Cisco Prime Nerk 43 User Guide

							 
C-49
Cisco Prime Network 4.3.2 User Guide
Appendix C      Event Correlation Examples
  MPLS Fault Scenarios
BGP Neighbor Loss Scenario 
Ta b l e 3 - 6 shows the impacted calculations and reported affected severities for a BGP neighbor loss fault 
scenario.
NoteThe affected only relate to Layer 3 VPN services.
BGP rules require all routers within an autonomous system to be fully meshed. For large networks, this 
requirement represents a severe scaling problem. Route reflectors enable a BGP entity to establish a 
single BGP connection with a peer, where through that single peer, routing information is learned from 
other peers. As a result, the number of BGP sessions and connections is greatly reduced.
Decreasing the number of BGP connections and using route reflectors further separates the data and 
control paths. For example, data packets going from A to B do not go through the route reflector, while 
the routing updates between A and B do.
Every BGP router is uniquely identified by a router ID. A route reflector is not a configuration of a 
specific router. A router may act as a route reflector if it has a BGP neighbor configured as a BGP client. 
A router may act as both a route reflector to some of its BGP neighbors (those that are configured as 
BGP clients) and a nonclient BGP neighbor to those BGP neighbors that are configured as nonclient 
BGP neighbors.
A route reflector uses the following logic when distributing routes to its BGP neighbors:
A router advertises to its client peers all routes learned from other client and nonclient peers.
A router advertises to its nonclient peers only routes received from client peers.
Router ID distribution follows the same logic described previously.
Prime Network modeling provides a list of one or more router IDs for each interface. This reflects the 
network behavior of receiving BGP updates from a BGP router (possessing that ID) through that 
interface. The VNE also maintains the nature of the relationships (client and nonclient) among the 
various VNEs representing the BGP routers. Figure C-48 shows an example. 
Table 3-6 BGP Neighbor Loss Scenario
Impact and Affected Severity Description
Impact calculation
Initiates a local affected flow to all VRFs that are present on the 
issuing device. Each local VRF that has route entries with a next 
hop IP address that was learned from the BGP neighbor that was 
lost collects VRFs from both sides and pairs them together as 
affected.
Supports a route reflector configuration, whereby during the 
affected search, affected parties are located on all BGP neighbors 
learned via the route reflector.
Reported affected severity Only reports on real affected on the IBGP domain. 
						

							 
C-50
Cisco Prime Network 4.3.2 User Guide
Appendix C      Event Correlation Examples
  MPLS Fault Scenarios
Figure C-48 Route Reflector Example
In the example, the following configuration is applied:
Router A (router ID A) has clients B, C, and D configured. Therefore it serves as the route reflector 
for these BGP routers.
Routers B, C, and D all have Router A as a BGP nonclient neighbor.
Router D and Router B also have each other configured as BGP nonclient neighbors.
In this case, in Prime Network, the following information is maintained by a VNE:
Router B learns router ID D from interface 1.
Router B learns router IDs A, C, and D from interface 2.
Router C learns router IDs A, B, and D from interface 1.
Router D learns router ID B from interface 2.
Router D learns router IDs A, B, and C from interface 1.
Router A learns router ID D from interface 1.
Router A learns router ID C from interface 2.
Router A learns router ID B from interface 3.
In the Figure C-48 example, if a BGP connection from Router A to Router B is lost, the following occurs:
Router A notifies both Routers C and D of the loss of router ID B.
Router C removes the ID of Router B from its tables and completely loses connectivity to it, 
resulting in a Real Affected impact analysis.
Router D loses the ID of Router B learned from interface 1, but it still has the Router B ID that was 
learned through interface 2. Therefore, no impact analysis is performed.
If a BGP connection is lost from Router B to Router D, the following occurs:
Router B does not notify Router A of its router ID loss, because Router A is configured in the Router 
B tables as a nonclient peer.
Router D does not notify Router A of its router ID loss, because Router A is configured in Router 
D’s tables as a nonclient peer.
Router B notes that the ID of Router D is no longer learned through interface 1.
IF 1
IF 1
IF 1 IF 1IF 3
IF 2
IF 2IF 2 Router A
(RR)
Router B Router D
Router C
154564 
						

							 
C-51
Cisco Prime Network 4.3.2 User Guide
Appendix C      Event Correlation Examples
  MPLS Fault Scenarios
Router D notes that the ID of Router B is no longer learned through interface 2.
No impact analysis is performed.
Broken LSP Discovered Scenario 
Ta b l e 3 - 7 lists the impacted calculations and reported affected severities for a broken LSP discovered 
fault scenario.
MPLS TE Tunnel Down Scenario 
Ta b l e 3 - 8 lists the impacted calculations and reported affected severities for an MPLS TE tunnel down 
fault scenario.
Pseudowire MPLS Tunnel Down Scenario 
Ta b l e 3 - 9 lists the impacted calculations and reported affected severities for a pseudowire MPLS tunnel 
down fault scenario.
Table 3-7 Broken LSP Discovered Scenario
Impact and Affected Severity Description
Impact calculation Initiates an affected flow to determine all the affected parties using 
the LSP. 
Reported affected severity Only reports on Real Affected. When the Link Down alarm is cleared, 
all the correlated broken LSP alarms are auto-cleared.
Ta b l e 3 - 8 M P L S  T E  Tu n n e l  D o w n  S c e n a r i o
Impact and Affected Severity Description
Impact calculation Initiates a flow to look for affected parties.
Reported affected severity Only reports on real affected.
Table 3-9 Pseudowire MPLS Tunnel Down
Impact and Affected Severity Description
Impact calculation Initiates a flow to look for the affected parties.
Reported affected severity Only reports on real affected on the MPLS domain. 
						

							 
C-52
Cisco Prime Network 4.3.2 User Guide
Appendix C      Event Correlation Examples
  MPLS Fault Scenarios 
						

							CH A P T E R
 
33-1
Cisco Prime Network 4.3.2 User Guide
33
Managing Certificates
Managing Certificates chapter describes how to generate a Self-signed certificates and Certificate 
Signing Request (CSR) that can be used to obtain SSL certificates from a Certificate Authority such as 
Verisign, Digicert and so on. This chapter also describes how to import a generated Self-Signed 
certificate or CA certificate in Prime Network Operation Report.
Generating Self-Signed Certificates and Certificate Signing Request
Generate a self-signed certificate and a Certificate Signing Request (CSR) by using the Generate 
Self-Signed Certificate and Certificate Signing Request option. When you generate a self-signed 
certificate, a new self-signed certificate in PEM format and a CSR file are created in the 
$ANAHOME/scripts/CSR/ directory. When you press enter in a command without specifying any value 
the script will select a default option automatically. For example, if you do not specify a domain name, 
the script by default picks the domain name as cisco.com.
Step 1Execute $ANAHOME/local/scripts/selfsignedcert.pl.
Step 2Choose Generate Self-Signed Certificate and Certificate Signing Request(.csr) and press Enter. The 
system prompts you to enter information as listed in the following table. 
						

							 
33-2
Cisco Prime Network 4.3.2 User Guide
Chapter 33      Managing Certificates
  
Table 33-1 Parameters and Description
Parameter Description Display Message
Domain Name 
[cisco.com]:Enter the domain name. By 
default the script accepts 
cisco.com as domain name.
How many days is 
self-signed 
certificate valid 
for? [365]:Enter the number of days that 
you want the self-signed 
certificate to be valid for.writing new CSR (Certificate 
Signing Request) to 
/export/home/pn430/scripts/C
SR/test.csr 
writing private key to 
/export/home/pn430/scripts/C
SR/test.key
Generating a 2048 bit RSA 
private key
writing new private key to 
/export/home/pn430/local/scr
ipts/cisco.com.key
You are about to be asked to 
enter information that will 
be incorporated into your 
certificate request.
What you are about to enter 
is what is called a 
Distinguished Name or DN.
There are quite a few fields 
but you can leave some 
blank.
For some fields there will 
be a default value,
If you enter ., the field 
will be left blank.
Country Name (2 
letter code) [GB]:
State or Province 
Name (full name) 
[Berkshire]:
Locality Name (eg, 
city) [Newbury]:
Enter the country name, state or 
province name and locality 
name, 
Organization Name 
(eg, company) [My 
Company Ltd]:
Organizational 
Unit Name (eg, 
section) []:Enter the organization name and 
Organizational unit name.
Common Name (eg, 
your name or your 
servers hostname) 
[]:Enter the common name. 
						

							 
33-3
Cisco Prime Network 4.3.2 User Guide
Chapter 33      Managing Certificates
  
Importing Certificate Authority or Self-Signed Certificate
Import a Certificate Authority (CA) signed certificate or self-signed certificate by using Import 
CA/Self-Signed Certificate option. You can either import the generated self-signed certificate or import 
a certificate generated by another system or third party by copying the .pem and .key (private key) files 
to the $ANAHOME/scripts/CSR directory. The .pem file provided is exported into PKCS12 format, and 
then converted to JKS format. The JKS file can be imported into Tomcat.
Step 1Execute $ANAHOME/local/scripts/selfsignedcert.pl as PN user.
Step 2Choose the Import CA/Self-Signed Certificate option and press Enter.
Step 3Specify values for the following parameters and then press Enter:
Table 33-2 Parameters and Description
Email Address []:Enter the email address.
A challenge 
password []:
An optional 
company name:(Optional) Enter a challenge 
password and an optional 
company name.CSR generated successfully 
(/export/home/pn430/scripts/
CSR/cisco.com.csr)
Use the CSR to obtain a 
certificate in PEM/CER 
format from a CA 
(Certificate Authority).
New self-signed certificate 
in PEM format generated 
(/export/home/pn430/scripts/
CSR/cisco.com.pem)
Table 33-1 Parameters and Description
Parameter Description Display Message
Parameters Description
Domain Name [cisco.com]:Enter the domain name.
CA/self-signed certificate (.pem/.cer) file 
path:Enter the path to the CA signed certificate or 
self-signed certificate.
private key file path:Enter the path to the private key.
keystore password:Enter the Java KeyStore (JKS) password to set.
The following confirmation messages might appear, enter Yes or No to proceed further.
Existing certificate will be erased, wa.nt 
to proceed (Yes/No):Enter Yes to proceed or No to exit.
Prime Network and Operation Report restart 
required applying certificate, do you want 
to restart (Yes/No):Enter Yes to proceed or No to exit.
If you enter yes then a message similar to the 
following one appears:
Restarting Prime Network and Operation 
Report............................................Done
Certificate $ANAHOME 
/scripts/CSR/cisco.com.pem imported to server 
successfully. 
						

							 
33-4
Cisco Prime Network 4.3.2 User Guide
Chapter 33      Managing Certificates