics on NE #37, last 5Min on Level0 resolution :

monitorCLI -subject 1 -resolution 1 -time 22/11/2005,11:20:00 22/11/2005,11:25:00 -subjectArray 37,0,0,0

Pipes Distribution on Network, last 5Min on Level0 resolution :

monitorCLI -subject 3 -resolution 1 -time 22/11/2005,11:20:00 22/11/2005,11:25:00 -scopeLimiterType 0 -scopeLimiterArray 0,0,0,0

Statistics on VC Instance #37,1,1,1,2,42 last 5Min on Level0 resolution :

monitorCLI -subject 4 -resolution 1 -time 22/11/2005,11:20:00 -relativeTimeUnit 2 -subjectArray 37,1,1,1,2,42



Use regular monitor request file & create monitor result file (csv format) :

monitorCLI -inputFile c:\monitor_cli\monitor42060.req -outputFile c:\monitor_cli\monitor42060.csv

Use most active monitor request file & create monitor result file (csv format) :

monitorCLI -inputFile c:\monitor_cli\monitor42061.req -outputFile c:\monitor_cli\monitor42061.csv


Chapter 7: Troubleshooting

Troubleshooting Basics

First Steps

There are some basic checks to begin with when troubleshooting almost any type of

problem:

1. Validate that the NetXplorer server and relevant NetEnforcers or

Service Gateways are actually up and running.

2. NetXplorer components (GUI, Server and NetEnforcers/Service

Gateways) communicate with each other using the protocols and

ports listed on p 2-17. Validate that the communication is not

blocked by using the following command (on either the

NetXplorer or NetEnforcer/Service Gateway): netstat –an

3. Each one of the NetXplorer components has configured time

settings. It is crucial that the component times are synchronized.

Processes

NetXplorer

There are certain processes that should be running on the NetXplorer Server. These

processes can be identified using several different tools when using Windows:

1. Use Windows Services (Start > Control Panel > Administrative Tools >

Services) to check that NetXplorer Server is running

2. Use Windows Task Manager (CTRL+ALT+DEL and click Task Manager) to

check that the following processes are running:

• poller.exe, converter.exe and loader.exe

• ltc_poller.exe and ltc_loader.exe

• ltreducer (only appears periodically)

• manifest_manager.exe (only appears periodically)

• KeeperService.exe

• Dbsrv9.exe (3 instances)

• ntpd.exe

‎Chapter 7: Troubleshooting


When on a Linux based server, use the command ps –ef or ls to list running processes.

NetEnforcer or Service Gateway

There are several processes that should always be running on the NetEnforcer or

Service Gateway. These processes can be identified using the following command: swgadmin

Each time a process is restarted, its value increases. If one of the values is significantly

higher than the others, it indicates that a process has been restarted. Restart may have

been initiated automatically or manually.

Log Files

Several key log files are stored on the NetXplorer Server. For the sake of convenience

we can divide these into three main categories.

Database Logs

Database log files are stored in C:\Allot\log (or /opt/allot/log on a Linux server). These

files log the performance of the NetXplorer‟s three main databases – cfg, stc and ltc as

well as the data collection processes.

Figure ‎7-1: Database Logs

The allot_cfg log can be consulted for problems related to general configuration (e.g:

saving policy, password). The allot_ltc log can be consulted for problems with long-

term reporting, and the allot_stc log for problems with real-time monitoring.

In addition, the logs which record the data collection processes are also useful,

specifically the Poller, Convertor and Loader logs. The keeper.log records the status

of the keeper process which makes sure that all other processes are up.



Figure ‎7-2: Key Database Logs

Application Server Logs

The application server log files are stored in C:\Allot\netxplorer\jboss-

4.0.5\server\allot\log (or /opt/allot/netxplorer/jboss-4.0.5/server/allot/log on a Linux

server). These files are responsible for logging all of the java-based activity which takes

place on the application server.

Figure ‎7-3: Application Server Logs

The events log records every event in the NetXplorer server. It can help you for

example to view alarms that have been cleared from the GUI.

The NMS.log records every activity carried out by the application server such as

records of alarms, GUI errors, web update checks, scheduled reports, and NetEnforcer

or Service Gateways which have been added or imported. As soon as this log reaches

5Mb, a new one is created, and a log history is maintained up to a total of 20 NMS logs.

The latest log is called simply NMS.log.



Figure ‎7-4: NMS.log Example

The NMS-Monitor.log records everything related to graphs and reports and the

UserOperations.log records of what has been done in the GUI by each user. This log

can reach a total of 10Mb and the NetXplorer will store 20 such historic logs in the

folder before over-writing the oldest one.

Installation Log

The install_log can be found in C:\Allot\conf (or /opt/allot/conf if you are working on

a Linux server). This simple log details the history of NX installations on the server.

You can see here for example if the current installation was an upgrade from a previous

version or a clean installation. This may be useful for detecting specific problems that

are related to upgraded NetXplorers only.

Figure ‎7-5: Install Log



Snapshots

Windows

This will prepare a zip-file that contains log and configuration files from all NetXplorer

components (Application Server, Collector, Databases) and the last backup of the CFG

(configuration allot_cfg) database.

Figure ‎7-6: Snapshot File

To create a snapshot in Windows:

1. Open MSDOS command window (cmd.exe). Run from command-

line - %ALLOT_HOME%\bin\ create_snapshot_logs.bat.

2. A message will appear in the command window indicating that the

snapshot was taken successfully and its location.

Zip-file - snapshot_<yyyy_mm_dd_hh_mi>.tar.gz will be located in

%ALLOT_HOME%\tmp directory.

Message Example –

Snapshot zip-file - D:\Allot\tmp\snapshot_2005_10_26_19_09.tar.gz is ready

To create a snapshot in Linux:

1. Open directory /opt/allot/bin/

2. Run the following command:

./create_snapshot_logs.sh



3. A message will appear in the command window indicating that the

snapshot was taken successfully and its location.

Message example -

Snapshot zip-file - /opt/allot/tmp/snapshot_2008_05_28_14_15.tar.gz is ready

How to restore CFG (allot_cfg) database from the Snapshot-File

1. Install the appropriate NetXplorer version from

<snapshot>\conf\install_log.txt file.

2. From the <snapshot>\conf\dynamic.ini file discover the CFG path.

3. After installation, reboot the computer and stop the NetXplorer

service.

4. Restore allot_cfg database using db_maint.exe from

%ALLOT_HOME%\bin directory using the following command

line operation:

db_maint -a restore -n cfg -t incremental -s <snapshot>\backup_cfg -g 1 -i

<max incr number(1-22)> -d %ALLOT_HOME%\data\db\cfg

5. <max incr number> - max number(1-22) in directory name from

<snapshot>\backup_cfg\1\incremental (example: 10)

6. Start the NetXplorer service

The NetXplorer server is now ready to work with snapshot allot_cfg database

Login Errors

Login errors can occur for several reasons:

Incorrect Java Version

An error messages stating that netxplorer.jnlp is an unrecognized file extension

typically indicates that the correct version of JRE has not been installed. Where JRE

1.5.6 or higher has not been installed, the java “.jnlp” extension is not registered to any

application.

• If the root cause of the issue is with Java, you can often solve it by clearing the

Java Cache on the machine that cannot access the NetXplorer, and then

reinstalling JRE.

• Go to control panel and choose Java.



• On the General tab, under Temporary Internet Files, click on delete and then

OK.

This action will clear the java cache files. It will also remove the NetXplorer

shortcut from the desktop.

• Open browser with NX server IP address (http://<NXServer-IP>) and choose the

first option “Install Java JRE First”. Now launch the application.

If the previous method does not solve the problem, run Java WebStart - javaws.exe from

the Java 1.5 environment.

This will typically be located at a location similar to: C:\Program

Files\Java\jre1.5.0_06\bin.

Delete anything shown on this screen (this will clear the cache).

Lack of Connectivity

A common cause of GUI initialization problems is a lack of communication between

the GUI and the NetXplorer, that is there is something on the network which may be

blocking the traffic (HTTP port 80).

• Below is a table of the TCP ports required for communication between the client

and server.

• Validate that there is nothing blocking communication on these ports and that all

the required NetXplorer services are running.

PORT # DESCRIPTION

TCP:80 HTTP

TCP:1098 RMI (Java J2EE protocol)

TCP:4444 RMI (Java J2EE protocol)

TCP:1099 JNP (Java J2EE protocol)

TCP:8093 Alarms

Antivirus Conflict

Antivirus or backup utilities could be interfering with the database, locking the file and

not permitting changes to it. Antivirus and backup utilities can also cause many other

types of problems for any operation involving a database modification.



It is highly recommended NOT to run antivirus or backup programs on folders where

the databases reside. The database folder is usually located in:

C:\Allot\data\dc\<DatabaseName>

Policy Saving Errors

Typically, inability to save a policy can result from a communication problem between

the GUI and the server, a communication problem between the NetEnforcer or Service

Gateway and the server or a synchronization problem between the NetEnforcer or

Service Gateway and the NetXplorer server.

To troubleshoot this problem, you must first understand how the provisioning data is

updated in the system.

The process consists of 3 stages.

First of all, the NetXplorer server sends an XML command to the NetEnforcer

or Service Gateway

The NetEnforcer or Service Gateway then performs the required changes and

updates the counters.

Finally, the NetEnforcer or Service Gateway sends a trap back to the server.

If the server has successfully sent the XML, the request should be received by the

DataSrv on the NetEnforcer or Service Gateway. The DataSrv should acknowledge

receipt, apply the change and confirm.

We can therefore check if the second stage has been passed, by examining the DataSrv

log file to see if the request has been received by looking at the following log file:

$SWGL/nedbg.DataSrv.log

Having confirmed this, we should look at allotProvision.xml. This is the actual policy

configuration file on the NetEnforcer or Service Gateway. By analyzing this file, we can

verify that the changes have actually been written.

If there is a synchronization problem between the NetXplorer and the NetEnforcer or

Service Gateway, perhaps caused by a temporary loss of communication between the

two, a tool that can help solve the problem is to perform a full policy export.

Using the Restore Policy and Catalog feature it is possible to restore the saved image

of the Policy Table and catalogs which is stored for each NetEnforcer or Service

Gateway and updated periodically. This feature should be used if a NetEnforcer or

Service Gateway becomes corrupted or its policies and catalogs become damaged,

requiring a roll back to a previous, working configuration.

To restore policies and catalogs:

1. Select Restore Policy and Catalogs from the Tools menu.

The Restore Policy and Catalogs dialog is displayed.



Figure ‎7-7: Restore Policy and Catalogs Dialog

2. The NetEnforcer Devices list will populate with all NetEnforcers

or Service Gateways on the network. Each relevant NetEnforcer

or Service Gateway is listed by name, with the time it received the

new policies and any system messages.

3. Click the Restore checkbox to include that NetEnforcer or

Service Gateway in the restoration or select a NetEnforcer or

Service Gateway and use the Check and Uncheck buttons.

4. Select a NetEnforcer or Service Gateway and click Up or Down

to change its location in the distribution order.

5. Select a NetEnforcer or Service Gateway and click Remove to

delete the NetEnforcer or Service Gateway from the list or Clear

Messages to delete any system messages.

6. Select the Abort on First Error checkbox to instruct NetXplorer

to cancel the entire Policy Distribution operation on the first error.

7. Click Restore to restore the saved Policy table and catalogs to

each device. The NetEnforcers or Service Gateways selected will

be restored in order, starting at the top of the list.

8. Click Abort at any time to stop the process or Print to print the

Results list.

NOTE Aborting the restoration will not roll back the Policy Tables or Catalogs of any NetEnforcers or Service Gateways already overwritten.

9. Click Close to close the Restore Policy and Catalogs dialog box.

Data Display Errors

When there is no data in a graph for a certain period of time, this typically indicates a

problem with data collection.



Data Transmission Check whether the NetEnforcer or Service Gateway is sending statistics

buckets to the NetXplorer server.

Data Reception It could be that buckets are being sent, but because of communication

problems, they are not reaching their destination.

Data Loss It could be that buckets are sent to the server and received, but are subsequently

dropped.

A common reason for this is a lack of synchronization. If the time of the bucket

is dramatically different from that of the NetXplorer server time, then buckets

will be discarded.

Stress Alternatively, the problem could be one of “stress”. If there is more data than

the NetXplorer server can handle, the server will only handle buckets that have

already been received and will discard any new buckets.

Data Transmission

As the first step of our troubleshooting we do not need to leave the NX GUI. Using the

GUI, we examine the event and alarms logs.

In most cases there will be an alert that shows us where the problem lies.

Figure ‎7-8: Events Log

For example, if we see the event: “Collector Reported Device Unreachable”, this

indicates that the data collector cannot access the NetEnforcer or Service Gateway for

short term data collection. In this case, you should check network connectivity, possible

firewall and ACL (access control list) rules.



If we see the event: “Invalid Bucket Time on Collector”, this indicates that the time on

the NetEnforcer or Service Gateway and on the NetXplorer Data Collector is not

synchronized. Make sure you synchronize the time for the NetEnforcer or Service

Gateway, Data Collector and NetXplorer. (See the “Time Synchronization Issues”

module for further information)

The event “Real Time Bucket Overload in Collector” indicates a problem of stress.

Data Reception

It could be that buckets are not being sent from the NetEnforcer or Service Gateway in

the first place.

This can be checked by consulting the manifest of a specific NetEnforcer or Service

Gateway.

The Manifest is the list of buckets that the NetEnforcer or Service Gateway has created

and that are waiting to be sent to the NetXplorer. This can be accessed using any web

browser.

Figure ‎7-9: Bucket Manifest

To see the 30 seconds buckets waiting to be sent, enter:

http://<NE_IP>/bucket/30/manifest

To see the 300 seconds buckets waiting to be sent, enter:

http://<NE_IP>/bucket/300/manifest

Refresh the browser window a few times to check that the NetEnforcer or Service

Gateway is continuously creating buckets.

Data Loss

To confirm that the data, once received, is not being dropped, check the log files that are

created by the data collection processes and are located on the NetXplorer server. Here

we can check if the NetXplorer and/or distributed collector has received the collected

data. The poller process is responsible for polling the buckets from the manifest file on

the NetEnforcer or Service Gateway. This process is logged in the poller log.



Figure ‎7-10: Data Logs

The convertor process then converts the buckets from binary into ASCII form – this is

logged in the convertor log.

Finally, the loader process, logged in the loader log is responsible for loading the

converted buckets into the short term database.

The Ltc_poller polls the 1hour buckets from the short term collector and the Ltc_loader

loads them into the long term collector.

You can look in the log files and see if there are any error indications.

Stress

What should you do if the events suggest a situation where buckets are being dropped

due to excess stress? Firstly, check the Collection Configuration to validate that the

NetEnforcer or Service Gateway is actually configured to collect the data you expect to

see.

One thing you can do to reduce stress is to disable real-time data collection. This will

lower the number of buckets dramatically.

Disabling Real-Time Collection stops the import of 30 sec buckets from the

NetEnforcer or Service Gateway to the NetXplorer. Therefore you will not be

able to see real-time monitoring graphs at 30 sec resolution. You will still be

able to see real-time monitoring graphs at other resolutions though, and long

term reporting which relies on the 300 sec buckets is not affected at all.

Disabling Long-Term Collection stops the import of 1 hr buckets from the

short term database on the NX to its Long Term database. By disabling this

option, you will not be able to view long-term reports at all.



Short Term Collection refers to the 300 seconds, or 5 minutes, buckets. What

happened when you disable Short Term collecting depends on whether Long

Term collecting is enabled or not. If Long Term Collection is also disabled, the

only graphs that you will be able to see are real-time graphs at 30 sec

resolution. If Long Term collection is enabled, short term data (300 sec

buckets) will be imported to the NX regardless of the state selected in the short

term collection dialog. This is because Long term data is aggregated from the

300 sec buckets.

Add Device Errors

In some situations, the attempt to add a device to the NetXplorer may fail. What might

be the reasons for this failure?

The more obvious reasons could be down to an incorrect IP address or an incompatible

software version.

There may be communication problems between NetXplorer and the NetEnforcer or

Service Gateway. These might arise due to problems with a firewall or with a router

access list for example. Alternatively, this problem can arise when management traffic

and user traffic are not fully separated.

By consulting with the NX server log (NMS.log), you can see at exactly which stage,

the “add device” process failed. There are eleven stages to adding a device.

You can see which stage has succeeded and which has failed by looking at the

NetXplorer‟s NMS.log.

There are eleven stages to adding a NetEnforcer or Service Protector. To start tracking

the add device messages in the log file, look for the string: “CREATE (1/11)” or for the

string “create device”

In stages one and two of the add device process, NetXplorer prepares its database

tables for update. Normally you should not encounter problems at these stages.

In stage three, the NetXplorer validates that the device has a software version that

matches that version on the NetXplorer Server. If there are error messages here

you might need to upgrade the device software version.

At stage four, the NetXplorer reads the NetEnforcer or Service Gateway‟s

configuration file: rc.conf. The file is sent via SNMP on port 161. Issues can

occur when there is a communication problem, or if the SNMP agent is not

running on the NetEnforcer or Service Gateway. If there is a problem at this

stage, check the following:

• Run netstat -an on the NetEnforcer or Service Gateway or Server and

check whether a connection on port 161 is established

• Run swgadmin and validate that allSNMPagent is running

• Check that nothing is blocking SNMP traffic along the way



• Check that the database is up and available

At stage five the catalogs are sent from the NetXplorer to the NetEnforcer or

Service Gateway. There are a few things that can go wrong at this stage:

• Communication issues – communication is carried out on HTTP port 80.

An error can occur if communication is blocked or if the NetEnforcer or

Service Gateway is not listening for requests on port 80. To validate that

NetEnforcer or Service Gateway is running the HTTP daemon, run ps –

awx and look for HTTPD

• Incorrect password – this happens when the password for the admin user

that was supplied in the “Add Device” dialog is not the right password. If

you have forgotten the password you can change the password by

logging into the NetEnforcer or Service Gateway as “root” and using the

menu>change password option.

During stage 6, the default policy is exported to the NetEnforcer or Service

Gateway by HTTP over port 80. The process could fail at this stage if there is a

timeout issue. This can be verified by looking at the nms.log. If this is the case,

you will need to contact Allot support for a fix.

At stage 7, the server performs several updates, one of which is updating NTP.

Issues can occur when the NetEnforcer or Service Gateway is set up in a way that

management traffic flows through the NetEnforcer or Service Gateway. This

happens when the management port is connected to the same part of the network

as the external connection is. In such cases, an NTP update can occur before the

NetEnforcer or Service Gateway update is complete. This interrupts the update

process.

A possible solution can be to switch the NetEnforcer into bypass mode until the

addition process is complete. In any case, it is recommended to connect the

management port to the internal section of the network.

During the final stages 8-11, the NetXplorer updates its databases. A problem at

this stage could result from the unavailability of one of the databases. In this

case, try to stop and restart the NetXplorer service. This may kick-start the

unavailable database. If this does not work, you may have to recreate the

database that is unavailable.

Adding a new collector has only 6 steps. These can be found in the server‟s NMS log by

looking for the string “CREATE (1/6)” or “create collector”.

The process of importing a device has 12 steps and the relevant messages can be found by

looking for “IMPORT (1/12)”



NX-HAP Troubleshooting

Monitoring the Cluster Status

cl_status is a linux command that retrieves information about the status of the

NetXplorer High Availability Cluster. For a full list of the cl_status commands, simply

enter cl_status.

We can check the node status by entering cl_status nodestatus <node name>.

NX-1.allot.com:~$ cl_status nodestatus NX-1.allot.com

cl_status: 2008/09/09_09:45:26 debug: optind: 1

argv[optindex+1]: NX-1.allot.com

active

NX-1.allot.com:~$ cl_status nodestatus NX-2.allot.com

cl_status: 2008/09/09_09:45:43 debug: optind: 1

argv[optindex+1]: NX-2.allot.com

active

In the example above, the nodes are named NX-1.allot.com and NX-2.allot.com. The

cl_status nodestatus command is run for each node in turn. An output of “active” (for

both nodes) indicates that the NX High Availability Cluster is alive.

The heartbeat program is at the core of the High Availability platform. It is responsible

for detecting the different nodes, communicating between them and managing the

cluster.

cl_status hbstatus tells us if heartbeat is running on the local system. The command

cl_status hblinkstatus <node name><link name> displays the status of a heartbeat

link. This indicates up if we are able to hear from that node across that link.

NX-1.allot.com:~$ cl_status hbstatus

Heartbeat is running on this machine.

NX-1.allot.com:~$ cl_status hblinkstatus NX-2.allot.com eth2

up



NOTE If the <node-name> is the current node, the status is not meaningful, since with few exceptions we don't receive messages from ourselves on any links. Make sure that you use this command to check the status of the peer node in the cluster.

NX-1.allot.com:~$ cl_status hblinkstatus NX-1.allot.com eth2

dead

Viewing Available Resources

The crm_mon command can be used to analyze which node in the cluster is using

system resources. This tells the system administrator which node is currently active.

==============

Last updated: Mon Jun 1 19:24:44 2009

Current DC: NX-1.allot.com (l3425fesfth)

2 Nodes configured.

1 Resources configured.

Node: NX-1.allot.com (l3425fesfth): online

Node: NX-2.allot.com (fewf834271h): online

Resource Group: nx_ha

vip (ocf::heartbeat:IPaddr2): started NX-1.allot.com

db (ocf::heartbeat:Filesystem): started NX-1.allot.com

nx (lsb:netxplorer): started NX-1.allot.com

The output of this command shows us that there are two nodes in the cluster and that

both are on-line. The Resource Group, nx-ha consists of 3 sub-resources:

VIP: which is the virtual IP address of the cluster

db: which is the database

nx: which is the NetXplorer service

Adjacent to each of these sub-resources you will see on which node it is running. In this

case, we see clearly that NX-1.allot.com is the active node in the cluster.

In case problems are detected, the administrator may run crm –rf. This gives an

extended view of the cluster resources and includes fail messages for each of the nodes.



Stopping Heartbeat Service

To stop the heartbeat service on the currently active node, opening an SSH session to

this node and enter the command: service heartbeat stop

This will stop the cluster suite running on the currently active node and the second node

will take control of the resources.


Chapter 8: Appendices

Upgrading NetXplorer Server

NetXplorer Server and Mediation Device Version 9.2.0 build 03 and above use a newer

version (10 – SA10) of Sybase Anywhere database. The upgrade process from previous

NetXplorer and Mediation Device versions to 9.2.0 build 03 and above includes an

automatic conversion process of CFG, LTC and SMF databases from ASA version 9 to

SA version 10. The STC database will be recreated as a new database in SA version 10.

It is recommended that software versions previous to NX9.2.1 upgrade in two steps as

described below:

First upgrade to NX9.2.1

Then upgrade from NX9.2.1 to the most recent version.

For more information, contact Allot Technical Support at [email protected].

The database conversion process can be time consuming depending on the amount of

collected data. Due to the large size of the LTC database, this process can take up to 6

hours. To reduce the LTC database conversion time, the standard upgrade procedure

runs a process that reduces the resolution of collected data older than one month. Data

older than one month collected in resolution of hours and days will be reduced to a

resolution of months. For this reason, an additional manual conversion process also

exists, to avoid losing long term data. Both procedures are outlined below.

NOTE You should close all open GUI sessions before beginning any of the upgrade procedures

Standard Upgrade Procedure

NOTE The standard upgrade procedure outlined below, reduces the resolution of collected data older than one month. If you wish to maintain the resolution of this data, refer to the manual upgrade procedure.

On a Linux NetXplorer Server:

After completing the download of the Linux files verify the files are complete and intact

by checking the MD5 checksum.

To confirm the checksum:

1. Run the following command: md5sum <filename>.tgz

Example: [root@REDHATNX NX811b10]# md5sum nx8.1.1_b10.11.tgz


‎Chapter 8: Appendices


The output should appear as follows:

10b350dd88470ead4e4c12b6796aae68 nx8.1.1_b10.11.tgz

2. Confirm the correct checksum number in the md5 file by running

the command: cat <filename>.tgz.md5

Example: [root@REDHATNX NX811b10]# cat nx8.1.1_b10.11.tgz.md5

The output should appear as follows: 10b350dd88470ead4e4c12b6796aae68 nx8.1.1_b10.11.tgz

3. If the two numbers match then the file is intact and complete and

you may continue. If they do NOT match, download the software

again.

To unzip the file:

1. After downloading the file, extract the files by using the following

tar command: tar -xzvf <filename>.tgz

Example: [root@REDHATNX NX811b10]# tar -xzvf nx8.1.1_b10.11.tgz ./

./accounting-manager-8.1.1-10.i386.rpm

./netxplorer-8.1.1-10.i386.rpm

./WSCli.tgz

./monitorCLI.tgz

./jdk-6u2-linux-i586.rpm

./netpolicy-provisioner-8.1.1-10.i386.rpm

[root@REDHATNX NX811b10]#

To perform the upgrade:

1. Close any open NetXplorer GUI sessions

2. Stop the NetXplorer service by entering: service netxplorer stop

3. When upgrading the NetXplorer software you must use the U

option to upgrade the software. Therefore, the proper command to

use when upgrading is as follows: rpm -Uvh <filename>.rpm

Example:

rpm –U netxplorer-9.2.1-7.i386.rpm



NOTE You may discover the filename by using the following command: cd / find|grep -i netxplorer-

4. Upgrade the JDK to the most recent version (if required) with no

dependencies by entering the following command: rpm -U <JDK

filename> –nodeps


On a Windows NetXplorer Server

1. Close any open NetXplorer GUI sessions

2. Double click on the setup.exe file provided in the Allot

installation CD or downloaded from the Allot FTP site.

NOTE Do not attempt to run the setup file from a net long address, such as \\file_server\.

3. Follow the onscreen instructions in the Setup Wizard to upgrade

the NetXplorer Server.


Manual Upgrade Procedure

To avoid losing long term data, the following procedure should be performed prior to

upgrading NetXplorer:

1. Stop the NetXplorer service.

On Windows – Open the services console, and locate the

NetXplorer Server service. Right click it and select stop.

On Linux – Open CLI and type /opt/allot/bin/nx_stop.sh.

2. Copy the entire ltc folder located in <allot root>\data\db\

(Windows) or /opt/sybase/data/db/ (Linux) and paste it outside

the Allot folder.

NOTE: Make sure that enough free disk space is left on the same hard drive (approximately 90% of LTC database size) for the conversion process to take place.

3. Upgrade NetXplorer and/or Mediation Device version. Once the

installation completes you may be asked to restart your server.

4. Once the server boots up, stop the NetXplorer service.



5. Delete the contents of the <allot root>\data\db\ltc folder.

6. Copy the contents of the ltc folder previously backed up and paste

them back in <allot root>\data\db\ltc.

7. Launch the LTC database conversion process by executing the

following script:

On Windows - <allot root>\bin\db_upgrade_ltc_2sa10.bat

On Linux - /opt/allot/bin/db_upgrade_ltc_2sa.sh

8. The process is logged in two log files located in

On Windows - <allot root>\log\

On Linux - /opt/allot/log

1) dbunload_log_ltc.txt

2) dbunload_log_time_cfg.txt.

9. Start the NetXplorer Server service:

On Windows – Open the services console, and locate the NetXplorer

Server service. Right click it and select start.

On Linux – Open CLI and type /opt/allot/bin/nx_start.sh.


Example of Log File Content

Below is a successful conversion process log for reference:

dbunload_log_time_cfg.txt

*************************************************************

Start Convert DB to version SA10 - 6/18/2009 2:11:14 PM

Unload LTC data to C:\Allot\tmp\ltc_datadirectory

Finish Unload LTC data - 6/18/2009 2:11:34 PM

Create new LTC database - 6/18/2009 2:15:49 PM

Default PARAM table truncated - 6/18/2009 2:15:58 PM

Load data into new LTC database - 6/18/2009 2:16:49 PM

*************************************************************

dbunload_log_ltc.txt

SQL Anywhere Unload Utility Version 10.0.1.3807

Connecting and initializing



Unloading "nms"."CONVER_STAT_" into C:\Allot\tmp\ltc_data/438.dat

(relative to server)

Unloading "nms"."DEVICE" into C:\Allot\tmp\ltc_data/439.dat (relative to

server)

Unloading "nms"."EVENT" into C:\Allot\tmp\ltc_data/440.dat (relative to

server)

Unloading "nms"."EVENT_VALUE" into C:\Allot\tmp\ltc_data/442.dat


Unloading "nms"."LINE_BURST_" into C:\Allot\tmp\ltc_data/443.dat


Unloading "nms"."PARAM" into C:\Allot\tmp\ltc_data/444.dat (relative to

server)

Unloading "nms"."VC_STAT_HRS_1_3" into C:\Allot\tmp\ltc_data/453.dat


...

...

...

Unloading "nms"."SERVICE_STAT_DAY_3_11" into

C:\Allot\tmp\ltc_data/1664.dat (relative to server)

Unloading "nms"."SERVICE_STAT_DAY_3_12" into

C:\Allot\tmp\ltc_data/1665.dat (relative to server)

Unloading "nms"."SERVICE_STAT_MON_1" into C:\Allot\tmp\ltc_data/1666.dat






Unloading "nms"."SMS_QUOTA_" into C:\Allot\tmp\ltc_data/1669.dat




Upgrading NX-HAP

Follow the procedure below to upgrade the NX High Availability Platform.

NOTE NX-HAP includes 3 different databases: NX-HAP1 local database, NX-HAP2 local database and the external storage database. The upgrade procedure updates only the external storage database. The two local databases do not need to be updated.

NOTE All of the operations outlined below must be performed by a root user.

1. Check the NetXplorer version. This is done by using the

command: rpm –qa | grep netxplorer

2. Make sure that nx1 is the active node and nx2 is passive. This is

done by using the command crm_mon (see Viewing Available

Resources for more details). If needed, initiate a switchover to

ensure that nx1 is the active node. This is done by entering the

command service heartbeat stop on the currently active node.

3. Stop the HA monitoring on both NX nodes. This is done by using

command: service heartbeat stop

4. On nx1 node, mount the common disk storage. This is done by

using the command: mount /dev/dm-1 /opt/sybase/data

5. Upgrade the NX1 node as you would upgrade a regular

NetXplorer Server. The upgrade steps (for a Linux Server) are

outlined below:

a. Check that netxplorer server is stopped by entering: service netxplorer

status.

b. In case netxplorer service is running stop the service by entering: service

netxplorer stop

c. Download the software image file for the upgrade into a specific

directory (for example /root/NX_software/NX10.1.1b5-Linux.tar.gz)

d. Extract the NetXplorer new software image file with the command: tar -

7xvf NX<version>.tar.gz

e. Enter the following: rpm -U <JDK filename>.rpm --nodeps

f. Now enter the following: rpm -U <filename>.rpm

g. Under no circumstances should you stop the upgrade process!

Do NOT reboot the server once the upgrade is completed. Do not

reboot, even though you will receive the output message: [root@nx1 nx_soft]# rpm -U netxplorer-10.1.1-5.i386.rpm

Running upgrade process. This may take a few minutes...



Followed by: [root@nx1 nx_soft]# rpm -U netxplorer-10.1.1-5.i386.rpm

Running upgrade process. This may take a few minutes...

Installation finished.Please reboot your device.

6. Now upgrade the NX-1 node as in step 4 above. The local

databases will be updated here too, simply to ensure consistency

of the upgrade process.

7. Enter the following command: chown hacluster:haclient

/var/lib/heartbeat/crm/*

8. On both NX nodes edit the /etc/init.d/netxplorer file. Use vi

editor. This file should be changed in follow manner –

a. In function start() change command sleep 60 to sleep 40

b. In function restart()change command sleep 60 to sleep 40

9. Reboot both NX nodes.

10. After rebooting check the status of each NX node. Use command

– crm_mon. This will reveal which node is active and will detail

the status of the common storage status



Upgrading Distributed Monitoring Collector

Follow the procedure below to upgrade a distributed monitoring collector. Assuming for

example that the target software version is stored at: /root/MD1011:

1. Change directory to: /root/MD1011

2. Change md-inst to executable by entering: chmod +x md-inst.sh

3. Perform the upgrade by entering: ./md-inst.sh

4. The monitoring collector will reboot automatically after.



Events

NetXplorer includes a pre-defined list of events that are recorded in the Events Log and

can be used to monitor the occurrence of system events in the Network. You can view

the events for specific devices in the Events Log or you can configure specific events to

generate alarms that are displayed in the Alarms Log,

All event types available in the NetXplorer are listed in the EVENT_DEF_CORE table

in the CFG database. Each event is displayed in the table below with its Event ID. In the

“Traps/Alarms/Actions” column, “Configurable” is recorded if the user can configure

whether such an event triggers an alarm, an action (a pre-prepared script) or the sending

of a trap to a pre-defined trap receiver. This is done from the Event Types Configuration

dialog in the NetXplorer GUI. “Automatic Trap Sent” is recorded if a trap will

automatically be sent to a pre-defined trap server whenever this event occurs.

ID Event Traps/Alarms/Actions

1 Rising TCA ('Threshold Crossing Alarm') Automatic Trap Sent

2 Falling TCA ('Threshold Crossing Alarm') No

3 Device Configuration Configurable

4 Line Policy Change Configurable

5 Pipe Policy Change Configurable

6 Virtual Channel Policy Change Configurable

7 Catalog Entry Change Configurable

8 Suspected DoS Attack Started Automatic Trap Sent

9 Suspected DoS Attack Stopped No

10 External Data Source Down Automatic Trap Sent

11 External Data Source Up No

12 Software Problem No

13 NetEnforcer Access Violation No

14 Link Down Configurable

15 Link Up No

16 Cold Start Configurable

17 Warm Start No



18 Authentication Failure No

19 NetEnforcer IP Address Change Configurable

20 Connection Routing Configuration No

21 Device Status Down Configurable

22 Device Status Up No

23 Application info Automatic Trap Sent

24 Protocol update installation No

25 Board status changed No

100 Server Unreachable Configurable

101 Server Reachable No

102 Device Unreachable Configurable

103 Device Reachable No

104 User Forced Clear Alarm No

107 Device Hardware Change Configurable

108 User Force Cleared All Alarms No

109 User Logged In No

110 User Logged Out No

111 Catalogs Synchronization Problem No

112 Catalog Rejected by NetEnforcer No

113 Automatic Alarm Purge No

114 Policy and Catalogs Export No

115 NetEnforcer Configuration Import No

116 Server Management Ownership Taken from Device Automatic Trap Sent

117 Server Management Ownership of Device Taken Automatic Trap Sent

118

Missing Events Were not Found on Device Trap Table

During Synchronization No

119 Device Add No



120 License expiration warning Automatic Trap Sent

121 License is expired Automatic Trap Sent

122 Server license registered Automatic Trap Sent

123 Clear license expiration warning No

124 Device policy replaced with rescue policy Automatic Trap Sent

125 Policy data is not synchronized on device No

126 AS does not support device software version Automatic Trap Sent

127 Device was deleted from system No

128 Server was deleted from system No

129 Catalog action failed Automatic Trap Sent

130 Configuration Database Incremental Backup failed No

131 Configuration Database Full Backup failed No

132 Country classification file updated Automatic Trap Sent

133 New protocol updates are available Automatic Trap Sent

134 Install new protocol updates to AS Automatic Trap Sent

135 Install new protocol updates to device Automatic Trap Sent

136 Scheduler forced clear alarms No

137 Device license expiration warning Automatic Trap Sent

138 Device license is expired Automatic Trap Sent

139 Clear device license expiration warning No

140 Rollback AS protocol updates Automatic Trap Sent

141 Rollback device protocol updates Automatic Trap Sent

200 Collector Reported Device Unreachable Configurable

201 Collector Reported Device Reachable No

202 Invalid Bucket Time in Collector Automatic Trap Sent

203 Valid Bucket Time in Collector No

204 Invalid Bucket in Collector No



205 Real Time Bucket Overload in Collector No

206 Short-term Bucket Overload in Collector No

207 Bucket Validated in Collector No



210 Real Time + Short-term Bucket Overload in Collector No

211 Bucket Overload in Collector Finished No

212 Collector Reported Disk Space Problem Automatic Trap Sent

213 Collector Reported Disk Space Problem Fixed No

214

Short Term Collector Reported Database Full Backup

failed No

300

Long Term Collector Reported Short Term Collector

Unreachable Configurable

301

Long Term Collector Reported Short Term Collector

Reachable No



304 Long Term Collector Reported Disk Space Problem Automatic Trap Sent

305

Long Term Collector Reported Disk Space Problem

Fixed No

306

Long Term Collector Reported Database Full Backup

failed No

401 Quota violation No

402 Quota recovery No

403 Domain not found No

404 SMP provision error trap Configurable

405 SMP multi fail trap Configurable

406 SMP High Availability Trap Configurable

407 SMP System Trap Configurable



Documents

NetXplorer Install_Admin Guide R5