Cisco CDA Visual Quality Experience Application User Guide, Release 2.1
Manual Initial VQE System Configuration
Download this chapter
Manual Initial VQE System ConfigurationManual Initial VQE System Configuration
Download the complete book
Full Length Book PDFFull Length Book PDF (PDF - 5 MB)
 Feedback

Table Of Contents

Manual Initial VQE System Configuration

Setting Up a Cisco CDE110 That Hosts VQE-S

Prerequisites for a Cisco CDE110 That Hosts VQE-S

Connecting Cables for VQE-S

Setting Up SSL Certificates for VQE-S

Configuring the Linux Operating System for VQE-S

Configuring Static Routes for VQE-S

Configuring Default ECMP Routes for CDE110 Ethernet Interfaces (VQE-S Host)

Configuring a Static Route for a CDE110 Management Interface (VQE-S Host)

Configuring Static Routes for Feedback Targets on the Attached Router

Multicast Load Balancer and the Management Network

Enabling the VQE STUN Server (Optional)

Configuring XML-RPC Port Numbers

Configuring Net-SNMP (Optional)

Ensuring That Only Trusted HTTPS Clients Can Push an SDP File

Starting VQE-S System Services and Verifying Status

Starting the VQE-S Processes and Verifying Status

Restarting the System and Verifying System and VQE-S Status

Setting Up a Cisco CDE110 That Hosts VCPT and VQE Client Channel Configuration Delivery Server

Prerequisites for a Cisco CDE110 That Hosts VCPT

Connecting Cables

Setting Up SSL Certificates for VCPT

Configuring the Linux Operating System for VCPT and VQE Client Channel Configuration Delivery Server

Configuring a Static Route for a CDE110 Management Interface (VCPT Host)

Configuring Net-SNMP (Optional)

Starting VCPT System Services and Verifying Status

Starting the VQE Client Channel Configuration Delivery Server Process and Verifying Status

Restarting the System and Verifying System, VCPT, and VQE Client Channel Configuration Delivery Server Status


Manual Initial VQE System Configuration

This appendix explains how to perform manual initial configuration on the CDE110 that hosts VQE-S and on the CDE110 that hosts VCPT and VQE Client Channel Configuration Delivery Server (VCDS).

The alternative to manual configuration is to use the Cisco VQE Startup Configuration Utility. For information on using the utility, see the "Getting Started Using the VQE Startup Configuration Utility" section on page 2-12.

Note Cisco recommends that you use the VQE Startup Configuration Utility rather than try to do the initial configuration manually because the utility simplifies your work and is known to produce correct results.

The manual initial configuration procedures are explained in these sections:

"Setting Up a Cisco CDE110 That Hosts VQE-S" section

"Setting Up a Cisco CDE110 That Hosts VCPT and VQE Client Channel Configuration Delivery Server" section

Setting Up a Cisco CDE110 That Hosts VQE-S

This section explains how to perform the initial configuration tasks for a Cisco CDE110 hosting VQE-S. Perform these tasks in the order shown:

1. Prerequisites for a Cisco CDE110 That Hosts VQE-S

2. Configuring the Linux Operating System for VQE-S

3. Configuring Static Routes for VQE-S

4. Multicast Load Balancer and the Management Network

5. Enabling the VQE STUN Server (Optional)

6. Configuring XML-RPC Port Numbers

7. Configuring Net-SNMP (Optional)

8. Ensuring That Only Trusted HTTPS Clients Can Push an SDP File

9. Starting VQE-S System Services and Verifying Status

10. Starting the VQE-S Processes and Verifying Status

11. Restarting the System and Verifying System and VQE-S Status

Note The configuration instructions in this section are intended for new installations of Cisco VQE Release 2.1 software, where the Cisco CDE110 has the Cisco VQE Release 2.1 software preinstalled.

For information on upgrading an already configured Cisco CDE110 from Cisco VQE Release 2.0 to Release 2.1, see the Release Notes for Cisco CDA Visual Quality Experience, Release 2.1.

Prerequisites for a Cisco CDE110 That Hosts VQE-S

This section explains tasks that should be performed before setting up a Cisco CDE110 that hosts VQE-S.

Connecting Cables for VQE-S

The following cable connections are used on the Cisco CDE110 that hosts VQE-S:

Category 5 UTP cable connects each of the four Ethernet interfaces on the back of the Cisco CDE110 to Ethernet interfaces on the edge router that is providing multicast streams for each IPTV channel. For optimal VQE-S performance, all four Ethernet interfaces on the Cisco CDE110 should have a direct Layer-3 connection to the edge router.

If a terminal server is used, the RJ-45 cable from the terminal server is connected to an RJ-45 serial port on the front or back of the Cisco CDE110. Only one serial port can be used because it is one shared serial port.

If a PC is directly connected to the CDE110 serial port, the cable from the PC is connected to an RJ-45 serial port on the front or back of the Cisco CDE110. Only one serial port (front or back) can be used because it is one shared serial port. The PC end of the cable connected to the CDE110 serial port varies depending on the type of ports supported by the PC.

Note The serial port is used for the system console. A system console is typically used rather than a monitor, keyboard, and mouse directly attached to the Cisco CDE110.

If a monitor, keyboard, and mouse are used, the cables for the devices are connected to the appropriate connectors on the Cisco CDE110.

For the location of connectors on the Cisco CDE110 front and back panels, see the Cisco Content Delivery Engine 110 Hardware Installation Guide.

Setting Up SSL Certificates for VQE-S

It is recommended that you deploy your own Secure Sockets Layer (SSL) certificates or commercial SSL certificates prior to beginning the tasks for setting up a Cisco CDE110 that hosts VQE-S. For information on setting up the certificates, see the "Setting Up SSL Certificates" section on page 2-4.

Configuring the Linux Operating System for VQE-S

This section explains the initial Linux configuration tasks needed for a Cisco CDE110 appliance that will run VQE-S software. The explanation assumes that the needed software for Linux and VQE-S has been pre-installed on the Cisco CDE110 appliance. For Red Hat Enterprise Linux 5.0 documentation, go to the following web site:

http://www.redhat.com/docs/manuals/enterprise/

For software configuration, the RJ-45 NIC (Ethernet) ports on the Cisco CDE110 back panel are specified as eth1, eth2, eth3, and eth4 as shown in Figure 4-1.

Figure 4-1 NIC Port Numbering for Software Configuration

Note On the back panel, the NIC ports labeled 1, 2, 3, and 4 are, respectively, for interfaces eth1, eth2, eth3, and eth4.

For the configuration examples in this section, Figure D-2 shows the IP addresses for interfaces eth1, eth2, eth3, and eth4 and the corresponding interfaces on the edge router.

Figure D-2 IP Addresses for VQE-S Configuration Examples

To configure the Linux operating system and other software for VQE-S, follow these steps:

Step 1 Press the front panel power switch to power on the Cisco CDE110 appliance.

The operating system boots.

Step 2 When local host:local domain login: is displayed, log in as root.

Step 3 When Enter New password: is displayed, enter the password you want to set for root.

When creating the password, read and follow the directions that are provided for password security. 

A valid password should be a mix of upper and lower case letters,

digits, and other characters.  You can use an 8 character long

password with characters from at least 3 of these 4 classes, or

a 7 character long password containing characters from all the

classes.  An upper case letter that begins the password and a

digit that ends it do not count towards the number of character

classes used.


A passphrase should be of at least 3 words, 12 to 40 characters

long and contain enough different characters.

Step 4 For the eth1, eth2, eth3, and eth4 interfaces, use a text editor to modify the /etc/sysconfig/network-scripts/ifcfg-eth# file (where # is the number of the Ethernet interface, such as ifcfg-eth1) and do the following:

Change ONBOOT to yes

Add IPADDR=ip_address_of this_system_eth#

Add NETMASK=netmask_for_eth#_network

As an example, for the eth1 interface, the /etc/sysconfig/network-scripts/ifcfg-eth1 file would include the following after the modifications: 

ONBOOT=yes

IPADDR=11.2.9.2 

NETMASK=255.255.255.0

Step 5 To bring the Ethernet interfaces up, issue the ifup command for eth1, eth2, eth3, and eth4. For example: 

[root@system]# ifup eth1

Step 6 Verify that the eth1, eth2, eth3, and eth4 interfaces are configured correctly and up and running.

Use the ifconfig interface command to verify that each Ethernet interface is up and running and the IP address and netmask for each are set correctly. The following example is for eth1: 

[root@system]# ifconfig eth1 


eth1      Link encap:Ethernet  HWaddr 00:0E:0C:C6:F3:0F  

          inet addr:11.2.10.2  Bcast:11.2.10.255  Mask:255.255.255.0

          inet6 addr: fe80::20e:cff:fec6:f30f/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:3 errors:0 dropped:0 overruns:0 frame:0

          TX packets:36 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:192 (192.0 b)  TX bytes:2700 (2.6 KiB)

          Base address:0x3000 Memory:b8800000-b8820000

Use the ip link show eth# command (where # is the Ethernet interface number) to check that the link is up. The following example is for eth1: 

[root@system]# ip link show eth1 


eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000

link/ether 00:0e:0c:c6:e4:fe brd ff:ff:ff:ff:ff:ff

Use the ping command to check that the Cisco CDE110 can reach the connected edge router. For example: 

[root@system]# ping 11.2.9.1

Step 7 Use a text editor to modify the /etc/hosts file and add a line with the IP address for eth1 and the associated hostname. For example: 

11.2.9.2 starfire-iptv

Step 8 Use a text editor to modify the /etc/sysconfig/network file and change HOSTNAME to the hostname of this system. For example: 

HOSTNAME=starfire-iptv

Note The changes to the files /etc/hosts and /etc/sysconfig/network do not take effect until the system is rebooted, as described in the "Restarting the System and Verifying System and VQE-S Status" section.

Step 9 To create the password for the vqe user (a pre-created Linux user ID), issue the following command: 

[root@system]# passwd vqe

Enter a password that follows the password guidelines.

The vqe username and password can be used log in to the VQE-S Application Monitoring Tool. This username and password cannot be used to log in to Linux directly using SSH.

Step 10 If you have not already done so, follow the directions in the "Setting Up SSL Certificates" section on page 2-4 to set up the Secure Socket Layer (SSL) certificates required for VQE-S.

Configuring Static Routes for VQE-S

This section provides information on configuring static routes on the CDE110 that hosts VQE-S and on the directly attached router:

Configuring Default ECMP Routes for CDE110 Ethernet Interfaces (VQE-S Host)

Configuring a Static Route for a CDE110 Management Interface (VQE-S Host)

Configuring Static Routes for Feedback Targets on the Attached Router

For the configuration examples in this section, Figure D-3 shows the IP addresses for interfaces eth1, eth2, eth3, and eth4 and the corresponding interfaces on the edge router.

Figure D-3 IP Addresses for VQE-S Configuration Examples

Configuring Default ECMP Routes for CDE110 Ethernet Interfaces (VQE-S Host)

On the Cisco CDE110 that hosts VQE-S, multiple Ethernet interfaces are used for incoming multicast streams, outgoing Unicast Retransmissions, and other traffic. In addition, some VQE deployments may use one of the Ethernet ports as the interface to a management network.

If a default route is configured for each Ethernet interface that is available to VQE-S for Unicast Retransmission and other traffic, Equal Cost Multipath (ECMP) is used to load balance output traffic across all of the listed nexthop interfaces.

To configure a default route for multiple CDE110 Ethernet interfaces, follow these steps:

Step 1 If needed, log in as root.

Step 2 Use a text editor to modify the file /etc/sysconfig/static-routes-iputil so that it contains a line with the following syntax: 

default nexthop via next-hop-router1 [nexthop via next-hop-router2] ...

In the preceding, the nexthop via next-hop-router construct repeats for as many next-hop router interfaces as are reachable through all of the configured CDE110 Ethernet interfaces. For example, if all four Ethernet interfaces are used by VQE-S for Unicast Retransmission, the line is as follows: 

default nexthop via 11.2.9.1 nexthop via 11.2.10.1 nexthop via 11.2.11.1 nexthop via 
11.2.12.1

In the preceding example, 11.2.9.1, 11.2.10.1, 11.2.11.1 , and 11.2.12.1 are the next-hop addresses on the router.

With this configuration in place, when the CDE110 system is rebooted, ECMP is used to load-balance output traffic across all of the listed next-hop interfaces.

Step 3 To verify that the default route is present in the routing table of the CDE110, issue the following command: 

[root@system]# ip route show

The output will be similar to the following: 

default

nexthop via 11.2.9.1 dev eth1 weight 1

nexthop via 11.2.10.1 dev eth2 weight 1

nexthop via 11.2.11.1 dev eth3 weight 1

nexthop via 11.2.12.1 dev eth4 weight 1

Configuring a Static Route for a CDE110 Management Interface (VQE-S Host)

If your deployment makes use of a management network, a static route for the management network can be configured using the /etc/sysconfig/network-scripts/route-interface-name file. The interface-name is eth1, eth2, eth3, or eth4. For example, the filename for the eth1 interface is route-eth1.

To configure a static route for a management network, follow these steps:

Step 1 If needed, log in as root.

Step 2 Use a text editor to modify the file /etc/sysconfig/network-scripts/route-interface-name where interface-name is the CDE110 Ethernet interface that will be used for the management network. Edit the file so that it contains a line with the following syntax: 

management-ip-addr/prefix-length nexthop via gateway-addr

In the preceding, the management-ip-addr/prefix-length is the IP address and prefix length for the management network. The gateway-addr is the IP address of the router interface that is directly attached to the CDE110 Ethernet port that will be used for management network traffic.

For this example, assume the following:

CDE110 Ethernet interface eth1 (11.2.9.2) will be used for the management network.

The management network is 10.0.0.0/8.

The following line configures a static route for eth1 and the management network: 

10.0.0.0/8 nexthop via 11.2.9.1

In the preceding example, 11.2.9.1 is the gateway-addr—the router interface that is directly attached to eth1. Figure D-3 shows the IP addresses used in this example for the eth1 interface and the directly attached router.

With this configuration in place, when the CDE110 system is rebooted, the management network static route is bound to the eth1 interface. The eth1 interface is used for management network traffic.

Note Default ECMP routes for the other CDE110 Ethernet interfaces (eth2, eth3, and eth4) are configured as described in the "Configuring Default ECMP Routes for CDE110 Ethernet Interfaces (VQE-S Host)" section.

Step 3 To verify that the static route for eth1 and default routes for the other Ethernet interfaces are present in the routing table of the CDE110, issue the following command: 

[root@system]# ip route show

The output will be similar to the following: 

    10.0.0.0/8 via 11.2.9.1 dev eth1

default

nexthop via 11.2.10.1 dev eth2 weight 1

nexthop via 11.2.11.1 dev eth3 weight 1

nexthop via 11.2.12.1 dev eth4 weight 1

Configuring Static Routes for Feedback Targets on the Attached Router

When channels are configured with a channel-provisioning tool such as VQE Channel Provisioning Tool, it is required that you specify a unique Feedback Target (FBT) address for each channel. The router that is directly attached to the VQE-S host must have a static route configured for the FBT address so that the router can reach the target. If the FBT addresses are allocated within a contiguous address range, this configuration piece can be done with a single aggregated route.

For example, if the FBT addresses for the channels are assigned to be 8.86.1.1, 8.86.1.2, 8.86.1.3, ..., 8.86.1.250, then the single static route 8.86.1.0/24 configured on the directly attached router allows any of these FBT addresses to be reached. The commands on the router for the FBT addresses would be as follows: 

configure terminal 

ip route 8.86.1.0 255.255.255.0 11.2.9.2 

ip route 8.86.1.0 255.255.255.0 11.2.10.2 

ip route 8.86.1.0 255.255.255.0 11.2.11.2 

ip route 8.86.1.0 255.255.255.0 11.2.12.2

As shown in Figure D-3, the IP addresses 11.2.9.2, 11.2.10.2, 11.2.11.2, and 11.2.12.2 have been assigned to the Ethernet interfaces on the VQE-S host. These interfaces are used for Unicast Retransmission.

Multicast Load Balancer and the Management Network

The /etc/opt/vqes/vqes.conf file has an option that allows you to specify the Ethernet interfaces that will be available to Multicast Load Balancer (MLB) for incoming multicast streams and outgoing Unicast Retransmissions. In the interface option for the MLB process, add the names of the Ethernet interfaces to reflect those interfaces that will be available for use by Multicast Load Balancer. By default, the interface option lists all four Ethernet interfaces as available to MLB.

For information on editing the vqes.conf file, see the "VQE-S Configuration File Location and Editing" section on page A-3

For information on the interface option of the MLB process, see Table A-5 on page A-10.

Note If your deployment uses one Ethernet interface for a management network, be sure not to include that interface as one of the interfaces that will be available to Multicast Load Balancer.

Enabling the VQE STUN Server (Optional)

If your deployment will use the VQE STUN Server so that set-top boxes behind NAT devices are supported by VQE, you must enable the STUN Server in the vqes.conf file. Unless you are sure that no set-top boxes being serviced by VQE-S are behind NAT devices, we recommend that you enable the STUN Server.

For detailed information on editing the vqes.conf file, see Appendix A, "Configuring VQE-S."

To enable the STUN Server, do the following:

Step 1 If needed, log in as root.

Step 2 Open the /etc/opt/vqes/vqes.conf file in a text editor.

Step 3 In the process definition section for the STUN Server, change run = false; to run = true; as shown in the following: 

stun_server =

   {

     name = "STUN Server";

     exec = "/opt/vqes/bin/stun_server";

     privileged = true;


      #

      # Enable/Disable setting for the STUN Server (optional)

      # Default value is true in case of absence 

      #   true- Start STUN Server

      #   false- Do not start STUN Server

      # 

     run = true;

   };

Do not change any other values in the process definition section for the STUN Server.

Step 4 Save and close the vqes.conf file.

Configuring XML-RPC Port Numbers

The port numbers that VQE-S uses for XML-RPC are configured in two files:

VQE-S configuration file (/etc/opt/vqes/vqes.conf)

VQE-S AMT configuration file (/usr/share/tomcat5/webapps/ems/WEB-INF/vqe.conf)

Note If your VQE-S deployment uses the default XML-RPC port numbers for VQE-S, you do not need to change any XML-RPC port numbers in the VQE-S configuration file or the VQE-S AMT configuration file.

If your VQE-S deployment requires changes to the default XML-RPC port numbers for VQE-S, you need to make sure that the changes are coordinated so that the same port numbers for Process Monitor, Control Plane, and Multicast Load Balancer are specified in both the VQE-S configuration file and the VQE-S AMT configuration file. If you need to change a port number, use a text editor to modify each configuration file and save the file.

The default XML-RPC port numbers in the VQE-S AMT configuration file (/usr/share/tomcat5/webapps/ems/WEB-INF/vqe.conf) are as follows: 

#VQE EMS: Configuration file for VQE management servers 
# 
# Copyright (c) 2007 by Cisco Systems, Inc. 
# All rights reserved. 
# 
controlplane:8051 
dataplane:8051 
processmonitor:8050 
mcastloadbalance:8052

Note In the vqes.conf file, the port number specified in the xmlrpc-port option for the Control Plane is also used for the Data Plane. The vqes.conf file has no xmlrpc-port option for the Data Plane.

If you change the xmlrpc-port option for the Control Plane in vqes.conf, you must change the control plane and data plane values in the VQE-S AMT configuration file (shown above).

The default port numbers used for VQE-S are the same as those shown above. For information on the VQE-S configuration file (/etc/opt/vqes/vqes.conf), see Appendix A, "Configuring VQE-S".

Configuring Net-SNMP (Optional)

The Cisco CDE110 that hosts VQE-S uses Net-SNMP, a third-party product, for SNMP support for some basic, non-VQE system services. Net-SNMP offers a set of built-in MIBs for Linux platforms. For more information on Net-SNMP support, see Appendix B, "Using Net-SNMP."

You must configure Net-SNMP on the Cisco CDE110 that hosts VQE-S. For information on configuring Net-SNMP, see the Net-SNMP web site:

http://www.net-snmp.com/

Ensuring That Only Trusted HTTPS Clients Can Push an SDP File

If your IPTV deployment will use VQE Channel Provisioning Tool (VCPT) to send channel information to the VQE Servers, it is recommended that you configure each CDE110 that hosts VQE-S so that only trusted HTTPS clients can send the channel information to the CDE110. For more information on VCPT and how it sends channel information, see "VQE Channel Provisioning Tool and Channel Information" section on page 1-11.

The iptables command provides a Linux-based, packet-filtering firewall that can be used to restrict HTTPS traffic to only trusted clients.

To allow only traffic from trusted HTTPS clients on the CDE110 port used for HTTPS, follow these steps:

Step 1 If needed, log in as root on the CDE110 that hosts VQE-S.

Step 2 To allow inbound TCP traffic from the trusted HTTPS client on the VCPT host that will provide channel information to this VQE-S, issue the following command:

iptables -A INPUT -p tcp --dport 444 -s VCPT_Host_IP_Address -j ACCEPT

In the preceding command, the following arguments specify the source and destination of the TCP traffic:

--dport specifies the destination port on the VQE-S host. On the CDE110, the value is always 444.

-s specifies the source IP address of the packet. The value is the IP address of the VCPT host.

For example: 

[root@system]# iptables -A INPUT -p tcp --dport 444 -s 10.86.17.200/32 -j ACCEPT

Step 3 To block all other inbound TCP traffic on the port, issue the following command: 

[root@system]# iptables -A INPUT -p tcp --dport 444 -j REJECT

Step 4 To save the configuration in the iptables file, issue the following command: 

[root@system]# iptables-save > /etc/sysconfig/iptables

Saving the current configuration to the iptables file ensures that the configuration will persist across reboots.

Starting VQE-S System Services and Verifying Status

To start system VQE-S system services and verify their status, follow these steps:

Step 1 To start VQE-S system services, issue the following command: 

[root@system]# /usr/bin/vqes_init_setup

Note The vqes_init_setup script should be used only when the system services are started for the first time because the script resets any user-defined configuration to the initial default values.

Table D-1 lists the system services that are started by the vqes_init_setup script.

Table D-1 System Services for CDE110 That Hosts VQE-S

Service
Description

check_daemons

A script that monitors httpd and tomcat processes and attempts to restart them if they fail. The script runs once a minute as a cron job owned by root.

sshd

The Secure Shell daemon.

httpd

HyperText Transfer Protocol daemon (the Apache web server).

tomcat5

The Apache Tomcat application server.

snmpd

The SNMP daemon.

snmpsa

The SNMP subagent.


Step 2 To verify the sshd run levels and that the process is running, issue the following commands: 

[root@system]# chkconfig --list | grep sshd 

sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off


[root@system]# ps -ef | grep sshd 

root      2835     1  0 Jul18 ?        00:00:00 /usr/sbin/sshd

Step 3 To verify the httpd run levels and that the process is running, issue the following commands: 

[root@system]# chkconfig --list | grep httpd 

httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off


[root@system]# ps -ef | grep httpd 

root      2880     1  0 Jul18 ?        00:00:00 /usr/sbin/httpd

apache    4881  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

apache    4882  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

apache    4883  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

apache    4884  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

apache    4885  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

apache    4886  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

apache    4887  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

apache    4888  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

Step 4 To verify the tomcat5 run levels and that the process is running, issue the following commands: 

[root@system]# chkconfig --list | grep tomcat5 

tomcat5         0:off   1:off   2:on    3:on    4:on    5:on    6:off


[root@system]# ps -ef | grep tomcat5 

root      2915     1  0 Jul18 ?        00:00:11 /usr/java/default/bin/java 
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 
-Djava.util.logging.config.file=/usr/share/tomcat5/conf/logging.properties 
-Djava.endorsed.dirs=/usr/share/tomcat5/common/endorsed -classpath 
:/usr/share/tomcat5/bin/bootstrap.jar:/usr/share/tomcat5/bin/commons-logging-api.jar 
-Dcatalina.base=/usr/share/tomcat5 -Dcatalina.home=/usr/share/tomcat5 
-Djava.io.tmpdir=/usr/share/tomcat5/temp org.apache.catalina.startup.Bootstrap start

Step 5 To verify the snmpd run levels and that the process is running, issue the following commands: 

[root@system]# chkconfig --list | grep snmpd 

snmpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off


[root@system]# ps -ef | grep snmpd 

root      2812     1  0 Jul18 ?        00:00:58 /usr/sbin/snmpd -Lsd -Lf /dev/null -p 
/var/run/snmpd -a

Step 6 To verify the snmpsa run levels and that the process is running, issue the following commands: 

[root@system]# chkconfig --list | grep snmpsa 

snmpsa          0:off   1:off   2:on    3:on    4:on    5:on    6:off


[root@system]# ps -ef | grep snmpsa 

root      2959     1  0 Jul18 ?        00:02:26 /usr/local/snmpsa/bin/smSubagent

Starting the VQE-S Processes and Verifying Status

To start the VQE-S processes and verify status, follow these steps:

Step 1 Use a text editor to modify the /etc/inittab file so that the following line is uncommented—that is, remove the # character at the beginning of the line. The line before modification is: 

#vqes:3:respawn:/opt/vqes/bin/process_monitor -c /etc/opt/vqes/vqes.conf

The line after the # character is removed is: 

vqes:3:respawn:/opt/vqes/bin/process_monitor -c /etc/opt/vqes/vqes.conf

Step 2 To start VQE-S, issue this command: 

[root@system]# init Q

Note Syslog error messages are displayed indicating that the VQE-S processes are starting without a channel configuration file. This is normal behavior because a channel configuration file from the VQE Channel Provisioning Tool (VCPT) has not yet been sent to VQE-S. Creating and sending the file is done when the Cisco CDE110 that hosts VCPT is configured, and VCPT is used to create and send the file.

Step 3 To check that the VQE-S processes are running, issue the following command: 

[root@system]# ps -ef | grep vqe 


root      2406     1  0 13:10 ?        00:00:00 /opt/vqes/bin/process_monitor -c 
/etc/opt/vqes/vqes.conf

vqes      2409  2406  0 13:10 ?        00:00:00 mlb --interface eth1 --xmlrpc-port 
8052 --unicast-reservation 40 --poll-interval 1

root      2411  2406  2 13:10 ?        00:00:00 vqes_dp --setcpu 0 --group vqes

vqes      2415  2406  0 13:10 ?        00:00:00 vqes_cp --xmlrpc-port 8051 --cfg 
/etc/opt/vqes/vqe_channels.cfg

root      2422  3127  0 13:10 pts/0    00:00:00 grep vqe

In the preceding output, the VQE-S processes to check for are as follows:

process_monitor—Process Monitor

mlb—Multicast Load Balancer

vqes_dp—Data Plane

vqes_cp—Control Plane

Step 4 If you have chosen to enable the STUN Server, issue the following command to check that the STUN Server process is running: 

[root@system]# ps -elf | grep stun 


4 S root     18926 18919  0  75   0 -  3780 322792 Nov09 ?        00:03:29 stun_server 
--xmlrpc-port 8054

0 S root     31148  3359  0  78   0 -   971 pipe_w 12:46 ttyS1    00:00:00 grep stun

Step 5 To use the VQE-S Application Monitoring Tool from a web browser, enter as the URL the IP address of the Cisco CDE110 that hosts VQE-S: 

https://ip_address_of_VQES_host

Log in using the vqe username and password. (Any valid Linux username and password can be used to log in to the VQE-S Application Monitoring Tool.)

If you click System in the left pane, the VQE-S Application Monitoring Tool displays information on the VQE-S processes. Figure 4-2 shows an example.

Restarting the System and Verifying System and VQE-S Status

To restart the Cisco CDE110 and verify system and VQE-S status, follow these steps:

Note The output for the commands issued in this section has been omitted. For example output, see the previous sections in this chapter where the same commands were issued.

Step 1 To restart the system, issue the following command: 

[root@system]# init 6

The operating system boots.

Note Syslog error messages are displayed indicating that the VQE-S processes are starting without a channel configuration file. This is normal behavior because a channel configuration file from the VQE Channel Provisioning Tool (VCPT) has not yet been sent to VQE-S. Creating and sending the file is done when the Cisco CDE110 that hosts VCPT is configured, and VCPT is used to create and send the file.

Step 2 Log in as root.

Step 3 To verify that interfaces eth1, eth2, eth3, and eth4 are up and running and the IP address and netmask for each are set correctly, issue the following command: 

[root@system]# ifconfig -a 


... Output omitted

Step 4 To check that the VQE-S processes are running, issue the following command: 

[root@system]# ps -ef | grep vqe 


... Output omitted

Step 5 If you have chosen to enable the STUN Server, issue the following command to check that the STUN Server process is running: 

[root@system]# ps -elf | grep stun 


... Output omitted

Step 6 To verify that the sshd process is running, issue the following command: 

[root@system]# ps -ef | grep sshd 


... Output omitted

Step 7 To verify that the httpd process is running, issue the following command: 

[root@system]# ps -ef | grep httpd 


... Output omitted

Step 8 To verify that the tomcat5 process is running, issue the following command: 

[root@system]# ps -ef | grep tomcat5 


... Output omitted

Step 9 To verify that the snmpd process is running, issue the following command: 

[root@system]# ps -ef | grep snmpd 


... Output omitted

Step 10 To verify that the snmpsa process is running, issue the following command: 

[root@system]# ps -ef | grep snmpsa 


... Output omitted

Step 11 Do one of the following:

If the preceding checks indicate that all is well, proceed to "Setting Up a Cisco CDE110 That Hosts VCPT and VQE Client Channel Configuration Delivery Server" section.

If one of the preceding checks fails, inspect the configuration of the item that failed and make any needed adjustments.

Setting Up a Cisco CDE110 That Hosts VCPT and VQE Client Channel Configuration Delivery Server

This section explains how to perform the initial configuration tasks for a Cisco CDE110 hosting VQE Channel Provisioning Tool (VCPT) and VQE Client Channel Configuration Delivery Server. Perform these tasks in the order shown:

1. Prerequisites for a Cisco CDE110 That Hosts VCPT

2. Configuring the Linux Operating System for VCPT and VQE Client Channel Configuration Delivery Server

3. Configuring a Static Route for a CDE110 Management Interface (VCPT Host)

4. Configuring Net-SNMP (Optional)

5. Starting VCPT System Services and Verifying Status

6. Starting the VQE Client Channel Configuration Delivery Server Process and Verifying Status

7. Restarting the System and Verifying System, VCPT, and VQE Client Channel Configuration Delivery Server Status

Note The configuration instructions in this section are intended for new installations of Cisco VQE Release 2.1 software, where the Cisco CDE110 has the Cisco VQE Release 2.1 software preinstalled.

For information on upgrading an already configured Cisco CDE110 from Cisco VQE Release 2.0 to Release 2.1, see the Release Notes for Cisco CDA Visual Quality Experience, Release 2.1.

Prerequisites for a Cisco CDE110 That Hosts VCPT

This section explains tasks that should be performed before setting up a Cisco CDE110 that hosts VCPT.

Connecting Cables

The following cable connections are used on the Cisco CDE110 that hosts VCPT:

Note The configuration examples in this section assume that one CDE110 Ethernet interface will be used to connect to the VQE network.

Use Category 5 UTP cable to connect at least one of the four Ethernet interfaces on the back of the CDE110 to the same network that the CDE110s that host VQE-S are on. If you use additional Ethernet interfaces for link redundancy, connect Category 5 UTP cables for those interfaces also.

If a terminal server is used, the RJ-45 cable from the terminal server is connected to an RJ-45 serial port on the front or back of the Cisco CDE110. Only one serial port can be used because it is one shared serial port.

If a PC is directly connected to the CDE110 serial port, the cable from the PC is connected to an RJ-45 serial port on the front or back of the Cisco CDE110. Only one serial port (front or back) can be used because it is one shared serial port. The PC end of the cable connected to the CDE110 serial port varies depending on the type of ports supported by the PC.

Note The serial port is used for the system console. A system console is typically used rather than a monitor, keyboard, and mouse directly attached to the Cisco CDE110.

If a monitor, keyboard, and mouse are used, the cables for the devices are connected to the appropriate connectors on the Cisco CDE110.

For the location of connectors on the Cisco CDE110 front and back panels, see the Cisco Content Delivery Engine 110 Hardware Installation Guide.

Setting Up SSL Certificates for VCPT

It is recommended that you deploy your own or commercial Secure Sockets Layer (SSL) certificates prior to beginning the tasks for setting up a Cisco CDE110 that hosts VCPT. For information on setting up the certificates, see the "Setting Up SSL Certificates" section on page 2-4.

Configuring the Linux Operating System for VCPT and VQE Client Channel Configuration Delivery Server

This section explains the initial Linux configuration tasks needed for a Cisco CDE110 appliance that will run VCPT and VQE Client Channel Configuration Delivery Server software. The explanation assumes that the needed software for Linux, VCPT, and VQE Client Channel Configuration Delivery Server have been pre-installed on the Cisco CDE110 appliance. For Red Hat Linux 5.0 documentation, go to the following web site:

http://www.redhat.com/docs/manuals/enterprise/

For software configuration, the RJ-45 NIC (Ethernet) ports on the Cisco CDE110 back panel are specified as eth1, eth2, eth3, and eth4 as shown in Figure 4-4.

Figure 4-4 NIC Port Numbering for Software Configuration

Note On the back panel, the NIC ports labeled 1, 2, 3, and 4 are, respectively, for interfaces eth1, eth2, eth3, and eth4.

For the configuration examples in this section, Figure D-5 shows the IP addresses for interface eth1 and the corresponding interface on the edge router.

Figure D-5 IP Addresses for VCPT and VQE Client Channel Configuration Delivery Server Configuration Examples

Note The configuration examples in this section assume that one CDE110 Ethernet interface (eth1) will be used to connect to the VQE network.

To configure the Linux operating system and other software for VCPT and VQE Client Channel Configuration Delivery Server, follow these steps:

Step 1 Press the front panel power switch to power on the Cisco CDE110 appliance.

The operating system boots.

Step 2 When local host:local domain login: is displayed, log in as root.

Step 3 When Enter New password: is displayed, enter the password you want to set for root.

When creating the password, read and follow the directions that are provided for password security. 

A valid password should be a mix of upper and lower case letters,

digits, and other characters.  You can use an 8 character long

password with characters from at least 3 of these 4 classes, or

a 7 character long password containing characters from all the

classes.  An upper case letter that begins the password and a

digit that ends it do not count towards the number of character

classes used.


A passphrase should be of at least 3 words, 12 to 40 characters

long and contain enough different characters.

Step 4 For the eth1 interface, use a text editor to modify the /etc/sysconfig/network-scripts/ifcfg-eth1 file and do the following:

Change ONBOOT to yes

Add IPADDR=ip_address_of this_system_eth1

Add NETMASK=netmask_for_eth1_network

As an example, for the eth1 interface, the /etc/sysconfig/network-scripts/ifcfg-eth1 file would include the following after the modifications: 

ONBOOT=yes

IPADDR=11.2.15.2 

NETMASK=255.255.255.0

Step 5 To bring the Ethernet interfaces up, issue the ifup command for the eth1. For example: 

[root@system]# ifup eth1

Step 6 Verify that the eth1 interface is configured correctly and up and running.

Use the ifconfig interface command to verify that the Ethernet interface is up and running and the IP address and netmask is set correctly. The following example is for eth1: 

[root@system]# ifconfig eth1 


eth1      Link encap:Ethernet  HWaddr 00:0E:0C:C6:F3:0F  

          inet addr:11.2.15.2  Bcast:11.2.15.255  Mask:255.255.255.0

          inet6 addr: fe80::20e:cff:fec6:f30f/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:3 errors:0 dropped:0 overruns:0 frame:0

          TX packets:36 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:192 (192.0 b)  TX bytes:2700 (2.6 KiB)

          Base address:0x3000 Memory:b8800000-b8820000

Use the ip link show eth# command (where # is the Ethernet interface number) to check that the link is up. For example: 

[root@system]# ip link show eth1 


eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000

link/ether 00:0e:0c:c6:e4:fe brd ff:ff:ff:ff:ff:ff

Use the ping command to check that the Cisco CDE110 can reach the connected edge router. For example: 

[root@system]# ping 11.2.15.1

Step 7 Use a text editor to modify the /etc/hosts file and add a line with the IP address for eth1 and the associated hostname. For example: 

11.2.15.2 starfire1-iptv

Step 8 Use a text editor to modify the /etc/sysconfig/network file and change HOSTNAME to the hostname of this system. For example: 

HOSTNAME=starfire1-iptv

Note The changes to the files /etc/hosts and /etc/sysconfig/network do not take effect until the system is rebooted as described in the "Restarting the System and Verifying System, VCPT, and VQE Client Channel Configuration Delivery Server Status" section.

Step 9 To create the password for the vqe user (a pre-created Linux user ID), issue the following command: 

[root@system]# passwd vqe

Enter a password that follows the password guidelines.

The vqe username and password can be used to log in to the VQE Channel Provisioning Tool. This username and password cannot be used to log in to Linux directly using Secure Shell (SSH).

Step 10 If you have not already done so, follow the directions in the "Setting Up SSL Certificates" section on page 2-4 to set up the Secure Socket Layer (SSL) certificates required for VCPT.

Configuring a Static Route for a CDE110 Management Interface (VCPT Host)

Note The configuration example in this section assumes that one CDE110 Ethernet interface will be used to connect to the VQE network.

If your deployment makes use of a management network, a static route for the management network can be configured using the /etc/sysconfig/network-scripts/route-interface-name file. The interface-name is eth1, eth2, eth3, or eth4. For example, the filename for the eth1 interface is route-eth1.

To configure a static route for a management network, follow these steps:

Step 1 If needed, login as root.

Step 2 Use a text editor to modify the file /etc/sysconfig/network-scripts/route-interface-name where interface-name is the CDE110 Ethernet interface that will be used for the management network. Edit the file so that it contains a line with the following syntax: 

management-ip-addr/prefix-length nexthop via gateway-addr

In the preceding, the management-ip-addr/prefix-length is the IP address and prefix length for the management network. The gateway-addr is the IP address of the router interface that is directly attached to the CDE110 Ethernet port that will be used for management network traffic.

For this example, assume the following:

CDE110 Ethernet interface eth1 (11.2.15.2) will be used for the management network.

The management network is 10.0.0.0/8.

The following line configures a static route for eth1 and the management network: 

10.0.0.0/8 nexthop via 11.2.15.1

In the preceding example, 11.2.15.1 is the gateway-addr—the router interface that is directly attached to eth1. Figure D-5 shows the IP addresses used in this example for the eth1 interface and the directly attached router.

With this configuration in place, when the CDE110 system is rebooted, the management network static route is bound to the eth1 interface. The eth1 interface is used for management network traffic.

Step 3 To verify that the static route for eth1 is present in the routing table of the CDE110, issue the following command: 

[root@system]# ip route show

The output will be similar to the following: 

    10.0.0.0/8 via 11.2.15.1 dev eth1

Configuring Net-SNMP (Optional)

The CDE110 that hosts VCPT uses Net-SNMP, a third-party product, for SNMP support for some basic, non-VQE system services. Net-SNMP offers a set of built-in MIBs for Linux platforms. For more information on Net-SNMP support, see Appendix B, "Using Net-SNMP."

You must configure Net-SNMP on the Cisco CDE110 that hosts VCPT. For information on configuring Net-SNMP, see the Net-SNMP web site:

http://www.net-snmp.com/

Starting VCPT System Services and Verifying Status

To start VCPT system services and verify their status, follow these steps:

Step 1 To start system services, issue the following command: 

[root@system]# /usr/bin/vqes_init_setup

Note The vqes_init_setup script should be used only when the system services are started for the first time because the script resets any user-defined configuration to the initial default values.

Table D-2 lists the system services that are started by the vqes_init_setup script.

Table D-2 System Services for CDE110 That Hosts VCPT

Service
Description

check_daemons

A script that monitors httpd and tomcat processes and attempts to restart them if they fail. The script runs once a minute as a cron job owned by root.

sshd

The Secure Shell daemon.

httpd

HyperText Transfer Protocol daemon (the Apache web server).

tomcat5

The Apache Tomcat application server.

snmpd

The SNMP daemon.

snmpsa

The SNMP subagent.


Step 2 To verify the sshd run levels and that the process is running, issue the following commands and check that the run-level output is as shown below: 

[root@system]# chkconfig --list | grep sshd 

sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off


[root@system]# ps -ef | grep sshd 

root      2835     1  0 Jul18 ?        00:00:00 /usr/sbin/sshd

Step 3 To verify the httpd run levels and that the process is running, issue the following commands: 

[root@system]# chkconfig --list | grep httpd 

httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off


[root@system]# ps -ef | grep httpd 

root      2880     1  0 Jul18 ?        00:00:00 /usr/sbin/httpd

apache    4881  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

apache    4882  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

apache    4883  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

apache    4884  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

apache    4885  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

apache    4886  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

apache    4887  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

apache    4888  2880  0 04:03 ?        00:00:00 /usr/sbin/httpd

Step 4 To verify the tomcat5 run levels and that the process is running, issue the following commands: 

[root@system]# chkconfig --list | grep tomcat5 

tomcat5         0:off   1:off   2:on    3:on    4:on    5:on    6:off


[root@system]# ps -ef | grep tomcat5 

root      2915     1  0 Jul18 ?        00:00:11 /usr/java/default/bin/java 
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 
-Djava.util.logging.config.file=/usr/share/tomcat5/conf/logging.properties 
-Djava.endorsed.dirs=/usr/share/tomcat5/common/endorsed -classpath 
:/usr/share/tomcat5/bin/bootstrap.jar:/usr/share/tomcat5/bin/commons-logging-api.jar 
-Dcatalina.base=/usr/share/tomcat5 -Dcatalina.home=/usr/share/tomcat5 
-Djava.io.tmpdir=/usr/share/tomcat5/temp org.apache.catalina.startup.Bootstrap start

Step 5 To verify the snmpd run levels and that the process is running, issue the following commands: 

[root@system]# chkconfig --list | grep snmpd 

snmpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off


[root@system]# ps -ef | grep snmpd 

root      2812     1  0 Jul18 ?        00:00:58 /usr/sbin/snmpd -Lsd -Lf /dev/null -p 
/var/run/snmpd -a

Step 6 To verify the snmpsa run levels and that the process is running, issue the following commands: 

[root@system]# chkconfig --list | grep snmpsa 

snmpsa          0:off   1:off   2:on    3:on    4:on    5:on    6:off


[root@system]# ps -ef | grep snmpsa 

root      2959     1  0 Jul18 ?        00:02:26 /usr/local/snmpsa/bin/smSubagent

Starting the VQE Client Channel Configuration Delivery Server Process and Verifying Status

This section explains how to start the VQE Client Channel Configuration Delivery Server (VCDS) process and verify that the process is running and that VCPT is available.

Note VCPT is a web application and has no dedicated processes associated with it. The processes needed for the VCPT web application to work (for example, the web server) are started automatically when the Cisco CDE110 is started.

To start the VQE Client Channel Configuration Delivery Server process and verify that it is running, follow these steps:

Step 1 To start VQECCfgDeliveryServer (VQE Client Channel Configuration Delivery Server) and verify status, issue this command: 

[root@system]# init Q

Step 2 To check that the VQE Client Channel Configuration Delivery Server (VCDS) process is running, issue the following command: 

[root@system]# ps -ef | grep VCDS 


root 2928 1 0 01:31 ? 00:00:00 /opt/vqes/bin/VQECCfgDeliveryServer -f 
/etc/opt/vqes/VCDServer.cfg

Step 3 To verify that VCPT is accessible from a web browser, enter as the URL the IP address of the Cisco CDE110 that hosts VCPT: 

https://ip_address_of_VCPT_host

Log in using the vqe username and password. (Any valid Linux username and password can be used to log in to VCPT.)

If you are able to log in successfully, VCPT is running correctly.

Restarting the System and Verifying System, VCPT, and VQE Client Channel Configuration Delivery Server Status

To restart the Cisco CDE110 and verify system, VCPT, and VQE Client Channel Configuration Delivery Server status, follow these steps:

Note The output for the commands issued in this section has been omitted. For example output, see the previous sections in this chapter where the same commands were issued.

Step 1 To restart the system, issue the following command: 

[root@system]# init 6

The operating system boots.

Step 2 Log in as root.

Step 3 To verify that interface eth1 is up and running and the IP address and netmask is set correctly, issue the following command: 

[root@system]# ifconfig -a 


... Output omitted

Step 4 To verify that the sshd process is running, issue the following command: 

[root@system]# ps -ef | grep sshd 


... Output omitted

Step 5 To verify that the httpd process is running, issue the following command: 

[root@system]# ps -ef | grep httpd 


... Output omitted

Step 6 To verify that the tomcat5 process is running, issue the following command: 

[root@system]# ps -ef | grep tomcat5 


... Output omitted

Step 7 To verify that the snmpd process is running, issue the following command: 

[root@system]# ps -ef | grep snmpd 


... Output omitted

Step 8 To verify that the snmpsa process is running, issue the following command: 

[root@system]# ps -ef | grep snmpsa 


... Output omitted

Step 9 To check that the VQE Client Channel Configuration Delivery Server (VCDS) process is running, issue the following command: 

[root@system]# ps -ef | grep -i VCDS 


... Output omitted

Step 10 To verify that VCPT is accessible from a web browser, enter as the URL the IP address of the Cisco CDE110 that hosts VCPT: 

https://ip_address_of_VCPT_host

Log in with a Linux username and password.

If you are able to log in successfully, VCPT is running correctly.

Step 11 Do one of the following:

If the preceding checks indicate that all is well, you are ready to start using VCPT. For information, see Chapter 3, "Using the VQE Channel Provisioning Tool."

If one of the preceding checks fails, inspect the configuration of the item that failed and make any needed adjustments.