Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SBR] Diameter Routing Agent (DRA) blocks SBR while using Diameter over SCTP

0

0

Article ID: KB31048 KB Last Updated: 04 Mar 2017Version: 2.0
Summary:

Diameter Routing Agent (DRA) blocks SBR traffic in the following conditions:

  • SBR is running on Solaris Platform
  • SBR uses Solaris Native stack for Diameter Stream Control Transmission Protocol (SCTP) communication
  • Physical server has multiple NICs configured
  • Diameter module is configured to use specific interface (not all) from available NIC from "Local Network Element ->identification"
Symptoms:

By default, SBR sends ALL IP addresses available on the server as part of the SCTP INIT message to DRA even when SBR is configured with only a few addresses. Because of these extra IP addresses in the INIT message, the DRA report warning messages, then block traffic from the SBR.

Cause:

Some DRA expects SCTP INIT chunk [Supported Address Type Parameter] and Diameter Capability Exchange Request (CER) packet AVP [Host-IP-Address] IP list to be the same. By default, SBR installed on Solaris Platform using Native SCTP stack all available IP addresses are included in SCTP INIT chunk, whereas Diameter CER packet uses UI configuration information and includes only configured IP addresses to be sent. Hence, due to this mismatch in the IP list for both messages, DRA agent drops the packets.

Solution:

CAUTION: This solution works for two or more IPs. Adding only 1 IP, SCTP INIT packet gets corrupted.

  1. Modify the file /opt/JNPRsbr/radius/system/config/diameter.xml and add IP addresses configured for Diameter Local Network Element ->identification under the <addresses> tag in transport configuration.

    Example:
    /opt/JNPRsbr/radius/system/config/diameter.xml:
  2. <?xml version="1.0"?>
     <config>
    <transport_mgr>
    <transports>
    <transport id = "transport6" protocol = "sctp" port = "3868">
    <addresses>
    <address>
    <ipv4address numeric="10.204.86.45" />
    </address>
    <address>
    <ipv4address numeric="192.168.1.10" />
    </address>
    </addresses>
    </transport>
    </transports>
    <config>
    <identity fqdn = "MUMBAI.funk.com" realm = "funk" />
    </config>
    </config>

  3. Update the system database for this configuration. Run the ./UpdateSystemDB.sh command from path /opt/JNPRsbr/radius/install

    Example:
bash-3.00# cd /opt/JNPRsbr/radius/install
bash-3.00# ./UpdateSystemDB.sh -f ../system/config/diameter.xml

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search