Got it
Huawei Enterprise Support Community
Community Forums Intelligent Collaboration
SMC2.0 - Issue with B2B c...

SMC2.0 - Issue with B2B call (standalone SC with dual network adapter in DMZ scenario) Highlighted

Latest reply: Jul 9, 2019 17:23:54 644 1 1 0 1
View the author 1#

Hi, dear!

Good day to you!

This article describes a public and private network call problem. Please see below.


Issue description

A customer stated that he cannot perform a call between an endpoint in his private network and another endpoint in the public network.  In his VC infrastructure, the customer has an SMC, SC, and a few RP200. The SMC is in the same network with the endpoints. The SC has two network adapters configured on DMZ, and LAN1  connects to the SMC and endpoints network and the LAN2 connects to the internet.


SMC: 172.**.**.10/24 GW 172.**.**.253, endpoint 172.**.**.22/24 GW 172.**.**.253

SC: Lan1 192.**.**.31/24 GW 192.**.**.1, LAN2 192.**.**.31 GW 192.**.**.131


He configured some static routes on the SC for his SMC and endpoints to be able to communicate with the SC LAN1 and the default route on LAN2.

His endpoints are registered on the SMC and SC. When he attempted a point-to-point call, everything works, however when he tried to make a Business to Business call it seemed the call did not go to LAN2 and so the call failed.


Handling Process

In order to further troubleshoot the reported issue, we have requested the following information from the customer:

Signaling diagnostics (start the signaling capture, reproduce the issue and afterwards end the trace and export it) retrieved from the SC as per below procedure:


Web captures extraction

  1. Connect to the web interface of the device with admin credentials.

  2. From the SMC2.0 home page, go to Devices > Switch Centers and check the SC that you need.

    SC

  3. Capture the web page from the Registered Nodes tab to see the list of registered devices and information: IP, what access zone the node belongs to, and other information.

    Registered SC

  4. At the Logs tab, check the Device logs and click on the Export button.

    export log

  5. At the Signaling Diagnosis tab, click the Start Diagnosis and then replicate the issue.

    After the test call exports the signaling diagnosis file.


 

Log Operations

On the SMC2.0 web interface, the authorized users can view and sort logs and export logs that generated in a specified period.

The SMC2.0 also allows system administrators and authorizes users to export debug logs for problem location and analysis. This is an important means for troubleshooting. In debug logs, the different levels and usage are as follows: Logs of debug level are used for debug information, trace level for detailed running information, warn level for warning information, error level for system running error information, and fatal level for information that causes system running environment damage and function disablement. During log analysis, pay attention to logs of the warn, error, and fatal levels. Certain keywords and error codes in logs also help you quickly locate problems.


The following describes how to view and export logs on the SMC2.0 web interface.


Viewing logs

  1.  Log in to SMC2.0 web interface.

  2. Choose System > Logs.

    All logs are displayed.


Exporting logs

  1. Log in to the SMC2.0 web interface.

  2. Choose System > Logs.

  3. Click a tab and then Export. In the Export dialog box that is displayed, set start date and End date and click Export.

    Logs that are generated in the specified time range are exported.



Test exact call flow while the issue is being reproduced so we can check the logs (calling party, called party, type of endpoints involved, date, and time)


We have analyzed the Wireshark capture provided and we can see that the Switch Centre rejects the call with the below reason:

SC log


As you can see from the screenshot below and Wireshark capture above the service address for the SC configured is 192.**.**.31 even if the LAN2 port is used for communication with the public internet and used as a default route

SC


Under the service address in the details part, you should have both IP addresses for LAN1 and LAN2 but we can notice that the LAN 2 port has not been configured as per our product documentation. As such we suggest to follow the SMC2.0 product documentation and check the part traversal between public and private networks with a standalone SC, chapter Deploying a Single SC in the DMZ (Dual Network Adapters):


Since the customer does not have both service IP addresses configured we recommend checking again and configure also LAN2 IP address 192.**.**.31 by using the command:


system-view sys-config security-config service-ip add ip 192.**.**.131

  1. Check the service IP address of the SC and ensure that the IP addresses of the lan1 and lan2 ports are both set to the service IP address.

    display service-ip

    172.16.100.96

    172.17.100.96

    TotalItemNum:2

    If the SC does not identify the two IP addresses as the service IP address, run the following command to add the missing IP address:

    system-view sys-config security-config service-ip add ip 172.**.**.96

  2. Configure the lan2 port as the default route port.

    system-view sys-config network-config default-route lan lan2

  3. Configure a static route from the lan1 port to the Trust zone.

    system-view static-route add dest-address 192.168.0.0 mask-or-prefix 255.255.0.0 network-port lan1

    NOTE:

    If multiple network segments are planned in the Trust zone, configure static routes from the lan1 port to the planned network segments one by one.

  4. Configure static NAT mapping from the lan2 port to the Untrust zone.

    system-view sys-config network-config lan2 ipv4-nat enable true address 1.2.100.96

  5. Run the reboot command to restart the SC for the settings to take effect.


Root cause

The LAN2 IP address of the secondary network port of SC was not added as a Service Address.


Solution

We have added it using the command :

system-viewsys-config security-config service-ip add ip 192..**.**.131


Thanks for reading!

Like (1) Dislike (0) Favorite(1) Share Report
Previous: Configuring a public network participant
Next: What are Embedded SC and Standalone SC on SMC
(0) (0)
2#
Egorrabota
Created Jul 9, 2019 17:23:54

Interesting, thanks a lot!
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.