Customizing How to Monitor Subsets of Subscriber Traffic
You customize the configuration for the Surveillance Director from SDX Configuration Editor. The configuration files in the sample data contain default values for some Surveillance Director properties. Use these files as a starting place for your configuration. After you import the configuration from the directory into SDX Configuration Editor, the following files appear in the SurveillanceDirector folder.
You can edit the files in this location or make copies of the files and then edit them.
For information about how to use SDX Configuration Editor and how to import data from the directory into SDX Configuration Editor, see SDX Getting Started Guide, Chapter 17, Using SDX Configuration Editor.
Tasks to configure properties for the Surveillance Director are:
- Configure Directory Properties for the Surveillance Director.
- Configure Logging for the Surveillance Director.
- Configure an Instance of the Surveillance Director.
Configuring Directory Properties for the Surveillance Director
You configure properties specific to the Surveillance Director to access network data in the directory through the directory eventing system (DES). For more information about the DES, see SDX Getting Started Guide, Chapter 14, Distributing Directory Changes to SDX Components.
To use SDX Configuration Editor to configure the directory properties for the Surveillance Director:
- In the navigation pane, select the des.xml file under SurveillanceDirector.
- Select the LDAP tab, and expand the Network and DES Client Configurations sections.
The following pane shows the properties available with the Editing Level for SDX Configuration Editor set to Normal.
See Network Field.
To complete the entries under DES Client Configuration, see SDX Getting Started Guide, Chapter 14, Distributing Directory Changes to SDX Components.
- Select File > Save.
- Right-click the configuration file, and select SDX System Configuration >Export to LDAP Directory.
- After you complete the configuration changes, stop and then restart the Surveillance Director for the configuration changes to take effect. Use the following commands to stop and then start the Surveillance Director:
/opt/UMC/idp/etc/sd stop
/opt/UMC/idp/etc/sd start
Network Field
In SDX Configuration Editor, you can modify the following field in the LDAP pane in a des.xml configuration file.
Network Root
- DN of the network object. The network object contains objects for each router that the SDX software manages.
- Value—<DN>
- Default—No value
- Example—o=Network, o=umc (value in the sample date)
Configuring Logging for the Surveillance Director
To use SDX Configuration Editor to configure logging for the Surveillance Director:
- Configure logging properties for the Surveillance Director in the same way that you configure logging for other components.
See SDX Monitoring and Troubleshooting Guide, Chapter 2, Configuring Logging for SDX Components.
Configuring an Instance of the Surveillance Director
You configure properties for an instance of the Surveillance Director for a set of virtual routers to be monitored. One virtual router can be monitored by only one instance of the Surveillance Director at a time.
To use SDX Configuration Editor to configure an instance of the Surveillance Director:
- In the navigation pane, select the sds.xml file under SurveillanceDirector.
- Select the Surveillance Director tab, and expand the Director Instance and Surveillance Director sections.
- In the Surveillance Director section, edit or accept the default values for the fields.
See Surveillance Director Fields.
 |
NOTE: The sample data provides values appropriate for setup and debugging for each of these properties. |
- Select File > Save.
- Right-click the configuration file, and select SDX System Configuration >Export to LDAP Directory.
Surveillance Director Fields
In SDX Configuration Editor, you can modify the following fields in the Surveillance Director pane in a sds.xml configuration file.
Virtual Router Filter
- Virtual routers to be monitored by this instance of the Surveillance Director.
- Value—A regular expression that matches the virtual routers to be managed.
- Guidelines—For information about regular expressions, see
http://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html
Typically, an instance of the Surveillance Director can manage more than one virtual router; however, only one instance of the Surveillance Director manages a virtual router at one time. If more than one instance of the Surveillance Director matches the same virtual router, the first instance of the Surveillance Director that is configured and that matches the virtual router manages it.
If you change the configuration of an instance of the Surveillance Director to stop managing a virtual router, and another instance of the Surveillance Director is already configured to manage that virtual router, then the other instance of the Surveillance Director assumes management of that virtual router.
- .*@BRAS.*—Matches all virtual routers on routers whose names start with BRAS
- .*virneo.*@.*—Matches all virtual routers that contain virneo in the virtual router name, for a router with any name
IDP Service Name
- Name of the service to activate in order to direct a subset of subscriber traffic to an IDP sensor.
- Value—<Service name>
- Default—No value
- Property name—idpServiceName
Maximum Number of IP Addresses
- Maximum number of subscriber IP addresses for which the associated traffic should be sent to an IDP sensor or sensor cluster at one time.
- Value—Integer greater than 1
- Guidelines—You must configure a value for this property. This value must be a power of 2. Ensure that the amount of traffic generated by the number of IP addresses identified by this property conforms to the capacity for the IDP system.
For JUNOSe routers, consider system load on the SAE and on the router when you use policy-based routing from JUNOSe routers to an IDP sensor. A fragment service is activated for each IP address.
Maximum Number of Subnets
- Maximum number of CIDR subnets for which subscriber traffic can be sent to an IDP sensor at one time.
- Value—Integer greater than 1
- Guidelines—Using a large number of CIDR subnets can affect system performance because an aggregate service for IDP is activated once for each CIDR subnet during a specified surveillance time.
- Default—4
- Property name—maxSubnets
Maximum Number of IP Addresses per Subnet
- Maximum number of IP addresses supported in a CIDR subnet.
- Value—Integer greater than 1
- Guidelines—This value must be a power of 2.
If your configuration has a JUNOS routing platform that is being managed from a JUNOS POP, set this value to the value specified for Maximum Number of IP Addresses.
Minimum Number of IP Addresses per Subnet
- Minimum number of IP addresses supported in a CIDR subnet.
- Value—Integer greater than 1
- Guidelines—This value must be a power of 2 to efficiently monitor subnets, and must be set to a value less than the value for the Maximum Number of IP Addresses per Subnet.
If the minimum size of a subnet is small and the IP pools do not have large contiguous address ranges, then a surveillance interval can be underused by the number of subscribers. Also with a small minimum size specified, the IP pool can be divided into numerous CIDR subnets to exclude discontinuities in the addresses. In this scenario if the value is a number greater than 1, some addresses may be infrequently or never monitored.
Surveillance Time
- Length of time to monitor each set of subscribers. This value is also the session timeout for the service specified by the IDP Service Name property.
- Value—Number of seconds greater than 1
- Default—15
- Property name—surveillanceTime
interval Between IDP Service Sessions
- Length of time between when IDP service sessions time out and when the next IDP service sessions are activated.
- Value—Number of seconds greater than 1
- Guidelines— Typically, services for a specified set of IP addresses time out at approximately the same time; however, the length of time to deactivate the services depends on other factors, such as the number of addresses and subnets for which a service is being deactivated, the software and hardware versions of the routers, and the size of systems running the SAE. Use this property to specify how long the Surveillance Director waits for all services to become inactive before it activates services for the next set of addresses to be monitored.
If the value for this property is too long, IDP is underutilized; if it is too short, the IDP can become overloaded.
DN of Router Profiles
- DN in the directory of the subscriber folder which contains the subscriber entries that correspond to router entries under the network root. For the Surveillance Director to activate a service configured for IDP integration for <vrName>@<routerName>, it constructs a DN type of subscriber ID in the form routerName=<vrName>@<routerName>, <DN of router profiles>. The Surveillance Director then uses that DN to locate the subscriber session in which to activate the service.
- Value—<DN>
- Default—No value
- Example—ou=routers, retailername=SP-IDP, o=Users, o=umc
- Property name—routerProfilesDn
Suppress IP Addresses
- Specifies whether the Surveillance Director provides a value for the subrIps parameter (a list of all the individual addresses to be monitored during a surveillance interval) when it activates an IDP service. For use when traffic is sent directly from JUNOSe routers to an IDP sensor.
- Value—True or false
- Guidelines—Specify false for JUNOSe POPs. Specify true for JUNOS POPs.
- Default—False
- Property name—suppressIps