eVIP, IKE Distribution Not Possible

Contents


1   Alarm Description

The alarm is raised when the distribution of the Internet Key Exchange (IKE) processes cannot be resolved, and there are not available blades for all IKE instances.

The IKE process is used to process the key exchange in IP Security communication.

Table 1    eVIP, IKE Distribution Not Possible Alarm Causes

Alarm Cause

Description

Fault Reason

Fault Location

Impact

Faulty configuration

The configuration is faulty

Faulty configuration

Faulty configuration in the Managed Element

Starting the IKE processes with the current eVIP configuration cannot be done

Faulty node in the cluster

The node in the cluster is faulty

Faulty node in the cluster

Node in cluster

Insufficient available or running nodes and the IKE processes cannot be started

Note:  
The alarm can appear as a result of an installation.

2   Procedure

2.1   Handle Alarm eVIP, IKE Distribution Not Possible

Prerequisites

Steps

  1. Is alarm COM SA, CLM Cluster Node Unavailable also raised?

    Yes: Alarm eVIP, IKE Distribution Not Possible can be caused by a faulty node in the cluster. Follow the instructions in COM SA, CLM Cluster Node Unavailable and then continue with the next step.

    No: Proceed with Step 3.

  2. Is alarm eVIP, IKE Distribution Not Possible cleared?

    Yes: Confirm that the alarm does not reappear. Proceed with Step 36.

    No: The cause is a faulty configuration. Continue with the next step.

  3. Check the latest configuration changes.

    The likely cause is that a reconfiguration event violated the listed rules of IKE distribution.

    • Only one IKE instance can run on a payload blade.
    • Exactly one or zero IKE instance must run in each Abstract Load Balancer (ALB).

    These rules means that there must be at least as many payload blades as there are ALBs in the system.

  4. Check the number of ALBs to determine the number of IKE processes, for example:

    >show ManagedElement=NODE06ST,Transport=1,Evip=1,EvipAlbs=1

    The following example output shows that two ALBs are configured and it means that two IKE processes are to be started:

    EvipAlbs=1
   EvipAlb=alb_0
   EvipAlb=alb_1

    Target pools limited to a few payload blades, processors, or targets in an Abstract Load Balancer (ALB) can violate the listed rules in Step 3.

  5. Check the ALB configuration one by one to determine where the IKE process can be started within an ALB, for example:
    1. >show -r ManagedElement=NODE06ST,Transport=1,Evip=1,EvipAlbs=1,EvipAlb=alb_0,EvipTargetPools=1

      The following is an example output:

      EvipTargetPools=1
   EvipTargetPool=SCs_rr
      distributionMethod="round_robin"
      stickyGroup="no"
      udpStateless="no"
      EvipPayload=6
   EvipTargetPool=sticky-SCs_rr
      distributionMethod="round_robin"
      stickinessTimeout="300"
      stickyGroup="yes"
      udpStateless="no"
      EvipPayload=6
    2. >show -r ManagedElement=NODE06ST,Transport=1,Evip=1,EvipAlbs=1,EvipAlb=alb_1,EvipTargetPools=1

      The following is an example output:

      EvipTargetPools=1
   EvipTargetPool=SCs_rr
      distributionMethod="round_robin"
      stickyGroup="no"
      udpStateless="no"
      EvipPayload=6
   EvipTargetPool=sticky-SCs_rr
      distributionMethod="round_robin"
      stickinessTimeout="300"
      stickyGroup="yes"
      udpStateless="no"
      EvipPayload=6

    The two examples show that only node 6 is available for two ALBs; alb_0 and alb_1. The IKE distribution is not possible with the configuration in these examples.

  6. Navigate to the EvipTargetPool Managed Object (MO) for alb_0, for example:

    >dn ManagedElement=NODE06ST,Transport=1,Evip=1,EvipAlbs=1,EvipAlb=alb_0,EvipTargetPools=1,EvipTargetPool=SCs_rr

    Attention!

    Risk of system malfunction or traffic disturbance.

    The target pool plays a central role on traffic handling. If you are unfamiliar with eVIP configuration, consult the next level of maintenance support.

    Step 6 through Step 29 show how to add payloads 1 and 5 to target pools in alb_0 and payload 4 to alb_1.

  7. Enter Config mode:

    (EvipTargetPool=SCs_rr)>configure

  8. Add a payload, for example:

    (config-EvipTargetPool=SCs_rr)>EvipPayload=1

  9. Navigate to the EvipTargetPool MO:

    (config-EvipPayload=1)>up

  10. Commit the setting:

    (config-EvipTargetPool=SCs_rr)>commit

  11. Verify the setting:

    (EvipTargetPool=SCs_rr)>show EvipPayload

    The following is an example output:

    EvipPayload=1
  12. Navigate to the second EvipTargetPool MO, for example:

    (EvipTargetPool=SCs_rr)>up

    (EvipTargetPools=1)>EvipTargetPool=sticky-SCs_rr

  13. Enter Config mode:

    (EvipTargetPool=sticky-SCs_rr)>configure

  14. Add a payload, for example:

    (config-EvipTargetPool=sticky-SCs_rr)>EvipPayload=5

  15. Navigate to the EvipTargetPool MO:

    (config-EvipPayload=5)>up

  16. Commit the setting:

    (config-EvipTargetPool=sticky-SCs_rr)>commit

  17. Verify the setting:

    (EvipTargetPool=sticky-SCs_rr)>show EvipPayload

    The following is an example output:

    EvipPayload=5
  18. Navigate to the EvipTargetPool MO for alb_1, for example:

    (EvipTargetPool=sticky-SCs_rr)>dn ManagedElement=NODE06ST,Transport=1,Evip=1,EvipAlbs=1,EvipAlb=alb_1,EvipTargetPools=1,EvipTargetPool=SCs_rr

  19. Enter Config mode:

    (EvipTargetPool=SCs_rr)>configure

  20. Add a payload, for example:

    (config-EvipTargetPool=SCs_rr)>EvipPayload=4

  21. Navigate to the EvipTargetPool MO:

    (config-EvipPayload=4)>up

  22. Commit the setting:

    (config-EvipTargetPool=SCs_rr)>commit

  23. Verify the setting:

    (EvipTargetPool=SCs_rr)>show EvipPayload

    The following is an example output:

    EvipPayload=4
  24. Navigate to the second EvipTargetPool MO for alb_1, for example:

    (EvipTargetPool=SCs_rr)>up

    (EvipTargetPools=1)>EvipTargetPool=sticky-SCs_rr

  25. Enter Config mode:

    (EvipTargetPool=sticky-SCs_rr)>configure

  26. Add a payload, for example:

    (config-EvipTargetPool=sticky-SCs_rr)>EvipPayload=4

  27. Navigate to the EvipTargetPool MO:

    (config-EvipPayload=4)>up

  28. Commit the setting:

    (config-EvipTargetPool=sticky-SCs_rr)>commit

  29. Verify the setting:

    (EvipTargetPool=sticky-SCs_rr)>show EvipPayload

    The following is an example output:

    EvipPayload=4
  30. Check the ALB configuration one by one to determine where the IKE process can be started, for example:
    1. (EvipTargetPool=sticky-SCs_rr)>show -r ManagedElement=NODE06ST,Transport=1,Evip=1,EvipAlbs=1,EvipAlb=alb_0,EvipTargetPools=1

      The following output example shows that eVIP can start the IKE process on payload nodes 1, 5, and 6 in ALB alb_0:

      EvipTargetPools=1
   EvipTargetPool=SCs_rr
      distributionMethod="round_robin"
      stickyGroup="no"
      udpStateless="no"
      EvipPayload=1
      EvipPayload=6
   EvipTargetPool=sticky-SCs_rr
      distributionMethod="round_robin"
      stickinessTimeout="300"
      stickyGroup="yes"
      udpStateless="no"
      EvipPayload=5
      EvipPayload=6
    2. (EvipTargetPool=sticky-SCs_rr)>show -r ManagedElement=NODE06ST,Transport=1,Evip=1,EvipAlbs=1,EvipAlb=alb_1,EvipTargetPools=1

      The following output example shows that eVIP can start the IKE process on payload nodes 4 and 6 in ALB alb_1:

      EvipTargetPools=1
   EvipTargetPool=SCs_rr
      distributionMethod="round_robin"
      stickyGroup="no"
      udpStateless="no"
      EvipPayload=4
      EvipPayload=6
   EvipTargetPool=sticky-SCs_rr
      distributionMethod="round_robin"
      stickinessTimeout="300"
      stickyGroup="yes"
      udpStateless="no"
      EvipPayload=4
      EvipPayload=6

    If payload nodes 1, 4, 5, and 6 all are running or available, a possible IKE distribution is that two IKE processes are started on payload nodes 1 and 5.

  31. Check the available payload nodes to determine where the IKE process can be started, for example:

    >ssh -l <user> SC-1

    >ssh -l <user> PL-4

    >ssh -l <user> PL-5

    >ssh -l <user> PL-6

  32. Is it possible to log on to the nodes?

    Yes: The nodes are running and IKE distribution can be done. Continue with the next step.

    No: Proceed with Step 34.

  33. Is the alarm cleared?

    Yes: Confirm that the alarm does not reappear. Proceed with Step 36.

    No: Continue with the next step.

  34. Perform data collection, refer to Data Collection Guideline.
  35. Consult the next level of maintenance support. Further actions are outside the scope of this instruction.
  36. Job is completed.


Copyright

© Ericsson AB 2015, 2017. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List
All trademarks mentioned herein are the property of their respective owners. These are shown in the document Trademark Information.

    eVIP, IKE Distribution Not Possible