The CMC manages the configuration of the Steelhead appliances in the network and monitors the health of the Steelhead appliances, Steelhead Mobile Controllers, Interceptors and Whitewater appliances.
The CMC connects to a remote Steelhead appliance on TCP port 22 via the SSH protocol. It logs in and executes the command rgp.
Figure 5.229. CMC 'CMC' connects to a Steelhead appliance
SH sshd[9016]: Accepted password for admin from 192.168.1.102 port 59677 ssh2 SH sshd[9016]: pam_unix(sshd:session): session opened for user admin by (uid=0) SH cli[9359]: [cli.NOTICE]: user admin: executing remote command: /opt/tms/bin/rgp CMC DA2 \ HV0001234F SH rgp[9359]: [rgp.NOTICE]: rgp starting at 2014/01/14 07:34:16 SH rgp[9359]: [rgp.INFO]: session 1: connected to server 'rgpd' as authenticated user 'adm \ in' (uid 0, gid 0) authorization key 'admin', interactive 'false' SH rgpd[8624]: [rgpd.INFO]: session 2: accepted client 'rgp-9359' for authenticated user ' \ admin' (uid 0, gid 0) authorization key 'admin', interactive 'true' SH rgpd[8624]: [rgpd.INFO]: Getting auth from new outer session SH rgp[9359]: [rgp.NOTICE]: session 1: existing connection from SH rgp[9359]: [rgp.INFO]: Sending first connect event SH mgmtd[7342]: [mgmtd.INFO]: EVENT: /cmc/event/connect SH rgp[9359]: [rgp.INFO]: session 1: accepted client 'rbmd-4108' for authenticated user 'a \ dmin' (uid 0, gid 0) authorization key 'admin', interactive 'true' SH rgpd[8624]: [rgpd.INFO]: cli_init_pam(), cli_auth.c:91, build (null): Successfully star \ ted pam session for the user admin from <unknown>
The CMC starts the process rgp and specifies the hostname of the CMC, CMC in this case, and the serial number of the Steelhead appliance.
To see if a Steelhead appliance is connected to a CMC and which CMC
it is connected to, use the command
show cmc
.
Figure 5.230. Output of the command 'show cmc'
SH # show cmc CMC auto-registration enabled: yes CMC auto-registration hostname: riverbedcmc Managed by CMC: yes CMC hostname: CMC (192.168.1.102) Auto configuration status: Inactive Last message sent to cmc: Auto-registration Time that message was sent: Thu Jan 9 13:36:39 2014
The Steelhead appliance can inform the CMC that it is up and running and that the CMC can connect to it. It tries to resolve the hostname riverbedcmc and sends an HTTP request to it on TCP port 443:
Figure 5.231. Auto-registration by the Steelhead appliance
17:51:06.614599 IP 10.0.1.5.14661 > 192.168.1.1.53: 2495+ A? riverbedcmc.example.org. (45) 17:51:06.614608 IP 10.0.1.5.14661 > 192.168.1.1.53: 2687+ AAAA? riverbedcmc.example.org. ( \ 45) 17:51:06.803037 IP 192.168.1.1.53 > 10.0.1.5.14661: 2495* 1/0/0 A 192.168.1.102 (61) 17:51:06.803275 IP 192.168.1.1.53 > 10.0.1.5.14661: 2687* 0/1/0 (96) 17:51:06.803368 IP 10.0.1.5.24332 > 192.168.1.102.443: Flags [S], seq 4235884934, win 5840 \ , options [mss 1460,sackOK,TS val 2859884311 ecr 0,nop,wscale 2], length 0 17:51:06.993913 IP 192.168.1.102.443 > 10.0.1.5.24332: Flags [S.], seq 1834967271, ack 423 \ 5884935, win 5792, options [mss 1304,sackOK,TS val 1233057525 ecr 2859884311,nop,wscal \ e 7], length 0 17:51:06.993930 IP 10.0.1.5.24332 > 192.168.1.102.443: Flags [.], seq 1, ack 1, win 1460, \ options [nop,nop,TS val 2859884501 ecr 1233057525], length 0
The CMC will collect data from all Steelhead appliances, analyses this data and raise an alarm on the CMC while the Steelhead appliance itself is healthy. This report can be found in the GUI under Reports -> Appliance Diagnostics -> Appliance Details.
Examples of this alarms are:
Unmanaged appliances
Time drift
Duplex alarm
Configuration change
High usage and Connection Limit Warning
Too many half-open or half-closed connections
PFS and RSP
Poll timeout
This alarm gets raised when the Steelhead appliance is peering with another Steelhead appliance this CMC is not managing.
The presence of an unknown peer Steelhead appliance which is not managed by the CMC can be caused by an oversight of the networking team or a problem in the network. If the origin of the unknown Steelhead appliance has been determined, it can either be added under control of the CMC or it can be added to a blacklist under Configure -> System Settings -> Alarms -> CMC Managed Appliance Alarms -> Unmanaged Appliances:
This alarm gets raised when the time on the Steelhead appliance is significantly different from the time on the CMC. It might indicate a broken NTP configuration on the Steelhead appliance, which might interfere with the Windows Active Directory integration.
This alarm gets raised when there are frame errors detected on the Steelhead appliance. The next steps would be to inspect the Steelhead appliance interface NIC statistics and determine why this alarm got raised.
This alarm gets raised when the configuration on the Steelhead appliance has changed. Since the configuration is managed via the CMC, an uncontrolled change has happened and should be investigated.
These alarms get raised when the Steelhead appliance is close to Connection-based Admission Control.
This alarm gets raised when there are many half-opened or half-closed TCP connections on the Steelhead appliance. This can happen when there are problems in the auto-discovery process or during the setup of the optimized TCP session or in the teardown of the optimized TCP session.
This alarm gets raised when both RSP and PFS are configured on a Steelhead appliance. These two services are mutually exclusive.