Viewing ETC NIU Statistics
The following ACLI commands are NOT supported by the ETC NIU; they continue to be supported on the HiFN-based NIU.
- show sec srtp spd
- show security srtp status
- show security srtp statistics
The following ACLI commands have been modified when used in conjunction with the ETC NIU; these commands continue to operate as described in previous documentation releases when used in conjunction with the HiFN-based NIU.
- show sa stats
The srtp option (show sa stats srtp) is not available for the ETC NIU; the option continues to be supported on the HiFN NIU.
- show security srtp sad
Only the brief option (show security srtp sad intName brief) is supported for the ETC NIU; the sal-index and sad-index, which are HiFN-specific values, along the ssrc (session source) values are not available.
ORACLE# show security srtp sad M00:33 brief WARNING: This action might affect system performance and take a long time to finish. Are you sure [y/n]?: y SRTP security-association-database for interface 'M00:33': Displaying SA's that match the following criteria - direction : both src-addr-prefix : any src-port : any dst-addr-prefix : any dst-port : any trans-proto : ALL Inbound: destination-address : 192.168.203.51 destination-port : 10022 vlan-id : 33 mode : srtp encr-algo : aes-128-ctr auth-algo : hmac-sha1 auth-tag-length : 80 mki : 0 mki length : 0 roll over count : 0 Outbound: destination-address : 192.168.200.254 destination-port : 10000 vlan-id : 33 mode : srtp encr-algo : aes-128-ctr auth-algo : hmac-sha1 auth-tag-length : 80 mki : 0 ORACLE#
The following ACLI commands have been augmented for use with the ETC HIU.
show nat flow-info all
The show nat flow-info all ACLI command provides two new fields that identify the encryption/decryption protocol applied by the ETC NIU to inbound and outbound SRTP packets.
ORACLE# show nat flow-info all
SA_flow_key : 172.16.28.1 SA_prefix : 32
DA_flow_key : 172.16.28.2 DA_prefix : 32
SP_flow_key : 0 SP_prefix : 0
DP_flow_key : 10034 DP_prefix : 16
VLAN_flow_key : 0
Protocol_flow_key : 17
Ingress_flow_key : 1
Ingress Slot : 1
Ingress Port : 0
NAT IP Flow Type : IPv4 to IPv4
XSA_data_entry : 192.168.28.2
XDA_data_entry : 192.168.28.1
XSP_data_entry : 12034
XDP_data_entry : 8000
Egress_data_entry : 0
Egress Slot : 0
Egress Port : 0
flow_action : 0X41
optional_data : 0
FPGA_handle : 0x00000045
assoc_FPGA_handle : 0x00000000
VLAN_data_entry : 0
host_table_index : 7
Switch ID : 0x00000005
average-rate : 0
weight : 0x0
init_flow_guard : 300
inact_flow_guard : 300
max_flow_guard : 86400
payload_type_2833 : 0
index_2833 : 0
pt_2833_egress : 0
qos_vq_enabled : 0
codec_type : 0
HMU_handle : 0
SRTP Crypto In : AES_CM_128_HMAC_SHA1_80
SRTP Crypto Out : AES_CM_128_HMAC_SHA1_32
----------------------------------------------
Input Link Parameters - IFD Index: 0x5
----------------------------------------------
IFD Byte Enable: false
EPD Mode Enable: true
Retain: false
ABJ Mode: true
Disable Empty: false
Ignore On Empty: false
TGID: 0x6
WRGID: 0x0
TG Enable: true
WRG Enable: false
Output Link Parameters - OFD Index: 0x5
----------------------------------------------
shaped_flow: false
latency_sensitive: false
pkt_mode: Packet Mode
zero_min_credit_flow: false
parent_pipe_num: 0x1
delta: 0x1
flow_credit_min_exp: 0x0
flow_credit_min_man: 0x0
IFD 0x00000005: dropCount = 0x00000000
IFD 0x00000005: acceptCount = 0x00000028
----------------------------------------------
q - quit, return - next page, space - through to the end :
...
...
Supported values for SRTP Crypto In/Out are as follows:
- AES_CM_128_HMAC_SHA1_80,
- AES_CM_128_HMAC_SHA1_32
- ARIA_CM_192_HMAC_SHA1_80
- NONE
show nat flow-info srtp statistics
The show nat flow-info srtp statistics ACLI command displays global statistics for all SRTP flows.
ORACLE# show nat flow-info srtp statistics PPM_ID_SRTP_E: PPX Global Statistics --------------------- alloc_count : 34768 dealloc_count : 34732 input-packets : 0 output-packets : 0 sessions-count : 602 init-requests : 1798 init-success : 1798 init-fail : 0 modify-requests : 600 modify-success : 600 modify-fail : 0 delete-requests : 1796 delete-success : 1796 delete-fail : 0 query-requests : 2 query-success : 2 query-fail : 0 resources-error : 0 protect-fail : 0 unprotect-fail : 0 status-err : 0 bad-param : 0 alloc-fail : 0 dealloc-fail : 0 terminus : 0 auth-fail : 0 cipher-fail : 0 replay-fail : 0 replay-old : 0 algo-fail : 0 no-such-op : 0 no-ctx : 0 cant-check : 0 key-expired : 0 nonce-bad : 0 read-failed : 0 write-failed : 0 parse-err : 0 encode-err : 0 pfkey-err : 0 mki-changed : 0 srtp-pkt-too-small : 0 srtcp-pkt-too-small : 0 PPM_ID_SRTP_D: PPX Global Statistics --------------------- alloc_count : 34768 dealloc_count : 34732 input-packets : 0 output-packets : 0 sessions-count : 602 init-requests : 2398 init-success : 2398 init-fail : 0 modify-requests : 600 modify-success : 600 modify-fail : 0 delete-requests : 2396 delete-success : 2396 delete-fail : 0 query-requests : 2 query-success : 2 query-fail : 0 resources-error : 0 protect-fail : 0 unprotect-fail : 0 status-err : 0 bad-param : 0 alloc-fail : 0 dealloc-fail : 0 terminus : 0 auth-fail : 0 cipher-fail : 0 replay-fail : 0 replay-old : 0 algo-fail : 0 no-such-op : 0 no-ctx : 0 cant-check : 0 key-expired : 0 nonce-bad : 0 read-failed : 0 write-failed : 0 parse-err : 0 encode-err : 0 pfkey-err : 0 mki-changed : 0 srtp-pkt-too-small : 0 srtcp-pkt-too-small : 0 ORACLE#
show nat flow-info srtp by-addr
The show nat flow-info srtp by-addr ACLI command displays cryptographic details for a specific SRTP data flow, as identified by an IPv4 address specifying the data flow source.
Alternatively, you can use the all argument in place of a specific IP address to display cryptographic details for all SRTP data flows.
ORACLE# show nat flow-info srtp by-addr 172.16.28.1 Crypto Parameters 172.16.28.1:7000 -> 172.16.28.3:8000 ================= Collapsed : true SRTCP Only : false Crypto In ------------------ destination-address : 172.16.28.2 destination-port : 10036 vlan-id : 0 encr-algo : aes-128-ctr auth-algo : hmac-sha1 auth-tag-length : 80 key index : 0 mki : none roll-over-count : 0 Crypto Out ------------------ destination-address : 172.16.28.3 destination-port : 8000 vlan-id : 0 encr-algo : aes-128-ctr auth-algo : hmac-sha1 auth-tag-length : 80 key index : 0 mki : none roll-over-count : 0 PPM_ID_SRTP_E: PPX Statistics -------------- Stream #1 ssrc : 3735928559 rtp-cipher-id : AES-128-ICM rtp-auth-id : HMAC-SHA1 rtp-security-level : Crypto + Auth rtp-total-packets : 9 rtp-total-bytes : 178 rtp-cipher-bytes : 70 rtp-auth-bytes : 178 rtcp-cipher-id : AES-128-ICM rtcp-auth-id : HMAC-SHA1 rtcp-security-level : Crypto + Auth rtcp-total-packets : 0 rtcp-total-bytes : 0 rtcp-cipher-bytes : 0 rtcp-auth-bytes : 0 key-lifetime : 4294967295 direction : Sender PPM_ID_SRTP_D: PPX Statistics -------------- Stream #1 ssrc : 3735928559 rtp-cipher-id : AES-128-ICM rtp-auth-id : HMAC-SHA1 rtp-security-level : Crypto + Auth rtp-total-packets : 8 rtp-total-bytes : 240 rtp-cipher-bytes : 64 rtp-auth-bytes : 160 rtcp-cipher-id : AES-128-ICM rtcp-auth-id : HMAC-SHA1 rtcp-security-level : Crypto + Auth rtcp-total-packets : 0 rtcp-total-bytes : 0 rtcp-cipher-bytes : 0 rtcp-auth-bytes : 0 key-lifetime : 4294967295 direction : Receiver ORACLE#
show mbcd errors
The show mbcd statistics ACLI command provides new counters tracking SRTP error conditions.
ORACLE# show mbcd errors 18:05:10-142 MBC Errors/Events ---- Lifetime ---- Recent Total PerMax Client Errors 0 0 0 Client IPC Errors 0 0 0 Open Streams Failed 0 0 0 Drop Streams Failed 0 0 0 Exp Flow Events 0 22 2 Exp Flow Not Found 0 0 0 Transaction Timeouts 0 0 0 Server Errors 0 0 0 Server IPC Errors 0 0 0 Flow Add Failed 0 0 0 Flow Delete Failed 0 0 0 Flow Update Failed 0 0 0 Flow Latch Failed 0 0 0 Pending Flow Expired 0 0 0 ARP Wait Errors 0 0 0 Exp CAM Not Found 0 0 0 Drop Unknown Exp Flow 0 0 0 Drop/Exp Flow Missing 0 0 0 Exp Notify Failed 0 0 0 Unacknowledged Notify 0 0 0 Invalid Realm 0 0 0 No Ports Available 0 0 0 Insufficient Bandwidth 0 0 0 Stale Ports Reclaimed 0 0 0 Stale Flows Replaced 0 0 0 Telephone Events Gen 0 0 0 Pipe Alloc Errors 0 0 0 Pipe Write Errors 0 0 0 Not Found In Flows 0 0 0 SRTP Flow Add Failed 0 0 0 SRTP Flow Delete Failed 0 0 0 SRTP Flow Update Failed 0 0 0 SRTP Capacity Exceeded 0 0 0 ORACLE#
show mbcd statistics
The show mbcd statistics ACLI command displays additional counters enumerating the number of active SRTP/SRTCP flows, as well as the number of SRTP sessions.
The SRTP flow count indicates the number of flows that require either SRTP encryption or decryption on either side of the flow.
The SRTP session count indicates the number of concurrent SRTP/SRTCP sessions on the Oracle Communications Session Border Controller. An SRTP session is counted as a full SRTP plus SRTCP crypto context, including both an encryption and decryption context. Note that a collapsed flow containing SRTP and SRTCP will count as one SRTP Session, and two uncollapsed flows for SRTP and the corresponding SRTCP will also count as one SRTP session.
Note that a hairpin connection counts as two SRTP sessions, one for each SRTP/SRTCP pair on each call leg, and two SRTP collapsed flows.
ORACLE# show mbcd statistics 18:13:14-126 MBCD Status -- Period -- -------- Lifetime -------- Active High Total Total PerMax High Client Sessions 1 1 0 18 3 4 Client Trans 0 0 0 75 6 3 Contexts 2 2 0 19 3 5 Flows 4 4 0 38 6 10 Flow-Port 2 2 0 36 6 8 Flow-NAT 4 4 0 74 12 10 Flow-RTCP 0 0 0 0 0 0 Flow-Hairpin 0 0 0 0 0 0 Flow-Released 0 0 0 0 0 0 MSM-Release 0 0 0 0 0 0 Rel-Port 0 0 0 0 0 0 Rel-Hairpin 0 0 0 0 0 0 NAT Entries 4 4 0 74 12 10 Free Ports 1998 1998 0 2070 2002 2002 Used Ports 4 4 0 72 12 16 Port Sorts - - 0 0 0 0 Queued Notify 0 0 0 0 0 0 MBC Trans 0 0 0 75 6 5 MBC Ignored - - 0 0 0 0 ARP Trans 0 0 0 0 0 0 Relatch NAT 0 0 0 0 0 0 Relatch RTCP 0 0 0 0 0 0 SRTP Only Flows 0 0 0 0 0 0 SRTCP Only Flows 0 0 0 0 0 0 SRTP Collapsed Flows 0 0 0 2 2 2 SRTP Sessions 0 0 0 2 2 2 Flow Rate = 0.0 Load Rate = 0.0 ORACLE#
show mbcd all
The show mbcd all ACLI command provides new counters tracking SRTP data flow additions, updates, and deletions.
ORACLE# show mbcd statistics 18:18:14-111 MBCD Status -- Period -- -------- Lifetime -------- Active High Total Total PerMax High Client Sessions 0 0 0 0 0 0 Client Trans 0 0 0 0 0 0 Contexts 1 1 0 1 1 1 Flows 2 2 0 2 2 2 Flow-Port 0 0 0 0 0 0 Flow-NAT 2 2 0 2 2 2 Flow-RTCP 0 0 0 0 0 0 Flow-Hairpin 0 0 0 0 0 0 Flow-Released 0 0 0 0 0 0 MSM-Release 0 0 0 0 0 0 Rel-Port 0 0 0 0 0 0 Rel-Hairpin 0 0 0 0 0 0 NAT Entries 2 2 0 2 2 2 Free Ports 2002 2002 0 2002 2002 2002 Used Ports 0 0 0 0 0 0 Port Sorts - - 0 0 0 Queued Notify 0 0 0 0 0 0 MBC Trans 0 0 0 0 0 0 MBC Ignored - - 0 0 0 ARP Trans 0 0 0 0 0 0 Relatch NAT 0 0 0 0 0 0 Relatch RTCP 0 0 0 0 0 0 SRTP Only Flows 0 0 0 0 0 0 SRTCP Only Flows 0 0 0 0 0 0 SRTP Collapsed Flows 0 0 0 2 2 2 SRTP Sesssions 0 0 0 2 2 2 Flow Rate = 0.0 Load Rate = 0.0 18:18:14-111 NAT Entries ---- Lifetime ---- Recent Total PerMax Adds 0 2 2 Deletes 0 0 0 Updates 0 0 0 Non-Starts 0 0 0 Stops 0 0 0 Timeouts 0 0 0 18:18:14-111 ACL Entries -- Period -- -------- Lifetime -------- Active High Total Total PerMax High Static Trusted 0 0 0 0 0 0 Static Blocked 0 0 0 0 0 0 Dynamic Trusted 0 0 0 0 0 0 Dynamic Blocked 0 0 0 0 0 0 ACL Operations ---- Lifetime ---- Recent Total PerMax App Requests 0 0 0 Added 0 0 0 Removed 0 0 0 Dropped 0 0 0 18:18:14-111 MBC Errors/Events ---- Lifetime ---- Recent Total PerMax Client Errors 0 0 0 Client IPC Errors 0 0 0 Open Streams Failed 0 0 0 Drop Streams Failed 0 0 0 Exp Flow Events 0 0 0 Exp Flow Not Found 0 0 0 Transaction Timeouts 0 0 0 Server Errors 0 0 0 Server IPC Errors 0 0 0 Flow Add Failed 0 0 0 Flow Delete Failed 0 0 0 Flow Update Failed 0 0 0 Flow Latch Failed 0 0 0 Pending Flow Expired 0 0 0 ARP Wait Errors 0 0 0 Exp CAM Not Found 0 0 0 Drop Unknown Exp Flow 0 0 0 Drop/Exp Flow Missing 0 0 0 Exp Notify Failed 0 0 0 Unacknowledged Notify 0 0 0 Invalid Realm 0 0 0 No Ports Available 0 0 0 Insufficient Bandwidth 0 0 0 Stale Ports Reclaimed 0 0 0 Stale Flows Replaced 0 0 0 Telephone Events Gen 0 0 0 Pipe Alloc Errors 0 0 0 Pipe Write Errors 0 0 0 Not Found In Flows 0 0 0 SRTP Flow Add Failed 0 0 0 SRTP Flow Delete Failed 0 0 0 SRTP Flow Update Failed 0 0 0 SRTP Capacity Exceeded 0 0 0 SRTP Flows ---- Lifetime ---- Recent Total PerMax Adds 0 2 2 Deletes 0 0 0 Updates 0 0 0 ORACLE#
show sipd errors
The show sipd errors ACLI command provides a counter tracking the number of SIP sessions that failed because of SRTP signaling problems.
ORACLE# show sipd errors 16:56:32-110 SIP Errors/Events ---- Lifetime ---- Recent Total PerMax SDP Offer Errors 0 0 0 SDP Answer Errors 0 0 0 Drop Media Errors 0 0 0 Transaction Errors 0 0 0 Application Errors 0 0 0 Media Exp Events 0 2 1 Early Media Exps 0 0 0 Exp Media Drops 0 0 0 Expired Sessions 0 1 1 Multiple OK Drops 0 0 0 Multiple OK Terms 0 0 0 Media Failure Drops 0 0 0 Non-ACK 2xx Drops 0 0 0 Invalid Requests 0 0 0 Invalid Responses 0 0 0 Invalid Messages 0 0 0 CAC Session Drop 0 0 0 Nsep User Exceeded 0 0 0 Nsep SA Exceeded 0 0 0 CAC BW Drop 0 0 0 SRTP Errors 0 0 0 ORACLE# show sipd errors
show security srtp sessions
The show security srtp sessions ACLI command displays summary information for currently active SRTP sessions.
ORACLE# show security srtp sessions 16:31:52-199 Capacity=10000 SRTP Session Statistics -- Period -- -------- Lifetime -------- Active High Total Total PerMax High SRTP Sessions 100 55 100 17264 100 75 ORACLE#
