To convert a standalone NFM-P system to IPv6

Description

The following steps describe how to change the communication between components in a standalone NFM-P system from IPv4 to IPv6. Ensure that you record the information that you specify, for example, directory names, passwords, and IP addresses.

Note: You require the following user privileges:

  • on each main and auxiliary server station — root, nsp

  • on each main database station — root

Note: The following RHEL CLI prompts in command lines denote the active user, and are not to be included in typed commands:

  • # —root user

  • bash$ —nsp user

Steps
Disable automatic main server startup
 

Prevent the main server from starting in the event of a power disruption during the conversion.

  1. Log in to the main server station as the root user.

  2. Open a console window.

  3. Enter the following:

    systemctl disable nspos-nspd.service ↵

  4. Enter the following:

    systemctl disable nfmp-main-config.service ↵

  5. Enter the following:

    systemctl disable nfmp-main.service ↵

Stop main server
 

Note: This step marks the beginning of the network management outage.

Stop the main server.

  1. Enter the following to switch to the nsp user:

    su - nsp ↵

  2. Enter the following:

    bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

  3. Enter the following:

    bash$ ./nmsserver.bash stop ↵

  4. Enter the following:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully stopped if the status is the following:

    Application Server is stopped

    If the server is not fully stopped, wait five minutes and then repeat this step. Do not perform the next step until the server is fully stopped.

  5. Enter the following to switch to the root user:

    bash$ su ↵

Update auxiliary database IP addresses
 

If the deployment includes an NSP auxiliary database, perform the NSP System Administrator Guide procedure that describes changing the auxiliary database external IP addresses.

Stop main database
 

Stop the main database and proxy services.

  1. Log in to the main database station as the root user.

  2. Open a console window.

  3. Enter the following to stop the Oracle proxy:

    systemctl stop nfmp-oracle-proxy.service ↵

  4. Enter the following to stop the main database:

    systemctl stop nfmp-main-db.service ↵

Configure main database
 

Enter the following:

samconfig -m db ↵

The following is displayed:

Start processing command line inputs...

<db>

Enter the following:

<db> configure ip address

where address is the IPv6 address that the other NFM-P components must use to reach the database

The prompt changes to <db configure>.

To enable IP validation, which restricts the server components that have access to the main database, configure the parameters in the following table, and then enter back ↵.

Note: For security reasons, it is strongly recommended that you enable IP validation.

Note: You must configure the remote-servers parameter if the deployment includes any of the following:

  • auxiliary servers

  • NSP Flow Collectors

  • NSP Analytics

Table 17-1: Standalone database parameters — 
ip-validation

Parameter

Description

main-one

Public IPv6 address of main server

Configuring the parameter enables IP validation.

remote-servers

Comma-separated list that includes the following:

  • auxiliary server IP addresses

  • For NSP Flow Collectors, the following in the flowForwarder section of the NSP cluster configuration file, nsp-config.yml:

    • if configured, the advertisedV4 and advertisedV6 values

    • otherwise, the virtualIpV4 and virtualIpV6 values

  • For NSP Analytics:

    • If the NSP cluster uses separate client, mediation and internal interfaces, the private IP address of the internal interface on each NSP cluster node

    • If the NSP cluster uses one interface for all communication, the private IP address of each NSP cluster node

To enable the forwarding of NFM-P system metrics to the NSP; configure the parameters in the following table, and then enter back ↵.

Note: The parameters are required only for a distributed main database, so are not shown or configurable if the main server and database are collocated.

Table 17-2: Standalone database parameters — 
tls

Parameter

Description

keystore-pass

The TLS keystore password

Default: available from technical support

pki-server

One of the following in the platformingressApplicationsingressController section of the nsp-config.yml file on the local NSP deployer host:

In the internalAddresses subsection, if configured, otherwise, in the clientAddresses subsection:

  • if configured, the advertised value

  • otherwise, the virtualIp value

You must configure the parameter.

Default: —

pki-server-port

The TCP port on which the PKI server listens for and services requests

Default: 80

Verify the database configuration.

  1. Enter the following:

    <db configure> show-detail ↵

    The database configuration is displayed.

  2. Review each parameter to ensure that the value is correct.

  3. Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.

  4. When you are certain that the configuration is correct, enter the following:

    <db configure> back ↵

    The prompt changes to <db>.

10 

Enter the following to apply the configuration changes:

<db> apply ↵

The changes are applied.

11 

Enter the following:

<db> exit ↵

The samconfig utility closes.

Configure auxiliary servers
 
12 

If the NFM-P system includes auxiliary servers, perform Step 13 to Step 23 on each auxiliary server station. Otherwise, go to Step 24.

13 

Stop the auxiliary server.

  1. Log in to the auxiliary server station as the nsp user.

  2. Open a console window.

  3. Enter the following:

    bash$ cd /opt/nsp/nfmp/auxserver/nms/bin ↵

  4. Enter the following:

    bash$ ./auxnmsserver.bash auxstop ↵

  5. Enter the following:

    bash$ ./auxnmsserver.bash auxappserver_status ↵

    The auxiliary server is stopped when the following message is displayed:

    Auxiliary Server is stopped 

    If the command output indicates that the server is not completely stopped, wait five minutes and then re-enter the command in this step to check the server status.

    Do not proceed to the next step until the server is completely stopped.

14 

Enter the following to switch to the root user:

bash$ su - ↵

15 

Enter the following:

samconfig -m aux ↵

The following is displayed:

Start processing command line inputs...

<aux> 

16 

Enter the following:

<aux> configure ip address

where address is the auxiliary server IPv6 address that the managed NEs must use to reach the auxiliary server

The prompt changes to <aux configure>.

17 

Enter the following, and then enter back ↵.

<aux configure> main-server ip-one address

where address is the main server IPv6 address that the auxiliary server must use to reach the main server

18 

Enter the following:

<aux configure> data-sync local-ip address

where address is the IPv6 address of the interface on this station that the peer auxiliary server in an auxiliary server pair must use to reach this auxiliary server

The prompt changes to <aux configure data-sync>.

19 

Enter the following, and then enter back ↵.

<aux configure data-sync> peer-ip address

where address is the IPv6 address of the interface on the peer auxiliary server station in an auxiliary server pair that this auxiliary server must use to reach the other auxiliary server

20 

If the XML API clients require IPv6 access, enter the following, and then enter back ↵.

<aux configure> oss public-ip address

where address is the IPv6 address that the XML API clients must use to reach the auxiliary server

21 

Verify the auxiliary server configuration.

  1. Enter the following:

    <aux configure> show-detail ↵

    The auxiliary server configuration is displayed.

  2. Review each parameter to ensure that the value is correct.

  3. Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.

  4. When you are certain that the configuration is correct, enter the following:

    <aux configure> back ↵

    The prompt changes to <aux>.

22 

Enter the following:

<aux> apply ↵

The configuration is applied.

23 

Enter the following:

<aux> exit ↵

The samconfig utility closes.

Configure main server
 
24 

Enter the following:

samconfig -m main ↵

The following is displayed:

Start processing command line inputs...

<main> 

25 

Enter the following:

<main> configure ip address

where address is the main server IPv6 address that the database must use to reach the main server

The prompt changes to <main configure>.

26 

As required, configure the client parameters as described in the following table, and then enter back ↵.

Table 17-3: Standalone main server parameters — 
client

Parameter

Description

nat

Not applicable to IPv6

If the parameter is enabled, disable the parameter.

hostname

The main server hostname, if the GUI clients, XML API clients, and auxiliary servers are to use hostnames, rather than IP addresses, for communication with the main server

Modify the value if the hostname changes as part of the conversion to IPv6.

If the TLS certificate contains the FQDN, you must use the FQDN value to configure the hostname parameter.

public-ip

The IPv6 address that the GUI and XML API clients must use to reach the main server

The parameter is configurable and mandatory when the hostname parameter is unconfigured.

delegates

A list of the client delegate servers, in the following format:

address1;path1,address2;path2...addressN;pathN

where

an address value is a client delegate server IP address

a path value is the absolute file path of the client delegate server installation location

Replace each IPv4 address with the appropriate IPv6 address.

27 

Enter the following, and then enter back ↵.

<main configure> database ip address

where address is the IPv6 address of the database

28 

If you need to enable IPv6 for communication with the managed network, enter the following, and then enter back ↵.

<main configure> mediation snmp-ipv6 address

where address is the main server IPv6 address that the managed NEs must use to reach the main server

The prompt changes to <main configure mediation>.

29 

To disable IPv4 for communication with the managed network, perform the following steps.

  1. Enter the following:

    <main configure> mediation no snmp-ipv4 ↵

  2. Enter the following:

    <main configure mediation> no nat ↵

  3. Enter the following:

    <main configure mediation> back ↵

30 

Perform one of the following.

  1. If the NFM-P system does not include auxiliary servers, and the XML API clients require IPv6 access, enter the following, and then enter back ↵:

    <main configure> oss public-ip address

    where address is the IPv6 address that the XML API clients must use to reach the main server

  2. If the NFM-P system includes auxiliary servers, configure the aux parameters in the following table, and then enter back ↵.

    Table 17-4: Standalone main server parameters — 
    aux

    Parameter

    Description

    ip-to-auxes

    The primary main server IPv6 address that the auxiliary servers must use to reach the main server

    Default: —

    preferred-list

    Comma-separated list of Preferred auxiliary server IPv6 addresses

    Default: —

    reserved-list

    Comma-separated list of Reserved auxiliary server IPv6 addresses

    Default: —

    peer-list

    Comma-separated list of Remote auxiliary server IPv6 addresses

    Default: —

31 

Configure the tls parameters in the following table, and then enter back ↵.

Table 17-5: Standalone main server parameters — 
tls

Parameter

Description

keystore-file

The absolute path of the TLS keystore file

To enable automated TLS deployment, enter no keystore-file.

Default: —

keystore-pass

The TLS keystore password

Default: available from technical support

truststore-file

The absolute path of the TLS truststore file

To enable automated TLS deployment, enter no truststore-file.

Default: —

truststore-pass

The TLS truststore password

Default: available from technical support

alias

The alias specified during keystore generation

You must configure the parameter.

Default: —

pki-server

One of the following in the platformingressApplicationsingressController section of the nsp-config.yml file on the local NSP deployer host:

In the internalAddresses subsection, if configured, otherwise, in the clientAddresses subsection:

  • if configured, the advertised value

  • otherwise, the virtualIp value

Default: —

pki-server-port

The TCP port on which the PKI server listens for and services requests

Default: 80

hsts-enabled

Whether HSTS browser security is enabled

Default: false

32 

If the deployment includes an NSP auxiliary database, enter the following, and then enter back ↵:

Note: In a geo-redundant auxiliary database deployment, the order of the IP addresses must be the same on each main server in the geo-redundant system.

<main configure> auxdb ip-list cluster_1_IP1,cluster_1_IP2,cluster_1_IPn;cluster_2_IP1,cluster_2_IP2,cluster_2_IPn

where

cluster_1_IP1, cluster_1_IP2,cluster_1_IPn are the external IPv6 addresses of the stations in one cluster

cluster_2_IP1, cluster_2_IP2,cluster_2_IPn are the external IPv6 addresses of the stations in the geo-redundant cluster; required only for geo-redundant auxiliary database

33 

Configure the nspos parameters in the following table, and then enter back ↵.

Table 17-6: Standalone main server parameters — 
nspos

Parameter

Description

ip-list

The NSP cluster IP addresses, separated by a semicolon

Each address is one of the following in the platformingressApplicationsingressController section of the nsp-config.yml file on the NSP deployer host:

In the internalAddresses subsection, if configured, otherwise, in the clientAddresses subsection:

  • if configured, the advertised value

  • otherwise, the virtualIp value

Default: —

address-to-nspos

The main server IP address that is reachable by the NSP clusters

Default: —

secure

Whether communication among NSP components is secured using TLS

The parameter is not configurable.

Default: true

dc-name

The DR data center name for aligning NSP components with the local NFM-P main server; must match the dcName value in the NSP cluster configuration file

The parameter is required only in a DR deployment, but Nokia strongly recommends that you configure the parameter, regardless of the deployment type.

Default: —

34 

Configure the remote-syslog parameters in the following table, and then enter back ↵.

Table 17-7: Standalone main server parameters — 
remote-syslog

Parameter

Description

enabled

Enable the forwarding of the NFM-P User Activity logs in syslog format to a remote server

Default: disabled

syslog-host

Remote syslog server hostname or IP address

Default: —

syslog-port

Remote server TCP port

Default: —

ca-cert-path

Absolute local path of public CA TLS certificate file copied from remote server

The file requires nsp:nsp ownership.

35 

Configure the server-logs-to-remote-syslog parameters in the following table, and then enter back ↵.

Table 17-8: Standalone main server parameters — 
server-logs-to-remote-syslog

Parameter

Description

enabled

Enable the forwarding of the NFM-P server logs in syslog format to a remote server

Default: disabled

secured

Whether the communication with the remote server is TLS-secured

Default: disabled

syslog-host

Remote syslog server hostname or IP address

Default: —

syslog-port

Remote server TCP port

Default: —

ca-cert-path

Absolute local path of public CA TLS certificate file copied from remote server

The file requires nsp:nsp ownership.

36 

Verify the main server configuration.

  1. Enter the following:

    <main configure> show-detail ↵

    The main server configuration is displayed.

  2. Review each parameter to ensure that the value is correct.

  3. Configure one or more parameters, if required; see NFM-P samconfig utility for information about using the samconfig utility.

  4. When you are certain that the configuration is correct, enter the following:

    <main configure> back ↵

    The prompt changes to <main>.

37 

Enter the following:

<main> apply ↵

The configuration is applied.

38 

Enter the following:

<main> exit ↵

The samconfig utility closes.

Enable Windows Active Directory access
 
39 

If you use Windows Active Directory for single sign-on client access to the NFM-P, open the following file with a plain-text editor such as vi:

/opt/nsp/os/install/config.json

Otherwise, go to Step 45.

40 

Change the IPv4 addresses to IPv6 addresses, as required.

41 

Save and close the file.

42 

Enter the following:

samconfig -m main ↵

The following is displayed:

Start processing command line inputs...

<main> 

43 

Enter the following:

<main> apply ↵

The configuration is applied.

44 

Enter the following:

<main> exit ↵

The samconfig utility closes.

Start main server
 
45 

Enter the following to enable the main server startup:

systemctl enable nfmp-main.service ↵

46 

Start the main server.

  1. Log in as the nsp user on the main server station.

  2. Open a console window.

  3. Enter the following:

    bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

  4. Enter the following:

    bash$ ./nmsserver.bash start ↵

  5. Enter the following:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully initialized if the status is the following:

    Application Server process is running.  See nms_status for more detail.

    If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.

Start auxiliary servers
 
47 

If the NFM-P system includes auxiliary servers, start each auxiliary server.

  1. Log in to the auxiliary server station as the nsp user.

  2. Open a console window.

  3. Enter the following:

    bash$ /opt/nsp/nfmp/auxserver/nms/bin/auxnmsserver.bash auxstart ↵

    The auxiliary server starts.

Verify converted system using GUI client
 
48 

Use an NFM-P GUI client to perform sanity testing of the converted system.

Note: If an IP address is specified for NFM-P client access, ensure that you use the IPv6 address, rather than the IPv4 address, for the client connection.

End of steps