Professional Documents
Culture Documents
UGiBuilder User Guide iDX31Rev C05152013 PDF
UGiBuilder User Guide iDX31Rev C05152013 PDF
UGiBuilder User Guide iDX31Rev C05152013 PDF
The following table shows all revisions for this document. To determine if this is the latest
revision, check the TAC Web site at http://tac.idirect.net.
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
Purpose
The iBuilder User Guide provides detailed instructions for configuring your iDirect networks
using the iBuilder client application of the iDirect Network Management System (NMS). For
details on monitoring your iDirect networks, see the iMonitor User Guide.
Intended Audience
The iBuilder User Guide is intended for network operators, network architects, and other
personnel who operate or monitor iDirect networks. It is not intended for end users or field
installers.
Basic knowledge of TCP/IP concepts, satellite communications, and the Windows operating
systems is expected. Prior experience operating an iDirect network, although desirable, is not
required.
Document Conventions
This section illustrates and describes the conventions used throughout the manual. Take a
look now, before you begin using this manual, so that you’ll know how to interpret the
information presented.
Getting Help
The iDirect Technical Assistance Center (TAC) is available to help you 24 hours a day, 365 days
a year. Software user guides, installation procedures, a FAQ page, and other documentation
that supports our products are available on the TAC webpage. Please access our TAC webpage
at: http://tac.idirect.net.
If you are unable to find the answers or information that you need, you can contact the TAC at
(703) 648-8151.
If you are interested in purchasing iDirect products, please contact iDirect Corporate Sales by
telephone or email.
Telephone: (703) 648-8000
Email: SALES@iDirect.net
iDirect strives to produce documentation that is technically accurate, easy to use, and helpful
to our customers. Your feedback is welcomed! Send your comments to techpubs@idirect.net.
iBuilder is a component of the iDirect iVantage Network Management System (NMS). The
iVantage NMS is a complete suite of tools for configuring, monitoring, and controlling your
iDirect satellite network.
The iVantage NMS consists of the following components:
• iBuilder enables rapid, intuitive configuration of any iDirect network. It allows you to
easily add components to your network, change your current configuration, and download
configuration and software to network elements. The iBuilder Revision Server provides
automated management of software and firmware upgrades for your remote modems.
The iBuilder Group QoS (GQoS) user interface allows advanced network operators a high
degree of flexibility in creating subnetworks and groups of remotes with various levels of
service tailored to their network requirements. The iBuilder User Guide provides detailed
instructions for using iBuilder to configure and manage your network.
• iMonitor provides network operators with detailed information on real-time and
historical performance of the network. Among its many capabilities, iMonitor allows you
to analyze bandwidth usage; view remote status; view network statistics; monitor
performance of networks, sub-networks and individual network elements; and manage
alarms, warnings and network events. Alarms, warnings and statistics can be forwarded as
SNMP traps. All events and performance statistics are automatically archived. Data
displayed on the iMonitor GUI can be exported directly into Excel for further analysis. A
Network Probe allows detailed investigation of network issues. The iMonitor User Guide
provides instructions for using iMonitor.
• iSite allows you to monitor and configure iDirect devices in the field. It includes several
features that aid in the remote commissioning process, including assistance for antenna
pointing, antenna look angle calculation, and cross polarization. An iSite API is available
for custom development.
• SkyMonitor allows you to integrate one or more multi-port spectrum analyzers into your
hub installation and then use iMonitor to view your iDirect carriers or other areas of the
spectrum. SkyMonitor can be an invaluable tool for diagnosing performance issues from RF
interference or other carrier-related anomalies. Network Operators can view, analyze,
store and recall the spectral displays of any carrier from anywhere an iMonitor connection
is supported. Configuration of SkyMonitor is described in the iBuilder User Guide. The use
of SkyMonitor for spectrum analysis is described in the iMonitor User Guide.
An iDirect network is a satellite based IP network with a star topology in which a Time Division
Multiplexed (TDM) broadcast downstream channel from a central hub location is shared by a
number of remote sites. The iDirect Hub equipment consists of one or more iDirect Hub
Chassis with Universal Line Cards, one or more Protocol Processors (PP), a Network
Management System (NMS) and the appropriate RF equipment. Each remote site consists of an
iDirect broadband router and the appropriate external VSAT equipment. The remote transmits
to the hub either on a shared Deterministic-TDMA (D-TDMA) channel with dynamic timeplan
slot assignments or on a dedicated SCPC return channel.
For iDS Releases beginning with iDS 7.0, a mesh overlay can be added to the basic star
network TDMA topology, allowing traffic to pass directly between remote sites without
traversing the hub. This allows real-time traffic to reach its destination in a single satellite
hop, significantly reducing delay. It also saves the bandwidth required to retransmit mesh
traffic from the hub to the destination remote.
Note: Mesh is not supported in iDX releases, including iDX Release 3.1.
TDMA upstream carriers are configured in groups called Inroute Groups. Multiple Inroute
Groups can be associated with one downstream carrier. Any remote configured to transmit to
the hub on a TDMA upstream carrier is part of an Inroute Group. The specific TDMA upstream
carrier assigned to the remote is determined either at network acquisition time or
dynamically at run-time, based on a network configuration setting. A remote that transmits
on a dedicated SCPC return channel is not associated with an inroute group. Instead, the
dedicated SCPC upstream carrier is directly assigned to the remote and to the hub line card
that receives the carrier.
Figure 1 on p. 2 shows an example an iDirect network. The network consists of one
downstream carrier; two Inroute Groups providing the TDMA return channels for a total of
1200 remotes; and three remotes transmitting dedicated SCPC return channels to the hub.
... ...
40 Mbps 12 x 512 kbps 10 x 256 kbps 512 kbps 1 Mbps 256 kbps
iDirect software has features and controls that allow the system to be configured to provide
QoS and other traffic engineered solutions to remote users. Network configuration, control,
and monitoring functions are provided via the integrated NMS. Along with may other features,
the software provides packet-based and network-based QoS; TCP acceleration (or
“spoofing”); AES link encryption; TRANSEC; local DNS caching on the remote; end-to-end
VLAN tagging; dynamic routing protocol support via RIPv2 over the satellite link; multicast
support via IGMPv2 or IGMPv3; and VoIP support via voice-optimized features such as CRTP.
An iDirect network interfaces to the external world through IP over Ethernet ports on the
remote router and the Protocol Processor at the hub. The examples in Figure 2 on p. 3, Figure
3 on p. 4, and Figure 4 on p. 5 illustrate the IP level configurations available to a network
operator.
2.1 Introduction
iDirect’s Network Management System (the iVantage NMS) is a powerful suite of applications
and servers that provide complete control and visibility to all components of your iDirect
networks. The NMS client/server system architecture consists of three series of components:
• Three NMS applications with Graphical User Interfaces (GUIs) that allow you to configure
and monitor your network
• A database that stores the data entered by and displayed to users
• A middleware tier that manages access to the database on behalf of user operations
This chapter provides some of the most important information you will need to understand
how iBuilder works and how to use it as effectively as possible. This chapter discusses how to
prepare for installation, what you will see when you first launch iBuilder, how to use the many
powerful tools available in iBuilder, how to create, customize, and print reports, and how to
determine the configuration status of network elements. For a description of all iVantage NMS
components see “The iVantage Network Management System” on page xxxv.
iBuilder
The iBuilder application provides all configuration and control functions to network
operators. Configuration options consist of creating network elements (e.g. networks, line
cards, remotes) and specifying their operational parameters, such as QoS profiles or IP
addresses. Control options consist of applying the specified configurations to the actual
network elements, retrieving active configurations, resetting elements, and upgrading
element software and firmware.
iMonitor
The iMonitor application provides complete visibility to the real-time status and operational
data of network elements. “Status” refers to the real-time state of network elements, such as
OK, warning, or alarm. Operational data are captured in a variety of network statistical data
tables and displays, revealing, for example, IP traffic statistics, satellite link quality, and
hardware component operating values.
In addition to real-time visibility, iMonitor allows you to access state and statistics from the
historical archive in order to analyze anomaly conditions and perform trend analyses. Refer to
the iMonitor User Guide for a complete list of real-time and historical data available through
iMonitor.
iSite
The iSite application is used primarily for commissioning new sites and monitoring TDMA
remotes from the local LAN side. It contains functions to help installers calculate antenna
azimuth/elevation, perform antenna pointing, and put up a continuous wave (CW) carrier for
antenna peaking, cross-polarization and 1dB compression tests. It also provides configuration
and real-time state/statistical information for one or more remote units. Instead of
interacting with the NMS middleware, it connects directly to each remote to perform all of its
operations. iSite does not provide access to historical information. See the Installation and
Commissioning Guide for iDirect Satellite Routers for more on commissioning remotes using
iSite.
Note: End-users do not need iSite in order to receive or transmit IP data over iDirect
networks.
Configuration Server
The configuration server is the core component of the NMS server family. It manages access to
the configuration database, which contains all the element definitions for your networks and
their operational parameters. Additionally, the configuration server provides most network
control functions (configuration apply, firmware download, resetting, etc.). The other servers
also use this server to determine what the network components are.
Event Server
The event server’s primary job is to generate warnings and alarms and send them to iMonitor
for display. Warnings and alarms are collectively known as “conditions”. The event server also
collects and archives all system events and provides them to iMonitor for display.
Latency Server
The latency server measures round-trip time, or latency, for every active remote in your
networks. These measurements are stored in the archive and provided to iMonitor for display.
PP Controller Servers
The PP Controller processes control the samnc process on each PP blade.
Consolidation Script
The consolidation process periodically consolidates records in the statistics archive to
preserve disk space on the server machine. Default consolidation parameters are already
entered into your configuration database; they can be tuned to your particular storage
requirements if necessary.
Figure 5 and Figure 6 show the icons and start menu selections for the iDirect clients.
3. Click Server and select the IP address or host name of your primary NMS Server machine.
The Server box holds up to three IP addresses. If yours does not exist, enter the IP Address
in the Server box.
4. Click OK to complete the login process.
Note: The iBuilder version must match the NMS server version in order for you to log
in. (For example, version 8.0.0 of iBuilder may connect only to version 8.0.0 of
the NMS servers.)
The iBuilder application automatically connects to the NMS server processes that are required
to perform the NMS’s functions. If this connection is lost for any reason, iBuilder
automatically reconnects to the servers when they become available.
When Automatically accept changes is disabled (i.e., when the check box in Figure 9 is
cleared), then the Accept Changes button works as it did in previous releases. When another
user changes the configuration, or when you make a change that affects other network
elements, the Accept Changes button on your toolbar changes color from gray to red. You
cannot modify the configuration until you accept the changes, which will automatically
refresh your view to reflect the latest configuration.
If you attempt to modify the network configuration without accepting changes, the following
warning message appears:
Before you accept the changes, you may view the other user’s changes by selecting View
Configuration Changes (see “Configuration Changes Pane” on page 34). To accept the
changes and update your view in iBuilder, click Accept Changes. Any modifications the other
user has made are now displayed in your copy of iBuilder.
• QoS
• Upstream/Downstream Filters
• Upstream/Downstream Application Profiles
• Upstream/Downstream Remote Profiles
• Upstream/Downstream Group Profiles
• Components Folders Containing Reference Information
• Manufacturers
WARNING! Do not modify or clone the Bench Test Spacecraft, Bench Test Inroute, or
Bench Test Outroute for your actual network configuration. These should
only be used for testing purposes. For your network configuration, please
create a new spacecraft and new downstream and upstream carriers.
QoS
This folder contains a number of subfolders, such as the Upstream and Downstream Filter
Profiles, Upstream and Downstream Application Profiles, and Upstream and Downstream
Group Profiles folders shown in Figure 13. For more information, see “Configuring Quality of
Service for iDirect Networks” on page 195.
Figure 14. Filter Profile Examples Figure 15. Upstream Profile Examples
Beginning in iDX Release 3.1, the following iDirect BUCs and LNBs are preconfigured in the
Remote Antenna Components folder in the iBuilder tree.
• iDirect 1.5W Ku-Band BUC
• iDirect 3W Ku-Band BUC
• iDirect 4W Ku-Band BUC
• iDirect Ku-Band PLL LNB
Note: When configuring an iDirect PLL LNB component, you can now select the high or
low Frequency Band on the GUI. Therefore, the remote custom key required to
select the high frequency band is no longer required in this release.
selected from drop-down lists on various configuration dialog boxes throughout the system so
that the information is at your fingertips if you need it.
These folders include Manufacturers, Distributors, Operators, Customers and User Groups, as
shown in Figure 18.
You can add additional entries to any folder by right-clicking on the folder and selecting the
Add function for the type of component you want. For example, you can right-click
Manufacturers and select Add Manufacturers.to open the Manufacturer dialog box.
Canceling an Entry
Clicking Cancel in any of the dialog boxes will cancel your current entries.
Right-Clicking
In general, you must right-click (or use the context-sensitive mouse button) on your mouse to
display any list of options that can be performed on the element you currently have selected.
To dock a window pane somewhere else on the NMS interface or on your monitor, follow these
steps:
1. Point to and right-click the double-ridge lines of the pane you want to move and select
Allow Docking.
2. Place the pointer (mouse arrow) on the double-ridge lines and drag the pane wherever
you want it. Depending on where you drag it, the pane may change shape (for example,
from a vertical display to a horizontal display).
3. If you want to move the pane back into its original place or to another location, start by
grabbing the double-ridge lines with your pointer. Then, you can click the Name toolbar
at the top of the pane to move it around, and you can place your pointer at the edges of
the pane to resize the pane.
4. To detach the pane completely, double-click the double-ridge lines. The pane becomes
separately parented and you may move it independently from the main iBuilder window.
This feature is useful if you have two displays on a single PC and want to move this pane
to the second display.
Figure 22. Expand Tree Selection Figure 23. Expanded Tree with Child
Elements
Sorting Columns
In any pane with columns, or list controls, you can sort the entries in the pane by the values in
any column by clicking on the column heading. In Figure 26, the Active Users Pane has been
sorted on Group by clicking the column heading.
3. Click the Sort items in drop-down list and select either Ascending or Descending.
4. Click the Sort items by drop-down list and select one of the options. Depending on what
you select in this field, your choices in the Apply sort to field will change.
5. If you selected Name, either select or clear the Names are case sensitive check box.
6. In the Apply Sort to field, select the element to which you want to apply the Sort
feature.
record-keeping. These reference folders include the Manufacturers folder, Operators folder,
Distributors folder, and Customers folder.
A plus sign (+) next to an element or folder in the Tree indicates that additional elements,
folders, or informational entries exist below that level, or branch, of the Tree. Click the plus
sign (+) to expand, or collapse, the element or folder to view the next level of the Tree.
A minus sign (-) next to an element or folder indicates that the element or folder has been
completely expanded and has no other child entries below this level, or branch, in the Tree,
other than the children that are currently visible.
In Figure 30, the NMS Network has been expanded as far as possible. The Network cannot
include children in another network; therefore, its only children are the line cards and the
Inroute Group. The Inroute Group is a parent element that can be expanded by clicking its
plus sign (+) to reveal its children elements (remotes) at the next level of the Tree.
In Figure 31, the QoS folder has been expanded as far as possible. The QoS folder cannot
include children in another folder on the same branch of the tree; therefore, its only children
are the Filter, Application, Remote and Group Profiles folders. These folders are parents to
the Downstream and Upstream folders that can be expanded by clicking their plus signs (+) to
reveal their children folders or elements below them in the Tree.
Title Bar
The Title bar identifies the name of the application (in this case, iBuilder) and the IP address
of the server to which you are connected.
Menu Bar
The Menu bar at the top of the display provides access to log in, log out, quit, and other high-
level functions.
Toolbar
The Toolbar, shown in Figure 34, contains context-sensitive buttons, allowing you to perform
a variety of operations on a currently-selected element without using its context menu. Their
functions are described in Table 1.
Opens the Modify Configuration dialog box of a highlighted parent element in the Tree,
allowing you to create a new child element for that parent. If the highlighted element
you select before clicking this button has no children elements, this icon will become
unselectable and is displayed in gray.
Allows you to add an element to the Tree. If the element in the Tree that is highlighted
before you click this icon does not have the capability to allow you to add anything, the
icon will become unselectable and be displayed in gray.
Allows you to view the properties of the highlighted element in the Tree in Read-Only
mode
Allows you to view and edit the highlighted element in the Tree.
Allows you to delete a highlighted element in the Tree. You cannot delete parent node
elements if they have children (sub) elements.
Allows you to download firmware images to remote modems and line cards
Allows you to accept any changes made to the system by another user. This does not mean
that you approve of or agree with the changes; it simply means that you are accepting the
fact that changes have been made since the time of your last login. This feature is off by
default. For more information see “Accepting Changes” on page 14.
Allows you to view the version number of the NMS as well as system information
Find Toolbar
The Find toolbar provides users the option to search the NMS for a given element and display
the results in either the Network Tree View or the Results Window. This becomes
increasingly important as the network grows larger. You can search by selecting a specific
element name in the first drop-down list (note that only elements you have created will be in
the list); by type of element in the second drop-down list; or by Name, IP address or ID
number in the third drop-down list. Figure 35 illustrates the various options within each
category.
Binoculars
You can also click the Find button on the toolbar to open a dialog box that gives you the same
options.
• Click the Binoculars icon to the left of the toolbar if you are searching from the Find
toolbar.
• Click Find Next if you are searching from the Find dialog box.
4. In the example below, the user chose to look for a Remote by the Name of X5 9944 and
display it in the Network Tree View.
That remote is highlighted in the Tree when the user clicks the binoculars icon on the
toolbar. (See Figure 35 on page 30.)
View Menu
The View menu on the main menu toolbar allows you to display or hide the following toolbars
and panes. You can also right-click in the main iBuilder window to see the same options as
those in the View menu. If you have clicked an element in the Tree, the Properties option is
available also.
Status Bar
The Status bar is located at the bottom of the iBuilder window and displays the user name of
the person who is currently logged in and what their server connection status is. On the
toolbar shown in Figure 38, the connection status is Ready.
Legend Pane
The Legend view displays the Configuration Status icons and their meanings. They are
organized by type of element as shown in Figure 40:
Note: By default, the auto-accept changes feature is enabled in iBuilder and you will
not be notified if another user changes the configuration. See “Accepting
Changes” on page 14 for instructions on how to disable the auto-accept
changes feature.
If you want to view the changes in iBuilder before you click the icon to accept them, select
Configuration Changes from the View menu to display the Configuration Changes pane. You
can click the arrow to the left of each item to see more detail. Figure 42 shows the changes
that will appear if another user creates a new remote.
Note that creating a single remote results in a number of separate objects being created:
antenna, remote, default VLAN, etc. When you click the Accept Configuration Changes Icon,
all entries will be cleared from the Configuration Changes Pane.
Configuration States
Configuration States are identified by both icons and color-coded words on either side of their
corresponding element in the network as shown in Figure 43. (Configuration Status is not the
same as Configuration State. Configuration Status is discussed in detail in “Configuration
Status of Elements” on page 45.) The legend details the meanings of the various icons and
color-coded words. (See “Legend Pane” on page 32.)
Properties View
The Properties view shows the properties of a highlighted element in the Tree, in Read-Only
mode. To view properties via the View menu, click an element in the Tree and select View
Properties, or simply double-click the element.
Details
The NMS is shipped with predefined sets of details that may be viewed for any given element
in the Tree. Different elements have different predefined details. To view the details of a
given element’s children who reside at the next level down in the tree, select View
Details.
The Details view allows you to sort, view and print a number of details, including the real-
time states, of all or some of the elements under the parent node you have highlighted in the
Tree. For example, if you click a Network in the Tree, as shown in Figure 45, you can view the
details about that network’s children (such as line cards and Inroute Groups) who reside on
the same level of the Tree, as shown in Figure 46. Notice that the remote in the Tree is not
displayed in the Details view. You do not see, however, the details of the Network, itself. If
you want to view the Network details, you must select its parent in the Tree.
Figure 45. Network Highlighted in Tree Figure 46. Result in Details View
To print a report of all the elements in the Details view, click anywhere in the Details view
and select File Print. You can print a portion of the view by using the Windows Explorer
style functionality to select any elements in the Details view (using the CTRL key and clicking
on individual elements, or using the Shift key to select a group of consecutive elements).
Once the desired elements are highlighted in the Details view, you can print a report of those
elements’ details by selecting File Print. (To customize the details you want in the report,
see “Customizing Detail Views for Configuration Reporting” on page 37.)
Figure 47. Network Highlighted in Tree Figure 48. Result in Details View
The Details + Collapse Details Hierarchy view collapses, or flattens, the hierarchy beneath a
highlighted element in the Tree so that you can view the details of all children elements at
every level of the Tree below the parent you selected. For example, if you click a Network in
the Tree, you can view the details about that network’s children (such as line cards) who
reside on the same level of the Tree, and you can view the details about the children’s sub-
elements (such as remotes) which reside at the second level down from the network you
highlighted.
To view the details of all children elements at every level of the Tree below the parent you
selected, select View Details and View Collapse Details Hierarchy.
Choose Details
This option in the View menu allows you to modify the system’s predetermined set of details
for any given element so that you can view only the details you need. For a detailed
description on using this feature, see “Customizing Detail Views for Configuration Reporting”
on page 37.
2. Select View Choose Details from the Main Menu. The Choose Details dialog box is
displayed.
3. Click the Select filter for Details list drop-down list in the Choose Details dialog box.
4. Select one of the filters. Each filter offers a different set of details. For example, the
Carrier filter offers a list of all the predefined details that are viewable when you
highlight a carrier in the Tree and select Details from the View menu.
When you select a filter, the detail choices appear in the Choose Details dialog box, as
shown in Figure 51. Figure 51 on page 40 shows the details for Carrier.
5. From the list of available choices, click the details you want to view for the element you
have highlighted in the Tree.
a. Use the Show All button on this dialog box to select all of the details with one click.
b. Use the Move Up and Move Down buttons to arrange the details in the sequence in
which you want them to appear from left to right on the Details pane.
c. Use the Hide All button to clear checkmarks from detail options you have already
checked.
6. When you are finished customizing the view, click OK to save the list of details for this
filter. The next time you open iBuilder, the last saved list of details for any given filter are
retained.
7. Now that the details in the Carrier view have been altered to include only these five
details, you can select any element in the Tree (the element may be a carrier or any other
element), and select View Details, and only the details you chose for the new Carrier
view will be displayed for that element.
8. In Figure 52, a carrier was selected in the tree. The user selected View Choose Details
Carrier OK. The user also selected View Details for this element. If these options
are selected, the following details on the selected carrier are displayed in the Details
view:
9. If desired, you can now view Details or Details + Show All and print a report.
4. Type a name into the field and click OK. When you add a filter, the buttons at the bottom
of the Choose Details pane change from.
to:
5. To modify the field selection for the filter, make the desired changes to the detail
selections for the filter and click the Modify button shown in Figure 54.
6. When the message appears asking if you want to save the filter, enter a name for the
filter and click OK. A new filter is created.
7. To delete a filter, click the X button at the bottom of the Choose Details dialog box. A
message appears to confirm that you want to delete the filter.
2. Select the element in the Tree that is the parent to the elements you want to change.
(For example, Inroute Group is the parent element for TDMA remotes.) The elements you
want to change appear in the list of elements in the Details pane.
In Figure 56, changes will be made to the remotes in an Inroute Group. Therefore, the
Inroute Group has been selected as the parent element. The child elements (all remotes
in the Inroute Group) are displayed in the Details pane.
Note: If you want to edit multiple elements that are not under the same parent, you
can select ViewCollapse Detail Hierarchy from the main menu and select your
Teleport in the iBuilder tree. All elements under the Teleport will appear in the
Details view. Click on the Type column in the Details pane to sort elements by
type. Then perform the remaining steps in this procedure.
3. Use Control (CTRL) + click or Shift + click on your keyboard to highlight the elements you
want to change. In the example in Figure 57, changes will be made to three remotes.
4. Right-click the Names of the highlighted elements in the Details pane and select Modify
to open the Configuration dialog box for those elements.
5. Make the changes you want to apply to all of the selected elements, and click OK. The
changes are saved in the database.
Note: Remote and line card configuration state returns to “Nominal” immediately
after a new configuration file is applied; iBuilder does not attempt to track
whether or not the modem was reset. Please ensure you reset remote modems
or line cards to activate your changes.
Configuration Network
Definition
State Element
Nominal Network The element is completely configured, is alive in the network,
Chassis and there are no unapplied changes.
Line Card
Remote
Inroute Group
Protocol
Processor
SkyMonitor
Changes Network The element is completely configured and is alive in the
Pending Chassis network. There are changes in the database that have not
been applied.
Line Card
Remote
Protocol
Processor
Incomplete Network The element is only partially configured; one or more key
Chassis components of the configuration are unspecified (e.g. carriers,
IP address, serial number)
Line Card
Remote
Inroute Group
Protocol
Processor
Never Applied Network The element is completely configured but the configuration
Chassis has never been applied to the element.
Line Card
Remote
Protocol
Processor
Deactivated Remote The element was at one time active in the network, but it has
Line Card been deactivated.
Network
An explanation of all configuration states for all elements, their meaning, and their
respective icons is available in iBuilder by selecting View Legend from the main menu.
• You installed a new version of the Configuration Server. When the configuration server
starts up, it re-generates the configuration files for all networks, hubs, and remotes. The
new server may generate additions, deletions, or changes to the configuration files. If so,
all affected elements will display the Changes Pending icon after the new server starts
up.
When the user exits iBuilder and logs on again, the teleport moves from the bottom of the
Tree to the bottom of the list of teleports. In Figure 59, the new teleport has been named
Dulles. Element names are not sorted alphabetically.
The NMS database sequence number does not change once an element has been created. For
example, the first teleport is assigned the number 1. The second teleport is assigned the
number 2, and so on. The same number assignment takes place with every element created in
the tree. Therefore, the first spacecraft is named New Spacecraft #1, and so on. This number
is always associated with its original element. It is used by the database to keep track of the
elements and their configurations as long as an element exists in the Tree. If an element is
deleted, the numbers of the elements created after it are not adjusted. For example, if there
are five teleports and teleport number 3 is deleted, teleport number 4 does not become
teleport number 3. Teleport number 4 remains teleport 4 forever. If a sixth teleport is
created, it becomes teleport number 6, not number 3.
2. In the Activity Log dialog box, enter a Start Time and an End Time. The Duration will be
calculated by iBuilder. (You can also use the slider to adjust Duration, which represents
the offset between the Start Time and the End Time. When you adjust the Duration with
the slider, the End Time is automatically updated.)
Note: If f desired, you can set the times by clicking the ellipsis buttons to the right of
Start Time and End Time to launch the clock display. Click the hour or minute
hand to select it. Then click the clock numbers to move the hand you selected.
3. In the Activity Name area of the dialog box, select all activities you want to view. (You
can use the Select All and Clear All buttons to select or clear all activities.)
4. Click the Show Log button to display the activities in the List of Activities pane. (You can
also click this button to refresh the display with recent activities if your End Time is set
to a future time.)
5. When viewing Activities, if the Activity Type is applied configuration, then the Details
column will contain a hyperlink to the options file that was applied. You can click the
hyperlink to view the options file in Notepad.
6. As with other multicolumn lists in iMonitor and iBuilder, you can copy and paste multiple
rows from the Activity Log List of Activities into another Windows application such as
Excel for further analysis:
a. Select the data you want to copy. (Click to select a single row. Shift-click to select a
range of rows. Ctrl-click to select multiple, individual rows.)
b. Right-click in the window and select Copy or Copy without headers from the menu to
copy the data.
Note: When upgrading from a pre-7.0 release, the installation drops your current
warning definitions from the database and recreates them. If you have custom
limits defined in your network, you must redefine them after your upgrade.
You can use iBuilder to modify both global properties of warnings and warning properties for
individual network elements. When you customize a warning for an individual element, the
new setting overrides the global setting. Changes to global warning settings apply only to
those elements that do not have their settings customized on an individual basis.
The behavior of the system with regard to global properties and individual overrides is as
follows:
• A warning whose properties have not been modified for an individual element uses the
global properties for that warning. In the event that the global properties of the warning
are modified, the new global properties will be used by the element.
• A warning whose properties have been modified for an individual element uses the
customized properties for that warning for that element. Changes to the global properties
of the warning have no effect on the warning properties configured for that element; the
element will continue to use the modified properties.
• When a warning that has been modified for an individual element is reset for that
element, any properties that were previously modified for the warning take on the
current, global values.
The Modify Global Warning dialog box appears with all warnings appropriate to the
selected network element type.
2. Select the Warning Type for the warning you want to modify and click the Edit button.
3. Enter the new settings in the Modify Warning dialog box and click OK to save the
changes.
Note: Changes to global warning settings do not affect warnings that have been
customized on the Warning Properties tab. You must reset the customized
warning to return to the global settings. (See “Clearing Customized Warning
Properties” on page 56.)
3. Select the Warning Type for the warning you want to reconfigure and click the Edit
button.
4. Follow the procedure beginning with Step 2 in “Setting Global Warning Properties” on
page 53 to reconfigure the warning properties.
Warnings that have been customized are highlighted in bold text on the Warning Properties
tab. In the example, the BackplaneLost10MHz warning has been disabled for this specific line
card.
Note: Customized warning settings configured on the Warning Properties tab apply
only to the individual element being modified. These settings override the
global settings for the element being reconfigured. (For more details see
“Configuring Warning Properties” on page 52.)
4. Click OK in the dialog box. Then click OK on the Warning Properties tab. The warning
that you reset will be reconfigured with the global settings.
Note: To permanently enable license download to the Chassis Manager, follow the
procedure in “Permanently Enabling Chassis License Download” on page 63. If
you permanently enable license download, you do not need to execute Step 1
and Step 7 of this procedure when importing a chassis license file.
2. Click the Import license files button on the iBuilder License Toolbar (Figure 68) to open
the Select License Type dialog box.
7. If you imported a chassis license file, you should disable download on the chassis manager
as follows:
a. From the terminal window that you opened in Step 1, enter the following commands:
download off
update
b. Exit the telnet session.
8. If auto-accept changes is off, click the Accept Changes icon on the iBuilder main toolbar.
(See “Accepting Changes” on page 14 for details on turning off and on the feature for
automatically accepting changes.)
Notice that the remote has been licensed for Inbound Spread Spectrum and Link Encryption.
(A Value of 1 indicates that the license has been enabled.) If you have not loaded any licenses
for an element, the License Properties tab is blank.
Note: For details on requesting licenses from iDirect, see the iDirect Features and
Chassis Licensing Guide.
If you are requesting licenses for a large number of existing hardware elements, it can be
tedious and error-prone to record the Serial Number and DID of all units. Therefore, iBuilder
provides an automated method to generate a Comma Separated Values (CSV) file of Serial
Numbers, DIDs and Model Types for the elements you want to license.
To export data for feature licenses from iBuilder:
1. Select a parent element in the iBuilder tree that contains all of the hardware units you
want to license.
2. Once you have selected the parent element, click the Export Data for Licensing button
on the iBuilder Licensing Toolbar.
In Figure 74, Network 8 was selected in the iBuilder Tree before clicking the Export Data
for Licensing button. Once you click the Export Data for Licensing button, the Data for
Licensing dialog box appears.
3. In the Data for Licensing, select all units for which you want to request a license. (See
page 57 for a list of features that you can license in this release.)
4. Click the Save to File button to display the Save As dialog box.
5. Navigate to the folder on your PC where you want to save the CSV file and click the Save
button.
Figure 77 shows an example of a license request CSV file opened in Microsoft Excel. You can
include this information in your license request to iDirect.
Note: Beginning with iDX Release 2.1, by default you cannot use SSH to log on directly
to the root account of your NMS server or Protocol Processor blade. You can use
SSH to log on to other accounts such as the idirect account. You can then enter
su - from the command line to log on as root.
2. Change to the Chassis Manager directory by entering the command:
cd /home/nms/cm
3. Edit the file para_cfg.opt.
4. Add the following line at the beginning of the file:
[DOWNLOAD]
enable = 1
This change to para_cfg.opt is illustrated in Figure 78.
The new antenna appears in the Tree with a system-generated generic name, and a dialog
box appears allowing you to define its parameters.
2. If desired, select a Manufacturer from the drop-down list. Items in this list were either
pre-defined or they were added when you populated the folder earlier. See “Adding
Entries to Folders” on page 19.
3. In Manufacturer Part Number, enter a part number or name for the antenna. This field is
used to select the antenna when you configure your HUB RFT
4. If desired, enter an iDirect Part Number for the antenna. You may enter any information
you like in this field, or leave it blank.
5. Click OK. The new antenna appears in the Tree under the antenna folder.
6. If you have more than one antenna, repeat this procedure and assign the new antenna a
different name.
Note: Be sure to enter the correct frequency translation values for all of your Up
Converters and Down Converters. The NMS will use these values later to
generate network configurations.
1. Under the Hub RFT Components folder in the Tree, right-click the Up Converter or Down
Converter folder, and select Add Up Converter or Add Down Converter.
The new up converter or down converter appears in the Tree with a system-generated
generic name, and a dialog box appears allowing you to define its parameters. Figure 80
shows an Up Converter being added. The procedure is the same for adding a Down
Converter.
2. In Manufacturer Part Number, enter a part number or name for the Up Converter. You
may enter any information you like in this field, or leave it blank.
3. You must enter a frequency in MHz in the Frequency Translation field. This information is
provided on the specifications sheet for the Up Converter.
4. You may select a Manufacturer for the Up Converter (optional).
5. Enter an iDirect Part Number for the Up Converter (optional). You may enter any
information you like in this field.
6. You must select ODU Tx DC Power and ODU Tx 10 MHz if you require the iDirect modem
to supply DC power and the 10 MHz clock. These settings are applicable only if you are
operating a small teleport whose BUC and LNB are not built into the antenna.
Note: Older iDirect chassis and line cards do not provide these capabilities; private
hubs, mini hubs and remote modems have these capabilities built into them.
Four-slot chassis with newer line cards support these functions but require
additional configuration on the four-slot chassis screen. See “Configuring a
Four-Slot Chassis” on page 283 for details.
7. Leave Spectral Inversion at Normal unless you are using C-band. If the local oscillator is
higher in frequency than the one being transmitted or received, then the spectrum must
be inverted.
8. Click OK. The new Up Converter appears in the Tree under the Up Converter folder.
9. If you have more than one Up Converter, repeat this procedure and assign it a different
name.
10. Repeat these steps for all of the Down Converters at your teleport.
The new HPA appears in the Tree with a system-generated generic name, and a dialog box
appears allowing you to define its parameters.
2. In Manufacturer Part Number, enter a part number or name for the HPA, or use the
system-generated generic name.
3. You may select a Manufacturer for the HPA (optional).
4. You may enter an iDirect Part Number for the HPA (optional). You may enter any
information you like in this field, or leave it blank.
5. Click OK. The new HPA appears in the Tree under the HPA folder.
6. If you have more than one HPA, complete this procedure again and assign it a different
name.
A new spacecraft appears in the Tree with a system-generated generic name, and a dialog
box appears allowing you to define its parameters.
2. Select the name of the Operator (normally the service provider, assuming that your
company is not the provider). Optionally, you can click the Operator drop-down box to
view a list of operators you have entered into the NMS, and select one of them.
The new transponder appears in the Tree with a system-generated generic name, and a
dialog box appears allowing you to define its basic parameters.
2. In Operator Reference Name, enter a name for the transponder to identify it in the Tree.
3. You must enter the Translation Frequency. This information can be obtained from your
satellite provider. The frequency, in MHz, is transponder specific. It is that frequency used
to down convert the radio frequency (RF) uplink to the RF downlink for retransmission
from the satellite. This information must be correct for your networks to function
correctly.
4. Enter the information for the remaining fields, which can also be obtained from your
service provider. This information is for reference purposes only.
5. Click OK. A transponder appears in the Tree.
The new bandwidth entry appears in the Tree with a system-generated generic name, and
a dialog box appears allowing you to define its basic parameters.
2. On the Information tab, in the Operator Reference Name box, enter a name to identify
the bandwidth in the Tree.
3. Enter the Center Frequency, Bandwidth, and Power values, which can be obtained from
your service provider. This information is for reference purposes only.
4. Click OK. A bandwidth entry appears in the Tree.
The new carrier appears in the iBuilder tree with a system-generated generic name, and a
dialog box appears allowing you to define its basic parameters.
Note: iDX Release 3.1 does not support CCM. However, you can simulate CCM by
selecting the same Minimum MODCOD and Maximum MODCOD. You must also
adjust your DVB-S2 network parameters as described in “Adjusting DVB-S2
Parameters for CCM Networks” on page 141.
2. Enter a Name for the downstream carrier.
3. Enter the Uplink Center Frequency. This frequency assignment is provided as part of the
satellite link budget process and comes from the satellite provider.
4. The Downlink Center Frequency is automatically calculated when you click in the
Downlink Center Freq box, based on the transponder translation frequency.
5. In Power, enter a value for the transmit power. The default is -25 dBm.
6. Carrier Spacing is an optional field that you can use to document the total width of your
carriers. It represents the occupied bandwidth plus the guard band normalized by the
symbol rate. For more information, see the chapter titled “Carrier Bandwidth
Optimization” in the iDirect Technical Reference Guide.
7. Select the Modulation for your carrier. You can select ACM (Adaptive Coding and
Modulation) if you are configuring a DVB-S2 downstream carrier. You can select BPSK,
QPSK or 8PSK if you are configuring an iNFINITI downstream carrier.
8. If you are configuring a DVB-S2 carrier, the DVB-S2 Range parameters appear on the
screen. To configure these fields:
a. Select both a Minimum M ODCOD and a Maximum MODCOD. This defines the range of
MODCODs used on the downstream carrier.
Note: To simulate CCM select the same Minimum MODCOD and Maximum MODCOD.
You must also adjust your DVB-S2 network parameters as described in
“Adjusting DVB-S2 Parameters for CCM Networks” on page 141.
b. Click the MODCOD Distribution button to estimate the Information Rate for your DVB-
S2 carrier based on the MODCODs that the remotes in your network are able to
receive. See “Estimating the Information Rate for a DVB-S2 Carrier” on page 83 for
details.
Note: In earlier releases, you could configure a single Multicast MODCOD on this
screen. Beginning in iDX Release 2.0, you can configure a different Multicast
MODCOD for each Application. See “Adding Applications to Application Service
Groups” on page 230 for details.
9. Select the type of Error Correction to be used for this carrier. For DVB-S2 carriers, you
must select LDCP BCH. For information on the available FEC rates and modulation modes,
see the chapter titled “iDirect Modulation Modes and FEC Rates” in the iDirect Technical
Reference Guide.
10. In the Assigned to Line Card box, select the line card to which this carrier is to be
assigned. If no card is available for selection, you must configure a new card or re-
configure an existing card for use by this carrier.
11. The Carrier Type must be set to Downstream. This will be selected by default.
12. For DVB-S2 downstream carriers, enter the Symbol Rate for your carrier. (You cannot
enter a Transmission Rate or Information Rate for DVB-S2 carriers.) The symbol rate for
DVB-S2 carriers must be between 1000 and 45000 ksym.
For iDirect iNFINITI downstream carriers, enter either a Transmission Rate, Information
Rate, or Symbol Rate. See also the chapter titled “iDirect Modulation Modes and FEC
Rates” in the iDirect Technical Reference Guide. Entering any of the rate values will
cause the remaining rates and the Occupied Bandwidth to be automatically calculated.
Typically, you will enter a desired transmission rate and the service provider will
determine if that can be accomplished.
Symbol Rate is related to Transmission Rate based on the selected Modulation as
follows:
• For BPSK, the Symbol Rate is equal to the Transmission Rate.
• For QPSK, the Symbol Rate is half the Transmission Rate.
• For 8PSK, the Symbol Rate is one third the Transmission Rate.
For example, if you enter 2800 kbps into the Transmission Rate box, the Symbol Rate
box is automatically calculated to be 2800 ksym for BPSK, 1400 for QPSK, or 933.33 ksym
for 8PSK.
The symbol rate for iNFINITI downstream carriers must be between 64 and 15000 ksym.
13. In Timeplan Parameters, enter the number of FEC Blocks in each frame. The frame
length is automatically calculated, based on FEC Blocks, FEC rates and transmission data
rate. iDirect recommends that the number of FEC blocks is set such that the frame length
is ~125 ms.
14. Frame Length is automatically calculated based on the data rates, modulation type and
FEC rate selected in previous steps.
15. If you are using the iDirect Spread Spectrum feature, select a Spreading Factor in the
Spreading Parameters area of the dialog box. The following downstream Spreading
Factors can be selected:
• No Spreading
• COTM SF=2: Spreading factor of 2
• COTM SF=4: Spreading factor of 4
• COTM SF=8: Spreading factor of 8
Note: The iDirect Spread Spectrum feature is only supported for BPSK modulation.
You will not be able to select a Spreading Factor unless you have selected BPSK
in the Modulation field. For a complete description of this feature, see the
chapter titled “Spread Spectrum” in the iDirect Technical Reference Guide.
Note: A Downstream Spreading Factor of 8 is only available for Evolution hub line
cards transmitting to Evolution Remotes.
16. Click OK. The outbound carrier appears in the Tree.
The new carrier appears in the Tree with a system-generated generic name, and a dialog
box appears allowing you to define its basic parameters.
4. The Downlink Center Frequency will automatically be calculated when you click the
Downlink Center Freq box, based on the transponder translation frequency.
5. Carrier Spacing is an optional field you can use to document the total width of your
carriers. It represents the occupied bandwidth plus the guard band normalized by the
symbol rate. On multichannel receive line cards, carrier spacing is enforced when you
select the TDMA upstream carriers for your line card to prevent overlap. For more
information on carrier spacing, please see the chapter titled “Carrier Bandwidth
Optimization” in the iDirect Technical Reference Guide.
6. Select the Modulation for your carrier: BPSK, QPSK or 8PSK.
7. In the Error Correction drop-down list, select the type of forward error correction (FEC).
See also the chapter titled “iDirect Modulation Modes and FEC Rates” in the iDirect
Technical Reference Guide.
Note: Beginning with iDX Release 3.0, TPC Error Correction is no longer supported on
upstream carriers in DVB-S2 networks. 2D 16-State Inbound Coding must be
selected for your carrier if you are using a DVB-S2 downstream.
Note: Only Evolution line cards can receive 8PSK Modulation with .793 Error
Correction. iNFINITI line cards cannot receive 8PSK / .793 FEC.
8. When building a new carrier, the Assigned to Line Card box is not available. The field is
populated automatically after the satellite is assigned to this Hub RFT and this carrier is
assigned under the hub line card configuration.
9. Star is automatically selected as your Carrier Type. Only Star TDMA upstream carriers are
supported in iDX Release 3.1.
10. Enter either a Transmission Rate, Information Rate, or Symbol Rate. See also the
chapter titled “iDirect Modulation Modes and FEC Rates” in the iDirect Technical
Reference Guide. Entering any of the rate values will cause the remaining two rates to be
automatically calculated.
Symbol Rate is related to Transmission Rate based on the selected Modulation as
follows:
• For BPSK, the Symbol Rate is equal to the Transmission Rate.
• For QPSK, the Symbol Rate is half the Transmission Rate.
• For 8PSK, the Symbol Rate is one third the Transmission Rate.
For example, if you enter 2800 kbps into the Transmission Rate box, the Symbol Rate
box is automatically calculated to be 2800 ksym for BPSK, 1400 for QPSK, or 933.33 ksym
for 8PSK.
The Symbol Rate for Star carriers must be between 64 and 7500 ksym.
Note: All star carriers in an Inroute Group must have the same symbol rate.
Note: Evolution X1 remotes cannot use TDMA upstream carriers larger than 2
Msym.
11. In the Timeplan Parameters section:
a. The Acquisition Aperture Length is the size of the acquisition window in the Time
Plan. It is automatically calculated as a percentage of bandwidth.
b. Guard Band is the time between bursts on the TDMA upstream carrier. This parameter
is typically set to eight symbols.
Note: Whenever your TDMA upstream carrier is assigned to an Inroute Group or the
characteristics of the downstream carrier for your network are modified, the
Guard Band reverts to the default setting of 8 symbols. Therefore, if you
changed the Guard Band and want to maintain the new setting, you must
modify your carrier and reconfigure the Guard Band after either of those
operations.
c. Frame Length and Traffic Slots for an upstream carrier are determined when the
carrier is assigned to a line card in a network with a downstream carrier already
assigned. Frame Length is the size of the Time Plan frame in msec. Each frame is
composed of or divided into many time slots, based on data rate, FEC, etc. Each time
slot is a slice of time allotted to a remote to send its data traffic.
12. If you are using the iDirect Spread Spectrum feature, select a Spreading Factor in the
Spreading Parameters area of the dialog box. The following upstream Spreading Factors
can be selected:
• No Spreading
• COTM SF=1: This spreading factor is applicable to fast moving mobile applications
only. As with a spreading factor of 1, there is no spreading. However, the size of the
carrier unique word is increased, allowing mobile remotes to remain in the network
when they might otherwise drop out. This advantage comes at the cost of a slightly
lower information rate.
• COTM SF=2: Spreading factor of 2
• COTM SF=4: Spreading factor of 4
• COTM SF=8: Spreading factor of 8
• COTM SF=16: Spreading factor of 16
Note: The iDirect Spread Spectrum feature is only supported for BPSK modulation.
You will not be able to select a Spreading Factor unless you have selected BPSK
in the Modulation field. For a complete description of this feature, see the
chapter titled “Spread Spectrum” in the iDirect Technical Reference Guide.
Note: Upstream Spreading Factors of 8 and 16 are only available for Evolution
Remotes transmitting to Evolution hub line cards.
Note: Upstream Spread Spectrum is not supported for upstream carriers received by
XLC-M or eM0DM line cards.
13. Click OK to save your settings.
The new carrier appears in the Tree with a system-generated generic name, and a dialog
box appears allowing you to define its basic parameters.
Note: As shown in Figure 87, you can distinguish an SCPC upstream carrier from a
TDMA upstream carrier by the “S” in the carrier icon in the iBuilder tree.
Note: Additional Guard Band is required for SCPC return channels being transmitted
by some mobile remotes. See “Guard Band for SCPC Return Channels” on
page 477.
6. Select the Modulation for your carrier. You can select BPSK, QPSK or 8PSK.
7. Select the type of Error Correction to be used for this carrier. Only 2D 16-State Coding is
supported for SCPC upstream carriers.
Note: For information on the available FEC rates and modulation modes, see the
chapter titled “iDirect Modulation Modes and FEC Rates” in the iDirect
Technical Reference Guide.
8. Enter either a Transmission Rate, Information Rate, or Symbol Rate. Entering any of the
rate values will cause the remaining rates and the Occupied Bandwidth to be
automatically calculated.
Note: Not all configurable Symbol Rates and Modulations are supported for some
mobile applications. See “Minimum Symbol Rates for Mobile Remotes” on
page 474.
9. In Frame Parameters, the Frame Length and the number of FEC Blocks per Frame are
automatically calculated based on the selected Error Correction.
10. If you are using the iDirect Spread Spectrum feature, select a Spreading Factor in the
Spreading Parameters area of the dialog box. The following SCPC upstream Spreading
Factors can be selected:
• No Spreading
• COTM SF=2: Spreading factor of 2
• COTM SF=4: Spreading factor of 4
• COTM SF=8: Spreading factor of 8
• COTM SF=16: Spreading factor of 16
Note: The iDirect Spread Spectrum feature is only supported for BPSK modulation.
You will not be able to select a Spreading Factor unless you have selected BPSK
in the Modulation field. For a complete description of this feature, see the
chapter titled “Spread Spectrum” in the iDirect Technical Reference Guide.
Note: Upstream Spread Spectrum is not supported for upstream carriers received by
XLC-M or eM0DM line cards.
11. In the Uplink Control Parameters area of the dialog box (Figure 88 on p. 80), you can
specify the Operating Margin and the three Power Adjust parameters. The Uplink
Control Parameters are defined as follows:
Note:You can click and drag the Power Adjust sliders to vary the C/N ranges and
automatically update the Power Adjust settings.
12. Click OK to save the SCPC Upstream carrier definition.
Note: If your SCPC return channel will being transmitted by a mobile remote, you may
need to adjust the upstream acquisition range by configuring a custom key on
the receive line card once you have assigned your carrier to the line card. See
“SCPC Upstream Acquisition Range” on page 475 for details.
Figure 89 shows an instance of the MODCOD Distribution Calculator. The range of the
MODCOD column is limited to the DVB-S2 Range defined for the carrier assigned to this
network. The Total row shows the totals for the columns.
2. Double-click the cells to enter either the percentages of traffic or the Information Rates
that you estimate will be transmitted on the different MODCODs for remotes receiving
this carrier.
If you change the percentages in the Distribution column, the Information Rate for each
MODCOD is automatically recalculated and the total is displayed in the Total row. If you
change bit rates in the Information Rate column, percentages in the Distribution column
are automatically recalculated and the new total percentage is displayed in the Total
row.
Figure 90 shows the results of changing the percentages in the Distribution column.
In the example in Figure 90, the network operator estimates that 20% of the remotes
typically receive 16APSK-4/5, 20% receive 16APSK-5/6, and the remaining 60% receive
16APSK-8/9 (the best MODCOD defined for the carrier). Based on this input, the calculator
determines the estimated Information Rate for the carrier to be 6532 kbps.
3. Click OK to save your changes.
A variation of the MODCOD Distribution Calculator can be used to calculate the effective MIR
and CIR for Group QoS nodes. See “Estimating Effective MIR and CIR for DVB-S2 Networks” on
page 218 for details.
The Teleport is the highest component in the Tree hierarchy and represents the facility where
the antenna and, typically, the rest of the Hub equipment is housed. After adding a Teleport,
you can add a Protocol Processor (PP), Blades, Hub RFT, and Chassis to the Tree. This chapter
discusses how to configure all of these components, with the exception of the chassis.
Because the chassis requires a different type of configuration process, it is discussed in
another chapter. See “Configuring a Hub Chassis” on page 277.”
This chapter contains the following sections:
• “Adding a Teleport” on page 85
• “Adding a Backup Teleport” on page 87
• “Adding a Hub RFT” on page 90
• “Adding a Protocol Processor” on page 90
• “Adding a Protocol Processor Blade” on page 94
• “Setting Warning Properties for Protocol Processor Blades” on page 93
• “Adding a VLAN” on page 96
• “Adding a SkyMonitor Spectrum Analyzer” on page 98
The new teleport appears in the Tree with a system-generated generic name, and a dialog
box appears allowing you to define its basic parameters.
2. On the Information tab, enter a name and a phone number for your Teleport facility.
3. Click the Geo Location tab.
The Geo Location identifies precisely where the Uplink facility (the Hub RFT) is
geographically located on the Earth. The teleport transmits the uplink signal to the
satellite and receives the downlink signal from the satellite.
Note: The Geo Location information must be accurately configured for your
remotes to function correctly in an iDirect network.
4. Enter the exact Latitude and Longitude of your teleport facility. This information can be
obtained from your service provider or can be determined with a GPS device. Be sure to
select the correct hemisphere for each. Latitude represents North and South; longitude
represents East and West.
5. Click OK to save your settings. The Teleport appears in the Tree.
Note: To configure Geographic Redundancy you must have a Global NMS licence, and
you must configure your remotes as roaming remotes. See the iDirect Technical
Reference Guide for a description of this feature. See “Roaming Remotes” on
page 181 for details on configuring your remotes as roaming remotes.
Evolution X1 remotes do not support this functionality.
The procedure for configuring your backup teleport assumes that your primary teleport is
already operational and that your backup teleport has been installed. Generally, the iBuilder
configuration of the backup components should be identical to the configuration of the
primary teleport. During operation, any configuration changes that you make at the primary
teleport should also be made at the backup teleport. This can be accomplished using the NMS
database backup and restore utility described in the iDirect Technical Note NMS Redundancy
and Failover for your release.
Note: If you are using the same outbound carrier for your primary and backup
teleports, the teleport operator must disable the backup transmitter while the
primary teleport is operational. In the event of failure of the primary site, the
teleport operator must enable the backup transmitter for the backup teleport
to become operational.
Using iBuilder at the primary teleport, follow these steps to configure your backup teleport
hub equipment and to add your existing remotes to the backup teleport’s networks. The
procedure assumes that your primary teleport and the networks it controls are already
configured in iBuilder and operational.
1. Add the backup teleport to your network by following the steps in the section “Adding a
Teleport” on page 85. Then configure all the components of the backup teleport,
including:
• The Hub RFT (See “Adding a Hub RFT” on page 90.)
• The Protocol Processor (See “Adding a Protocol Processor” on page 90.)
• Protocol Processor Blades (See “Adding a Protocol Processor Blade” on page 94.)
• Networks (See “Adding a Network” on page 105.)
• Line Cards (See “Adding a Transmit or Transmit and Receive Line Card” on page 108.)
• Inroute Groups (See “Adding Inroute Groups” on page 132.)
2. Right-click the backup teleport in the network tree and select Modify Item.
3. In the Backup NMS area of the Teleport dialog box, select Enabled (Figure 93).
4. Enter the IP address (or addresses) of the NMS server(s) at your backup teleport.
5. Click OK to save your changes.)
Note: A distributed NMS requires up to three IP addresses for the NMS servers. If you
do not have a distributed NMS at the backup site, all three IP addresses should
be identical.
6. Add each of your remotes to the backup teleport as follows:
a. Right-click the remote in the network tree and select Add to Networks from the
menu to display the Roaming dialog box.
b. In the Roaming dialog box, select the remote’s Network under the backup teleport.
c. Click OK to save your changes.
7. At this point, all remotes will have changes pending. Apply the changes for each network
as follows:
a. Right-click the network in the tree and select Apply Configuration Multiple.
b. In the Automated Configuration Downloader dialog box, select all remotes and line
cards.
The new Hub RFT appears in the Tree with a system-generated generic name, and a dialog
box appears allowing you to define its basic parameters.
2. Enter a name for the Hub RFT, and then select the subcomponents for the Hub RFT from
each of the drop-down list boxes.
3. Select the Satellite to which this Hub RFT is assigned.
4. Click OK. The Hub RFT appears in the Tree with its new name.
WARNING! iDirect strongly recommends changing the default password of your protocol
processor as soon as possible.
Note: A license is required for all Protocol Processor blades and line cards that use
the TRANSEC feature. If your blades are not licensed to use the TRANSEC
feature, you will not be able to add a TRANSEC protocol processor in iBuilder.
For complete details on requesting and installing iDirect licenses, see the
iDirect Features and Chassis Licensing Guide.
To configure a TRANSEC network in iBuilder, you must first create one or more TRANSEC
protocol processors. All network elements that you subsequently create under a TRANSEC
protocol processor will be part of your TRANSEC-compliant network.
TRANSEC networks require TRANSEC-capable remote and line card model types. For a list of
compatible model types, see “TRANSEC Hardware Requirements” on page 394.
All hosts in an iDirect TRANSEC network must have X.509 certificates issued by the iDirect
Certificate Authority (CA) Foundry. Hosts include NMS Servers, Protocol Processor blades,
TRANSEC line cards, TRANSEC remotes, and GKD Servers. You should issue your certificates
before creating your TRANSEC network. For details on the certification process, see “Using
the iDirect CA Foundry” on page 417.
Follow these steps to add a protocol processor:
1. To create a Protocol Processor (PP), right-click the Teleport, and select Add Protocol
Processor. (If you are adding a TRANSEC protocol processor, you can select either Add
Protocol Processor or Add TRANSEC Protocol Processor.)
The new Protocol Processor appears in the Tree with a system-generated generic name,
and a dialog box appears allowing you to define its basic parameters.
2. On the Information tab, enter a Name for your Protocol Processor (PP).
3. Enter your User Password and the Admin Password. The default passwords are shown in
Figure 97. Make sure you record any changed password in case you forget it. You will not
be able to log in with the default passwords once they are changed.
4. In Download Monitor Credentials, enter any value greater than one and less than four
billion. (This number is used for multicast firmware image download and can be
duplicated across multiple PPs It is critical for communications between the NMS and
network elements.)
5. In Upstream Gateway, enter the IP address of your upstream router. This should be the
address of the router interface connected to the upstream LAN segment.
6. Click Enabled RIPv2 if you want the Protocol Processor to advertise remote routes to your
upstream router using the protocol RIPv2. This setting affects your default VLAN only.
7. Select the Upstream and Tunnel Interfaces. The tunnel is the LAN segment between the
Protocol Processor and the line cards.
8. Select TRANSEC Enabled if you are adding a protocol processor for a new TRANSEC
network. (If you selected Add TRANSEC Protocol Processor from the iBuilder tree,
TRANSEC Enabled will already be selected.)
Note: You can also select TRANSEC Enabled to convert a non-TRANSEC network to a
TRANSEC network. However, before you select this option for an existing
network, you must ensure that all preliminary steps have been taken. Follow
the procedure in “Converting a Network to TRANSEC” on page 393 to convert
an existing network to TRANSEC.
Note: TRANSEC Enabled will not appear in the dialog box if you are not licensed for
TRANSEC. If you plan to deploy this feature, please contact the iDirect
Technical Assistance Center (TAC).
9. A persistent multicast group is a multicast group that includes all remotes communicating
with this protocol processor. A remote will be a member of this group even if it has not
been acquired into the network.
To add a persistent multicast group, click Add in the Multicast Groups section of the
Information tab to open the Persistent Multicast Group dialog box.
10. Enter the Vlan Id and the IP Address of the multicast group you want to add.
Note: For more information, see the Technical Note titled “IP Multicast in iDirect
Networks.”
Note: When you override global blade warnings on the Protocol Processor Warning
Properties tab, the new settings are applied to all blades of that protocol
processor. You cannot override the settings for the individual blades of a
protocol processor.
For details on configuring warning properties for line cards, remotes and protocol processors,
please see “Configuring Warning Properties” on page 52.
c. Click the Add button to open the Protocol Processor Blade Dialog Box (Figure 100 on
page 95).
2. Alternatively, right-click the Protocol Processor in the Tree and select Add Blade.
In either case, the Protocol Process Blade dialog box appears allowing you to define its
parameters.
End-to-End VLAN
Network
PP Blade 1
Upstream PP Blade 2
Remote
VLAN SAT
Remote VLAN
Link
Segment PP Blade 3
Segment
VLAN-Aware
Switch or
Router
PP Blade 4
For more information on VLANs, see “VLAN and LAN Information” on page 151.
To add a VLAN:
1. Right-click the Protocol Processor in the Tree and select Modify Item.
If a new blade is subsequently added for scalability, all VLAN end addresses will be
automatically updated to give the new blade the appropriate upstream interfaces, and the
VLANs will be added to the new blade.
Note: If a line like this is already present for eth0, but contains a different value (e.g.
1500), then edit the line to the above value. The MTU value can also be
checked by typing ifconfig at the prompt to display the MTU size.
WARNING! Do not change the default MTU (1500) on the tunnel interface (eth1).
configured in iBuilder to monitor one or more L-band carriers or a specific area of the
spectrum.
Using standard Ethernet connectors, you can connect one or more SkyMonitor spectrum
analyzers to any network reachable from your NMS. However, iDirect recommends a direct
connection on your upstream LAN. In addition, a single iDirect Global NMS can connect to
multiple SkyMonitor units at multiple hub locations. Each unit can operate using either an
internal reference clock or an external 10 MHz reference signal. For details on SkyMonitor
installation, see the iDirect SkyMonitor 1880 Spectrum Analyzer Installation and Safety
Manual.
Note: SkyMonitor is a licensed feature. If you plan to add SkyMonitor units to your
networks, please contact the iDirect Technical Assistance Center (TAC).
From iBuilder, you can associate a SkyMonitor port with the Tx or Rx carrier of a line card, or
you can manually configure the center frequency, span and resolution bandwidth (RBW) to be
displayed for that port. Once you have configured your SkyMonitor units, you can view your
carriers in iMonitor. See the iMonitor User Guide for details on viewing your carriers.
Once your SkyMonitor unit has been installed on the hub LAN, follow these steps to configure
it in iBuilder:
1. Right-click your teleport in the network tree and select Add Sky Monitor.
Note: The serial number of each of your SkyMonitor units is included in your
SkyMonitor license. The NMS software verifies that the serial numbers in the
license match the serial numbers configured in iBuilder. Therefore you must
enter the correct value for the Serial Number for the SkyMonitor feature to
work.
Note: The serial number on the SkyMonitor chassis may not match the serial number
programmed into the SkyMonitor unit required to validate the configuration in
iBuilder. If you do not know the correct serial number, please contact the
iDirect TAC for assistance.
5. Select an RF Port and click the Modify button (Figure 105) to display the RF Port dialog
box.
Note: In iMonitor, you can view your carriers by selecting either the assigned line
card carrier or the SkyMonitor unit in the network tree. When you view a
carrier by right-clicking its line card, the Center Frequency and Span are
automatically calculated based on the carrier configuration. When you view
bandwidth by right-clicking the SkyMonitor icon, the center frequency, span
and RBW from this configuration screen are used. Therefore, you can configure
both iDirect carriers and a Center Frequency, Span and RWB for the same RF
port.
7. If desired, enter the Center Frequency, Span and RBW that you want to use when
monitoring this port.
These fields may be left at zero if you are assigning one or more iDirect carriers to this RF
Port. These fields are required if you are monitoring bandwidth that is not associated with
a line card.
8. You can use the Available Line Card drop-down menu to associate the port with one or
more iDirect carriers. Tx-only and Rx-only line cards have one entry in the list of available
line cards. Tx/Rx line cards have two entries in the list: one for the transmit carrier and
one for the receive carrier.
Select each line card / carrier that you want to monitor on this RF Port. Then click the
Add button to add that line card as an Assigned Line Card for this port.
9. If you want to remove a line card from this port, select the line card in the Assigned Line
Card area and click Remove.
10. Click OK to return to the main SkyMonitor dialog box.
11. Once you have configured your RF Ports, click OK in the main SkyMonitor dialog box to
save the SkyMonitor configuration.
Figure 108 shows the SkyMonitor dialog box after configuring RF Port 4 to monitor two iDirect
carriers and also configuring a Center Frequency and Span for the port itself.
Figure 108. SkyMonitor Port Configured for Two Carriers and Center Frequency
Using Figure 108 as an example, when you launch SkyMonitor from the iMonitor tree it will
automatically tune RF port 4 as follows:
• If you launch SkyMonitor by right-clicking line card M1D1-41401, SkyMonitor will
automatically tune port 4 to Center Frequency 1520000 kHz. (This is the center
frequency configured for the carrier named Down 1520. iBuilder automatically appends
the carrier name to the line card name in the dialog box.)
• If you launch SkyMonitor by right-clicking line card M1D1-41402, SkyMonitor will
automatically tune port 4 to Center Frequency 1510000 kHz, which is the center
frequency of carrier Down 1510.
• If you launch SkyMonitor from the SkyMonitor unit in the iMonitor tree, SkyMonitor will
automatically tune port 4 to Center Frequency 1222000 kHz, which is the center
frequency configured for the SkyMonitor port.
This chapter explains how to add an iDirect Network and its sub-elements to the iBuilder tree.
The network sub-elements include the line cards or 10000 series satellite hub, the inroute
groups, and the remotes. Before you add a Network, you must have already added a Protocol
Processor.
This chapter contains the following sections:
• “iDirect Line Card and Hub Models” on page 104
• “Adding a Network” on page 105
• “Line Card Types” on page 107
• “Adding a Transmit or Transmit and Receive Line Card” on page 108
• “Setting Warning Properties for Line Cards” on page 110
• “Adding Receive-Only (Rx-Only) Line Cards” on page 111
• “Deleting a Line Card” on page 116
• “Changing to an Alternate Downstream Carrier” on page 118
• “Defining a Standby Line Card” on page 120
• “Adding Inroute Groups” on page 132
• “DVB-S2 Network Parameters” on page 137
Note: Beginning with iDX Release 2.0, a line card must be assigned to a hub chassis
before it can become operational. Until a line card is assigned to a hub chassis,
the line card will be in the incomplete state in the iBuilder Tree and you will be
unable to apply changes to the line card. See “Configuring a Hub Chassis” on
page 277 for details on assigning a line card to a chassis.
Note: iNFINITI line cards can only be used to transmit iNFINITI outbound carriers.
They cannot be used to transmit DVB-S2 outbound carriers.
Note: iDX Release 3.1 only supports TRANSEC on eM1D1 line cards in DVB-S2
networks. TRANSEC is not supported on iNFINITI line cards or in iDirect iNFINITI
networks.
You can use any of the following line card Model Types in this release.
• Evolution eM1D1 line card (DVB-S2 and iNFINITI outbound carriers)
• Evolution XLC-11 line card (DVB-S2 and iNFINITI outbound carriers)
• Evolution XLC-10 line card (Tx-only)
• Evolution eM0DM line card (Rx-only, Multichannel.)
• Evolution XLC-M line card (Rx-only, Multichannel, Narrowband TDMA Multichannel.)
• iNFINITI M1D1 line card (Transmit/Receive)
• iNFINITI M0D1 line card (Receive-only)
• iNFINITI M0D1-NB line card (Narrowband, Receive-only)
• iNFINITI M1D1-T line card (TRANSEC is not supported on this line card in iDX Release 3.1.)
• iNFINITI M1D1-TSS line card (Spread Spectrum. TRANSEC is not supported on this line card
in iDX Release 3.1.)
• iNFINITI 10000 series Private Hub
• iNFINITI 10000 series Mini Hub
The new network appears in the Tree with a system-generated name, and a dialog box
appears allowing you to define its parameters.
Note: If you enable Inhibit Tx (When beam quality = 0) and your beam maps have
been designed to avoid unnecessary beam switching, it is possible that a
remote may mute its transmitter when you do not desire it. If you have
questions, please contact the iDirect TAC before enabling this feature.
5. If you want to add a persistent Multicast Group to your network:
a. In the Multicast Groups section of the dialog box, click the Add button to display the
Persistent Multicast Group dialog box (Figure 110).
b. In the Persistent Multicast Group dialog box, enter the VLAN Id and the multicast
Address for the persistent multicast group.
c. Click OK in the Persistent Multicast Group dialog box.
Note: For more information, see the Technical Note titled “IP Multicast in iDirect
Networks.”
6. Click OK in the Network box to save your network configuration.
7. Once you have added remotes to your network, in the Remotes section of the screen, you
can activate or deactivate any remote in your network by selecting or clearing the
appropriate check box.
Note: You must deactivate a network before you can delete it. When a network is
activated, a check mark is shown next to the Activate Network selection in the
iBuilder tree context menu. To deactivate a network, right-click the network in
the tree and select Activate Network to remove the check mark. After applying
all resulting changes, you will be able to Delete the network.
The various Line Card Types as they appear in iBuilder are defined as follows:
• Transmit Line Card: Transmit-only line card. The line card can transmit an outbound
carrier, but cannot receive an inbound carrier.
• Receive Line Card: Receive-only line card. The line card can receive an inbound carrier,
but cannot transmit an outbound carrier.
• Transmit and Receive Line Card: The line card can transmit an outbound carrier and
receive an inbound carrier. (This selection also applies to Private Hubs and Mini Hubs.)
• Standby Line Card: The line card acts as a standby (spare) line card for one or more
active line cards in a chassis or chassis group.
• Solo Transmit and Receive Line Card: A Transmit and Receive Line Card that is the only
active hub line card in a network. You cannot add additional Receive Line Cards to the
network if you select this option. A Solo line card can co-exist with other Solo line cards
or with one other Tx or Tx/Rx line card in a single Chassis Timing Group.
The new line card appears in the Tree with a system-generated generic name, and a
dialog box appears allowing you to define its basic parameters.
WARNING! You must correctly specify both the serial number and the model type for a
line card or hub to function properly. If you configure an M1D1 card as an
M0D1 card, for example, the line card will not operate in a network.
5. Select the Line Card Type from the drop-down box. See “Line Card Types” on page 107
for options.
6. Select the Hub RFT that is associated with this network. This allows you to select the
appropriate carriers in Step 11.
7. Under LAN / MGMT IP Address, enter the IP Address, Subnet Mask, and Gateway used by
the NMS to communicate with the line card.
8. Under GIG0 IP Address:
a. Enter the IP address for downstream data from the protocol processor to the network.
b. Use the drop-down menu to set the Speed of your GIG0 port to 100 Mbps or 1000
Mbps.
Note: Your switch and chassis must support the selected port speed. (Older iDirect
chassis do not support 1000 Mbps.) Also, you must specifically configure the
port speed on your switch to be the same as the port speed selected for the line
card. Do not set the switch to auto-negotiate.
Note: Beginning with iDX Release 3.0, you cannot modify a line card’s Model Type,
Receive Mode, Serial Number, or Line Card Type once a Receive Carrier is
assigned to the Line Card. You must unassign the carrier to change these fields.
To unassign a receive carrier from a line card, first remove the carrier from its
inroute group or line card (in SCPC return mode) and then select None in the
Carrier Name field.
12. If desired, you can select an Alternate Downstream Carrier in the Alternate Transmit
Properties area of the dialog box.
An alternate downstream carrier is configured in order to facilitate moving a network to a
new downstream carrier while minimizing the chance of stranding remotes in the process.
See “Changing to an Alternate Downstream Carrier” on page 118 for the procedure to
move your network from the current transmit carrier to the alternate downstream carrier.
Note: You cannot select an alternate downstream carrier for your transmit line card
if your NMS server is licensed for the Global NMS feature.
13. The line card appears in the Tree under the Network.
Note: For details on deleting a line card, see “Deleting a Line Card” on page 116.
Note: Beginning with iDX Release 3.0, you cannot modify a line card’s Model Type,
Receive Mode, Serial Number, or Line Card Type if a Receive Carrier is assigned
to the Line Card.
The new line card appears in the Tree with a system-generated generic name, and a
dialog box appears allowing you to define its basic parameters.
3. Select the Model Type of the line card. (See “iDirect Line Card and Hub Models” on
page 104 for a list of available line card model types.)
4. Select the Receive Mode of your receive line card. (See page 111 for an explanation of
the available receive modes.)
5. Enter the line card’s Serial Number. A Derived ID (DID) is automatically generated.
6. Under LAN / MGMT IP Address, enter the IP Address, Subnet Mask, and Gateway used by
the NMS to communicate with the line card.
7. Enter the GIG0 IP Address if applicable to this Model Type.
8. By default, the User Password is set to iDirect and the admin password is set to
P@55w0rd!. You may specify alternate passwords.
9. In Receive Properties, if you selected Single Channel TDMA mode or Single Channel
SCPC mode, select the Carrier associated with this line card.
Note: To enable Single Channel SCPC mode for an XLC-M line card, you must choose
Multiple Channel SCPC mode for Receive Properties, and select the Carrier
associated with the line card.
Note: Beginning with iDX Release 3.0, you cannot modify a line card’s Model Type,
Receive Mode, Serial Number, or Line Card Type once a Receive Carrier is
assigned to the Line Card. You must unassign the carrier to change these fields.
To unassign a receive carrier from a line card, first remove the carrier from its
inroute group or SCPC line card and then select None in the Carrier Name field.
10. To add your carriers in Multiple Channel TDMA mode or Multiple Channel SCPC mode,
follow the procedure in the next section, “Adding Multiple Receive Carriers to a Line
Card.”
11. Once you have added your carrier or carriers, click OK to save the line card configuration.
The receive line card appears in the iBuilder Tree under the Network.
If you selected Multiple Channel TDMA Mode or Multiple Channel SCPC Mode, the Receive
Properties area of the line card dialog box changes to the tabular format shown in Figure 114
Figure 115 shows the Select Carrier dialog box for a multichannel line card in Multiple
Channel SCPC mode. Notice that the line card is licensed for eight carriers and seven have
been selected.
2. Enter a Line Card Center Frequency. This is the uplink RF center frequency of a 36 MHz
operational band. (The operational band must fall between 950 MHz and 1700 MHz for an
XLC-M line card or between 950 MHz and 2000 MHz for an eM0DM line card.) All upstream
carriers received by this line card must be completely within the 36 MHz operational
band, which is graphically represented at the bottom of the dialog box. You will not be
able to select carriers outside the band.
3. From the list of carriers, select the check box of each carrier that you want to assign to
the line card. As you select your carriers, the Composite Information Rate, Occupied
Bandwidth and Carriers Selected fields all update automatically. (Grey font in the table
indicates an unselectable carriers. A carrier may not be selectable for a number of
reasons. For example, you cannot select a carrier that is outside the 36 MHz band or a
carrier that is already assigned.)
Note: Since all TDMA carriers assigned to a multichannel line card are in the same
inroute group, you can only select TDMA carriers with the same Symbol
Rate, Error Correction and Modulation. However, these properties do not
need to be the same for SCPC carriers assigned to a multichannel line card.
4. Each selected carrier is displayed on the graph as a vertical green or yellow bar. The
yellow bar represents the carrier currently selected (ID 11 in Figure 115.) If you attempt
to select a carrier that is outside the 36 MHz band, it will be displayed as a red bar.
5. Select Show carriers associated with other line cards to see TDMA and SCPC upstream
carriers in this line card’s frequency band that are assigned to other line cards. Carriers
assigned to other line cards appear as vertical orange bars in the graph (Figure 116).
Note: You can hover your curser over any carrier in the graph to see details of that
carrier’s configuration.
6. If you want to modify a carrier, double-click the carrier in the table, or select the row for
the carrier and click the Edit Carrier button.
7. If your line card is in Multiple Channel SCPC Mode, the User Group column appears on the
right side of the Select Carrier dialog box (Figure 115). In the User Group column, you
can associate a selected SCPC carrier with a return channel owned by the System user
group or by a VNO user group. Follow these steps:
a. Double-click the User Group field of the carrier.
b. Select the User Group from the drop-down menu (Figure 117).
Figure 117. Associating an SCPC Return Channel with a VNO User Group
The carrier is now assigned to one of the SCPC channels owned by the selected VNO
user group. The carrier automatically becomes visible to the VNO user group.
Note: Only VNO user groups that own channels on this SCPC line card appear in
the drop-down menu. For details on assigning SCPC return channels to VNO
user groups, see “Configuring VNO Access Rights for SCPC Return Channels”
on page 369.
8. Click OK to save the carrier selections.
Note: If you are deleting an Rx-only line card, skip directly to Step 5 on page 117.
1. Right-click the inroute group of the line card you want to delete and select ModifyItem
to display the Inroute Group dialog box.
2. If you are deleting a Tx or Tx/Rx Line Card, remove all Rx line cards from the inroute
group. If you are deleting an Rx-only line card, remove only this line card from the inroute
group.
To remove a line card from an inroute group:
a. Select the line card in the Line Cards area of the dialog box.
b. Click Remove. (Figure 118)
c. Click OK to save the changes to the line card. The line card will automatically be
placed in the “deactivation pending” state.
5. If this is an Rx-only line card, right-click the line card and select Activate Line Card to
remove the check mark (Figure 120). This puts the Rx line card in the “deactivation
pending” state.
6. Right-click the line card and select Apply ConfigurationReliable (TCP) to deactivate
the line card.
Note: You may not be able to apply the changes if your line card has failed. In that
case, you must ensure that the failed line card is powered off or disconnected.
If the line card is configured in a chassis, you can power off the slot from
iBuilder. (See “Configuring and Controlling the Hub Chassis” on page 280.) For
standalone line cards or private hubs, you should physically disconnect or
power off the line card.
WARNING! A failed transmit line card may continue to transmit if not deactivated or
powered off.
7. If you were not able to deactivate the line card, you will not be able to delete it from
iBuilder unless you first set it to standby. To set the line card to standby:
a. Right-click the line card and select ModifyConfiguration to display the Line Card
dialog box.
b. In the Line Card Type field of the dialog box, select Standby.
Note: Some Model Types (e.g. Private Hub) cannot be changed to Standby. If
Standby is not available for your Model Type, select a Model Type that
supports the Standby role and then change the Line Card Type to Standby.
c. Click OK to save the line card changes.
8. Right-click the line card in the iBuilder tree and select Delete.
WARNING! Remotes that have not been downloaded with the alternate downstream
carrier definition will be stranded. Site visits may be required to recover
those remotes.
When a remote rejoins a network configured with an alternate downstream carrier, it first
tries to acquire the last carrier it was receiving. When you follow the procedure in this
section, the old primary carrier is brought down and the new primary carrier begins
transmitting, forcing all remotes to lose lock and then try to rejoin the network. The remotes
first try to acquire the old active carrier before timing out and acquiring the new active
carrier. By default this timeout is set to five minutes (300 seconds). If you want to shorten this
timeout, define the following remote-side custom key on the Remote Custom tab for each
remote before executing the procedure.
[BEAMS_LOCAL]
net_state_timeout = <timeout>
where <timeout> is the number of seconds that the remote tries to acquire the primary
carrier before switching to the alternate carrier.
The example in this section shows how to swap the current active carrier (DVB-S2 Down
1250) with the alternate carrier (DVB-S2 Down 1230). This initial configuration is shown in
Figure 122. (If you want to move to the alternate carrier, but do not want to select a new
alternate carrier, select None in Step 2 of the procedure.)
Follow these steps to move your network to the alternate downstream carrier:
1. Right-click your transmit line card in the iBuilder Tree and select ModifyConfiguration.
2. In the Carrier Name field of the Alternate Transmit Properties section of the Line Card
dialog box, select the carrier that is currently defined as the active downstream carrier.
3. In Carrier Name field of the Transmit Properties section of the Line Card dialog box,
select the carrier that was configured as the alternate downstream carrier as the new
primary downstream carrier.
4. Click OK to save your changes. The iBuilder Tree will show changes pending on your
transmit line card, receive line cards, and remotes (hub-side and remote-side).
5. Apply the changes to your transmit and receive line cards. Also apply the hub-side
changes to your remotes.
Note: To avoid applying the remote-side changes twice, wait until the remotes have
re-acquired the network on the new carrier before applying the remote-side
changes.
At this point, the remotes will lose the original primary carrier. Since they were last
locked to that carrier, they will attempt to re-acquire on the same carrier. After the
remotes timeout, they will search for their alternate carrier which is the new active
carrier. At that point, the remotes will rejoin the network.
6. Once the remotes have rejoined the network on the new active carrier, apply the remote-
side changes.
Note: Any remotes that were not in the network at the time of the carrier change will
acquire the new carrier when they re-acquire the network since that carrier is
still defined as their alternate carrier.
• A cold standby is not pre-loaded with the same configuration as the active line card. Since
the configuration must be downloaded from the NMS server to the line card before the
standby can become operational, a line card acting as a cold standby for an active line
card takes significantly longer to take over for a failed active line card. However, a line
card can serve as a cold standby for multiple active line cards.
Automatic failover occurs when the NMS fails to receive the expected heartbeat message
from the active line card. The following prerequisite conditions must be met in order for the
failover operation to proceed:
1. A standby line card must be configured in iBuilder for the network to back up the failed
line card.
2. The standby line card must be in the OK state (and accessible from the NMS) as
determined by the NMS event server.
3. A standby line card backing up a Tx or Tx/Rx line card must be in the same chassis as the
failed line card.
4. A standby line card backing up an Rx-only line card must be in the same chassis or chassis
group as the failed line card.
5. The chassis must be accessible to the NMS through the TCP interface.
6. A standby line card must be a warm standby for at least one active line card. (There is no
requirement to establish any cold relationships.)
Note: When configuring a line card to backup a transmit line card, connect the Tx IFL
cable only after the standby line card configuration has been downloaded.
Once you have configured the line card, ensure that the cable is connected.
Default redundancy relationships are not established automatically when you configure
standby line cards for your networks. Therefore, once you have configured a standby line
card, you must explicitly configure the warm and cold redundancy relationships for that line
card on the chassis. (See “Managing Line Card Redundancy Relationships” on page 124 for
details.)
When you configure a standby line card in a network, you can limit the types of redundancy
relationships that an operator can configure for the line card using the Allow Failover For
field of the Standby Line Card dialog box. The following selections are available:
• None: The standby line card does not back up any active line cards. The line card cannot
be swapped (automatically or manually) for a failed line card until another selection is
made. The line card’s configuration will be labeled “incomplete” in the iBuilder tree.
• All: The standby line card can be configured to act as a warm standby for one line card
and as a cold standby for any remaining line cards. (Typically the standby line card is
configured as a warm standby for the Tx line card and as a cold standby for Rx line cards.
This favors the most critical line card. In a multi-inroute, frequency-hopping network, the
failure of a receive-only line card results in diminished upstream bandwidth only; remotes
will automatically load-balance across the remaining receive line card(s) without
dropping out of the network. However, if the transmit line card fails, the entire network
will be out of service.)
• Tx Only: The standby line card can be configured to act only as a standby for the Tx (or
Tx/Rx) line card.
• Rx Only: The standby line card can be configured to act as a warm standby for one Rx (or
Tx/Rx) line card and as a cold standby for all remaining Rx line cards.
In general, a standby line card can only back up line cards of the same model type. Table 3
shows the line card model types that can act as standby for each active line card model type.
Note: For a multichannel receive line card to back up another multichannel receive
line card, the backup line card must be licensed for at least as many upstream
channels as the active line card.
2. Enter a Name, Model Type, Serial Number, and LAN IP Address for the new line card.
3. Configure the GIG0 IP Address as required.
4. Make sure that Standby is selected for Line Card Type.
5. Select the desired option in the Allow Failover For drop-down list. Four selections are
available in the menu:
• Select None to disable failover. You cannot configure redundancy relationships for
this standby line card if None is selected. Changing a standby line card’s selection to
None deletes any existing redundancy relationships.
• Select All to allow the standby line card to be configured to backup all transmit and
receive line cards.
• Select Tx Only to allow the standby line card to be configured to backup only your
transmit (or Tx/Rx) line card.
• Select Rx Only to allow the standby line card to be configured to backup only your
receive line cards. (This includes Tx/Rx line cards.)
6. Click OK to save the standby line card configuration.
7. Once you have defined your standby line card, follow the procedures in the next section
“Managing Line Card Redundancy Relationships” to set up the line card’s redundancy
relationships.
The default view (By Standby) of the Manage line card redundancy dialog box is shown in
Figure 127.
Figure 127. Manage Line Card Redundancy Dialog Box: By Standby View
This dialog box has two views. The default view (By Standby, shown in Figure 127) lists each
standby line card on the left. On the right of each standby, the dialog box lists each active
line card backed up by the standby line card, and the standby line card’s relationship (warm
or cold) to the active line card.
The second view (By Active, shown in Figure 128) lists the active line cards on the left and
each of their standby line cards on the right.
Figure 128. Manage Line Card Redundancy Dialog Box: By Active View
To switch between views, right-click anywhere in the dialog box and select the View you want
from the menu.
The dialog box is divided into virtual backplanes, organized by the assignments of the line
cards to the chassis. The dialog box also shows the physical slot numbers and the redundancy
relationships of all line cards in the chassis.
Note: A standby line card must be assigned as a warm standby for an active line card
before it can become a cold standby for any additional line cards.
2. If there are any valid line cards available, a dialog box appears with a list of all valid
selections. (If you right-clicked a standby line card, available active line cards are listed.)
If you right-clicked an active line card, available standby line cards are listed. Both views
are shown in Figure 129.)
3. Select a line card from the list and click OK. iBuilder saves the configuration immediately.
4. Apply the changes to the standby line card by right-clicking the line card in the iBuilder
tree menu and select Apply Configuration.
2. If there are any valid line cards available, a dialog box appears with a a list of all valid
selections. (If you right-clicked a standby line card, available active line cards are listed.
If you right-clicked an active line card, available standby line cards are listed. Both views
are shown in Figure 130.)
3. Select a line card from the list and click OK. iBuilder saves the configuration immediately.
Note: You do not need to apply the changes to the cold standby line card. A cold
standby is automatically downloaded when a failover occurs.
Note: The only way to remove a warm relationship is to dissociate all relationships
from a standby line card. Therefore, once you remove a warm relationship, you
must recreate any cold relationships associated with that standby line card
after assigning a new warm relationship.
2. In the Dissociate cold standby dialog box, select all standby line cards that you no longer
want to serve as cold standbys for the active line card. Then click OK. The standby line
card will not be selected to take over for the active line card in the event that the active
line card fails.
Note: In order to perform a manual swap, the standby line card must have a
redundancy relationship with the active line card.
1. Right-click the active line card and select Swap Line Card from the menu.
2. In the dialog box, select the standby line card that you want to be the new active line
card.
Figure 132. Choosing a New Active Line Card During Line Card Swap
Note: For line cards with an active GIG0 port, the NMS expects a heartbeat message
from both line card LAN ports.
The NMS performs the following actions to attempt to switch a failed active line card and a
standby line card:
1. The NMS monitors the standby line card to ensure that the standby remains operational.
2. The NMS establishes a TCP connection to the failed line card and reconfigures it to be a
standby line card.
3. The NMS establishes a TCP connection to the original standby line card and reconfigures it
to be the new active line card.
4. The NMS re-establishes all redundancy relationships for the new standby line card,
mirroring the redundancy configuration of the old standby as it existed before the
failover.
If all of the steps above are successful, you will see the same sequence of events in iMonitor
that you see when you manually swap line cards. See Figure 133 on page 130.
In many cases, the NMS will be unable to configure the failed line card to be the new standby
line card. If the NMS cannot connect to the failed line card, it will power off the chassis slot
of that line card. It will then re-configure the original standby to be the new active line card
to recover the network. At that point, the system will be operational, but the failed line card
will be in an interim state requiring recovery. You should call the iDirect TAC to assist you in
diagnosing the reason for the failure and to guide you through the recovery process.
If the line card experienced a hard failure or internal component failure, you will be
instructed to remove the failed card from the chassis and return it to iDirect for repair. Some
failures, such as those listed below, may be repaired on-site.
• Switch port failure
• LAN cable failure
• FPGA image load failure or runtime flash corruption
WARNING! Do not power on the chassis slot of a failed line card unless the I/F Tx and Rx
cables are disconnected and you have recovered from the line card failure
condition.
Note: A dedicated SCPC upstream carrier is assigned directly to the remote that
transmits that carrier. Therefore, an SCPC remote is not part of an inroute
group. (See “Adding Remotes” on page 144 for details on assigning an SCPC
upstream carrier to a remote.)
The relationship between carriers, line cards, and inroute groups in a TDMA-only network is
shown in Figure 134. There are specific rules regarding the assignment of line cards to inroute
groups.
1. You cannot assign a line card to an inroute group unless its assigned carrier is identical in
data rate and FEC block size to the other line card(s) in that inroute group.
2. You cannot assign a line card to an inroute group if it is already assigned to another
inroute group. In this case, if rule 1 is true, you can un-assign the line card from its
current inroute group and re-assign it to the desired inroute group.
3. You may not change a line card’s carrier assignment if the line card is assigned to an
inroute group. However, you may modify the characteristics of the current carrier (see
rule 4).
4. If you modify either the FEC block size or data rate of a carrier that belongs to a line card
in an inroute group, iBuilder will automatically change all other carriers that belong to
the other line cards in that inroute group. It will prompt you first and allow you to cancel
the modify operation.
To assign a line card to an inroute group, modify the Inroute Group and click Add. iBuilder will
only show you line cards that are valid to be assigned to that inroute group. If you don’t see
line cards you expect to see, review the rules above.
Network
Tx/Rx -- or -- Rx Remotes
Remotes
Hub Line Card Remotes
Remotes
Inroute Carrier
(in Spacecraft folder in tree)
The new inroute group appears in the Tree with a system-generated generic name, and a
dialog box appears allowing you to define the basic parameters.
Note: Beginning with iDS Release 8.0, Free Slot Allocation is always on and is no
longer configurable on the Inroute Group Information tab. For information
about Free Slot Allocation, see the chapter titled “QoS Implementation
Principles” in the iDirect Technical Reference Guide.
4. Mesh is not supported in iDX Release 3.1. Therefore, the Mesh section of the Inroute
Group Information tab is not applicable to this release.
5. Click Add to add Rx-only or Tx/Rx line cards to this Inroute Group. Upstream carriers
assigned to the selected line cards must have the same Information Rate, FEC Rate, and
Modulation. The Assign Hub To Inroute Group Dialog Box opens.
6. In the Assign Hub To Inroute Group dialog box, select the line cards that you wish to add.
Click OK. You are returned to the Inroute Group dialog box.
7. The Inroutes area of the Information tab displays information about the carrier of the line
card selected in the Line Cards list. Many of these parameters are shared by all carriers in
the Inroute Group. These settings are configured on the Uplink and Downlink Carrier
dialog boxes, described in “Adding TDMA Upstream Carriers” on page 76.
Note: You can click and drag the Power Adjust sliders to vary the C/N ranges and
automatically update the Fine Adjust and Course Adjust settings.
• TDMA Nominal C/N is the target C/N value of the TDMA upstream carrier as measured
by the Line Card modem. TDMA Nominal C/N should be set during hub
commissioning.
Typically, TDMA Nominal C/N is the C/N threshold for your inroutes from the Link
Budget Analysis Guide plus the additional operating margin determined by the Link
Budget Analysis for your network.
TDMA Nominal C/N is determined based on the link budget analysis for your network,
which takes into consideration the modulation and FEC rate. The fine adjustment is
typically set to +/-1 dB.
For networks that migrate from iDS Release 6.0, this value will be set to:
(Fine Adjust Upper C/N – Fine Adjust Lower C/N) / 2
• TDMA Clear Sky C/N applies to mesh inroutes only. Mesh is not supported in iDX
Release 3.1.
10. Click OK and the Inroute Group appears in the Tree under the Network.
Note: You can click and drag the Power Adjust sliders to vary the C/N ranges and
automatically update the Fine Adjust and Course Adjust settings.
Note: The Group QoS tab is discussed in Chapter 7, “Configuring Quality of Service
for iDirect Networks”.
Note: These parameters apply to all remotes in an ACM network. You cannot modify
these settings for individual remotes.
Note: By default, the additional error margin may be incorrectly set to 0.5 dB rather
than 0.2 dB. To check this setting and to modify it if required, follow the
procedure in “Checking the DVB-S2 Error Margin” on page 140.
As an example, consider an Evolution e8350 Satellite Router receiving a DVB-S2 outbound
carrier with a current MODCOD of 16PSK 3/4. This MODCOD has an SNR threshold of 10.8 dB,
determined at hardware qualification. Table 4 shows the operational SNR threshold below
which the hub changes the outbound frames transmitted to the remote to a lower MODCOD.
The table assumes the default settings for the Steady State Margin and Fast Fade Margin are
in effect.
Adding margin to increase the SNR threshold causes the system to behave more conservatively
by dropping to a lower MODCOD at a higher SNR threshold. For more information, see the LInk
Budget Analysis Guide and the Technical Reference Guide for this release.
WARNING! Adjusting these parameters can adversely affect the performance of your
ACM network. You should consult with iDirect before changing these settings
in an operational network.
2. In the DVB-S2 Configuration dialog box, edit any settings you want to change.
The Steady State Margin and Fast Fade Margin must be greater than or equal to zero.
The Fast Fade Threshold and Fade Slope Threshold must be greater than zero.
Note: Click Set to Default to return the network to the default settings.
3. Click OK to save the new settings
4. Right-click your DVB-S2 network in the iBuilder Tree and select Apply Configuration
Network to send the changes to the protocol processor.
Note: MODCOD indexes are documented in the Link Budget Analysis Guide for your
release.
Your remote satellite routers provide IP connectivity between each remote LAN and the hub.
This chapter provides detailed procedures for configuring remotes to operate in your iDirect
networks. The chapter contains the following sections:
• “iDirect Remote Satellite Router Models” on page 143
• “Before You Start” on page 144
• “Adding Remotes” on page 144
• “Setting Warning Properties for Remotes” on page 180
• “Adding a Remote by Cloning an Existing Remote” on page 180
• “Roaming Remotes” on page 181
• “Enabling IP Packet Compression Types” on page 190
Note: The Evolution eP100 is a custom form-factor remote satellite router that is not
generally available for purchase.
Note: An inroute group is not required for a remote that transmits an SCPC upstream
carrier to the hub. In the iBuilder tree, an SCPC remote is added directly to the
line card that receives the remote’s upstream carrier.
Note: You cannot add an Evolution X1 remote to an Inroute Group if the TDMA
upstream carriers in the Inroute Group are larger 2 Msps.
If you are adding an SCPC remote, right-click the receive line card and select Add SCPC
Remote from the menu.
Note: The Switch tab only appears if you are configuring a remote with an eight-port
switch. See “Remote Switch Tab” on page 161 for details.
2. On the Remote Information tab, enter a Name for this remote.
3. Select the Model Type of the remote from the drop-down list. The model type you select
must match the actual hardware model.
Note: Beginning with iDX Release 2.1, Link Encryption is a licensed feature. A license
file must be loaded on each protocol processor blade that supports Link
Encryption. For information on obtaining these licenses, please contact the
iDirect Technical Assistance Center (TAC).
10. Select Sleep in and enter a value for seconds if you want to enable Sleep Mode on the
remote. If Sleep Mode is enabled, the remote will conserve power by disabling the 10 MHz
reference for the BUC after the specified number of seconds have elapsed with no
remote upstream data transmissions. A remote will automatically wake from Sleep Mode
when packets arrive for transmission on the upstream carrier, provided that Trigger
Wakeup is selected for the service level associated with the packets. (See “Adding an
Application Profile” on page 268 for details.)
Note: For Sleep Mode to work, the 10 MHz reference must be enabled for the BUC
assigned to the remote on the Remote VSAT Tab. The 10 MHz reference can be
enabled by selecting ODU Tx 10 MHz on the BUC configuration dialog box.
Note: If you enable Sleep Mode, edit the QoS Service Levels that apply to the remote
to ensure that “Trigger Wakeup” is only enabled for those Service Levels that
match customer traffic. If “Trigger Wakeup” is enabled for management
traffic, the constant flow of management traffic will prevent the remote from
entering Sleep Mode.
11. In the Compression area of the dialog box, select any IP compression types you want to
enable for this remote. For details on the different types of compression available, see
“Enabling IP Packet Compression Types” on page 190.
12. Mesh is not supported in iDX Release 3.1. Therefore, the Mesh section of the Remote
Information tab is not applicable to this release.
c. In TDMA Max Power, enter the maximum TDMA Tx power level in dBm as determined
during remote commissioning. The default is 0 dBm. This field is not applicable if the
remote is transmitting an SCPC upstream carrier.
d. If desired, record the 1dB Compression Point determined at remote commissioning.
This field is informational only.
e. If you select Lock to Inroute for a TDMA remote, the remote will only transmit on the
TDMA upstream carrier that you select in the Carrier Name field. This will prevent
the remote from acquiring or switching to any other inbound carriers in the inroute
group.
2. For an SCPC remote, you must configure the initial power and maximum power for the
selected SCPC upstream carrier before the remote can become operational. Configure the
initial power and maximum power as follows:
a. Click the Edit SCPC Initial Power button to open the SCPC Initial Power dialog box
(Figure 143).
b. Enter the Initial Power and Max Power for the SCPC upstream carrier that you
selected on the Remote Information tab by double-clicking the cells and entering the
values in dBm.
c. If you plan to switch this remote to other SCPC upstream carriers in the future, you
can also configure the initial power and maximum power for those carriers at this
time.
d. Click OK to save your changes.
3. Under Receive Properties:
a. You cannot select the Carrier Name, although you can view its configuration by
clicking the Details button. This is the downstream carrier for the network.
b. The L-Band Frequency is calculated for you once the LNB is assigned on the VSAT tab.
See “Remote VSAT Tab” on page 177.
c. If you are configuring a receive-only remote, select Enabled under Rx Only. If Rx
Only is enabled, no return channel will be established by the remote and the remote
will not transmit under any circumstances.
d. You can enable Rx Only Multicast even if you have not enabled Rx Only. If Rx Only
Multicast is Enabled, then the remote will receive multicast traffic even when no
upstream return channel is available. This allows remotes that are temporarily unable
to transmit to continue to receive multicast traffic.
e. If Rx Only Multicast is enabled, enter a Timeout in seconds or accept the default.
The timeout determines how often the multicast configuration data is sent to the
remote on the outbound carrier.
If any customers or distributors have already been added to the NMS database, the names
appear in the list.
2. To the right of the dialog box, you can click Add to add another customer or distributor.
3. The Customers (or Distributors) dialog box appears.
9. For customers, you can enter a Commission Date, Contract Number, and additional
information in the Site Notes box.
10. If you click OK, the dialog box will close, but your changes will be saved. Instead, click
the IP tab to continue configuring the remote.
The iDirect VLAN capability allows customers to use their existing IP addressing schemes.
Since all routing options (RIPv2 and static routing) are configurable per VLAN interface, the
end-to-end VLAN feature allows each end customer to have their own routing architecture
independent of other customers sharing the same physical network components.
There are two check boxes for configuration of the Routing Information Protocol (RIPv2) on
the remote: one for the LAN interface (eth0) and one for the for satellite interface (sat0).
(The sat0 interface is called the management interface when referring to the default VLAN.)
You can enable or disable RIPv2 independently on the two interfaces. Depending on the RIPv2
options selected, the remote behaves as follows:
• When RIPv2 is not enabled on either interface, RIP is completely disabled on the remote.
It does not send or receive any RIP updates.
• When RIPv2 is enabled on the LAN interface, the remote sends and receives RIP updates
over the LAN, updating its own IP routing table when new routing information is received.
• When RIPv2 is enabled on the satellite (or management) interface, the remote sends and
receives RIP updates over the satellite, updating its IP own routing table when new
routing information is received.
The remote does not relay RIP messages to other routers. Instead, it generates RIP messages
based on its own IP routing table.
Note: An Evolution X1 remote must use static routing to a single gateway. RIPv2 is not
supported on the X1 model type.
The IP information for a remote is configurable per VLAN. Once you have selected a VLAN on
the left side of the dialog box, you can configure its IP addressing information on the
Interface sub-tab.
1. The LAN Interface IP address represents the remote’s IP address on the selected VLAN.
a. Enter the IP Address and Subnet Mask.
b. Select Tag Packets if you want to tag packets with the VLAN ID according to the IEEE
802.1Q VLAN Tagging specification.
Note: Unless VLAN tagging is enabled, you will not be able to connect to the Ethernet
side of the default LAN from a hub PC. Ensure that Tag Packets is selected if
you require this capability.
c. If you are configuring an iConnex 100, 700 or e800, you can select Port A or Port B as
your LAN port.
Note: If you change the LAN port selection for an iConnex e800 from Port B to Port A,
you must reset the remote before the change will take effect. Right-click the
remote in the iBuilder tree and select Reset Remote to perform this operation.
2. The remote’s Management Interface (Sat) IP address represents the remote’s virtual
interface on the default VLAN. The NMS always communicates with the remotes using this
address. This address should not conflict with the LAN Interface addresses.
a. Selecting Same as LAN sets the Management Interface IP address to the LAN Interface
IP address. (The Gateway is always set to 0 and cannot be changed.) This option is not
available on the iNFINITI Series 3000, 5000, or 7000 remotes.
Note: When you select a VLAN other than the default VLAN, the interface names
change. LAN Interface changes to ETH0 Interface. Management Interface
changes to SAT0 Interface
Note: Evolution X1 remotes are limited to four VLANs, including the default VLAN.
To add a VLAN to a remote:
1. Click the Add button at the bottom of the VLAN area of the IP Config tab.
DHCP, including DHCP relay, is configurable on a per VLAN basis. In iBuilder, DHCP is disabled
by default.
To use an existing or separate DHCP server at your hub location:
1. Select Relay.
2. Enter the IP Address of your DHCP Server.
To enable the remote to act as the DHCP server:
1. Select Server to enable DHCP configuration entries.
2. Enter the Lease Duration or the amount of time before the address must be renewed.
3. Enter the Primary and Secondary DNS server addresses, and the Default Gateway.
4. Click the Add button to enter Client Address Ranges, which are the ranges of assignable
addresses. Multiple unique ranges may be assigned as desired.
5. To edit a Client Address Range:
a. Click the range in the table to highlight the range you want to change.
b. Select Edit.
c. Modify the range and click OK to save your changes.
6. To delete a Client Address Range:
a. Select a range in the table and click the Remove button, a warning message is
displayed, asking you to confirm the deletion.
b. Click OK to delete the range.
To configure RIPv2:
1. Select a VLAN in the left pane of the dialog box.
2. Select Enable RIPv2 for the ETH0 (LAN) interface and/or SAT0 (Management) interface
to enable RIPv2 over the satellite link for the selected VLAN.
Static Routes
Click the Static Routes sub-tab to add, edit, or remove static routes. The default route across
the sat 0 interface is added automatically when you create a new remote. Do not delete this
route unless your remote routing scheme requires it.
To add a Static Route:
1. click the Add button.
WARNING! When you clamp a remote to a specific blade, it will not re-acquire if that
blade fails. The remote will remain out-of-network until the blade is back up,
or the specific blade assignment is changed or removed using iBuilder.
Port forwarding allows you to specify that IP packets with certain port numbers are forwarded
to private IP addresses behind the remote. For example, to run a web server on a PC with a
private IP address, you could specify http as the port start and port end, with TCP as the
protocol, and then add the PC’s IP address in the IP address field.
1. Select a VLAN in the left pane of the dialog box.
2. Select the Enable NAT (Network Address Translation) check box. Then click Add to open
the Add Port Forwarding dialog box.
3. Select a Port Range Start and Port Range End for port forwarding.
4. Select a Protocol and specify an IP address.
5. Click OK to save your changes.
2. Specify the Hub Gateway and Remote Gateway endpoints for the tunnel.
3. Click OK to save your changes.
Note: This procedure only sets up the GRE tunnel within the iDirect system. You must
still establish the actual GRE endpoints on both sides of the link for a GRE
tunnel to work. GRE endpoints must be configured upstream from the Protocol
Processor and downstream from the remote.
Multicast Groups
Click the Multicast Group sub-tab to add, edit, or remove a persistent Multicast Group. To
configure the remote to be a member of a persistent Multicast Group, follow these steps:
1. Click the Add button.
Note: For more information, see the Technical Note titled “IP Multicast in iDirect
Networks.”
By default, all VLAN ports are defined as trunks. When a port is defined as a trunk, all traffic
on any VLAN (including both user-defined VLANs and the default VLAN) can pass through the
port. All user-defined VLAN frames on trunk ports are tagged to explicitly identify the VLAN.
Default VLAN traffic passing through a trunk port is not tagged.
As an alternative to allowing a port to act as a trunk, you can define a port to be dedicated to
a single, specific VLAN. You can dedicate a port to any user-defined VLAN or to the default
VLAN. When a port is dedicated to a VLAN, only traffic for that VLAN passes through the port.
There is no VLAN tagging on a port dedicated to a single VLAN, regardless of whether the port
is dedicated to the default VLAN or to a user-defined VLAN.
The Switch tab allows you to perform the following operations:
• Dedicate a port to a specific VLAN
• Configure a port as a trunk (allow traffic on all VLANs to pass through the trunk)
• Specify the port speed and mode (full duplex or half duplex)
• Copy the table of switch settings to an external application such as a spreadsheet
To configure the eight port switch follow these steps:
1. Click the Switch tab to view the current assignment of VLANs to ports.
The Switch tab contains two panes: the Port View (on the left), and the VLAN View (on
the right). Only VLANs that have already been added to this remote appear in the display.
By default, all ports are defined as trunks. Trunk ports display the word Yes in the All
VLANs row of the VLAN View. Trunk ports also display All VLANs to the right of the port in
the Port View. This default configuration is illustrated in Figure 165.
2. You can use either the Port View or the VLAN View to dedicate a port to a single VLAN.
Both methods are described here:
To use the Port View to dedicate a port to a single VLAN:
a. In the Port View, right-click the port that you want to configure and select Assign
VLAN from the menu to display the dialog box.
Note: You can also select the port and click the Assign VLAN button at the bottom
of the screen.
b. In the dialog box, select the VLAN ID of the VLAN you want to assign to the port. (The
VLAN Name will be displayed automatically when you select the VLAN ID.
c. Click OK.
To use VLAN View to dedicate a port to a single VLAN:
a. In the VLAN View, right-click in the table cell representing the port of the VLAN you
want to configure.
b. Choose Select from the menu.
Both methods of dedicating a port to a VLAN are illustrated in Figure 166.
In the VLAN View, the word Yes will be displayed for the VLAN in the column for the
selected port, and the Port View will display the new selection.
Note: You can double-click in any empty cell in the VLAN view to select that cell.
Double-clicking in an empty cell will select that cell, causing the word Yes to be
displayed. The cell that was previously selected will be cleared.
3. To reconfigure a dedicated port to be a trunk, do one of the following
• In the Port View, right-click the port and select All VLANs from the menu.
• Or, in the VLAN View, right-click in the column of the port in the All VLANs row and
select All VLANs from the menu.
Both methods are illustrated in Figure 168.
Figure 169. Selecting the Same Switch Setting for All Ports
5. By default, the port speed and port mode are automatically negotiated. Follow these
steps if you want to disable auto-negotiation and select a port speed and port mode:
a. In the Port View, right-click the port you want to configure and select Properties
from the menu to display the Properties dialog box.
WARNING! The port settings must match the attached equipment. Mismatches in either
port speed or port mode will result in packet loss.
6. To copy a row (or all rows) from the VLAN View so that you can paste the information into
a separate application such as a spreadsheet, follow these steps:
a. In the VLAN column, click the VLAN name (or click All VLANs) in the first column of
the row you want to select. This will highlight the name in the VLAN column. (Or press
Ctrl + A to select all rows in the table.)
b. Right-click on any of the selected entries in the first column; then select Copy or
Copy without headers from the menu.
c. You can now paste the row or rows you copied into your target application.
Filter Profiles are described in “Application Profiles and Filter Profiles” on page 265.
Note: You can click the Details button next to the Filter Profile drop-down box to
view the configuration of the selected Filter Profile.
Note: A remote that transmits a dedicated SCPC upstream carrier is not associated
with upstream Service Group. Instead, you must assign an upstream Remote
Profile directly to the SCPC remote. See “Assigning an Upstream Remote Profile
to an SCPC Remote” on page 169.
Figure 174. Remote QoS Tab: QoS Profile Select Dialog Box
In rare cases, when using Application Service Groups, you may want to assign multiple
Downstream or Upstream Service Profiles to a single remote. If you select more than one
Service Profile, the last Service Profile that you select in the QoS Profile Select Dialog Box is
designated as the Primary Service Profile. The NMS and Default Applications from the Primary
Service Profile are used by the system. The NMS and Default Applications from other selected
Service Profiles are not used. For more information see “Assigning Service Profiles to
Remotes” on page 237.
Note: Unlike Service Profiles, only one Downstream and one Upstream Remote Profile
can be assigned to a Remote.
Figure 175 shows two Service Profiles assigned to a single remote in an Application Service
Group. Service Profile 1 is the Primary Service Profile. The Primary Service Profile is always
displayed in bold typeface on the GUI.
2. In the QoS Profile Select dialog box, select an upstream Remote Profile.
3. Click OK.
Figure 177. Remote QoS Tab: Upstream and Downstream Rate Shaping
Your ability to configure the Downstream and Upstream Rate Shaping parameters, as well as
Allocation Fairness Relative to CIR, depends on the type of Service Group selected in the
Service Group field (Figure 172) and the QoS Mode selected on the QoS tab of your Network
and Inroute Group. Since QoS Mode only applies to Application Service Groups, the selection
among the following three options determines which parameters you can configure here:
• Remote Service Groups
• Application Service Groups in Remote Based QoS Mode
• Application Service Groups in Application Based (or Application Scaled) QoS Mode.
For a detailed explanation of Service Group types and QoS Modes, see “Configuring Quality of
Service for iDirect Networks” on page 195.
Table 5 on page 171 shows which QoS parameters you can select on the Remote QoS tab
depending on which of the three options listed above is configured for the remote’s Network
(Downstream) or Inroute Group (Upstream). As noted in the table, you cannot configure EIR
on the Remote QoS tab unless it has been enabled for remotes in this remote’s Service Group
on the QoS tab of your DVB-S2 network.
Note: Upstream Rate Shaping parameters such as CIR and MIR are not applicable to
SCPC remotes at the remote level of the QoS tree, since all of the upstream
bandwidth is dedicated to the physical remote. However, you can select or
clear Allocation Fairness Relative to CIR to influence how bandwidth is
distributed among the Applications running on the remote.
Table 5. Availability of Remote QoS Parameters by Service Group Type and Mode
* DVB-S2 Networks only. EIR must be enabled for the Service Group on the Network QoS tab
to select this option.
Note: For definitions of Priority, Cost, MIR, CIR, MIN, EIR, and Allocation Fairness
Relative to CIR, see “QoS Properties” on page 196.
Note: If this remote is in a DVB-S2 ACM network, you can enable EIR on the
Downstream and select a Minimum MODCOD. See the “EIR and MODCOD
Configuration” on page 173 for details.
Note: This feature is applicable only to remotes that transmit TDMA upstream
carriers. Enabling Idle and Dormant States has no effect on SCPC remotes.
If the Idle and Dormant States feature is enabled, the remote can be in one of three states:
Active, Idle or Dormant. Figure 178 shows the fields on the Remote QoS tab used to configure
this feature. The configuration of the remote’s Minimum Information Rate fields determine
the system behavior in the Active State. The configuration of the Idle and Dormant States
fields determine the system behavior in the other two states.
For a detailed description of this feature, see the chapter titled “Remote Idle and Dormant
States” in the Technical Reference Guide.
Note: Minimum Information Rate must be greater than or equal to the Idle Minimum
Information Rate. Similarly, the Idle Minimum Information Rate must be greater
than or equal to the Dormant Minimum Information Rate.
Note: For remotes to remain in the network, Evolution remotes should transmit at
least 1 burst every 4 seconds and iNFINITI remotes should transmit at least one
burst every 2 seconds. With a typical frame length of 125 ms, this translates
into a minimum of 1 slot every 32 frames for Evolution remotes and 1 slot
every 16 frames for iNFINITI remotes. Unless explicitly permitted by your
network design, you should not go below these limits for any state.
Note: A low Minimum Information Rate in any state may trigger Latency Warnings for
the remote in iMonitor. If so, you can increase the Latency timeout for the
remote on the Remote Warning Properties tab. See “Setting Warning Properties
for Remotes” on page 180 for details.
Follow these steps to enable Minimum Information Rate and/or Idle and Dormant States for
a remote:
1. If desired, under Minimum Information Rate:
a. Select Enable.
b. Enter a Minimum Information Rate in kbps. As shown in Figure 178, the equivalent
slots/frame is automatically displayed when you click in another field on the screen.
Note: You are not required to configure a Minimum Information Rate to enable
Idle and Dormant States. If not configured, the Minimum Information Rate
defaults to one slot per frame, or 8 bursts per second for a 125 ms frame
length, in the Active State.
2. If desired, select Enable Idle and Dormant States.
3. For both the Idle State and the Dormant State:
a. Enter the minimum frequency at which slots are allocated to the remote in that state
(in units of 1 slot per n frames). As shown in Figure 178, the equivalent Minimum
Information Rate is automatically displayed in kbps.
b. In Timeout, enter the number of seconds that the remote should remain in the
previous state with no upstream user traffic before entering this state.
Note: By default, only upstream user traffic triggers a state change from Idle
State or Dormant State to Active State. Upstream NMS traffic does not
trigger a state change by default. However, you can change these settings
by selecting or clearing the Trigger State Change field in your upstream
Service Levels. See “Adding an Application Profile” on page 268 for details.
The EIR and MODCOD sections of the dialog box apply only to remotes receiving a DVB-S2
outbound carrier with ACM enabled. Note the following:
• EIR is enabled for CIR allocations within the range defined by the Nominal MODCOD and
the EIR Minimum MODCOD defined for the remote.
• Allocation of physical bandwidth is held constant at the remote’s Nominal MODCOD when
the current MODCOD of the remote is below the EIR Minimum MODCOD.
• CIR and MIR allocations to the remote are capped at the remote’s Nominal MODCOD. A
remote may operate above its Nominal MODCOD, but CIR and MIR allocations are not
increased.
Note: You can only configure upstream and downstream Committed Information Rate
(CIR) and downstream EIR on the Remote QoS tab if you are using Remote
Service Groups or if the QoS mode for your Network is set to Remote Based. See
“QoS Modes” on page 206 for more information about QoS Modes.
Note: You cannot configure EIR on the Remote QoS tab unless EIR has been enabled
for remotes in this Service Group. This applies to both Remote Service Groups
and Application Service Groups in Remote Based Mode. The minimum possible
EIR MODCOD for the remote is also determined by the Service Group
configuration. See “Adding a Service Group” on page 227 for more information.
For remote’s in DVB-S2 ACM networks only:
1. Select a Nominal MODCOD for this remote. The Nominal MODCOD is the Reference
Operating Point for this remote. A remote may operate above its Nominal MODCOD, but it
will not be granted additional CIR or MIR.
2. Select a Maximum MODCOD for this remote. A remote never operates above its Maximum
MODCOD. By default, the Maximum MODCOD of a remote is the Maximum MODCOD of
the DVB-S2 carrier of the network. The Maximum MODCOD cannot be less than the
Nominal MODCOD.
Note: You should not select 16APSK as the Maximum MODCOD unless your remote is
using an internal PLL LNB.
3. If you want to configure EIR on the DVB-S2 outbound carrier for your remote:
a. Select Enable in the EIR section of the dialog box.
b. Select a Minimum MODCOD. EIR will not be enforced when the remote receives a
MODCOD below the Minimum MODCOD.
Note: Beginning with iDS Release 8.2, the TDMA upstream segment size is
automatically calculated by the system. You can no longer configure the TDMA
upstream segment size in iBuilder.
Figure 181. Remote Geo Location Tab: Settings for Stationary Remotes
If you are commissioning a mobile remote, use the Geo Location tab to specify the remote’s
mobile settings.
Figure 182. Remote Geo Location Tab: Settings for Mobile Remotes
4. Selecting Mobile Security prevents the remote’s latitude and longitude location from
being sent over the air to the NMS. If this is selected, it is not possible to determine the
remote’s location from the hub. (See the following section on “Mobile State.”)
5. You can change the Minimum Look Angle configured for this remote’s antenna by
selecting Override and entering a new angle. If you select Inherit from Satellite, the
value configured for the satellite is used for this remote. (See “Adding a Spacecraft” on
page 69.)
6. You can change the Maximum Skew configured for this remote’s antenna by selecting
Override and entering a new angle. This value represents the maximum angle of skew
that the antenna can tolerate before it stops transmitting. If you select Inherit from
Satellite, the value configured for the satellite is used for this remote. (See “Adding a
Spacecraft” on page 69.)
Mobile State
When the remote is configured as Mobile, it looks for GPS string on the serial console port to
provide its latitude and longitude information in the form of an NMEA string. It uses this
information to compute the FSD and acquire into the network.
Once a remote has been acquired into the network, the remote automatically sends its
latitude and longitude to the hub every 30 seconds. However, when Mobile Security is
selected, the remote will not send its current geographic location to the hub. Since the
remote requires this information to communicate with the hub, mobile remote users must
determine it and communicate it to the remote, enabling the remote to compute the FSD.
In the absence of a GPS receiver interface to the modem, you can supply the latitude and
longitude information manually through the serial console interface. You can also provide the
geographic location information for the hub through the iSite GUI. (The hub geographic
location is always sent as a broadcast message from the hub.)
The baud rate of a serial connection to a mobile remote depends on the GPS Input selected in
the Mobile area of the Geo Location tab. The baud rates and typical usage of these selections
are discussed here:
• Manual (9600 baud): Select Manual when the port is not connected to a GPS receiver and
you want to manually set the latitude and longitude from the remote console. Selecting
Manual will cause the modem to save the latitude and longitude to flash memory. If you
select either of the other options, this information will not be saved to flash and will be
lost in the event that the remote resets.
• Serial or NMEA (4800 baud): Select Serial or NMEA when the port is connected to a GPS
receiver. The 4800 baud rate is a requirement of the NMEA protocol used by GPS to
communicate with the remote.
• Antenna (9600 baud): Select Antenna when using the iDirect Automatic Beam Selection
feature. If you select this option, the port must be connected to one of the mobile
antennas supported by iDirect. For more on this feature, see “Configuring Networks for
Automatic Beam Selection” on page 449.
Note: The serial console interface is set to 9600 baud for non-mobile remotes.
Handshake signaling requires a stabilizing antenna and requires customers to build their own
electrical interface (converter) to communicate with the antenna. When Handshake
Signalling is enabled at the NMS, the mobile remote provides an input and output signal to the
stabilizing antenna through the serial console port. The output signal, or lock signal, indicates
the frame lock status of the receiver on the remote. The input signal TxMute is used to mute
the transmitter until the antenna pointing is completed.
The remote sends an RS-232 active signal on the console port DTR output (pin 2) while the
modem is trying to acquire the downstream carrier. Once the remote achieves TDM frame
lock, the DTR signal becomes inactive. This signal is intended to indicate to the auto-point
antenna equipment when to switch from coarse-tune to fine-tune mode.
The DSR input on the console port (pin 7) can be used as a “mute” function and will allow the
auto-point antenna equipment to delay acquisition transmit until the antenna has finished
pointing. Without this function, the modem may transmit as soon as it detects TDM frame
lock, before the antenna is properly pointed and polarized. Sending an RS-232 active level to
the DSR input enables the mute function.
Note: Beginning in iDX Release 3.1, iDirect brand BUCs and LNBs are preconfigured in
the Components folder of the iBuilder Tree.
Note: Beginning with iDX Release 1.0, iDirect supports the XR3, XR3E, DR5 and DR7
Transceivers from ASCSignal. Each Transceiver is represented in the iBuilder
tree as both a BUC and an LNB. To select a Transceiver for your remote, you
must select the same Transceiver from both the BUC and LNB drop-down lists on
the VSAT tab. For information on changing the LNB settings for a Transceiver,
see “Configuring a Remote Transceiver” on page 179.
Enter the following information on the VSAT tab:
1. In the Remote Antenna area, select a BUC from the BUC drop-down box. (If you are using
a Transceiver, select the Transceiver for both the BUC and LNB.)
2. Select the LNB you are using for this remote from the LNB drop-down box.
Note: If your remote is equipped with an iDirect DiSEqC PLL LNB, the remote-side
custom key to select the high frequency band is no longer required. If you are
selecting an iDirect PLL LNB, ensure that the LNB has the correct Frequency
Band selected in the component definition.
3. Selecting an IFL, Reflector Mount, and/or Reflector is optional.
4. The Approximate Cable Length should be set during the commissioning process. You can
record it here for reference.
5. The tabs on the lower half of the dialog box display the details of the components that
you have selected. Click OK to save your settings. The new remote appears in the Tree
under the Inroute Group or line card to which you assigned it.
Note: If you are using the iDirect Automatic Beam Selection feature, you must select a
Reflector that is configured with a controllable antenna. When you do this, a
number of additional fields will appear on the right-hand side of the Remote
Antenna area of the VSAT tab. (See Figure 184 for one example.) For details on
configuring these fields, see “Configuring Networks for Automatic Beam
Selection” on page 449.
You can configure the LNB frequency band and cross pol selection for Transceivers from the
LNB folder of the iBuilder tree:
1. Right-click the Transceiver in the LNB folder and select ModifyItem to open the LNB
dialog box.
The Frequency Band and Cross Pol Selection fields at the bottom of the dialog box apply
to Transceivers only.
Figure 185. LNB Dialog Box: Frequency Band and Cross Pol Selection
2. Frequency Band is the LNB band selection. Select Low Band for 10.70 to 11.70 GHz with
Rx 22 KHz tone off. Select High Band for 11.70 to 12.20 GHz with Rx 22 KHz tone on.
3. Cross Pol Selection is only valid for the DRU15F16X and DRU17F16X. Select X-Pol Mode
(19V) for cross-polarization with LNB voltage of 19VDC. Select Co-Pol Mode (14V) for co-
polarization with LNB voltage of 14VDC.
3. Modify any fields you want to change for the new remote.
4. Click OK to save your changes.
Note: Global NMS is a licensed feature. If you plan to define and track roaming
remotes in your network, please contact the iDirect Technical Assistance
Center (TAC).
The Global NMS feature allows remotes to move among networks on various transponders and
satellites, controlled from various hubs. To accomplish this, you must define the remote in all
of the networks in which it will be visible. For more information of the Global NMS feature,
see the chapter titled “Global NMS Architecture” in the iDirect Technical Reference Guide.
The set of parameters that defines a roaming remote falls into three categories:
• Parameters that must be the same in all networks: DID, passwords, and remote name.
iBuilder will not allow you to define these parameters inconsistently across networks for
the same remote.
• Parameters that must be different in each network. These consist mostly of internal
database IDs and references that are automatically established by iBuilder when the
remote is defined in multiple networks.
• Parameters that may be the same or different from network to network. These “don’t
care” parameters include everything not in the lists above. Examples are IP configuration,
QoS settings, initial transmit power values.
Once you define a roaming remote and add it to multiple networks, the “don’t care”
parameters will be identical in all networks. At that time, you can modify these parameters in
the different networks as desired. (See “Managing “Don’t Care” Parameters” on page 184).
Note: Evolution e8350, iConnex e800/e800mp and Evolution X5 remotes can roam
between DVB-S2 networks and iNFINITI networks.
Once you have added the remote to one network, follow these steps to add it to the
remaining networks:
1. Right-click the Remote in the Tree and select Add to Networks in the Roaming section of
the remote menu.
2. Select the appropriate check boxes to add the remote to one or more additional
networks.
Note: For purposes of redundancy, the Roaming Remote dialog box also allows you to
configure an SCPC remote in multiple networks by selecting line cards in SCPC
return mode.
3. Click OK to save your changes and close the dialog box. iBuilder automatically adds the
remote to the selected networks, copying the “don’t care” configuration items to the
new networks. You are free to modify the remote’s configuration in the other networks as
desired.
Note: When adding roaming remotes to networks, only networks in which the remote
is not currently configured are displayed in the dialog box.
2. Update the values in the Roaming Properties Update dialog box as desired.
3. Click OK to save your changes and close the dialog box. iBuilder updates the remote in all
of its networks.
2. In the Modify Configuration Object dialog box (Figure 188), change the remote
parameters that you want to modify.
Note: iBuilder will only allow you to modify “don’t care” parameters when modifying
multiple instances of the same remote.
3. Click OK to save the changes to all instances of the remote.
The above procedure works only for all instances of a remote. You may want to modify
multiple, but not all, instances of a remote. Follow these steps to modify multiple instances
of the same remote:
1. Select View Details from the iBuilder main menu to display the Details pane. The
Details pane is displayed to the right of the Tree.
2. Select the top-level node in the iBuilder Tree.
3. Select View Collapse Details Hierarchy from the iBuilder main menu.
This option removes the hierarchical structure of the network elements and components
so they can all be shown in a single window.
4. In the Details View, select the Type column header to sort by element type. This will
group together all remotes, regardless of their networks.
5. If desired, select the Name column header to further sort by element name. This will
group together all instances of a roaming remote, since the remote has the same name in
all networks.
6. Select all desired instances of the Roaming Remote in the Details pane.
7. Right-click the over the remote names in the selected group and choose Modify from the
menu. You may now modify any of the remote’s parameters that are shared across all
network instances.
2. The Add Multiple Roaming Remotes dialog box appears with a list of available remotes.
Remotes that already exist in more than one other network may be listed multiple times.
Select the remotes you want to add to the network. When you select a remote instance
from the list, other instances may be invalidated. Invalid selections appear in red and an
explanation is displayed in the Comment column.
3. Click OK to add the selected remotes to the network.
The Add Roaming Remotes to Networks dialog box appears with a list of available
network / inroute group combinations.
2. Select the network / inroute groups to which you want to add the remote.
Note: You can only select one inroute group in any network for the remote. Invalid
selections appear in red and an explanation is displayed in the Comment
column.
3. Click OK to add the remote to the selected network.
[RMT:2036] admin@telnet:10.0.150.7;1084
> beamselector list
3 is currently selected
3 = Beam_603_340000_GA
2 = Beam_906_64000_GB
1 = Beam_605_174000_GA
2. In the Compression area of the Information Tab, select each compression type that you
want to enable for the remote.
Note: TCP payload compression is available on the following remote model types:
iNFINITI 5000/7000 series; iNFINITI 8300; Evolution e8350; Evolution X5; and
iConnex 700/e800/e850mp remotes.
6.13.3 CRTP
Compression of RTP packet headers (CRTP) is performed on per-packet basis using zlib. Unlike
TCP Payload compression, it is not stream-based. CRTP is available for all iDirect remote
model types.
iDirect’s implementation of the CRTP algorithm follows the specification in RFC 2508,
Compressing IP/UDP/RTP Headers for Low-Speed Serial Links. This RFC defines both CRTP
(header compression for RTP packets) and UDP header compression (for other UDP packets).
When you enable CRTP in iBuilder, only RTP packet headers are compressed. If you want
header compression to be applied to other UDP packets, you must enable UDP header
compression. (See “UDP Header Compression” on page 192.)
The iDirect CRTP implementation is a simplex-based compression scheme with the periodic
retransmission of full headers to restore the compression state in the event of error. Correct
functionality of the CRTP implementation has been field-proven in multiple releases.
You can disable L2TP payload compression by returning the passthru settings to the default
state:
[L2TP]
passthru = 1
Note: The QoS bandwidth allocation algorithm does not strictly enforce MIR for
inroute traffic. Therefore, it is possible that a node may receive more
bandwidth than the configured maximum if free bandwidth is available.
However, this does not affect bandwidth allocations for competing nodes. Note
that MIR is strictly enforced for outbound traffic.
• Committed Information Rate (CIR): CIR specifies an amount of bandwidth that is allocated
to a node before additional (non-CIR) bandwidth is allocated to that node for traffic with
the same priority. At any priority level, all competing nodes are first granted their CIR
bandwidth to the extent possible. If CIR demand is met, additional demand exists, and
additional bandwidth is available, then the remaining (non-CIR) demand is met to the
extent possible.
• Sticky CIR: In general, CIR is redistributed each time bandwidth is requested in
accordance with the CIR levels configured for all competing nodes. Thus the amount of
CIR granted to a node may vary from one frame to the next during congestion, depending
on competing demand.
Rather than allocating new CIR based solely on current requests, Sticky CIR favors nodes
with previous CIR allocations as long as those nodes continue to request bandwidth. This
can reduce the allocation of CIR bandwidth to competing nodes. Sticky CIR is useful for
VoIP applications.
• Full-Trigger CIR: If you configure Full-Trigger CIR for a remote application, the remote
will be granted all of its configured CIR bandwidth whenever any CIR bandwidth is
requested. For example, if the remote is configured with 500 kbps of CIR but current
traffic requires only 10 kbps of bandwidth, the remote will be granted the full 500 kbps of
bandwidth even though it only requested 10 kbps.
Note: Unlike the other QoS properties described here, Full-Trigger CIR can only be
configured with a remote custom key. See “Configuring Full-Trigger CIR for a
Remote” on page 256 for details.
• Allocation Fairness Relative to CIR: If you select this option then, during contention for
bandwidth, bandwidth allocation is proportional to the configured CIR. This favors QoS
nodes with higher CIR settings, since those nodes are granted a larger portion of the
available bandwidth. If this option is not selected, bandwidth is allocated equally to
competing nodes until available bandwidth is exhausted. If selected, this option applies
to both CIR and best-effort bandwidth allocation. (See “Effective Cost with Allocation
Fairness Relative to CIR” on page 223 for more details.)
Note: The above definition assumes that equal cost has been configured for
bandwidth on all competing nodes. Unequal cost will affect the proportions of
bandwidth allocated to each node regardless of whether or not Allocation
Fairness is selected.
• Enhanced Information Rate (EIR): EIR only applies to networks that use DVB-S2 with
Adaptive Coding and Modulation (ACM). ACM adjusts the modulation and coding (MODCOD)
of the outbound channel on a frame-by-frame basis depending on the current receive
capabilities of the individual remotes in the network.
EIR is enabled only within the range of MODCODs from the Nominal MODCOD configured
for a remote down to the EIR Minimum MODCOD configured for a remote application. (See
page 241.) Within this range, the system attempts to sustain the bandwidth allocations
required for the remote to meet its configured QoS information rates (CIR and MIR) even
as the encoding of the remote’s downstream data drops to lower MODCODs. This is
accomplished by increasing the bandwidth allocated to the remote application in order to
compensate for the additional bits required for error correction at the lower MODCODs.
When the remote’s current MODCOD is below the EIR minimum MODCOD, the system
ignores the current MODCOD status of the remote when allocating bandwidth. Instead,
physical bandwidth is allocated to the remote application as if it were receiving the
outbound carrier at the Remote’s Nominal MODCOD. Therefore, below the minimum
MODCOD, the system does not attempt to meet the CIR or MIR settings and the remote’s
information rate will decrease based on the satellite bandwidth required at the remote’s
nominal MODCOD. For more information on EIR, see the DVB-S2 chapter of the iDirect
Technical Reference Guide.
• Allocation Fairness Relative to MODCOD: This property only applies to networks that use
DVB-S2 with Adaptive Coding and Modulation (ACM). If you select this option, bandwidth
allocation is based on information rate rather than raw satellite bandwidth. This favors
remotes at lower MODCODs, since their satellite bandwidth allocations must increase to
achieve the same information rate as remotes at higher MODCODs. If this option is not
selected, satellite bandwidth is allocated without regard to MODCOD. This favors remotes
at higher MODCODs, since the higher the MODCOD, the greater the information rate for
the same amount of bandwidth.
Note: Unlike TDMA upstream MIR and CIR, downstream MIR and CIR are not based on
IP Data Rate. Downstream MIR and CIR are based on Information Rate.
Bandwidth
Pool
Bandwidth Bandwidth
Group 1 Group 2
Application 1
Application 2
Application 3
Remote A Remote B
Application 4 Application 10
Remote 1 Remote 2 Remote 3 Application 6 Application 11
Application 7 Application 14
A node is a basic element in the Group QoS tree and can either be a terminating element or a
container for other nodes. Beginning at the highest (root) node in the Group QoS tree,
available bandwidth is allocated by that node to all subnodes based on operator-defined QoS
properties and the current demand as indicated by the subnodes.
Only terminating (leaf) nodes generate demand. As demand moves up the tree in the form of
bandwidth requests, each higher-level (parent) node aggregates demand from its subnodes
before passing it up in the form of its own request. All demand reaches the root in a single
request representing the total demand of all leaf nodes.
Bandwidth allocation begins at the root node and flows down the tree. Each node subdivides
its own allocation among its subnodes based only on the Group QoS properties of the
subnodes. Therefore each node competes for bandwidth only within its own node group (i.e.
the set of subnodes that share a parent node). Each Remote prioritizes the use of its allocated
bandwidth according to QoS properties configured for the different types of applications that
generated the demand in the first place. (See “QoS Properties” on page 196.)
The properties configured for a parent node supersede those of its subnodes when those
properties conflict. For example, the total maximum bandwidth granted to all nodes in a node
group will never exceed the maximum bandwidth configured for the parent node, regardless
of the configuration of its subnodes.
Note: For flexibility, the NMS does not attempt to enforce limits on subnodes based
on the properties of the parent node. For example, the total CIR configured for
a node group may exceed the CIR configured for the parent node. If CIR is
oversubscribed in this way, it is possible that all nodes will not receive their
full CIR allocations during times of heavy traffic.
Bandwidth Pool
A Bandwidth Pool represents the root of a Group QoS tree. Therefore, all other groups in the
tree are contained in the Bandwidth Pool. In iDirect, a Bandwidth Pool can be either an
Outroute or an Inroute Group.
Bandwidth Group
A Bandwidth Pool can be divided into multiple Bandwidth Groups. By defining Bandwidth
Groups, a network operator can subdivide an Outroute or Inroute Group into multiple QoS
groups, each with its own QoS properties.
A Network Operator might use multiple Bandwidth Groups to divide a Bandwidth Pool among
different Service Providers or Virtual Network Operators (VNOs). Bandwidth Groups can be
configured with CIR and MIR to enforce the desired division of the total bandwidth among the
Bandwidth Groups.
Note: The bandwidth allocation algorithm cannot guarantee that MIR configured at
the Bandwidth Group and Service Group levels will be met.
Service Group
Just as a Bandwidth Pool can be divided into multiple Bandwidth Groups, a Bandwidth Group
can be subdivided into multiple Service Groups, each with its own QoS properties.
Beginning with iDX Release 2.1, there are two types of Service Groups, Application Service
Groups and Remote Service Groups. There are no restrictions on the types of Service Groups
contained in a Bandwidth Group. A Bandwidth Group may contain only Application Service
Groups, only Remote Service Groups, or both types of Service Groups.
Application Service Groups are identical to the Service Groups that existed in pre-iDX 2.1
iDirect releases that support Group QoS. An Application Service Group contains multiple
Applications. Remotes assigned to an Application Service Group share the bandwidth assigned
to the various Applications in the group.
Remote Service Groups are supported beginning with iDX Release 2.1. When using Remote
Service Groups, a remote becomes a container node for its Applications. Each remote is
configured with its own QoS properties such as MIR and CIR and independently allocates that
bandwidth to its Applications. Remote Service Groups allow you to configure bandwidth for
individual remotes and then assign multiple Applications to the remotes. The bandwidth
allocated to the Applications under a remote is taken from bandwidth granted to the
individual remote; it is not shared with other remotes as it is with Application Service Groups.
Note that this structure allows remotes to retain their QoS configuration when moving
between networks. See “Moving Remotes Between Networks, Inroute Groups, and Line Cards”
on page 305 for more information.
Figure 198 illustrates the difference between Application Service Groups and Remote Service
Groups.
Application Remote
Service Service
Group Group
Application 1
Application 2
Application 3
Remote 1 Remote 2 Remote 3
Application Service Group: Bandwidth allocated to an Application Remote Service Group: Bandwidth allocated to a remote is
is shared by all remotes requesting bandwidth for that Application. shared by all Applications on that remote requesting bandwidth.
Application Service Groups, along with the Applications they contain, are used to define
Service Profiles that are then assigned to remotes. This differs from Remote Service Groups,
in which Remotes are assigned to Service Groups and Applications are assigned directly to
remotes using Remote Profiles.
A Service Group might be used solely to partition the bandwidth of a Bandwidth Group among
sub-groups; or it might be used to differentiate groups by class of service. For example, an
operator or a VNO might further divide a Bandwidth Group into Service Groups and assign
each Service Group to a different customer, using CIR and MIR to enforce the desired division
of the total bandwidth among the Service Groups. Or a Service Provider might create Service
Groups to offer multiple levels of service, using a combination of Priority, Cost and CIR/MIR to
create tiered service.
Note: When you upgrade from an iDirect release that did not support Group QoS (pre-
iDS 8.0) you can choose to upgrade to Application Service Groups or Remote
Service Groups. Select Remote Service Groups to best preserve your pre-8.0
QoS functionality.
Application
Applications consist of the Service Levels and Rules defined to handle the various types of
traffic in your networks. Applications are defined by Application Profiles and are either
assigned to Application Service Groups or to Remotes in Remote Service Groups.
Like Bandwidth Groups and Service Groups, each Application is configured with QoS
properties. In addition, an Application is associated with one or more Upstream or
Downstream Application Profiles, containing Service Levels and Rules for that Application.
Upstream Application Profiles are associated with Inroute Groups to manage Inroute traffic.
Downstream Application Profiles are associated with Outroutes to manage Outroute traffic.
An Application Service Group contains two or more Applications. (An NMS Application and a
Default Application are required for every Application Service Group.) A Remote Service
Group does not contain Applications. Instead, a Remote Service Group contains remotes and
the remotes are assigned Applications.
Service Profile
Service Profiles are only used to define Applications for Application Service Groups. They are
not used to define Applications used directly by remotes in Remote Service Groups.
Like an Application Service Group, a Service Profile contains two or more Applications, each
of which consists of the Service Levels and Rules specified by their respective Application
Profiles. You can view a Service Profile as the implementation of an Application Service
Group. In other words, an Application Service Group provides a template from which you can
create your Service Profiles.
Service Profiles are assigned directly to Remotes that use Application Service Groups. When
you assign a Service Profile to a remote, the Applications contained in the Service Profile are
applied to the remote as Virtual Remotes.
When you create a new Application Service Group, you automatically create a default Service
Profile for the new group containing the NMS and Default Applications. (These two
Applications are part of every Application Service Group and Service Profile.) When you add
Applications to Application Service Groups, those Applications are added to the list of
Applications that you can select for the Service Profiles based on that Service Group. (See
“Creating Service Profiles” on page 233 for further details.)
Remote Profile
Remote Profiles are used to define Applications for remotes in Remote Service Groups or
remotes that transmit a dedicated SCPC upstream carrier. Remote Profiles are not used to
define Applications used by Application Service Groups.
A Remote Profile contains one or more Applications. Each Application in a Remote Profile is
built from one or more Application Profiles. Application Profiles contain the Service Levels
and Rules defined to handle the various types of traffic in your networks.
A Remote Profile is either an Upstream Remote Profile (built from Upstream Application
Profiles) or a Downstream Remote Profile (built from Downstream Application Profiles). When
you assign a Remote to a Remote Service Group for your Network or Inroute Group, you can
select the Remote Profile to be used by the remote.
An SCPC upstream carrier is dedicated to a single remote. Therefore, a remote that transmits
an SCPC upstream carrier is not part of any upstream Service Group. You assign the Upstream
Remote Profile directly to the remote on the Remote QoS tab. (See “Group QoS and SCPC
Remotes” on page 205 for further details.)
Application Profile
Application Profiles are fundamental building blocks of Group QoS. They define the
Applications that are used by Service Profiles and Remote Profiles. In addition to being
configured with QoS properties that determine packet scheduling, Application Profiles contain
one or more rules that determine which packets match the type of traffic defined by the
Application Profile. Rules specify boolean operations that are performed on individual fields
in IP packet headers to determine whether or not packets match Applications using the
Application Profile.
An Application Profile is typically used to categorize packets for a specific traffic type, such
as NMS traffic, Voice over IP (VoIP) traffic, etc. The Default Application Profile is used to
handle any traffic not explicitly defined by the other Application Profiles in a Service Profile.
Virtual Remote
When you assign a Service Profile or a Remote Profile to a remote, you are configuring the
remote with the complete set of the Applications specified in the profile. Each individual
Application running on a remote is called a “Virtual Remote.” The physical remote makes
independent requests for bandwidth for each of its Virtual Remotes in accordance with the
properties assigned to that Application.
Note: The concept of Virtual Remote does not apply to Multicast Applications.
Application
Service Configured in the
Group GQoS Group View
Application 1
Added in the GQoS Application 2 Application Configured in the
Group View from Profiles Application Profiles Folder
Application Profiles
Application n
Figure 199 shows the Application Service Group subtree of the Group QoS hierarchy.
Applications are configured from Application Profiles and then added to the Group QoS
Application Service Group. These Applications are then used to create a Service Profile which
is assigned to remotes. The Applications in the Service Profile are implemented on the
remotes as Virtual Remotes.
Remote
Configured in the
Service
GQoS Group View
Group
Remote 1 Remote 2
Application 1 Application a
Application 2 Application b
Application n Application m
Figure 200 shows the Remote Service Group subtree of the Group QoS hierarchy. Remotes are
added directly to Remote Service Groups and configured with their own set of QoS properties
such as CIR, MIR, Priority, etc. Applications are configured from Application Profiles which are
used to build Remote Profiles. Remote Profiles are assigned to individual remotes. The
Applications in the Remote Profile are implemented on the remote as Virtual Remotes.
SCPC remote is not part of a Service Group. Instead the entire upstream QoS tree for an SCPC
remote consists of the Remote, its Remote Profile, and the Applications associated with the
remote profile. This is illustrated in Figure 201.
SCPC
Remote
(Upstream)
Application a
Application b
Application n
Bandwidth is allocated to the remote’s upstream Applications based on the properties and
rules defined for the selected Remote Profile. (See “Remote Profiles” on page 247 for
information on configuring remote profiles). Remote Profiles are assigned directly to SCPC
remotes on the Remote QoS tab. See “Remote QoS Tab” on page 166 for the steps to assign an
upstream Remote Profile to an SCPC remote.
Note: QoS Modes only apply to Application Service Groups. Selecting a QoS mode has
no effect on Remote Service Groups. If you are using only Remote Service
Groups, you do not need to select a QoS mode for your Inroute Group or
Network.
Note: As an alternative to remote based mode, consider using Remote Service Groups.
Remote Based mode has been retained to provide backward compatibility with
previous Group QoS releases and to address scalability issues in very large
networks. However, Remote Service Groups also allow you to configure QoS
properties for your individual remotes while providing additional flexibility as
well as portability of QoS profiles when remotes move between networks.
If you are operating in Remote Based QoS mode, you will define your QoS settings much like
you did in pre-8.0 releases. In other QoS modes, or when using Remote Service Groups, you
define multiple Applications per remote. These Applications run on the physical remote as
“Virtual Remotes.” Each Virtual Remote is responsible for bandwidth allocation for its own
application.
However, in Remote Based mode, remotes do not run multiple QoS Applications. Since the
concept of multiple Virtual Remotes is not applicable in this mode, you cannot define
individual request and allocation properties for Applications. Although Group QoS can be
configured for inroute groups and networks in Remote Based mode, all Group QoS Applications
are merged into a single Application in the remote-side and hub-side remote options files.
Therefore, Application properties such as MIR, CIR and Priority defined for new QoS
Applications are not used in Remote Based mode.
This is illustrated by Figure 202.
When Remote Based QoS Mode is selected (top image), no properties (such as Priority and
Cost) are shown for the two Applications (NMS and Default). When Application Based is
selected, the GQoS Application Properties appear and can be configured by the operator. This
is true because Remote Based Mode collapses all Applications into a single Application that is
executed on the physical remote. If you want to change properties such as Priority or Cost for
Remote Based traffic, you can configure these parameters per Service Level.
As in pre-8.0 releases, you define the QoS behavior of a remote in Remote Based mode by
creating Service Levels in QoS profiles. Service Levels contain Rules and matching criteria that
are compared in order to IP packets until a match is found. Once a packet matches a Rule, no
further comparisons are made.
Remote Based QoS differs from pre-8.0 QoS in that, rather than each remote being assigned a
single Traffic Profile, each remote is assigned a Service Profile derived from multiple
Application Profiles, each with its own list of Service Levels. (Application Profiles are similar
to pre-8.0 Traffic Profiles.) This means that the order in which Service Levels are applied to IP
traffic is determined by the order of the Applications in the Service Profile. If the packet does
not match any Service Levels in the first Application, it is compared to those in the second
Application, and so on, until a match is found. Therefore, it is very important that you add
new Applications to your Service Profiles so that the correct overall order of the Service
Levels is maintained across all Applications.
When you upgrade from a pre-8.0 release, Traffic Profiles currently assigned to remotes are
converted to Application Profiles. If you choose to upgrade to Application Service Groups,
those new Application Profiles are automatically included in new Service Profiles, and the
Service Profiles are assigned to those remotes that were using the equivalent Traffic Profiles.
(Traffic profiles not assigned to remotes are removed from the QoS folders.) After the
upgrade, you can assign these Service Profiles to remotes on the Remote QoS tab, the same
way you assigned Traffic Profiles to remotes prior to GQoS.
However, if you require a new Application Profile to be used by some of the remotes in your
network, you will need to create a new Service Profile that uses the new Application Profile,
and then assign the Service Profile to the Remotes. You must use the Group QoS feature to
create Service Profiles from Application Profiles. See the “Creating Service Profiles” on
page 233 for details.
Application Scaled mode merges the NMS and Default Virtual Remotes into a single Virtual
Remote to improve performance. This merging is performed in the hub-side and remote-side
options files; not on the GUI. Therefore, even though these two Virtual Remotes are combined
on the protocol processor and on the remote, this is not visible on the iBuilder GUI. Both the
NMS and Default Applications (and Virtual Remotes) still appear on the GQoS screens.
Note: Although iBuilder still allows you to configure the NMS and Default Applications
in Application Scaled mode, the Default Application properties override the
NMS Application properties for any conflicting settings. Therefore, changing
the properties of the NMS Application to be different from those in the Default
Application has no effect in this mode, and can be misleading.
Note: The QoS Mode selection only applies to Application Service Groups; it does not
apply to Remote Service Groups.
• The Multicast Bandwidth Group must contain one and only one Application Service Group.
It cannot contain any Remote Service Groups. You cannot clone or delete the default
Application Service Group in the Multicast Bandwidth Group. You cannot insert additional
Service Groups under the Multicast Bandwidth Group.
• Like other Application Service Groups, the Application Service Group in the Multicast
Bandwidth Group contains two Applications by default: NMS and Default. The NMS
application is used for outbound multicast NMS traffic.
• By default, the Multicast Bandwidth Group, its Application Service Group, and the NMS
Application are assigned Multicast priority, the highest priority setting. This setting is only
available for the Multicast Bandwidth Group, its Service Group, and multicast
Applications.
• You cannot disable MIR for the Multicast Bandwidth Group. The minimum value that you
can set for Multicast MIR is 128 kbps.
• If you are configuring a DVB-S2 ACM network, you can select a different Multicast
MODCOD for each Application. By default, NMS multicast traffic is sent on the Minimum
MODCOD of the DVB-S2 carrier. To prevent user multicast traffic from accidentally
consuming too much downstream bandwidth, the Multicast MODCOD of the Default
Application is set to the Maximum MODCOD of the DVB-S2 carrier. See “Adding
Applications to Application Service Groups” on page 230 for details.
You can create new multicast Application Profiles and add new Applications for user multicast
traffic the same way that you add applications to other Bandwidth Groups. See “Configuring
Group QoS” on page 210 for details.
Note: Beginning with iDX Release 3.0, you can enable Multicast Fast Path when
configuring your user multicast Applications. When Multicast Fast Path is
enabled, downstream multicast packets received by a remote are forwarded
directly to the Ethernet by the remote firmware. This bypasses software
processing on the remote resulting in improved throughput. For details on
configuring Multicast Fast Path Applications and assigning them to your
remotes see “Configuring Remotes for Multicast Fast Path” on page 242.
When you create a new Network or Inroute Group in the iBuilder tree, the default
downstream or upstream group profile is used to automatically configure the default QoS
settings for the new bandwidth pool.
The default Group QoS configuration for a Network contains:
• Two default Bandwidth Groups, one named Multicast and one named Bandwidth
The default Group QoS configuration for an Inroute Group contains:
• A single Bandwidth Group named Bandwidth
The default Multicast Bandwidth Group contains a single default Application Service Group
named Application Service Group.
All non-Multicast default Bandwidth Groups contain two default Service Groups:
• An Application Service Group named Application Service Group
• A Remote Service Group named Remote Service Group
Note: If you are only using a single type of Service Group, you can delete the other
default Service Group. However, each Bandwidth Group is required to have at
least one Service Group of either type. Therefore, you cannot delete the last
Service Group in a Bandwidth Group.
Each default Application Service Group contains two default Applications:
• An Application named NMS to manage bandwidth for NMS traffic
• An Application named Default to manage all other bandwidth
The procedures in this section assume that you have already opened the Group QoS tab for
your Network or Inroute Group. Many of the same operations are also available when
configuring upstream or downstream Group Profiles. (See “Working with Group Profiles” on
page 258 for details on Group QoS profiles.)
To open the Group QoS tab:
1. Depending on the Bandwidth Pool you want to configure, right-click your Network or
Inroute Group in the iBuilder Tree and select ModifyItem.
2. When the dialog box appears, click the Group QoS tab.
The Group QoS User Interface has five views, described in the following sections:
• Group View
• Service Profile View
• Service Profile-Remote View
• Remote Profile View
• Remote View
To select any of the Group QoS views, right-click anywhere in the main area of the Group QoS
tab and select the view you want to display.
Group View
The Group View shows the Group QoS Hierarchy (Bandwidth Groups, Service Groups,
Applications and Remotes) and the properties associated with each group in the tree. The
Group View illustrated in Figure 205 shows an Inroute Group with a single Bandwidth Group
divided into one Application Service Group (Appl SG 1) and one Remote Service Group (Rmt
SG 1).
Note: In Figure 205, only three of five remotes in Rmt SG 1 are displayed in this view
because Maximum Remotes Displayed is set to 3. You can adjust the maximum
number of remotes displayed for each Remote Service Group by changing the
setting for Maximum Remotes Displayed and clicking the Set button.
For detailed information on all QoS properties see “QoS Properties” on page 196. For
information on how QoS properties are applied in the Group QoS hierarchy see “Group QoS
Hierarchy” on page 200.
Note: The Select Group drop down menu at the top of the Service Profile View, the
Remote Profile View, and the Service Profile - Remote View, allows you to filter
on the entire Bandwidth Pool, a specific Bandwidth Group, or a specific Service
Group for display in the main window.
Remote View
The Remote View (Figure 209) shows all remotes in a Bandwidth Pool, and all Applications and
Service Levels assigned to each remote. The Remote View includes remotes in Application
Service Groups and remotes in Remote Service Groups. The Remote View groups the QoS
configuration by remote, allowing you to better understand how QoS processing will be
applied on any remote.
Figure 210. Configured vs. Effective MIR and CIR before Estimation
Notice in Figure 210 that initially the Configured MIR and CIR are equal to the Effective CIR
and MIR. By default, the calculator for the node assumes that all remotes receive the best
MODCOD of the assigned carrier.
1. Click the MODCOD Distribution button (Figure 210) to display the calculator (Figure 211).
Figure 211 shows an instance of the MODCOD Distribution Calculator. The range of the
MODCOD column is limited to the DVB-S2 Range defined for the carrier assigned to this
network. The Total row shows the totals for the columns. The Network Best row shows
the configured MIR and CIR for the node.
2. Double-click the cells to enter either the percentages of traffic or the data rates that you
estimate will be transmitted on the different MODCODs for remotes under this node.
If you change the percentages in the MIR Distribution and CIR Distribution columns, the
Estimated MIR and Estimated CIR are automatically recalculated and the totals are
displayed in the Total row. If you change information rates in the Estimated MIR and
Estimated CIR columns, percentages in the MIR Distribution and CIR Distribution
columns are automatically recalculated and the new configuration totals are displayed in
the Network Best row.
Figure 212 shows the results of changing the percentages in the MIR Distribution and CIR
Distribution columns.
In the example in Figure 212, the satellite operator estimates that 20% of the remotes
typically receive 8PSK3/4, 20% receive 8PSK-5/6, and the remaining 60% receive 8PSK-8/9
(the best MODCOD defined for the carrier). The calculator maintains the configured
information rates at 512 kbps and 128 kbps while adjusting the effective information
rates to account for the traffic on the lower MODCODs.
Figure 213 shows the results of entering the Estimated MIR and Estimated CIR in kbps,
splitting the information rates evenly between the two best MODCODs.
Notice in Figure 213 that the distribution percentages and the Network Best information
rates have been automatically adjusted to account for the variation in bandwidth
required by the different MODCODs to transmit the same information rate.
3. Click OK to save your changes.
Figure 214 shows the results of the following the steps in the example.
Figure 214. Configured vs. Effective MIR and CIR after Estimation
In the top image in Figure 214, the totals for the Effective MIR and Effective CIR that were
recalculated by changing the percentages in the MIR Distribution and CIR Distribution
columns (Figure 212) have been updated in the dialog box. In the bottom image in Figure 214,
the totals for the Configured MIR and Configured CIR that were recalculated by changing the
Estimated MIR and Estimated CIR columns (Figure 213) have been updated in the dialog box.
The estimated MIR and CIR, not configured MIR and CIR, are displayed in the Group QoS Group
View. This is illustrated in the MIR and CIR columns for Bandwidth Group 2 in Figure 215. This
is the result of saving the configuration in the top image of Figure 214.
Although effective MIR and CIR are only estimations based on the inputs to the MODCOD
Distribution Calculator, you can use iMonitor to monitor your DVB-S2 performance and refine
these estimations over time to more accurately reflect your actual network performance. See
the iMonitor User Guide for details on monitoring your DVB-S2 networks.
Figure 216. Competing Service Groups without Allocation Fairness Relative to CIR
Note: The Allocation Fairness Relative to Bandwidth CIR check box in the Group View
(Figure 216) applies to competing Bandwidth Groups in this Bandwidth Pool.
Notice in Figure 216 that Service Group 1 has been granted 256 kbps of CIR while Service
Group 2 has been granted 128 kbps of CIR. Allocation Fairness Relative to CIR has not yet
been enabled for BWG 1. Therefore bandwidth allocation is not affected by the proportion of
CIR configured for each node and the Bandwidth % column and the Cost column are identical
for the two Service Groups.
Figure 217 shows the effect of selecting Allocation Fairness Relative to CIR for BWG 1.
Since bandwidth allocation is now proportional to the configured CIRs for the two nodes, the
Bandwidth % for Service Group 1 (256 kbps of CIR) is now twice that of Service Group 2 (128
kbps of CIR). Also notice that the Cost column shows that the Service Group 1 bandwidth
allocation cost is half the cost of Service Group 2.
The difference between the Configured Cost and Effective Cost is displayed on the dialog
box of the competing subnodes. Figure 218 shows the Configured and Effective Costs for
Service Group 1 used in this example.
For definitions of Cost and Allocation Fairness Relative to CIR, see “QoS Properties” on
page 196.
Note: Allocation Fairness Relative to MODCOD may be a useful option to maintain CIR
allocations for VoIP applications at the expense of other Applications in a
Service Group.
Figure 218 shows Allocation Fairness Relative to MODCOD selected for an Application.
2. In the Bandwidth Group dialog box, enter a Name for the new Bandwidth Group.
Note: Group QoS nodes are divided into Allocation Properties and Request Properties.
(For example, see Figure 220.) Allocation Properties of Group QoS nodes
influence the behavior of the node on which they are configured when that node
is allocating bandwidth to its subnodes. Request Properties of Group QoS nodes
determine how the configured node requests its bandwidth.
3. Enter the properties you want to configure for the Bandwidth Group and click OK. (For
details on all Group QoS properties, see “QoS Properties” on page 196.)
4. If you are configuring Group QoS for a DVB-S2 network and you have defined CIR or MIR,
you can click the MODCOD Distribution button to estimate the effective rates for your
network. See “Estimating Effective MIR and CIR for DVB-S2 Networks” on page 218 for
details. Configured and effective cost are discussed in “Effective Cost with Allocation
Fairness Relative to CIR” on page 223.
Figure 221 shows a new Bandwidth Group inserted into the Group QoS tree for a Bandwidth
Pool.
A new Bandwidth Group automatically includes one Remote Service Group and one
Application Service Group containing two Applications. Properties are assigned to these
subgroups based on the configuration of the default upstream or downstream Group Profile.
(See “Working with Group Profiles” on page 258 for a discussion of Group Profiles.)
2. In the Service Group dialog box, enter a Name for the new Service Group.
3. Enter the properties you want to configure for the Service Group and click OK. (For
details on all Group QoS properties, see “QoS Properties” on page 196.)
4. If you are configuring Group QoS for a DVB-S2 network and you have defined CIR or MIR,
you can click the MODCOD Distribution button to estimate the Effective rates for your
network. See “Estimating Effective MIR and CIR for DVB-S2 Networks” on page 218 for
details. Configured and Effective cost are discussed in “Effective Cost with Allocation
Fairness Relative to CIR” on page 223. Allocation Fairness Relative to MODCOD is
discussed on page 225.
5. For Service Groups, Enable EIR for Remotes in Group applies only to DVB-S2 networks.
For Application Service Groups, it only applies to Remote Based QoS mode. It can also be
selected for Remote Service Groups in a DVB-S2 network. Select this option to allow EIR to
be configured for physical remotes on the Remote QoS tab. (See “Remote QoS Tab” on
page 166.)
Note: Selecting Enable EIR for Remotes in Group allows a network administrator with
Group QoS permissions to allow or disallow the configuration of EIR for
physical remotes per Service Group in a DVB-S2 network. It also allows the
administrator to limit the value that can be set for the EIR Minimum MODCOD
on the physical remotes.
6. If you selected Enable EIR for Remotes in Group, you should also select a Minimum
MODCOD Allowed for the remotes in this Service Group. The selected MODCOD is the
minimum MODCOD that can be configured for the physical remote on the Remote QoS tab.
Figure 223 shows a new Application Service Group inserted into a Bandwidth Group in the
Group QoS tree.
Figure 223. New Application Service Group Inserted Into a Bandwidth Group
A new Application Service Group automatically contains two Applications, NMS and Default.
The properties of these Applications are assigned based on the configuration of the default
upstream or downstream Group Profile. (See “Working with Group Profiles” on page 258 for a
discussion of Group Profiles.)
2. In the QoS Application dialog box, enter a Name for the new Application.
3. You can only select Multicast Fast Path if you are configuring a downstream Multicast
Application.
6. Enable EIR for Remotes in Application applies only to DVB-S2 networks in Application
Based (or Application Scaled) QoS mode. Select this option to configure EIR for Virtual
Remotes using this Application.
7. If you selected Enable EIR for Remotes in Application, you should also select a Minimum
MODCOD Allowed. The selected MODCOD is the minimum MODCOD that can be configured
for remotes using this Application.
8. If you are configuring a Multicast Application for a DVB-S2 network, the Allocation
Properties display the Multicast MODCOD (Figure 225) rather than an EIR Minimum
MODCOD. Select a Multicast MODCOD for your Multicast Application.
9. In the Application Profiles area of the dialog box, select each Application Profile you
want to include in this Application. Each Application is specified by one or more
Application Profiles configured in the Application Profiles folder. (See section “Adding an
Application Profile” on page 268 for details.)
Note: You can use the arrow buttons to change the order of the
Application Profiles within an Application. First, select an Application
Profile; then click the buttons to move the Application up or down in the
list.
Note: The order of Application Profiles within your Applications is important for
two reasons. First, once a rule in an Application Profile matches a packet,
no further classification of the packet is performed. Second, placing high-
volume Application Profiles higher in the list will reduce the amount of
processing time used to check seldom-matched rules.
10. Click OK when you have finished defining the Application.
Figure 226 shows a new Application for TCP inserted into an Application Service Group in the
Group QoS tree.
2. Right-click the Service Profile and select Modify to display the QoS Service Profile dialog
box. You can also Clone or Modify existing Service Profiles, or Insert new Service Profiles
into the Group QoS tree.
3. In the QoS Service Profile dialog box, select each Application you want to add to the
Service Profile. If the Application contains more than one Application Profile, you can
individually select which Application Profiles you want to include.
4. Click OK to save the Service Profile and return to the Group QoS tab.
Note: You can use the Add and Delete buttons (shown in Figure 227) to insert
Applications into the Service Group or remove Applications from the Service
Group without returning to the Group View.
2. Under the Service Profile you want to change, right-click an Application and select
Modify from the menu.
3. In the Request Properties area of the dialog box, modify the properties you want to
change.
4. In the Allocation Properties, the EIR section of the dialog box applies only to DVB-S2
outbound carriers with ACM enabled. EIR is only enabled within the range defined by the
carrier’s Maximum MODCOD and the Minimum MODCOD entered here. (See page 197 for
the definition of EIR. See page 74 for details on configuring the MODCOD range of your
DVB-S2 carriers.)
5. Select Apply to All if you want to apply these settings to all Virtual Remotes using this
Application. This will remove any overrides that were previously configured for individual
Virtual Remotes. If you do not select Apply to All, previously-defined overrides will be
retained. (See “Overriding Application Properties on Individual Remotes” on page 240.)
6. Click OK to save your changes.
The remainder of this section describes how to assign Service Profiles to remotes from the
Group QoS Service Profile-Remote View. This method can be used by a Group QoS
administrator as an alternative to assigning Service Profiles to individual remotes on the
Remote QoS tab.
2. Right-click anywhere in the Service Profile-Remote View and select Expand Tree to view
the current Service Profile assignments.
3. Right-click the Service Profile you want to assign and select Assign/Unassign Remote.
4. In the Remote Select dialog box (Figure 230), select the remote or remotes you want to
assign. Use Ctrl-click or Shift-click to select multiple remotes.)
Note: If you re-assign a remote to a new Service Profile in a different Service Group,
its previous Service Profile is still assigned as well. You can follow steps similar
to those above to unassign the remote’s previously-assigned profile. If you are
not sure if you have assigned a remote to multiple Service Groups, expand the
tree in the Service Profile-Remote View and check the Remote column for
multiple assignments.
Note: You can also change the Service Profile assignments of remotes by selecting
remotes in the Service Profile-Remote View and dragging the remotes between
Service Profiles. Figure 231 shows remote e8350 32132 being dragged from
Appl Service Group 1/SP 1 to Appl Service Group 2/SP 2.
2. Under the Service Profile you want to change, right-click a Virtual Remote and select
Modify from the menu.
3. In the Request Properties area of the Properties dialog box, modify the properties you
want to change.
4. In the Allocation Properties area of the dialog box, you can override the EIR Minimum
MODCOD setting on the outbound for a remote receiving a DVB-S2 outbound. See
“Configuring Application Properties for Remotes” on page 235 for details.
5. Click OK to save your changes to the Virtual Remote.
2. In the Group View of the Group QoS tab for your network, right-click an existing
Application in the Application Service Group of your Multicast Bandwidth Group and
select Insert.
Figure 234. QoS Application Dialog Box: Selecting Multicast Fast Path
Figure 235. Selecting a Fast Path Application Profile for a Multicast Application
7. Click OK to add the Multicast Fast Path Application to the Multicast Bandwidth Group and
return to the Group View.
8. In the Group View, double-click the Profiles folder for the Multicast Service Group to open
the Service Profile View for the Multicast Application Service Group.
Note: If this is the first Multicast Service Profile configured for your network, the
Service Profile View for the Multicast Service Group will be empty.
9. If the Service Profile View is empty (Figure 237, left image), right-click anywhere in the
main window and select Insert from the menu. If there are existing Multicast Service
Profiles (Figure 237, right image), right-click an existing Service Profile and click Insert.
Figure 237. Inserting a Multicast Service Profile into the Multicast Service Group
Figure 238. Selecting a Fast Path Application for a Multicast Service Profile
15. In the Remote Select dialog box, select the Available Remotes (on the left) to which you
want to assign the Multicast Fast Path Service Profile.
16. Click the single arrow in the center of dialog box to move those remotes into the Assigned
Remotes area (on the right) of the dialog box.
17. Click OK to save the remote assignments and return to the Service Profile Remote View.
18. Click OK to save the Group QoS changes for your network. You should see changes pending
on your network and hub-side changes pending on your remotes.
19. Apply the changes to your network and remotes.
Note: Operators can also assign remotes to Multicast Service Groups on the
Remote QoS Tab. See “Remote QoS Tab” on page 166 for details.
20. Add a persistent multicast groups to your network for each VLAN (including the default
VLAN) configured by the Multicast Fast Path Application to carry the Multicast Fast Path
packets. “Adding a Network” on page 105 contains the steps for adding persistent
multicast groups to a network. For a complete description of multicast support in iDirect,
see the Technical Note titled IP Multicast in iDirect Networks.
Note: A remote will always forward Multicast Fast Path packets to the local LAN,
even if a persistent multicast group is not configured for the eth0 interface of
the remote. However, you should configure a persistent multicast group for
your Network to ensure that the protocol processor forwards the multicast
packets to the transmit line card for transmission on the downstream carrier.
Remote Profiles
A Remote Profile contains one or more Applications. Each Application in a Remote Profile is
built from one or more Application Profiles. Application Profiles contain the Service Levels
and Rules defined to handle the various types of traffic in your networks. (See “Adding an
Application Profile” on page 268 for details on creating and editing Application Profiles.)
Remote Profiles are created in the QoS folder of the iBuilder Tree under the Remote Profiles
folder. Two subfolders named Downstream and Upstream contain the Remote Profiles that
you can assign for your Networks and Inroute Groups, respectively. Figure 240 shows an
example of the Remote Profiles folder in the iBuilder Tree.
By default, there are two preconfigured Remote Profiles: Default Downstream Profile and
Default Upstream Profile. These default profiles are built from the NMS and Default
Application Profiles described on page 266. You can assign default Remote Profiles to your
remotes, but you cannot change them or delete them.
You can add, clone, modify and delete Remote Profiles in the same way that you perform
these operations for other profiles in the QoS folder. For instructions on how to perform these
operations, see page 267.
Remote Profiles are configured in the Upstream and Downstream Remote Profile dialog boxes.
An example of the Upstream Remote Profile dialog box is shown in Figure 241.
As shown in Figure 241, the Remote Profile dialog box is divided into three sections.
In the top section of the dialog box, you can add new Applications and Application Profiles to
the Remote Profile. You also can drag the Applications or Application Profiles to change their
order. The order of the Applications and Application Profiles determines the order in which
the Service Levels are applied on Remotes assigned to this Remote Profile. Figure 241 shows a
Remote Service Group with two Applications, each containing two Application Profiles. The
QoS properties configured for the Applications are shown in the columns on the right.
The Service Levels pane of the dialog box shows the Service Levels configured for the
selected Application Profile. In Figure 241, the NMS Application Profile is selected in the top
section of the dialog box. Therefore, the Service Levels configured for the NMS are displayed
in the Service Levels section.
The Used By pane of the dialog box shows all remotes assigned to this Remote Profile. For
upstream profiles such as the one in figure Figure 241, the Inroute Group for each remote is
displayed in the second column. For downstream profiles, the Network containing each
remote is displayed in the second column.
You can perform the following operations on your Remote Profile:
• Add, Delete and Modify Applications
• Insert Application Profiles into Applications
• Delete Application Profiles from Applications
• Rearrange the order of Applications and of Application Profiles within Applications
• Move Application Profiles between Applications
The following rules apply when creating Remote Profiles
• Each Application in the Remote Profile must contain at least one Application Profile.
• The NMS Application Profile must be included in one Application within the Remote
Profile.
• The same Application Profile cannot be included more than once in a Remote Profile.
• The last Application Profile in the last Application of a Remote Profile must be the Default
Application Profile.
A new Remote Profile automatically contains a single Application built from the NMS and
Default Application Profiles.
2. Enter a Profile Name for your Remote Profile.
3. To add a new Application or Modify an existing Application:
a. Right-click an Application and select Add Application or Modify from the menu.
d. EIR applies only to Downstream Applications in DVB-S2 networks. Select Enable EIR to
configure EIR for this Application.
e. If you selected Enable EIR, you should also select a Minimum MODCOD Allowed. The
selected MODCOD is the minimum EIR MODCOD for this Application.
f. Click OK to save the changes.
Note: You can drag Applications to rearrange their order within a Remote
Profile.
b. In the Choose Application Profile dialog box, select the Application Profile you want
to add to the Application.
Note: You can drag Application Profiles to rearrange their order within an
Application.
Figure 247. Assigning a Remote Service Group on the Remote QoS Tab
This remainder of this section describes how to assign Remotes to Remote Service Groups
from the Group QoS Remote Profile View. This method can be used by a Group QoS
administrator as an alternative to assigning Service Profiles to individual remotes on the
Remote QoS tab.
2. Right-click anywhere in the Remote Profile View and select Expand Tree to view the
current Remote Service Group assignments.
3. Right-click the Service Profile you want to assign and select Assign/Unassign Remote.
4. In the Remote Select dialog box (Figure 248), select the remote or remotes you want to
assign. Use Ctrl-click or Shift-click to select multiple remotes.
Note: The Remote Profile column shows the Remote Profile assignments for all
remotes in the Remote Profile view. You can click the column header to sort by
Remote Profile within each Remote Service Group. In Figure 249, the last
remote displayed has not yet been assigned a Remote Profile.
Note: You can also change the Remote Service Group assignments of remotes by
selecting remotes in the Remote Profile View and dragging the remotes
between Remote Service Groups. Figure 250 shows remote e8350 42132 being
dragged from Remote Service Group 1 to Remote Service Group 2.
5. In the Modify Configuration Object dialog box, click the Custom Tab. Then add a custom
key to the Hub-Side Configuration pane in the following format:
[UPSTREAM_VR_#]
full_cir_trigger = 1
where # is the Virtual Remote number determined in Step 3. Figure 252 shows the custom
key required to enable Full-Trigger CIR for Virtual Remote 2 on the remote being
configured.
2. Right-click anywhere in the Group View and select Save to Profile to display the QoS
Group Profile dialog box.
3. In the QoS Group Profile dialog box, enter a name for your new Group Profile.
4. You can view the properties of the various group members before saving the Group
Profile. To see the properties of a Bandwidth Group, Service Group or Application, select
its icon in the Group Hierarchy pane. The properties of that group member appear in the
Group Members pane.
5. To save the Group Profile, click OK in the QoS Group Profile dialog box. Then click OK in
main screen of the Group QoS tab.
Inroute Group QoS profiles are saved in the QoSGroup ProfilesUpstream folder of the
iBuilder tree. Network Group QoS profiles are saved in the QoSGroup
ProfilesDownstream folder of the iBuilder tree.
2. In the Modify Configuration Object dialog box, enter a Profile Name for the new Group
Profile.
3. If desired, you can make changes to the Group Profile before you save it. See “Configuring
Group QoS” on page 210 for details on modifying the Group QoS configuration.
Note: Only the Group View and Service Profile View are available when working with
Group Profiles. The Service Profile-Remote View, Remote Profile View, and
Remote View, which appear on the Group QoS tab, are not applicable to Group
Profiles.
2. In the Modify Configuration Object dialog box, make the desired changes to the Group
QoS configuration. See “Configuring Group QoS” on page 210 for details on modifying the
Group QoS configuration.
Note: Only the Group View and Service Profile View are available when working with
Group Profiles. The Service Profile-Remote View, Remote Profile View, and
Remote View, which appear on the Group QoS tab, are not applicable to Group
Profiles.
4. Right-click anywhere in the Group View and select Create From Profile to display the
QoS Group Profile dialog box.
5. In the QoS Group Profile dialog box, select the Group Profile you want to use for this
Bandwidth Pool. (Only Upstream Group Profiles can be selected for Inroute Groups. Only
Downstream Group Profiles can be selected for Networks.)
6. You can view the properties of the various group members before applying the Group
Profile to the Bandwidth Pool. To see the properties of a Bandwidth Group, Service Group
or Application, select its icon in the Group Hierarchy pane. The properties of that group
member will appear in the Group Members pane.
7. When finished, click OK in the dialog box. Then click Yes in the confirmation dialog box to
replace the Group QoS configuration.
8. If you are using Application Service Groups, follow the steps in “Assigning Service Profiles
to Remotes” on page 237 to assign your remotes to Service Profiles based on the
Application Service Groups of the new configuration.
9. If you are using Remote Service Groups, follow the steps in “Assigning Remotes to Remote
Service Groups” on page 252 to assign your remotes to Remote Service Groups.
10. When finished, click OK at the bottom of the Group QoS tab to save your changes.
Note: Remote Profiles are built from Application Profiles. Remote Profiles are
discussed in detail in “Remote Profiles” on page 247.
Application Profiles define the Group QoS Applications that you add to your Service Profiles or
Remote Profiles. You then assign the Service Profile or Remote Profile to your remotes using
the Group QoS tab for your Bandwidth Pools or the QoS tab for your remotes. (See
“Configuring Group QoS” on page 210 for details.)
Filter Profiles encapsulate a single filter definition. A Filter Profile contains a group of rules,
but no Service Levels. Filter Profiles are assigned on the Remote QoS tab.
Application Profiles, Remote Profiles and Filter Profiles are stored in separate folders in
iBuilder’s Network Tree. They are not associated with a teleport; instead they are
independent of any network hierarchy, similar to spacecraft and antenna components. Figure
260 shows the folders that store these profiles.
iBuilder contains a number of pre-configured Profiles to help you define various categories of
IP traffic. You can modify these pre-configured profiles to meet your needs; copy them to use
as templates for new profiles; or create your own profiles. A typical list of Downstream Filter
Profiles in the iBuilder tree is shown in Figure 261.
Preconfigured Application Profiles (Default Downstream, Default Upstream and NMS) are
automatically added to your Networks or Inroute Groups when created.
Adding a Profile
To add a new profile, right-click the Upstream or Downstream folder for the type of profile
you want to add and select the Add option. The title of the Add option will differ depending
on what type of profile you are adding: Upstream or Downstream.
A Modify Configuration dialog box opens to allow you to configure the profile you are adding.
Details are discussed in “Adding an Application Profile” on page 268 and “Adding a Filter
Profile” on page 271. Adding Remote Profiles is discussed in “Adding a Remote Profile” on
page 249.
Once a Profile is configured and saved, it appears in the iBuilder Tree within its respective
folder. Figure 262 shows Group QoS Downstream Application Profiles in the iBuilder tree.
Note: When a profile is being used, the icon in the iBuilder Tree is colored red and the
name appears in bold typeface.
Copying a Profile
You can copy a profile by right-clicking it and selecting Clone or Clone As from the menu. If
you select Clone, a copy of the selected profile is created in the same folder. You can then
edit the new profile to make changes.
If you select Clone As, the Clone As dialog box appears. The Clone As dialog box allows you
select a Direction for the copy of your profile. By selecting a Direction, you can copy a
Downstream profile to the Upstream folder, or an Upstream Profile to the Downstream folder.
Note: Clone As is not available for Group QoS Profiles or Remote Profiles. You cannot
copy Group Profiles or Remote Profiles between the Upstream and Downstream
folders.
You can also modify or copy an existing profile by right-clicking the profile and selecting
ModifyItem, Clone or Clone As from the menu. Clone creates a copy in the current
folder. Clone As allows you to copy profiles between the Downstream and Upstream
folders.
2. After you have selected the operation you want from the menu, a dialog box opens.
(Figure 264 shows an Upstream Application Profile with multiple Service Levels. New
Application Profiles will be empty.)
Each Application Profile contains one or more Service Levels. Each Service Level can have
multiple Rules. When you select a Service Level in the Service Levels pane of the dialog
box, all Rules associated with that Service Level are displayed in the Rules pane.
The Used By pane shows which network elements and QoS groups are using this
Application Profile. For upstream Application profiles, remotes, Inroute Groups, Remote
Profiles and Service Profiles are displayed. For downstream profiles, remotes, Networks,
Remote Profiles and Service Profiles are displayed.
3. You can Add, Edit or Delete Service Levels by selecting the Service Level and clicking the
appropriate button. Figure 265 shows the Add Service Level dialog box. The Edit Service
Level dialog box is identical.
Note: If a remote in Sleep Mode receives traffic for transmission on the upstream,
and Trigger Wakeup is not selected for the traffic’s Service Level, then the
packets will be dropped and the remote will remain in Sleep Mode. A remote
will only wake from Sleep Mode if Trigger Wakeup is enabled for the traffic, or
if Sleep Mode is manually disabled for the remote on the remote Information
tab.
10. SelectTrigger State Change to cause remotes to automatically change from the Idle State
or Dormant State to the Active State when incoming packets for transmission on the
upstream carrier match the Service Level definition. (See “Configuring Minimum
Information Rate and Idle and Dormant States” on page 172.)
11. Select the method of Optimization for traffic matching this Service Level. Selecting
Maximum Efficiency instructs the software to allocate bandwidth as efficiently as
possible. Selecting Minimum Latency instructs the software not to hold onto partially
filled TDMA bursts but to release them immediately. For more details, see the chapter
titled “QoS Implementation Principles” in the iDirect Technical Reference Guide.
WARNING! Selecting Minimum Latency can result in an increased number of unused bytes
per burst, significantly decreasing the upstream throughput for remotes with
this setting. Do not select Minimum Latency unless you are certain that your
application requires it.
12. Select the method of Scheduling to be used for this Service Level: Priority Queue, Cost-
Based, or Best Effort. If you select Priority Queue, then select the priority level from the
menu. If you select Cost-Based, then enter a cost value. For details on each scheduling
method, see the discussion of packet scheduling in the chapter titled “QoS
Implementation Principles” in the iDirect Technical Reference Guide.
13. Enter the Queue Depth.
14. Choose the Type of Service Marking you want.
15. Click OK to save this Service Level.
16. Use the Add, Edit and Delete Buttons in the Rules Pane to configure Rules for your
Service Profile. The steps for configuring Rules are covered in “Adding a Rule to an
Application Profile or Filter Profile” on page 274.
You can configure any remote with an Upstream Filter Profile, a Downstream Filter Profile, or
both. The rules configured for the assigned profile(s) are applied to any packets offered for
transmission on the upstream or received on the downstream before any other QoS processing
is performed.
Each filter profile can be configured with one or more rules. For a packet to be further
classified, it must match at least one of that filter profile’s rules. A rule is made up of one or
more comparisons between IP header fields and a known constant value specified by the user.
The system compares each rule in the order specified, and classifies the packet according to
the first rule that matches.
Follow these steps to add a Filter Profile:
1. Right-click the Filter Profiles folder under QoSUpstream or QoSDownstream in the
iBuilder tree. Then select the Add Filter option from the menu to display the Filter
Profile dialog box (Figure 267).
2. In the Filter Profile dialog box, click the Add button in the Rules pane to display the Add
Filter dialog box.
3. Follow the steps in “Adding a Rule to an Application Profile or Filter Profile” on page 274
to configure a rule for this Filter Profile.
4. When you have finished adding Rules, click OK in the Filter Profile dialog box to save the
Filter Profile.
In the profile dialog box, the Rules pane displays all Rules configured for the Service Level
selected in the Service Level pane, along with the name of the selected Service Level. In the
Filter Profile dialog box, the Rules pane displays all Rules configured for the Filter Profile.
(See “Adding an Application Profile” on page 268 and “Adding a Filter Profile” on page 271 for
more details.)
When you select or clear the Show Protocol Names check box at the bottom of the dialog
box, the Rules pane toggles the displayed Rules between IP protocol names and numbers.
Figure 270 shows the result of selecting the check box (top) and of clearing the check box
(bottom) in the profile dialog box. Application and Filter Profile dialog boxes both provide the
same capability.
Figure 270. Selecting and Clearing the Show Protocols Name Check Box
Follow these steps to add a new rule for your Application or Filter Profile:
1. Click the Add button in the Rules pane to display the Add Rule dialog box.
Note: When specifying rules, all comparisons specified (as indicated by the check
boxes on the left-hand side of the dialog box) must match for the rule to match
a packet.
2. Select the check boxes at the left to enable IP header fields for comparison by the filter.
Then define the values and operators for each comparison to be made as follows:
• Source IP and Destination IP address and Subnet Masks: You can configure a Source
and/or Destination IP address, each with a Subnet Mask. The IP header field may be
equal to (=) or not equal to (<>) the value entered. The subnet mask is first applied
to the IP address in the packet, and then compared to the address specified in the
filter. This way, Source and Destination Ranges of subnet masks may be made to
match the rule.
• Source and Destination Port Ranges: You can configure Source and Destination Port
Ranges and select the desired protocols in the From and To drop down lists. Each
protocol may be equal to (=) or not equal to (<>) the value entered. Select Same as
Source to configure the Destination Port Range to be identical to the Source Port
Range.
• VLAN Ranges: You can configure VLAN Ranges to be equal to (=) or not equal to (<>)
the value entered.
• Protocol: You can select a Protocol which may be equal to (=) or not equal to (<>)
the value entered.
• DSCP, TOS, Precedence: If you select DiffServ DSCP you cannot select TOS or
Precedence. If you select TOS or Precedence you cannot select DSCP.
3. Click OK to save the filter.
Note: If you do not know if your chassis has an EDAS or MIDAS controller board,
attempt to follow Step 1 through Step 6 in “Setting the IP Address for a Chassis
with a MIDAS Controller Board” on page 278. If you have an EDAS controller
board, you will not be able to log on to the board using the MIDAS procedure.
Note: If you are changing the IP address of a chassis and you have already configured
the chassis in iBuilder, you must update the Chassis Manager Server with the
new IP address. See “Changing a Chassis IP Address” on page 292 for details.
WARNING! Do not click the “Write Ethernet Address” Button. The Ethernet Address field
should never be modified.
13. Reset the EDAS board either by powering the hub chassis off and on, or by resetting only
the EDAS board.
Note: To reset the EDAS board without powering down a 20 slot chassis, remove the
EDAS board cover and disconnect and reconnect the power connector to the
board itself. To reset the EDAS board without powering down a four slot
chassis, press the “EDAS Reset” button on the chassis control module.
4. Configure a serial terminal program (such as Tera Term under Windows or Minicom under
Linux) to match the serial settings on the MIDAS control module. The default settings are:
• Baud rate: 57600
• Data bits: 8
• Parity: None
• Stop bits: 1
• Flow Control: None
5. Press Enter in the terminal program to display the MIDAS login: prompt.
6. At the MIDAS login: prompt, type the MIDAS administrative login name and press Enter.
(The default administrative login name is admin.)
7. At the Password > prompt, type the administrative password and press Enter. (The
default administrative password is admin.)
8. If you want to display the current IP settings, enter the command:
show ip config
9. At the admin > command line prompt, enter the command:
set ip <n.n.n.n>
where <n.n.n.n> is the desired IP address. For example, to set the IP address to
172.17.2.50, you would enter the command set ip 172.17.2.50.
10. Enter the command:
set mask <n.n.n.n>
where <n.n.n.n> is the desired subnet mask. For example, to set the subnet mask to
255.255.255.0, you would enter the command set mask 255.255.255.0.
11. Enter the command:
set gateway <n.n.n.n>
where <n.n.n.n> is the desired gateway IP address. The default gateway should be your
upstream router. For example, to set the gateway IP address to 172.17.2.1, you would
enter the command set gateway 172.17.2.1.
12. Enter the command:
reboot
Your new IP settings will take effect on completion of the reboot.
13. To verify your IP settings, you can log on again and enter the following command:
show ip config
Note: Beginning with iDX Release 2.0, a hub line card must be assigned to a licensed
chassis slot before it can be activated. Until a line card is assigned to slot, the
line card will be in the “incomplete” state in the iBuilder tree.
For information on licensing your chassis, see the iDirect Features and Chassis Licensing
Guide available on the TAC web page.
The Chassis dialog box appears, containing one row for each slot and jumper. Rows are
arranged from top to bottom to mirror the chassis slots from left to right
2. If you have not yet loaded the license file containing your chassis licenses, follow the
procedure in “Importing Your License Files” on page 58.
3. Enter a Name for the new chassis.
4. Enter the six-digit Serial Number of your chassis and click the Validate SN button. The
Serial Number that you enter must match a chassis serial number in your chassis license
file.
Once iBuilder has validated the chassis serial number, the read-only IP Address of the
chassis is displayed and all licensed slots and jumpers change from Off - Not Licensed to
Off - Licensed.
Figure 273. Chassis Dialog Box: 20-Slot Chassis with Licensed Slots
Note: The IP Address displayed in the Chassis Dialog Box must match the IP Address
that you configured for your chassis. See “Configuring the Chassis IP Address”
on page 277.
5. If the chassis contains an RCM, select RCM Installed.
6. To turn power on for specific slots, or to set jumpers, click the check boxes in the State
column. You should power on all slots in which you have installed line cards. After each
group of four slot rows, you will see a jumper row. Do not select the jumper boxes unless
your network spans virtual backplanes.
Note: If you are creating a Chassis Group of daisy-chained chassis, all jumpers will be
automatically selected and cannot be disabled. All line cards in a Chassis Group
are in a single network with one virtual backplane. See “Daisy Chaining Hub
Chassis” on page 294.
7. To associate a configured line card with a specific slot, right-click the slot and select
Assign Hub from the menu.
Note: You can also select Free to indicate that no modems are installed in that
slot. The associations you make must reflect the actual physical layout of
your chassis; iBuilder cannot map logical associations to physical line card
locations.
8. When you select Assign Hub, a drop-down list appears in the row, listing all of the line
cards that can be assigned to that slot. Select the line card installed in that slot.
9. Click OK. When you save your changes, iBuilder displays “Changes Pending” for the
Chassis in the network Tree.
10. To make your changes active, right-click the Chassis and select Apply Configuration.
iBuilder uses the following rules when making line card assignments:
• If no line cards have been associated with slots, the drop-down choice list will contain all
the line cards you currently have defined.
• After you make the first association, the following rules apply:
• That line card no longer appears in any drop-down list.
• Only line cards from the same network appear in drop-down lists for other slots in the
same virtual backplane. If you have unassigned Solo line cards, they also appear.
• Drop down lists for other virtual backplanes will not contain any line cards from the
network already assigned.
• If you have two networks in adjacent virtual backplanes, iBuilder will not let you set the
jumper between those two backplanes.
• To assign line cards from a single network across a jumper, you must first set that jumper.
• If you have a large network that spans a jumper, iBuilder will not let you clear the jumper.
All chassis slots are powered on by default when the chassis is powered on. For this reason,
the configuration database is the sole keeper of slot power and jumper settings. When the
configuration server starts up, or after a reconnection to the chassis, it automatically applies
the chassis settings stored in the database, thus restoring the desired chassis state.
Note: If you are using Spread Spectrum, you must install your M1D1-TSS line cards
with one empty slot to the right. For example, if you want to install the line
card in slot 4, slot 5 must be empty. You cannot install a M1D1-TSS line card in
slot 20.
Note: Although there is a jumper between slots 4 and 5, you cannot enable or disable
that jumper. In a stand-alone four-slot chassis, that jumper is always disabled,
isolating slot 5, which is available only for configuration and testing.
For Daisy Chained chassis, all jumpers are always enabled. In that case, slot 5
is not available for any purpose and is disabled by the NMS software.
Follow these steps to create a four-slot chassis in iBuilder:
1. Right-click your Teleport in the iBuilder Tree and select Add 4 Slot Chassis from the
menu.
The Chassis dialog box appears, containing one row for each slot and jumper. Rows are
arranged from top to bottom to mirror the chassis slots.
Figure 277. Chassis Dialog Box: Four-Slot Chassis with Licensed Slots
Note: The IP Address displayed in the Chassis Dialog Box must match the IP Address
that you configured for your chassis. See “Configuring the Chassis IP Address”
on page 277.
4. If the chassis contains an RCM, select RCM Installed.
5. The Chassis Information area of the dialog box (see Figure 276) displays status
information about the IF Module (IFM) and Outdoor Power Modules (OPM) received from
the chassis.
6. You can configure the following options for your OPMs:
a. Select BUC Voltage On to enable BUC voltage. These settings should be the same for
OPM A and OPM B.
b. Select LNB Voltage On to enable LNB voltage. These settings should be the same for
OPM A and OPM B.
Note:A four-slot chassis with four RF ports can only supply DC voltage to a BUC
or LNB on RF port 1. It cannot supply voltage on RF port 2, 3 or 4.
c. Select 22 KHz Tone On to enable the 22 KHz tone option. The 22 KHz tone capability
is for use with DiSEqC-compatible Universal LNBs. Note that if you select this option
for one OPM, it will not be selectable for the other.
d. If you have selected LNB Voltage ON, select one of the OPM-AB LNB Voltage options:
• Select Low to enable low LNB voltage (+14VDC at 500 mA)
• Select High to enable high LNB voltage (+19VDC at 500 mA). Typically, High is
selected. This is the default, standard setting.
7. The procedure to power on the slots, assign the line cards and set jumpers 1 through 3 is
identical to the procedure for a 20-slot chassis. Jumper 4 is controlled by the software.
See “Configuring and Controlling the Hub Chassis” on page 280 for details on assigning
line cards to slots and setting the jumpers.
Note: If you are using Spread Spectrum, a four-slot chassis must have an empty slot
above each M1D1-TSS line card. For example, if you want to install an M1D1-
TSS line card in slot 2, slot 1 must be empty. You cannot install an M1D1-TSS
line card in slot 1.
8. You can configure Line cards in a four slot chassis to supply the 10 MHz clock to the Up
Converter, the Down Converter, or both. Note the following:
• You must select ODU Tx 10 MHz on the Up Converter screen or ODU Rx 10 MHz on the
Down Converter screen for these selections to appear in the menu. See “Adding an Up
Converter or Down Converter” on page 67 for details.
• Only one line card per Up Converter or Down Converter can be selected for this
function. The Up Converter and Down Converter associated with each line card in
this chassis are shown in the Hub Assignment column.
• This feature is available on the following line card model types: M1D1 (Tx and Rx);
eM1D1 (Tx and Rx); XLC-11 (Tx and Rx); XLC-10 (Tx only); and XLC-M (Rx only).
• Only newer M1D1 line cards have this capability. If you configure an M1D1 line card to
supply the 10 MHz reference and the line card cannot perform that function, an alarm
will be raised in iMonitor when the changes are applied to the line card.
To turn on or off the 10 MHz reference from a line card, right-click in the Tx-10 MHz
column (for the Up Converter) or Rx-10 MHz column (for the Down Converter) in the slot
containing the line card. Then select 10 MHz On/Off from the menu. The 10 MHz setting
will toggle between off and on.
WARNING! If you have multiple iDirect networks sharing the same Up Converter or Down
Converter and you have configured one of the Tx (or Tx/Rx) line cards to
supply the 10 MHz clock, then failure of that line card will cause all networks
sharing the Up/Down Converter to fail. Under these circumstances, iDirect
strongly recommends that you install a Standby Line Card to back up the line
card supplying the 10 MHz clock. See “Defining a Standby Line Card” on
page 120 for details.
9. Click OK to save your changes. Then apply the changes to your chassis and line cards.
Elements requiring update will show changes pending in the iBuilder tree.
Note: If you are changing the 10 MHz clock source from one line card to another,
apply the line card changes to the original clock source to turn off the 10 MHz
before applying the line card changes to the new clock source.
Note: You can only share a 20 slot chassis among multiple Network Management
Systems. You cannot share a four slot chassis.
When multiple Network Management Systems share one or more chassis, a single NMS Chassis
Manager Server (CM Server) controls all access to the chassis. All NMS configuration servers
that share the chassis share the single CM Server.
The CM server only allows access to chassis slots that have been licensed by iDirect. An HNO
can share licensed slots with additional NMS configuration servers by including the MAC
addresses of the configuration server machines in a CM server configuration file named
para_cfg.opt.
Figure 279 on p. 287 shows an example of an HNO NMS sharing a 20 slot chassis with VNO1 NMS
and VNO2 NMS.
Figure 279. Sharing a Hub Chassis Among Multiple Network Management Systems
To share the chassis, the HNO first determines where to run the common Chassis Manager
Server and configures the HNO NMS accordingly. (For details on how to distribute the NMS
server processes across multiple server machines, see “Configuring a Distributed NMS Server”
on page 405.) The HNO must also obtain a chassis license from iDirect and use iBuilder to
import the license file. (See “Importing Your License Files” on page 58.)
Once the chassis is licensed, the HNO modifies the configuration file para_cfg.opt on the
Chassis Manager Server to allow the VNO NMS configuration servers to access specific chassis
slots. This is accomplished by adding the MAC address of the VNO’s NMS configuration server
machine for each slot that the VNO is allowed to access.
An excerpt from para_cfg.opt is shown in the upper left of Figure 279. In the figure, VNO 1
can access slots 1 through 4 of the chassis with IP address 172.20.136.6, while VNO 2 can
access slot 5 through 8 of the chassis with IP address 172.20.136.6.
Note: All Network Management Systems sharing a chassis must have IP connectivity to
the machine on which the Chassis Manager Server is running.
The following three subsections show how to:
1. Configure a VNO NMS (NMS 2) to point to an HNO NMS (NMS 1)
2. Configure NMS 1 to share chassis slots with NMS 2
3. Duplicate NMS 1’s chassis configuration on NMS 2 to allow the VNO to manage its slots
The example assumes that the HNO NMS (NMS 1) has already been installed (including the
Chassis Manager) and that you now want to configure the VNO NMS (NMS 2) to share the
existing Chassis Manager Server. Although the example only shares the chassis with one
additional NMS, you can follow the same steps to configure additional NMSs to use slots in the
same chassis.
Note: Beginning with iDX Release 2.1, by default you cannot use SSH to log on directly
to the root account of your NMS server or Protocol Processor blade. You can use
SSH to log on to other accounts such as the idirect account. You can then enter
su - from the command line to log on as root.
2. Stop the NMS services on the server by entering the following command:
service idirect_nms stop
3. Run the script attach_extern_cm2nms.pl by entering the following command:
/home/nms/utils/db_maint/attach_extern_cm2nms.pl -db=nms
-xip=<ip address>
where <ip address> is the IP address of the external CM server machine.
4. Answer yes at the prompt:
Do you want to change Chassis Manager location?(yes/no)
5. Answer no at the prompt:
Do you want make system distributed?(yes/no)
6. If you use the Revision Server, answer yes at the following prompt. If not, answer no:
Do you run ‘revsvr’ on this computer?(yes/no)
7. If you are using SkyMonitor, answer yes at the following prompt. If not, answer no:
Do you run ‘skysvr’ on this computer?(yes/no)
8. Answer no at the prompt:
Do you run ‘osssvr’ on this computer?(yes/no)
9. Enter the following command to restart the NMS services:
service idirect_nms start
10. Enter the following command to verify that all server processes are running:
service idirect_nms status
11. The MAC address of this NMS’s configuration server machine is required to configure the
HNO’s Chassis Manager to share the chassis. To determine the MAC address, log on to the
NMS 2 configuration server machine and enter the following command:
ifconfig
In the example in Figure 280, the MAC address is the Hwadd on the first line of the
ifconfig command output.
Note: Beginning with iDX Release 2.1, by default you cannot use SSH to log on directly
to the root account of your NMS server or Protocol Processor blade. You can use
SSH to log on to other accounts such as the idirect account. You can then enter
su - from the command line to log on as root.
3. Change to the Chassis Manager directory by entering the command:
cd /home/nms/cm
The 20 slot chassis in Figure 281 has Serial Number 700100 and IP address 192.168.76.16.
The rows for each slot contain the MAC addresses of the NMS configuration server
machines that can access the chassis. Zeros in a slot MAC address mean that the slot can
only be accessed by the licensed NMS.
5. For each slot you want to share with NMS 2, replace the zero MAC address with the MAC
address of the machine running NMS 2’s configuration server.
In Figure 282, slots 1 and 2 of the chassis with serial number 700100 have been
reconfigured for sharing with a configuration server machine whose MAC address is
00:14:5E:17:A8:AC.
Note: You can enter more than one MAC address per slot. Separate each address with
a semicolon. For example: slot_1 = 00:11:25:A9:38:1E;00:21:52:C3:22:22
means that two additional configuration servers can access slot 1 of this
chassis.
6. Once you have added the MAC address for each slot you want to share, save the file and
exit the editor.
7. Enter the command:
telnet <ip address> 15262
where <ip address> is the IP address of the server running the NMS chassis manager
process.
8. At the Username prompt, log on to the chassis manager admin account. (The default
password is iDirect. You should change this password.)
9. Update the Chassis Manager with the new configuration by entering the command:
update
10. Return to the NMS server machine by entering the command:
exit
11. Log off of the NMS server machine.
4. Right-click the chassis in the iBuilder Tree and apply the chassis configuration.
You can now configure line cards on NMS 2 and assign those line cards to the slots you
configured for access from NMS 2’s configuration server MAC address.
Note: You can control which operations a VNO user on NMS 2 can perform on the
chassis by setting VNO access rights on the chassis and slots in NMS 2’s
database. For more information see “Sharing a Chassis Among Multiple VNO
User Groups” on page 364.
Note: Beginning with iDX Release 2.1, by default you cannot use SSH to log on directly
to the root account of your NMS server or Protocol Processor blade. You can use
SSH to log on to other accounts such as the idirect account. You can then enter
su - from the command line to log on as root.
Figure 283 contains an excerpt from para_cfg.opt. In the figure, the chassis with Serial
Number 700100 has an IP address of 192.168.76.16.
6. Change the IP address of the chassis to the new IP address.
7. Save the file and exit the editor.
8. Enter the command:
telnet <ip address> 15262
where <ip address> is the IP address of the server running the NMS chassis manager
process.
9. At the Username prompt, log on to the chassis manager admin account. (The default
password is iDirect. You should change this password.)
10. Update the Chassis Manager Server with the new IP address by entering the command:
update
11. Return to the NMS server machine by entering the command:
exit
12. Log off of the NMS server machine.
Note: The chassis IP address configured in para_cfg.opt takes precedence over the IP
address in the chassis license file. Therefore, if you reload the original chassis
license file, you do not need to re-edit para_cfg.opt.
Note: Although iBuilder does not limit the number of chassis that you can add to a
Chassis Group, iDirect has only certified, and therefore only supports, two
chassis per group.
The following sections explain how to physically connect a daisy chain of chassis and how to
configure them as a Chassis Group in iBuilder.
The interface to the multi-hub RCM is shown in Figure 285. The INPUT and OUTPUT
connectors are used to form the rings shown in Figure 284.
The components of the multi-hub RCM interface are defined in the following sections.
Note: At this time, iDirect only supports two chassis in a multi-hub configuration.
2. The first chassis in the Chassis Group is the Master chassis. Other chassis are Slave chassis.
The Master chassis must hold your Tx line card and any standby line cards that back up
the Tx line card. On each chassis in the multi-hub configuration, set the RCM switches for
both RCMS as shown in Table 8.
As in previous releases, when you configure an individual chassis in iBuilder, you enable or
disable the software jumpers that connect or segregate the chassis partitions. However, when
you add a chassis to a Chassis Group, all jumpers in the chassis are automatically enabled and
cannot be disabled. Therefore, all slots in all chassis in a Chassis Group are, by design,
dedicated to a single virtual backplane. (See “Configuring and Controlling the Hub Chassis” on
page 280.)
2. In the Chassis Group dialog box, enter a Name for the new group.
2. In the Chassis dialog box, add your line cards to the chassis Slots to reflect your network
configuration.
Note: When you add a chassis to a Chassis Group, all jumpers in the chassis are
automatically enabled and cannot be disabled. Therefore, all slots in all
chassis in a Chassis Group are dedicated to a single virtual backplane.
3. Click OK in the Chassis dialog box when you are finished configuring the chassis. If you
added the chassis from the Chassis Group dialog box, you will be returned to that dialog
box. Click OK in the Chassis Group dialog box to save the modified configuration.
Note: You can use the Edit and Remove buttons in the Chassis Group dialog box to
modify the configuration of a chassis, or to delete a chassis from the group.
First select the chassis in the Daisy Chained Chassis area of the dialog box;
then click the button for the function you want.
Note: Your transmit line card and any standby line cards that back up the transmit
line card must be in the first chassis. Subsequent chassis can only contain
receive-only line cards and standby line cards for receive-only line cards.
To change the order of the Chassis within a Chassis Group:
1. Right-click the Chassis Group in the iBuilder tree and select ModifyItem from the menu.
2. Select a chassis in the Daisy Chained Chassis area of the Chassis Group dialog box.
3. Use the arrow buttons at the top of the dialog box to move the chassis up or down in the
list.
The term Activation Pending appears in red text to the right of the remote you are
activating. The term Changes Pending appears in red text to the right of its
corresponding network. For other states, see Step 4 on page 304.
2. Select the network in which the remote resides, right-click the network, and then select
Apply Configuration.
If the remote has been acquired into the network, the term Nominal appears in blue text
to the right of both the remote and the network. If it has not been commissioned and
acquired into the network for the first time, the term Never Applied appears to the right
of the remote.
5. To deactivate an active remote, select an activated remote, right-click it, and select
Activate Remote. The check mark will be removed and the remote will become inactive.
2. On the left side of the Move Remote dialog box, select the new Inroute Group for this
remote. The new Inroute Group can be in the same Network or in a different Network.
3. If you are moving the remote to a new network, in the Network QoS Tree section of the
dialog box, select either a Remote Service Group in the Service Group column or a
Service Profile from an Application Service Group in the Service Profile column.
4. In the Inroute Group QoS Tree section of the dialog box, select either a Remote Service
Group in the Service Group column or a Service Profile from an Application Service Group
in the Service Profile column.
5. If you selected a Remote Service Group for the new Network and/or Inroute Group, you
can also select new Remote Profiles in the Downstream and Upstream Remote Profile
sections of the dialog box.
Note: If you are moving a remote from one Remote Service Group to another, the
Remote Profile that was assigned to the remote in the original Service Group
will still be assigned in the new Service Group unless you select a new Remote
Profile.
Note: An NMS Operator must have Group QoS permissions to select a new Remote
Profile while moving a remote. If you do not have Group QoS permissions, you
will not see the Remote Profile sections of the dialog box.
6. Click OK to move the remote. The remote now appears under the new Inroute Group in
the iBuilder Tree.
Note: Since iNFINITI remotes cannot receive DVB-S2 outbound carriers, you cannot
move an iNFINITI remote into a DVB-S2 network. Similarly, since Evolution X3
and X1 remotes can only receive DVB-S2 outbound carriers, you cannot move an
Evolution X3 or X1 remote into an iNFINITI network.
You can also move remotes between Inroute Groups and Line Cards in SCPC Receive Mode, or
between two Line Cards in SCPC Receive Mode. This example shows how to move a remote
from an Inroute Group to a receive-only line card in SCPC Receive Mode.
1. Right-click the remote to be moved, and select Move from the menu.
Figure 294. Moving a Remote from an Inroute Group to an SCPC Line Card
2. On the left side of the Move Remote dialog box, select the Line Card that will receive the
remote’s SCPC upstream carrier.
3. If you are moving the remote to a new network, in the Network QoS Tree section of the
dialog box, select either a Remote Service Group in the Service Group column or a
Service Profile from an Application Service Group in the Service Profile column.
4. The SCPC Channel List section of the dialog box displays all available SCPC upstream
carriers assigned to the selected line card. Select the Channel ID of the SCPC upstream
carrier that you want to assign to this remote.
5. In the Upstream Remote Profiles section of the dialog box, select a Remote Profile.
Note: An NMS Operator must have Group QoS permissions to select a new Remote
Profile while moving a remote. If you do not have Group QoS permissions, you
will not see the Remote Profile sections of the dialog box.
6. You can change the remote’s Initial Power and Max Power by entering values in the fields
at the bottom of the dialog box. If these values have been pre-configured for the remote,
then the pre-configured values are displayed on the screen.
Note: The remote cannot become operational until the Initial Power and Max Power
are configured for the upstream carrier.
7. Click OK to move the remote. The remote now appears under the receive Line Card in the
iBuilder Tree.
Note: If a VNO user retrieves an options file, only elements owned by or visible to
that VNO are included.
The following sections describe how to modify, retrieve, compare, and apply configurations
on remotes as well as on other network elements.
Note: Beginning in iDX Release 2.0, the Dynamic Function Options Exchange (DFOE)
protocol allows some remote-side configuration changes to be dynamically
applied. All remote hub-side options groups beginning with 'RMT_' are sent
from the Protocol Processor to the remote using the DFOE protocol. For these
options, you are no longer required to apply remote-side changes to the remote
and you will no longer see remote-side changes pending in iBuilder.
Note: You must deactivate a remote before you can delete it. When a remote is
activated, a check mark is shown next to the Activate Remote selection in the
network tree for the remote. To deactivate a remote, right click the remote in
the Network Tree and select Activate Remote to remove the check mark.
The Network Tree menu selections for viewing and deleting a remote are shown in Figure 296.
Notice that you cannot select Delete until a remote is deactivated.
Note: In the case of remotes, the menu allows you to select either the hub-side or the
remote-side configuration for retrieval. The example shows Saved
Configurations being selected. However, the procedure for both are the same.
2. Navigate to the folder on your PC in which you want to save the options file and click
Save.
3. The options file opens in Notepad allowing you to review the configuration parameters.
This example shows Saved Configurations being selected. The procedure for retrieving
multiple Active Configurations is identical.
2. In the Multiple Configurations Retrieve dialog box, select the remotes and/or the hubs
for which you want to retrieve the configurations.
4. In the Save As dialog box, navigate to the location on your PC where you want to save the
configuration files.
5. Click Save.
iBuilder retrieves the selected configurations and copies them to the designated location.
Both the remote-side and hub-side options files will be retrieved and saved for all selected
remotes.
To compare the active configuration of an element with its latest configuration, follow this
procedure:
1. Right-click the element in the Tree and select Compare Configurations. In the case of a
remote, select Remote-Side or Hub-Side.
2. To view all configuration parameters in the dialog box, clear the Show differences only
check box. Note that differences are shown in red.
3. To view only the parameters that are different, select the Show differences only check
box.
Sequence of Download
When applying configurations to multiple elements, iBuilder treats each group of elements as
a batch, processing the batches in upstream order. Therefore, remotes are downloaded first,
followed by hub lines cards, and finally the network itself.
All elements of a batch must complete its download successfully before iBuilder will proceed
to the next batch. For example, if any remote in a given batch fails during the download
process, iBuilder will stop at the end of the remote batch and wait for your next command. It
will not download to any line cards or to the network. However, all elements within a single
batch are processed simultaneously, so a single remote failure will not stop the other remotes
from being downloaded. Also, if the reset button is selected on the dialog box, iBuilder
immediately sends a reset command to any remote that downloads successfully. If this
behavior is not desired, make sure you check the Don’t reset button (you can always select
“Reset only” at a later time).
2. Select the options particular to your download. (These options are explained in the next
section.)
3. Click Start. The Status column shows that the configuration is downloading.
2. When the message appears asking you to confirm the download, click Yes.
3. When the message appears indicating that the configuration has been downloaded
successfully, click OK.
After the configuration is applied to the Network, the status of the network changes from
Changes Pending to Nominal.
When the download is complete and successful, a message appears, allowing you the
option of resetting the unit now or waiting and resetting it later.
4. Click OK.
3. When the message appears asking you to confirm the download, click Yes.
When the download is complete and successful, a dialog box appears, giving you the
option of resetting the remote now or waiting and resetting it later.
One Remote, One Network One Remote (global instance ), Multiple Networks
Remote
Options File
PP Options Network 1
File Network 2 Network 2
Network 3
PP Options
File Network 3
As with non-roaming remotes, the NMS sends a single options file to each roaming remote.
However, the NMS puts all the necessary parameters for each of the member networks into a
single remote options file.
The structure of the options file sent to the protocol processor has not changed. However, the
NMS generates a separate PP options file for each network a roaming remote belongs to.
An image package is a file that contains firmware images for a particular release and
hardware platform. The packages contain FPGA (Field Programmable Gated Array) Images.
You can download images to remotes or line cards via the Multicast Download feature,
Download Image feature, or TCP Multicast feature. The TCP Multicast feature allows you to
download both Option and Image files to remotes and line cards.
To upgrade from one version to another, you should schedule a maintenance window with your
customers. The time required for an upgrade varies based on the number of remotes you have
deployed. The upgrade process is described in the Network Upgrade Procedure for your
release. That document is specific to each release.
This chapter includes:
• “Image Package Versions” on page 325
• “Downloading an Image to Remotes and Line Cards Concurrently” on page 326
• “Resetting Remotes” on page 330
• “Downloading an Image or Configuration File via TCP” on page 331
• “Downloading Remotes Using Revision Server” on page 331
Note: Your upstream router must have multicast enabled before you can multicast
images to your line cards.
Package Section
The upper-left section of the dialog box contains a drop-down list of all available image
packages (see “Image Package Versions” on page 325). Select your Hardware, Role, Mode,
and Version to determine the Selected Package. When you select a particular package, the
contents of the package are displayed in the Contents box below the drop-down list. Confirm
that the control application version is correct; it is in the last row of the list.
The eM1D1 Line Card, the Evolution e8350 remote, and the iConnex e800/e800mp remotes
are all capable of supporting either an iNFINITI outbound carrier or a DVB-S2 outbound carrier.
The firmware for these two modes is contained in two separate packages. Therefore, when
you select Remote Role for Evolution Remote or Hub Role for Evolution Line Card, you can
select one of two modes: DVB-S2 or iNFINITI. (See Figure 305.) This determines which
package is downloaded to the hardware.
WARNING! In cases where the hardware supports both DVB-S2 and iNFINITI, iDirect
strongly recommends that you download both packages. If you change a
remote’s configuration (options file) to receive a different carrier type but
the remote does not have the corresponding firmware package installed, the
remote will be stranded. A site visit will be required to recover the remote.
The Credentials and Group Address fields are primarily for reference purposes, and should
be left unchanged. The Reset check box, if selected, tells each remote to reset after the
package has been processed.
When you have made your selections, click Start to begin the download. The Progress bar at
the bottom of the dialog box will indicate the status of your download. The results of the
download to each remote (or line card) recipient are displayed next to that recipient’s name
in the appropriate pane. Depending on the status of the download, you will see either
“Download Complete” or “Download Incomplete”. If you receive the latter message, this
doesn’t necessarily mean the download failed; it simply means the sending application didn’t
receive an ACK (acknowledgement) from that recipient. This behavior is explained in the next
sections.
2. When iBuilder declares the operation complete, you immediately send an options file to a
particular remote.
Because options files are also stored in flash memory, and the remote may still be flashing
package contents, the options file apply will “block” until the package flash is complete.
iBuilder, meanwhile, is waiting for a response to the options apply, and will probably time out
waiting for that response. The apply will work, but not until after iBuilder gives up waiting for
a response. iDirect recommends you wait until all multicast activity is complete before
performing additional tasks in iBuilder.
A message appears confirming that the reset command has been issued. The success of
the reset is confirmed with a dialog box.
3. Click OK to acknowledge the confirmation.
The TCP Package Download dialog box is displayed.You work with the TCP Package
Download dialog box the same way you do with the Multicast Download dialog box. Follow
the directions in “Selecting the Download Parameters” on page 327.
2. Select the appropriate options in the lower left portion of the TCP Download dialog box.
3. Click Start.
You can also use the Revision Server to send only options files, without reloading the images.
This allows you to change the configuration of one or more remotes and ensure that the
changes will be applied without further operator intervention.
The Revision Server has the following characteristics:
• The Revision Server can download multiple networks simultaneously.
• By default, the Revision Server uses up to 10 percent of the downstream bandwidth when
it is active. (However, you can modify the download rate when you launch an upgrade.)
• Once you start the Revision Server, it immediately begins to upgrade all the selected
remotes. If one or more remotes fail to receive the package during an upgrade cycle, the
revision server will automatically begin a new cycle to retransmit the package to those
remotes. (The time remaining before the next cycle is displayed on the Revision Server
dialog box.) Once all remotes in the list are upgraded, the revision server stops.
• You can command the Revision Server to stop upgrading one or more networks while the
upgrade is in progress.
• VNO users can use the Revision Server to download remotes as long as the VNO has the
necessary permissions or ownership of the appropriate network elements. Only remotes
that the VNO is allowed to download are displayed on the Revision Server GUI.
Note: The Revision Server will upgrade or downgrade your remotes to the iDirect
version that is currently running on your NMS Server. Therefore you should
upgrade the NMS servers, followed by your Protocol Processors, before starting
a Revision Server upgrade.
Note: You can use the Revision Server to upgrade to the new release provided you are
upgrading from iDS Release 5.05 or later.
The Revision Server dialog box appears (Figure 308), including a list of all the remotes in
the network. Remotes with a status of DownRev have a different package version from
that of the NMS server. UpRev remotes are current.
2. In the Remotes section of the dialog box, select all remotes you want to upgrade by
clicking the check boxes. You can also click any of the following buttons to select remotes
for download:
• The Select All button selects all remotes in the network.
• The Select Down Rev button selects only remotes with a status of DownRev.
• The Select Active button selects only remotes that are currently acquired into the
network.
• The Changes Pending button selects all remotes with remote-side configuration
changes that have not yet been applied.
• The Clear All button clears the check boxes for all remotes in the network.
3. You can change the Download Rate specified in the Download Parameters section if
desired. By default, the download rate is calculated to be 10 percent of the downstream
information rate.
4. Select Options Files Only if you only want to send options files to the remotes. No image
files will be sent.
Note: The status of UpRev or DownRev is determined solely by the version string of
the image package. Therefore, remotes with an up-to-date package for which
the remote-side options files have not been applied will have a status of UpRev.
5. Click Start Upgrade to begin the upgrade process.
6. Once you have started the upgrade, you can observe the following real-time status in the
Revision Server dialog box:
• The Next Cycle counter will begin to count down, indicating the time remaining
before the Revision Server will restart the upgrade process for any remotes that are
not updated during this cycle.
• In the Remotes section of the dialog box, the status will change from DownRev to
UpRev when a remote has successfully received its upgrade.
• Status messages will be displayed in the Messages section of the dialog box, logging
the progress of the upgrade.
• Real-time events are displayed in the event pane at the bottom of the dialog box.
The Realtime Display options that you can select are shown in Figure 309. They include:
• Start Highlighted: Starts the event display for the highlighted remotes
• Stop Highlighted: Stops the event display for the highlighted remotes
• Start All: Starts the event display for all remotes
• Stop All: Stops the event display for all remotes
• Clear RT Display: Clears all events from the event pane at the bottom of the Revision
Server display
The following example shows how to stop viewing events from all remotes and begin viewing
events only from selected remotes. The procedure assumes you have selected all remotes for
download and are currently receiving events for all remotes.
1. Right-click in the Remotes area of the Revision Server dialog box and select Stop All from
the menu to stop events from all remotes.
2. Highlight the remotes for which you want to view events. (Use Shift + click to highlight a
range of remotes. Use Ctrl + click to select multiple, individual remotes.)
3. Right-click any of the highlighted remotes in the Remotes area of the Revision Server
dialog box and select Start Highlighted from the menu.
Only events from the highlighted remotes are added to the event pane at the bottom of the
Revision Server dialog box.
4. To begin viewing events from all remotes again, right-click in the Remotes area of the
Revision Server dialog box and select Start All from the menu.
As an alternative to Stop All followed by Start Highlighted, you can select all remotes you do
not want to monitor. Again, assuming you have selected all remotes for download and are
currently receiving events for all remotes:
1. Highlight the remotes for which you do not want to view events.
2. Right-click any of the highlighted remotes in the Remotes area of the Revision Server
dialog box and select Stop Highlighted from the menu.
Events from the selected remotes are no longer added to the event pane at the bottom of the
Revision Server dialog box.
Figure 314. Selecting Revision Server Status from the View Menu
The Revision Server Status pane will appear in place of the Network Tree, showing the
status of all upgrades that are in progress. Note that two tabs appear at the bottom of the
pane allowing you toggle between the Network Tree (iBuilder Tree View tab) and the
Revision Server Status pane (Revision Server tab) as shown in Figure 315.
2. If you want to see the status of completed upgrades as well as current upgrades, select
Show historical information.
3. Click Details for any upgrade to see more information about that upgrade. This includes
the upgrade Status of each remote in the upgrade list.
Note: Unless otherwise indicated, the term “line card” as used here refers to iDirect
Private and Mini Satellite Hubs as well as iDirect Line Cards.
Note: If you are adding a new line card, the Tx Out, Rx In and Lan A ports should not
be connected at this time. Do not connect these cables until instructed to do so
by this procedure.
4. In the Save As dialog box, navigate to the folder on your PC in which you want to save
the options file. Then click the Save button to save the file to your PC.
5. After you save the options file, it will be displayed in Notepad as a text file. If desired,
review the configuration in Notepad; then close the Notepad window.
b. In iBuilder, right-click the chassis in the Network Tree and select Modify Item. The
Chassis dialog box will appear.
c. Select the check box for the slot that contains the new line card. This will toggle the
setting from Off to On.
d. Right-click in the Hub Assignment column and select your line card.
e. Click OK to save the Chassis configuration.
f. Wait two minutes.
g. Right-click the Chassis in the iBuilder tree and select Apply Configuration to power
on the slot
Note: The default IP Address of iNFINITI line cards is 192.168.0.1, with a subnet mask
of 255.255.255.0. If you already know the IP address, you can skip this section.
1. Connect a console cable from the COM1 port on your client PC to the console port on the
line card.
2. Using a terminal emulator program such as Tera Terminal or HyperTerminal, connect to
the line card with the following settings:
• 9600 bps
• 8 bits
• No parity
• 1 stop bit
3. Log in as:
Username: root
Password: <password>
Either iDirect or P@55w0rd! is the default password for the root account.
4. At the Linux prompt, type
telnet localhost
The Telnet login screen will appear.
5. Log in to the Telnet session as:
Username: admin
Password: <password>
Either iDirect or P@55w0rd! is the default password for the admin account.
6. At the Telnet prompt, type the following command to determine the IP Address and
subnet mask of the line card:
laninfo
The output of the laninfo command is shown in Figure 319.
7. Note the IP address and subnet mask. You will need this information when downloading
the image packages and options file.
Note: The default IP Address of iNFINITI and Evolution line cards is 192.168.0.1, with
a subnet mask of 255.255.255.0.
2. Connect a cross-over Ethernet cable between the LAN port of the line card and your PC or
laptop.
3. Launch iSite. The main iSite screen will appear.
4. Right-click the globe in the Network Tree and select New. An Unknown element appears
in the Tree.
5. Right-click the new element and select Login to display the Login dialog box.
6. Enter the IP Address of the line card and a password. (iDirect is the default password.)
7. Select Admin in the Login as section and click OK. The line card will appear in the
Network Tree, replacing the unknown element.
8. In the iSite Tree, right-click the line card and select Download Package to display the
Download Package dialog box.
b. Navigate to the folder on the client PC that contains your iDirect image packages.
c. Double-click the folder for your line card model (Evolution or iNFINITI) to open it.
This folder contains the packages that you need to download to your line card.
Note: You must download all packages to your line card, beginning with the Board
Support Package (BSP), followed by the hub package(s).
Note: For Evolution line cards, the evo_d_hub package is used for DVB-S2
networks. The evo_l_hub package is used for iNFINITI networks. iDirect
recommends that you download both packages to your Evolution line card. If
you switch between iNFINITI and DVB-S2 and both packages are not present,
the line card will not function correctly.
d. Select the Linux Board Support Package (BSP).
e. Click the Open button to return to the Package Download dialog box.
f. In the Download Package dialog box, select:
• Don’t check versions
• Download images only
• Don’t reset
g. Click the Start button to download the package.
h. Repeat Step a through Step g, but this time download the hub package(s) for your line
card model rather than the BSP. For Evolution line cards download both the
evo_d_hub package (DVB-S2) and the evo_l_hub package (iNFINITI).
10. After you have downloaded all packages, right-click the line card in the Network Tree and
select Download Option From Disk to display the Open dialog box.
11. Navigate to the folder containing the options file that you saved from iBuilder when
executing step 4 of section 12.2 on page 344. Then select the options file.
12. Click the Open button.
13. Click Yes to download the options file to the line card.
14. Right-click the line card in the Network Tree and select Reset from the menu.
At this point the new configuration (including the new IP address of line card) will be applied
and you will lose connectivity to the line card. Do not disconnect the console cable.
WARNING! Connecting the transmit port of your line card will result in the transmission
of a carrier on the satellite. This step should only be performed while on line
with the satellite provider.
Note: The tx pn commands in these steps are used to transmit a modulated carrier at
the configured data rate, FEC rate, and modulation. The satellite operator my
request you to transmit a CW carrier rather than a modulated carrier. In that
case, replace the tx pn commands with tx cw on and tx cw off. Note, however,
that iDirect recommends using a modulated carrier to set the transmit power.
Note: Whenever tx pn or tx cw commands are used, you must reset the line card to
restore normal operation. Be sure to follow the instructions in the next section
to reset your line card after applying the configuration.
1. If you do not have a console connection to the line card, establish one now by following
the steps in section 12.4 on page 345.
2. Configure the line card to transmit at the frequency indicated by the satellite operator by
entering the command:
tx freq <fx>
where fx represents the L band frequency in MHz.
3. Configure the line card to transmit a signal with pseudo-random data by entering the
command:
tx pn on
4. Working with the satellite operator, adjust the transmit power to achieve the contracted
power at the satellite. To change the tx power to a new value, type:
tx power <pwr>
where pwr represents the power setting in dBm.
5. Disable the PN carrier by entering the command:
tx pn off
6. Open iBuilder and select the line card in the Network Tree. Then select Modify
Assigned Downstream Carrier from the context menu.
7. In the Downstream Carrier dialog box, enter the value for Power determined in step 4.
Prior to iDS Release 7.0, all user accounts were independent of one another. Beginning with
iDS Release 7.0, all users belong to one of a variable number of User Groups. Visibility of
network elements and access rights to those elements are now defined at the user group level
rather than for each user account. This chapter explains how to create and manage user
groups and user accounts, and how to define the permissions and access rights associated with
each. It discusses the following topics:
• “Conversion of User Accounts During Upgrade Procedure” on page 355
• “NMS User Groups” on page 356
• “Modifying Group QoS Settings for VNO User Groups” on page 372
• “Adding and Managing User Accounts” on page 382
• “Changing Passwords” on page 387
• “User Privileges” on page 388
• “Simultaneous Changes to the NMS Database” on page 390
Note: VNO and CNO User Groups are licensed features. If you plan to define VNO or
CNO User Groups in your network, please contact your iDirect Account Manager.
Note: The term HNO Administrator is used in the following sections to refer to a
System Group User with permissions to create and modify VNO User Groups.
• Create access allows users to create new elements underneath this node. For
example, you can allow a user to create new remotes in an inroute group.
• Write access allows users to modify the contents of the element itself. For example,
a user with Write access to an inroute group could modify the inroute group to turn
off frequency hopping.
• Control access gives users the right to perform control operations on child elements
of the specified node. For example, users with Control access for an inroute group can
perform all control operations on remotes in that inroute group.
• Ownership is different from Visibility. When you set a node as Owned by a VNO group,
you are dedicating that node and all of its children to this VNO group exclusively (except
for system users, of course). No other VNO groups are able to see or interact with this
group in any way. Visibility to network elements, however, can be shared across multiple
VNOs.
• VNOs cannot see each other; System users see all. When a VNO creates a network
element, only the members of that group and the System User Group are able to see the
element. When the system group creates or owns a network element, no VNOs can see
this element unless they are granted visibility to it.
• User Groups are highly configurable. The implementation of VNO User Groups is quite
flexible; you can configure groups in a number of ways. However, unless you are careful
when configuring your user groups, this flexibility can result in unwanted results. It is
possible to give VNO User Groups various combinations of write and visibility access that
may create confusion in practice.
For example, giving a VNO Write access to an inroute group, without granting Control
access at the Network level, could result in a condition from which the VNO user is unable
to recover. In this example, a VNO user could modify the inroute group so that it sets the
Network to the “Changes Pending” state, yet be unable to apply the changes.
The Information tab contains a Full View of the network tree in the left pane and the User
Group View in the right pane. Notice that the visibility and ownership properties of the Tree
elements in the User Group View are color coded according to the key at the bottom of the
window.
2. In the Group dialog box, enter a Group Name for the User Group. If desired, you can also
change the Group Type and add a Description of the group.
3. On the Information tab of the dialog box, right-click on elements in the Full View to set
their visibility and permissions for the User Group.
The menu displays a check mark next to all access rights selected for this element. The
User Group View shows you which elements this group’s users will have access to, and
what their access rights will be. Figure 329, Figure 330, and Figure 331 show examples of
VNO User groups with various settings.
Note: If you are configuring a CNO User Group, you can only select Visible from the
context menu. Other permissions in the list apply to VNO User Groups only.
2. To limit the downstream information rate, select the MaxDownstreamKbps check box and
enter the rate limit in kbps.
3. To limit the upstream information rate, select the MaxUpstreamKbps check box and
enter the rate limit in kbps.
In Figure 332, remotes created or controlled by members of the User Group are restricted to a
maximum of 256 kbps on the downstream and a maximum of 32 kbps on the upstream.
2. To make the element visible to a VNO, select the check box next to the VNO name. (You
can also do this by selecting from the context menu as described in the next step.)
In Figure 333, the inroute group is visible to three different VNO groups. VNO1 and VNO3
can only view the Inroute Group. VNO2 can perform control operations such as applying
configuration changes.
3. To modify a VNO’s permissions for the selected element, right-click on the VNO name and
select the desired permissions from the menu.
4. To change ownership of the selected element, click the arrow in the Owned by drop-
down box and select a new group.
Clicking OK causes iBuilder to log out and then log back on to the VNO user session,
committing the configuration changes executed from the HNO’s administrative session.
Figure 336. VNO Full View: Owned Slots vs. Visible Slots
If a VNO has write access to a chassis, then a VNO operator can modify the chassis. The
operations that each VNO can perform on the chassis slots depend on the VNO’s access rights
to those slots.
• If the VNO owns a chassis slot, a VNO operator can power on and off the slot and assign a
line card to the slot.
• If the VNO owns all slots in two adjacent timing groups, a VNO operator can enable the
jumper between the timing groups. (This is subject to additional backplane checks.)
Ownership of all slots in both timing groups is required to set these jumpers.
• If the VNO has both write access and control access to a chassis slot, a VNO operator can
assign line cards to the slot and power on or off the slot.
• If the VNO has only write access to a chassis slot, a VNO operator can assign line cards to
the slot. However the VNO operator cannot power on or off the slot.
• If the VNO has only control access to a chassis slot, a VNO operator can power on or off
the slot. However the VNO operator cannot assign line cards to slot.
Note: A VNO must own a network and its line cards in order to manage line card
redundancy.
If two VNOs have write access to the same chassis, VNO users in both VNO user groups can
modify the chassis in iBuilder. However, on the chassis modify screen, each VNO sees only the
slot assignments of its own line cards or to line cards set to Visible for the VNO. A VNO
operator cannot see the line card assignments for line cards owned by another VNO.
Figure 337 shows two versions of the same Chassis Modify screen.
In Figure 337, VNO 1 owns the line cards in slots 1 and 2 and VNO 2 owns the line cards in slots
9 and 10. The top image in Figure 337 shows what the HNO sees when right-clicking the
chassis in the iBuilder Tree and selecting ModifyItem. Both VNO 1’s line cards and VNO 2’s
line cards are displayed to the HNO.
The bottom image in Figure 337 shows the same screen when a VNO 1 user is logged on to
iBuilder. Notice that VNO 1 cannot see the slot assignments for slots 9 and 10, since those line
cards are owned by VNO 2.
If a VNO owns a chassis slot, then iBuilder does not allow any other VNO to assign line cards to
that slot. Therefore, no conflicts can arise. However, if two VNOs have write access to the
same slot, the slot may be occupied by a line card owned by one VNO that cannot be seen by
the second VNO. In that case, if the second VNO attempts to assign a line card to the occupied
slot, iBuilder does not allow the assignment and displays an error message. Figure 338 show
the result when a VNO attempts to assign slot 1 when the slot is already occupied.
Note: This example assumes that the VNOs have been granted ownership of their
respective networks and line cards. The VNOs must own these elements to
manage their line card redundancy.
3. In the Full View section of the Modify Configuration screen for the VNO, expand the tree
to expose the chassis you want the VNOs to share.
4. Right-click the chassis and grant Visibility and Write and Control access to the VNO.
Note: Control access allows the VNO to apply configuration changes to the chassis.
For example, if the VNO enables or disables the power to a slot, the VNO can
then download the changes to the chassis.
5. Expand the chassis in the Full View to display the chassis slots.
6. Right-click each Slot that you want the VNO to use and grant Visibility and Control to the
VNO.
Note: If you are sharing a chassis among multiple Network Management Systems,
please see “Sharing a 20 Slot Chassis in a Multi-NMS System” on page 287.
Figure 343. VNO Full View: SCPC Return Channels Shared by two VNOs
When one or more SCPC return channels are owned by a VNO, the line card is automatically
Visible to the VNO. The VNO can add remotes to the SCPC line card or move remotes between
SCPC line cards and inroute groups.
A VNO can own an SCPC return channel even when the channel has not been assigned an
upstream carrier or a remote. This allows VNO users to assign upstream carriers and remotes
to the VNO’s SCPC return channels without the assistance of the HNO.
Note: The HNO must make an SCPC upstream carrier Visible to the VNO before the
VNO can assign that carrier to an SCPC return channel or to a remote. A VNO
cannot own an upstream carrier.
Note: When the HNO assigns an SCPC return channel to a VNO user group, and that
channel is already associated with an SCPC upstream carrier, then the carrier is
automatically visible to the VNO user group. Furthermore, if the upstream
carrier is also assigned to a remote, then the VNO automatically owns the
remote.
As an HNO, you can assign ownership of SCPC upstream channels to a VNO as follows:
1. Right-click the VNO user group in the iBuilder tree and select Modify from the menu.
2. In the Full View, expand the line card to view the channels. Channels are numbered from
zero to seven.
3. Right-click the channels you want to assign to the VNO and select Owned (Figure 344).
The line card will automatically become Visible to the VNO, with Create permission.
Note: If a VNO owns one or more channels on an SCPC line card, then you can assign
SCPC upstream carriers to the VNO when you select the carriers for the line
card. See Step 7 in “Adding Multiple Receive Carriers to a Line Card” on
page 113 for details.
2. In the Line Card dialog box, click the Configure Carriers button to open the Select
Carrier dialog box (Figure 345).
Figure 345. Line Card Dialog Box: VNO User Selecting Configure Carriers
When opened by a VNO user, the Select Carrier dialog box shows the SCPC upstream
carriers currently assigned to the line card and any additional carriers that the VNO user
can assign. Only carriers that are visible to the VNO are displayed.
3. To assign a new carrier to the line card, select the check box of the carrier. The User
Group is automatically updated with your VNO user group name.
Note: A VNO user cannot select more SCPC upstream carriers than the number of
SCPC return channels owned by the VNO.
4. To remove a carrier from the line card, clear the check box of the carrier. The User Group
is automatically cleared.
Note: A VNO user cannot change the line card center frequency.
5. Click OK in the Select Carrier dialog box to save the new carrier assignments.
6. Click OK in the Line Card dialog box to save the changes.
Figure 346. VNO with Network Visibility and GQoS Node Ownership
As shown in Figure 347, when a VNO user right-clicks the network, the user can only select
ModifyGroup QoS but cannot select ModifyItem.
Figure 347. VNO Network Menu with Owned GQoS Nodes but No Network Access
When the VNO User selects ModifyGroup QoS, the network dialog box is displayed with all
tabs. However, the user can only modify owned QoS nodes on the Group QoS tab. The VNO
user cannot change anything on the Information tab or the Custom tab.
However, if the VNO has Write access to or Ownership of the network or inroute group, then a
VNO user can change any settings on the network or inroute group as well as on its owned
GQoS nodes. For example, Figure 348 shows the VNO from Figure 346 re-configured to add
Write and Control access to the network.
Figure 348. VNO with Network Write Access and GQoS Node Ownership
Because the VNO has been granted Write access to VNO 1 Network, a VNO user can select
both ModifyGroup QoS and ModifyItem from the network menu. This is illustrated in
Figure 349.
Figure 349. VNO Network Menu with Owned GQoS Nodes and Write Access to Network
When the VNO user selects ModifyItem for the network, the user can change the
configuration on the Information and Custom tabs as well as the configuration of its owned
GQoS nodes on the Group QoS tab.
When a VNO user modifies the Group QoS settings for VNO 1 Network, the VNO user has
access to all nodes in Bandwidth Group 1 but cannot see or modify Bandwidth Group 2. This
is illustrated in Figure 351.
Notice in Figure 351 that the VNO user cannot see Bandwidth Group 2, since the VNO has not
been granted any permissions for that Bandwidth Group. However the VNO can see (and
modify) Bandwidth Group 1, since it is owned by the VNO.
Note: On the Group QoS tab, a VNO user can only see remotes assigned to a Remote
Service Group if those Remotes are Visible to or Owned by the VNO.
Some properties of Group QoS nodes (called Request Properties) affect how the parent node
allocates bandwidth among its subnodes. When a VNO is granted ownership of a Group QoS
node, the VNO can only modify the Request Properties of the node if the VNO has the right to
modify the parent node. If the VNO could modify the Request Properties of a node without
having permission to modify the parent node, then the VNO could change settings such as the
MIR and CIR granted to the owned node by the parent node, potentially at the expense of
competing nodes. Therefore, the ability to change the Request Properties of a Group QoS
node is dependent on permissions set for the parent.
On the left side of Figure 352, the VNO owns Bandwidth Group 1 but does not have ownership
of the network’s Bandwidth Pool. Therefore, the VNO cannot modify the Request Properties
of Bandwidth Group 1. On the right side of Figure 352, the VNO owns Bandwidth Group 1 and
its parent node, the network’s Bandwidth Pool. Therefore, the VNO can modify the Request
Properties of Bandwidth Group 1.
2. In the Group dialog box (Figure 353), expand the Full View tree to expose the node or
nodes you want to assign to the VNO. Group QoS nodes are displayed in folders under
Networks and Inroute Groups. The top-level folder for the Group QoS Nodes is always
labeled Bandwidth Pool.
3. Grant the desired access by right-clicking the GQoS Node and selecting the desired
options. You can either select Owned or Visible for a GQoS node. However, if you select
Visible, you cannot select any additional access rights.
Figure 355 shows a Visible Bandwidth Group (Bandwidth Group 1). VNO users can view
the Bandwidth Group 1 settings but cannot change them. VNO users in this VNO cannot
see Bandwidth Group 2.
In Figure 356, the VNO owns Service Group 1under Bandwidth Group 1. Therefore,
Bandwidth Group 1 (and higher nodes) are automatically set to visible for the VNO. VNO
operators in this VNO cannot see Service Group 2.
Note: An HNO cannot assign Create, Write or Control access to a VNO for a Visible
Group QoS node. For a VNO user to modify or control a Group QoS node, the
VNO must own the Group QoS node.
4. Click OK to save the changes to the VNO User Group configuration.
Notice in Figure 357 that the VNO user can Modify Service Group 1 or Add Applications to it.
However, since the VNO does not own Bandwidth Group 1, the VNO user cannot Insert
additional Service Groups into Bandwidth Group 1 or Delete Service Group 1 from
Bandwidth Group 1. Notice also, that the VNO user cannot see Service Group 2 in Bandwidth
Group 1 (see Figure 356), since the VNO was not granted visibility to Service Group 2.
Note: Before VNO users can add new Applications to a Service Group, the Application
must first be created and then made Visible to the VNO User Group by the HNO
administrator. This is discussed in the next section.
In Figure 358, VNO 1 Downstream Profile has been set to Visible for the VNO User Group.
Notice in the User Group View that in addition to the Default and NMS Downstream Profiles,
only VNO 1 Downstream Profile is available for use by this VNO. To remove a Visible Profile
from the User Group View, re-select the Visible permission from the menu to clear the check
mark.
Note: You can also right-click the QoS profile in the iBuilder Tree and select
ModifyVNO from the menu to easily make a profile visible to multiple VNOs
at the same time. See “Modifying per Node VNO Properties” on page 362 for
more information.
Figure 359. Enabling the Create Permission on a QoS Folder for a VNO User Group
In Figure 359, the image on the left shows the VNO permissions set for the Upstream Remote
Profile folder by the HNO; the image on the right shows the VNO User’s right-click menu for
the same folder. As illustrated on the right of Figure 359, VNO users can now add their own
Upstream Remote Profiles. Any QoS profile created by a VNO User is owned by that VNO User
Group.
3. Right-click the Profile in the Full View and select Write from the menu.
In Figure 360, the image on the left shows the VNO permissions set for the Filter Profile by the
HNO; the image on the right shows the VNO User’s right-click menu for the Filter Profile. As
illustrated on the right of Figure 360, VNO users can now Modify the profile.
Note: Write permission cannot be granted to VNO User Groups for individual
Application Profiles or Remote Profiles. If you want to allow VNO Users to
define their own Application Profiles and/or Remote Profiles, you should enable
the Create permission as discussed in “Allowing VNO Users to Create QoS
Profiles” on page 381.
2. When you select Add User, the User dialog box appears.
2. When the User dialog box appears, change the settings as desired. (For details, see
“Adding a User and Defining User Privileges” on page 382.)
3. Click OK to save the changes.
2. A new user appears in the Tree and the User dialog box is displayed with settings identical
to the cloned user.
When you first open the pane, it will appear on the right side of the NMS window. The last
setting you select is saved between iBuilder sessions.
The Active Users pane(Figure 364) has four columns. The columns display the Name,
Permissions, Group (User Group) and Logged On status for all users defined in the system.
The Logged On column indicates the logon session count for that user under both iBuilder and
iMonitor. This pane is updated in real time as values change.
To open the Active Users pane, Select View View Active Users from the main menu.
Figure 365. Opening the Active Users Pane from the View Menu
Depending on your permission level within the NMS, you can perform the following actions:
• Delete a user
• Modify a user’s account
• View a user’s current properties
To perform any of these actions:
1. Right-click on any user in the Active Users pane. A list of the user management options
available from this pane is displayed.
Figure 366. User Account Options from the Active Users Pane
Note: For security reasons, it is important to change the passwords for the default
user names as soon as possible.
Note: Changes to user accounts take place immediately, i.e. you do not have to
“apply changes” for users. However, new settings for a specific user will not
take effect until the next login under that account. If the user is logged in while
you make changes, the old settings remain in effect for the remainder of that
session.
Table 10 lists the various privileges that can be granted or revoked for a custom-defined user.
NMS
Privilege Name Description
Application
Database Read The most basic privilege; allows retrieval of stored configuration iBuilder,
information. This is the only privilege Guest users are granted. iMonitor
You cannot grant or revoke this privilege from iBuilder.
Change Database Allows modification of configuration information. iBuilder
Download Allows download of firmware to line cards and remote modems. iBuilder
Firmware
Apply Allows application of configuration changes to networks, hub iBuilder
Configuration lines cards, and remote modems.
Reset Modem Allows remote and line card resets. iBuilder,
iMonitor
Manage Users Allows modification of user names and passwords. iBuilder
Edit Permissions Allows modification of user permission settings. iBuilder
Upload Allows retrieval of a remote modem’s or line card’s active iBuilder
Configuration configuration.
Basic Probe Allows retrieval of real-time statistics in the Probe tab. iMonitor
Advanced Probe Allows all Probe functions (reset, connect, change tx power, iMonitor
etc.).
Customize Allows access to the “Custom” tab in the Remote Modify Dialog iBuilder
Configuration Box.
Password in Clear Controls whether or not an NMS user can see remote and protocol iBuilder
Text processor passwords in clear text.
Monitor Longterm Allows monitoring of long term statistics in iMonitor. iMonitor
Statistics
GQoS Planning Allows modifications to the Group QoS configuration for iBuilder
Networks, Inroute Groups and Group Profiles.
With auto-accept changes off, if multiple users are changing the configuration at the same
time, and one user has saved configuration changes, then each subsequent user who attempts
to save changes is informed that another user has modified the configuration. The user
attempting to save the changes then has the option of either saving the changes or cancelling
the transaction.
Figure 368 shows the message that you will see (with auto-accept changes off) if you attempt
to save your changes after another user has changed the configuration while you have any
modify dialog box open.
Figure 368. Message Displayed if Another User Has Modified the Configuration
WARNING! You will only be notified of configuration changes if you have disabled the
feature to automatically accept configuration changes discussed in
“Accepting Changes” on page 14.
If you choose to save changes after being alerted that another user has modified the
configuration, then the changes made by the first user may be lost if you are both modifying
the same element. For example, if you and another user are modifying the same remote,
when the other user clicks OK to save the configuration, the modifications will not be
reflected in your remote modify window. Therefore, when you save the remote configuration,
the fields changed by the first user will be overwritten with their pervious values. To ensure
that you are not overwriting another user’s changes, you can cancel your changes and re-open
the dialog box.
Note: If you attempt to save configuration changes to a network element that has
been deleted, iBuilder will not be able to save your changes. You will see an
error message stating that iBuilder failed to save the configuration.
Note: iDX Release 3.1 only supports TRANSEC in DVB-S2 networks. It does not support
TRANSEC in iNFINITI networks. In addition, the TRANSEC downstream carrier
must be configured to simulate CCM; i.e., the Maximum MODCOD must equal the
Minimum MODCOD. See “Adding Downstream Carriers” on page 73 for details.
Note: iDX Release 3.1 only supports upstream TRANSEC when the upstream carrier is
using 2D 16-State Inbound Coding. See the Technical Reference Guide for details
about 2D 16-State Inbound Coding.
Note: Beginning with iDX Release 2.2, a remote requires the current Network
Acquisition Key (ACC Key) in addition to an X.509 certificate to join a TRANSEC
network. The initial ACC Keys must be manually configured on the remote using
a console command as part of this procedure.
Note: Evolution eM1D1 line cards must be licensed to operate in a TRANSEC network.
(See “Managing NMS Licenses” on page 57.) In addition, Protocol Processor
blades must be licensed for TRANSEC. For complete details on requesting and
installing iDirect licenses, see the iDirect Features and Chassis Licensing Guide.
Note: TRANSEC is not supported on SCPC upstream carriers. Therefore, you cannot
configure an Evolution eM1D1 line card in SCPC receive mode in a TRANSEC
network.
Note: After you issue a certificate to a Protocol Processor blade, you must restart the
iDirect service before it will take effect. After issuing the certificate, log on to
the root account of the blade and enter the command service idirect_hpb
restart.
c. Issue a certificate to each line card in the sub-tree of the Protocol Processor.
d. Issue a certificate to each remote in the sub-tree of the Protocol Processor.
Figure 369 illustrates a single TRANSEC sub-tree in the iBuilder network tree with one blade,
one line card and two remotes. All of those network elements, plus the NMS Servers, should
be certified before you convert to TRANSEC.
Note: Although it is more convenient and secure to certify your remotes before
TRANSEC is enabled, there may be times when you are required to certify a
non-TRANSEC remote over the air in an existing TRANSEC network. For details
on how to accomplish this, see “Bringing an Unauthorized Remote into a
TRANSEC Network” on page 421.
WARNING! Once you have converted your network to TRANSEC and applied the changes,
all remotes will be “out of network” until the current Network Acquisition
Key is configured on the remotes. This requires local access to each remote.
Once you have ensured that all hardware is TRANSEC-compatible, all licenses are in place,
and you have issued certificates to all X.509 hosts, follow these steps to convert your network
to TRANSEC:
1. Ensure that the Minimum MODCOD and Maximum MODCOD of your DVB-S2 downstream
carrier are set to the same value. (See “Adding Downstream Carriers” on page 73.)
2. Ensure that all TDMA upstream carriers are configured for 2D 16-State Error Correction.
(See “Adding TDMA Upstream Carriers” on page 76.)
3. Right-click the Protocol Processor in the network tree and select ModifyItem.
The Protocol Processor dialog box opens with the Information tab selected.
6. For each network under the TRANSEC Protocol Processor, right-click the network icon and
select Apply ConfigurationMultiple to display the Automated Configuration
Downloader dialog box.
7. In the Automated Configuration Downloader dialog box, select the following options:
a. In the Remotes area of the dialog box:
• Select all remotes.
• Under Target, select Both.
• Under Protocol, select Reliable (TCP).
• Under Reset, select Reset on Success.
b. In the Line Cards area of the dialog box:
• Select all line cards with Status of Changes Pending.
• Under Protocol, select Reliable (TCP).
• Under Reset, select Reset on Success.
c. In the Network area of the dialog box, select your network.
8. Click the Start button to apply the changes to your network.
9. Repeat Step 6 through Step 8 for any remaining networks under your TRANSEC Protocol
Processor.
10. Right-click the Protocol Processor in the Network Tree and select ApplyConfiguration.
11. In the confirmation dialog box, click Yes to confirm the change.
12. Configure the current ACC Keys on all remotes. (See the next section for details.)
Note: This procedure requires physical access to the remote modem. It cannot be
performed from the NMS.
Before the local procedure in this section is executed at the remote site, the network
operator should perform the following steps while the remote is still in the TRANSEC network:
1. In iBuilder, move the remote to the non-TRANSEC network to generate the new remote
options file.
WARNING! Do not apply the remote-side changes in iBuilder to move the remote to the
non-TRANSEC network until the secure data has been removed from the
remote. The remote must be in the TRANSEC network to remove the secure
data.
2. Supply the non-TRANSEC remote options file to the on-site personnel who will remove the
secure data from the remote.
3. Follow the procedure in “Revoking a Remote’s Certificate” on page 424 to invalidate the
remote’s X.509 certificate.
The remaining steps in this section require physical access to the remote modem. The
procedure assumes that you have all of the following items available locally:
• A copy of the new (non-TRANSEC) options file
• A console connection to the remote modem
• Ethernet connectivity to the remote modem through the LAN port
• A secure copy client such as WinSCP installed on your laptop
Follow these steps to remove the secure data from the TRANSEC remote and to re-configure
the remote for the non-TRANSEC network:
1. Open a console session to the remote modem and log on to the root account of the
remote.
2. Enter the command:
telnet localhost
3. At the Username prompt, log on to the admin account.
4. At the command line prompt, enter the command:
csp enable
5. Enter the following command to remove all secure data:
zeroize all
At this point the main falcon application process will stop. However, falcon_monitor will
still be running.
6. Enter the following command to stop falcon_monitor. This prevents the remote from
automatically rebooting.
service idirect_falcon stop
7. Using WinSCP (or another secure client application), copy the non-TRANSEC options file to
the following path and file name on the remote modem:
/etc/idirect/falcon/falcon.opt
8. Enter the following command from the console session to reboot the remote:
reboot
The remote is now configured to join the non-TRANSEC network.
Note: Before converting between iNFINITI and DVB-S2, verify that your link budget
meets the requirements of the new outbound carrier configuration.
Beginning in iDX Release 2.0, a single package contains the firmware to allow remotes to
receive both iNFINITI and DVB-S2 carriers. Therefore, you are no longer required to re-load
the remote firmware to convert your network to a different type of outbound carrier.
However, a line card must execute different firmware depending on the type of outbound
carrier configured for the network. For a line card to operate in an iNFINITI or DVB-S2
network, it must have the correct firmware package for that carrier type installed.
For example, an XLC-11, eM1D1 or XLC-M line card executing iDX Release 3.1 requires the
evo_d_hub package to operate in a DVB-S2 network. The same line card requires the
evo_l_hub package to transmit operate in an iNFINITI network.
The line cards that support iNFINITI and DVB-S2 are able to store both packages
simultaneously. Downloading one package does not overwrite the other package. Once the
modem has both packages, you can switch between iNFINITI and DVB-S2 without reloading
firmware.
Follow the procedure in this chapter to convert a network from iNFINITI to DVB-S2 or to
convert a network from DVB-S2 to iNFINITI. The procedure consists of the following main
steps:
• Download the new firmware to the line card that will transmit the new carrier.
• Define the new carrier and assign it to the transmit line card.
• Apply the configuration changes to the remotes in the network.
• Apply the configuration changes to the network.
3. Verify that the Selected Package is correct: evo_d_hub for DVB-S2; evo_l_hub for
iNFINITI.
4. In the Line Cards section of the TCP Download dialog box, verify that all line cards you
want to download are selected.
5. In the Options section of the TCP Download dialog box, under Reset, select Reset on
Success.
6. Click the Start button to begin the download.
7. When the download is complete and the line card has reset, verify that the remotes re-
acquire the existing network and become operational before continuing. At this point
your network should be operating as it did prior to starting this procedure.
Your line card now has both packages and your network is ready for conversion. Perform the
remaining steps to switch the network to the new carrier type.
Note: You can also convert your existing carrier to the new carrier type by modifying
the appropriate fields in the Downstream Carrier dialog box.
2. Once the carrier parameters are configured, in the Assigned to Line Card field of the
Downstream Carrier dialog box, select your Tx line card.
Note: At this point the remotes will lose the network as they update their
configuration for the new carrier type.
10. Once the remotes have been updated, right-click your network and select Apply
ConfigurationNetwork to complete the conversion.
11. Once the line card begins transmitting the new outbound carrier, verify that the remotes
acquire the new carrier and the network becomes operational.
You can distribute your NMS server processes across multiple NMS server machines. The
primary benefits of machine distribution are improved server performance and better
utilization of disk space.
iDirect recommends a distributed NMS server configuration once the number of remotes being
controlled by a single NMS exceeds approximately 800.
A.1 Prerequisites
Before you begin the configuration process, ensure that you have the following in place:
• Four NMS servers, each installed with the same version of NMS software; three of these
servers are used for running various services and the fourth is used as a backup server. If
you already have a single Primary NMS server and a single Backup NMS server in place, you
will need to add two more NMS servers with the same version of software the current
Primary NMS is running.
Note: For information on setting up a Backup NMS server for your DNMS, see the
iDirect Technical Note “NMS Redundancy and Failover” for your release.
• IP addresses for all additional NMS servers must be on the same subnet as the Primary and
Backup servers. These servers are on the upstream side.
• If the NMS servers have private IP addresses and you need to access these servers (for
running iBuilder and iMonitor) externally, then you have the following options: configure a
VPN system to allow access to the servers, or NAT the private addresses to the public
addresses and run the iDirect provided script on every client PC that will run iBuilder and
iMonitor clients. See “Running the NAT Script” on page 414 for the script.
This configuration has the following process distribution for the main processes:
• NMS Server 1 (Primary) runs the configuration server (cfgsvr) and MySql, the chassis
manager server (cmsrv) and the Protocol Processor controller process. (You should also
run skysvr on this NMS server.)
• NMS Server 2 (Auxiliary) runs only the Statistics server (nrdsvr).
• NMS Server 3 (Auxiliary) runs the Event server (evtsvr) and the Latency Server (latsvr).
The latsvr is not shown in this diagram.
Note: Not all distributed configurations are supported. If you require a different
configuration, please contact the iDirect TAC.
Note: There is a slight probability that problems will occur if the database server
process should exit during the reconfiguration. You can avoid this possibility by
stopping your NMS processes prior to setting up the new configuration. In that
case, the NMS outage will be slightly longer.
To configure a distributed NMS, you will run the script NMS-configuration-client.pl. This
script resides on the primary NMS server. When executed, it queries the local subnet,
determining the IP addresses of all NMS server machines and the current assignment of NMS
processes to server machines. The script then asks you to specify the new distribution and
updates the assignments before exiting. You then restart the NMS processes.
To configure a distributed NMS and retain historical data, begin with Step 1. To configure a
distributed NMS and not retain historical data, begin with Step 8.
1. Verify that all four servers are configured with correct IP addresses, that there is IP
connectivity between all the of the servers, and that iDirect NMS software is installed on
each server such that NMS server 1, 2, and 3 are installed as primary and NMS server 4 is
installed as backup.
2. Log on to NMS 2 as root.
Note: Beginning with iDX Release 2.1, by default you cannot use SSH to log on directly
to the root account of your NMS server or Protocol Processor blade. You can use
SSH to log on to other accounts such as the idirect account. You can then enter
su - from the command line to log on as root.
3. Stop the NMS processes on the server by entering the following command:
service idirect_nms stop
4. Repeat Step 2 and Step 3 on NMS 3.
5. Copy the database from NMS 1 to NMS 2 as follows:
a. Log on to NMS 2 as idirect.
b. On NMS 2, create a temporary directory for the database:
mkdir /var/tmpdb/
c. Log on to NMS 1 as root.
d. Change to the NRD Archive directory on NMS 1:
cd /var/lib/mysql/nrd_archive
e. On NMS 1, copy the database to the temporary directory on NMS 2:
scp * idirect@x.x.x.x:/var/tmpdb/
Where x.x.x.x represents the IP address of NMS 2.
f. On NMS 2, enter the following commands to move the database files to the correct
directory and delete the temporary directory. (Enter the root password when
prompted by the su command.)
su -
cd /var/lib/mysql/nrd_archive
rm -rf *.*
cd
mv /var/tmpdb/* /var/lib/mysql/nrd_archive/
chown -R mysql:mysql /var/lib/mysql/nrd_archive
rmdir /var/tmpdb/
6. Repeat Step 5 for NMS 3.
7. Start the NMS configuration on NMS 2 and NMS 3 by entering the following command on
each machine:
service idirect_nms start nms_config
The following steps must be done during a maintenance window as network downtime will
occur.
8. Logon to NMS 1 as root.
9. Stop the NMS services by entering the following command:
service idirect_nms stop
10. Run the conversion script by entering the following command:
/home/nms/utils/db_maint/NMS-configuration-client.pl
The conversion script prompts you to select which services are to run on which servers. At a
minimum, the nrdsvr runs on NMS 2; the evtsvr and the latsvr run on NMS 3. The nmssvr,
nms_config, nms_monitor, cmsvr, cntrl, revsvr, and snmpsvr run on NMS 1.
Enter the number of the respective NMS when prompted. Sample output is shown below.
Note: If this NMS shares the Chassis Manager Server of an external NMS that is not
part of this DNMS, you should enter a 0 when prompted for the CM Server to
skip that IP address. The procedure to point your configuration server to an
external CM Server is described in “Sharing the Chassis Manager Server” on
page 288.
root@x3550 ~
# /home/nms/utils/db_maint/NMS-configuration-client.pl
NMS Config Client >>> Looking for NMS installations with bcast
255.255.255.255, please wait...
===========================================================
List of existing NMS configurations
===========================================================
From NMS.ServerConfiguration on computer with 192.168.76.82 :
127.0.0.1 nms_cfg_server_ip
127.0.0.1 nms_cm_server_ip
127.0.0.1 nms_ctl_server_ip
127.0.0.1 nms_evt_server_ip
127.0.0.1 nms_lat_server_ip
127.0.0.1 nms_nrd_server_ip
127.0.0.1 nms_oss_server_ip
Note: Once these commands have been entered successfully, all the devices (remote,
HLC, network, PP) will display “Changes Pending” in iBuilder.
5. Launch iBuilder and apply the changes in the following order: all remotes, all Hub Line
Cards, network, and Protocol Processor.
5. Restart the iDirect NMS services on each server sequentially, starting on NMS 1, by
entering the following command:
service idirect_nms restart
2. In the Service Level area of the dialog box, select the appropriate Service Level for the
IP packet type you want to modify. (NMS_UDP, NMS_TCP or NMS_ICMP).
3. In the Rules area of the dialog box, select the Rule for that traffic.
4. Click the Edit button to open the Edit Rule dialog box.
5. Change the Destination IP address and Subnet Mask to match the NMS server’s IP address
for this type of traffic. (TCP traffic must be routed to config server, UDP traffic to nrd
server, and ICMP traffic to both evt server and lat server.)
6. There will be “Changes Pending” on all remotes. Apply the changes.
For example, if the evtsvr process is running on NMS 1, enter the following command to kill
the process:
killall evtsvr
The NMS-domain-commands.pl command stops, starts or restarts the NMS server processes
on all NMS machines. You can run the command on any of the server machines.
The various command forms are:
# ./NMS-domain-commands.pl -h
Usage:
NMS-domain-commands.pl [-udp=UDPPORT] [-exec="<command> <server
name> <server name> ..."
-udp : Change default UDP port [70123]
<command> is <start | stop | restart | reload | status >
<server name> is <nmssvr | evtsvr | nrdsvr | latsvr | cntrlsvr |
snmpsvr | nms_monitor>
For example, the following two commands show the status of NMS server processes. The first
example shows the status of all processes. The second example shows the status of the
nms_monitor process.
./NMS-domain-commands.pl -exec="status"
./NMS-domain-commands.pl -exec="status nms_monitor"
The following commands start, stop and restart server processes. The first example starts all
processes. The second example stops all processes. The third example starts the evtsvr
process. The final example restarts the latsvr process.
./NMS-domain-commands.pl -exec="start"
./NMS-domain-commands.pl -exec="stop"
./NMS-domain-commands.pl -exec="start evtsvr"
./NMS-domain-commands.pl -exec="restart latsvr"
An example of the output for NMS-domain-commands.pl script is presented below:
# ./NMS-domain-commands.pl -exec="status"
ip = 172.16.137.13, servers: nrdsvr nms_monitor
ip = 172.16.137.9, servers: nmssvr revsvr snmpsvr mapsvr nms_monitor
cntrlsvr
ip = 172.16.137.14, servers: evtsvr nms_monitor latsvr
+++++++++++++++++++++++++++++++++++++++++++++++++
Using configuration from MySQL NMS.ServerConfiguration table on
computer 127.0.0.1:
>>>>> 172.16.137.13:
nms_config (pid 28903) is running...
nrdsvr (pid 30734) is running...
cmsvr (pid 6373) is running...
nms_monitor (pid 30755) is running...
>>>>> 172.16.137.14:
nms_config (pid 6346) is running...
evtsvr (pid 18493) is running...
latsvr (pid 6917) is running...
nms_monitor (pid 6931) is running...
>>>>> 172.16.137.9:
nms_config (pid 2118) is running...
nmssvr is stopped
revsvr is stopped
snmpsvr is stopped
cntrlsvr is stopped
nms_monitor is stopped
All hosts in an iDirect TRANSEC network must have X.509 public key certificates. Hosts include
NMS Servers, Protocol Processor blades, TRANSEC line cards, TRANSEC remotes, and GKD
Servers. Certificates are required to join an authenticated network. They serve to prevent
man-in-the-middle attacks and they add an additional safeguard against unauthorized
admission to the network. You can use the iDirect Certificate Authority (CA) utility (called the
CA Foundry) to issue the certificates for your TRANSEC network. For more information on the
iDirect TRANSEC feature, see the iDirect Technical Reference Guide.
This appendix contains the procedures required to issue and manage the X.509 certificates in
an iDirect TRANSEC network. It contains the following major sections:
• “Accessing the CA Foundry” on page 417
• “Creating a Certificate Authority” on page 419
• “Logging On to a Certificate Authority” on page 420
• “Connecting to a Host” on page 420
• “Bringing an Unauthorized Remote into a TRANSEC Network” on page 421
• “Certifying a Host” on page 423
• “Revoking a Remote’s Certificate” on page 424
Note: All certificates for a TRANSEC network must be generated by the same CA
foundry.
Note: Beginning with iDX Release 2.1, by default you cannot use SSH to log on directly
to the root account of your NMS Server or Protocol Processor blade. You can use
SSH to log on to other accounts such as the idirect account. You can then enter
su - from the command line to log on as root.
2. At the command line prompt, enter the ca command to display the initial CA Foundry
menu shown in Figure 379. Once you have created a CA and logged on to it, more menu
choices will become available.
For details on specific CA Foundry operations, see the remaining sections in this appendix.
3. When prompted, enter the information for your new CA. A CA name and password are
required. The remaining entries are optional.
4. Press any key to continue. You will be automatically logged on to the new CA.
Note: If you are certifying a new remote in a TRANSEC network, please see “Bringing
an Unauthorized Remote into a TRANSEC Network” on page 421. The remote
must have authentication disabled and it must be configured with the current
Network Acquisition Key before it can acquire the TRANSEC network.
Follow these steps to certify the remote in your TRANSEC network. This procedure assumes
that the remote has been configured in the TRANSEC network in iBuilder and that
Authentication has not yet been disabled on the GUI.
1. In iBuilder, right-click the remote in the network tree and select ModifyItem to display
the Information tab of the remote configuration dialog box.
2. Select the Disable Authentication check box.
3. When the warning message appears, click Yes to confirm the change.
Note: As an alternative, you can wait and transfer the options file and the ACC Key to
the remote site at the same time. In either case, the options file must be
loaded onto the remote (Step 8) before the remote will accept the ACC Key
(Step 9).
8. Have the on-site personnel load the options file on the remote using iSite. The procedure
for downloading an options file using iSite is documented in the Installation and
Commissioning Guide for iDirect Satellite Routers.
9. Follow the procedure “Configuring the ACC Key on a Remote” on page 427 to retrieve the
current Network Acquisition Key from the hub and to configure it on the remote. Once the
remote has its ACC keys, it should acquire the TRANSEC network.
10. Use the CA Foundry to connect to the remote over the air and issue the X.509 certificate.
(See “Certifying a Host” on page 423 for details.)
11. Once the remote has its certificate, return to the remote configuration dialog box, clear
the Disable Authentication check box, and click OK.
12. Right-click the remote in the network tree and select Apply ConfigurationReliable
Both (TCP) to download the configuration change.
Note: After you issue a certificate to a Protocol Processor blade or a GKD server, you
must restart the iDirect service before it will take effect. After issuing the
certificate, log on to the root account of the blade or GKD server and enter the
command service idirect_hpb restart (blade) or service idirect_gkd
restart (GKD).
You can use the procedure in this section to certify a new host or to update the certificate on
an existing host. Your NMS Server must have IP connectivity to the host to issue a certificate.
Follow these steps to issue a certificate to a host.
1. Start the CA Foundry and log on to a CA according to the procedure on page 420.
2. Use the arrow keys to select Host Operation from the top-level menu and press Enter.
3. Select Flush Host from the menu and press Enter.
Note: Select Flush Host rather than Generate Host Key and Cert. The Flush Host
command performs all operations required to certify the host.
4. When prompted, enter the following host information:
a. Enter the number of days that you want the certificate to be valid. (The default is
3,650 days, or ten years.)
b. Enter the IP address of the host you want to certify.
c. If this is not a GKD Server, accept the default port number by pressing Return. If this is
a GKD Server, enter port number 45010.
d. Enter the password of the admin account of the host you want to certify.
Note: When certifying a TRANSEC line card, it is possible that the CA will time out
due to high CPU loading on the line card. If this happens, wait a few minutes
and execute the Flush Host command again.
The CA Foundry will issue a new X.509 certificate to the host, signed by your CA. Sample
output is shown in Figure 388.
5. Select Show Issued Certs from the Maintenance menu and press Enter.
6. In the Subject field of the command output, note the highest CA serial number that
matches the DID determined in Step 1. (In the case that the CA has multiple certificates
for a single remote, the one with the highest serial number is the certificate currently in
use.)
7. Select Revoke Certificate from the Maintenance menu and press Enter.
8. At the prompt, enter the serial number of the certificate to be revoked as determined in
Step 6 and press Enter. Sample output is shown in Figure 392.
The updated blades will no longer allow the remote to enter the TRANSEC network.
10. If you want to ensure that the remote leaves the network immediately, you should force
two updates of the Dynamic Network Keys (DCC Keys). The procedure for updating the
DCC Keys is documented in “Updating the DCC Keys” on page 429.
11. If you want to ensure that the remote’s Network Acquisition Keys (ACC Keys) are no longer
valid, you should force two updates of the ACC Keys. The procedure for updating the ACC
Keys is documented in “Updating the ACC Keys” on page 431.
WARNING! Use great caution when updating the ACC Keys. Any remote that misses two
consecutive ACC Key updates will be stranded. A site visit is required to re-
configure the ACC keys on the remote.
This appendix contains procedures for managing TRANSEC keys. It includes the following
major sections:
• “Configuring the ACC Key on a Remote” on page 427
• “Updating the DCC Keys” on page 429
• “Changing the DCC Key Update Frequency” on page 430
• “Updating the ACC Keys” on page 431
• “Verifying the ACC Keys on an In-Network Remote” on page 432
• “Identifying the Blade that Distributes TRANSEC Keys” on page 434
• “Setting Up Global Key Distribution” on page 436
• “Additional GKD Procedures” on page 443
Before the key can be entered on the remote, you must retrieve the current key from the
Protocol Processor blade responsible for key distribution. To determine the current ACC key:
1. Follow the steps in “Identifying the Blade that Distributes TRANSEC Keys” on page 434 to
determine the Protocol Processor blade responsible for transmitting the ACC Keys to this
remote’s network.
2. Log on to the idirect account of the blade identified in Step 1.
3. At the command line, enter the following command:
telnet localhost 13255
4. At the prompt, log on to the admin account.
5. Enter the following command:
csp enable
6. Enter the following command:
key_ctrl getGACCkey DID passphrase
where DID is the unique remote identifier and passphrase is a string of any length.
Note: A remote’s DID is displayed on the Remote Information tab in iBuilder. The
passphrase will be required to update the ACC key on the remote modem.
The Protocol Processor displays a string consisting of three lines (or “segments”). This
string represents the ACC Key. The key as represented by the string is encrypted using the
Password-Based Key Derivation Function (PBKDF2) described in PKCS #5 v2.1: Password-
Based Cryptography Standard from RSA laboratories.
Figure 394 shows sample output for the getGACCkey command.
7. Securely transfer the three string segments to the personnel responsible for entering the
new key on the remote modem.
To update the ACC Key on the remote modem:
1. From the console port, log on to the root account of the remote.
2. Enter the command:
telnet localhost
3. At the Username prompt, log on to the admin account.
Note: Step 8 assumes the remote already has its X.509 certificate for the TRANSEC
network. If not, the hub operator can now disable authentication for the
remote on the iBuilder Remote Information tab to allow the remote to join the
network the first time. Once it has acquired the network, the hub operator can
issue the certificate to the remote over the satellite link and then re-enable
authentication on the remote. See “Bringing an Unauthorized Remote into a
TRANSEC Network” on page 421 for details.
twice to ensure that a remote no longer has a valid key. For details on the TRANSEC key
management protocol, see the iDirect Technical Reference Guide.
Follow these steps to update the DCC Keys in a TRANSEC network:
1. Follow the steps in “Identifying the Blade that Distributes TRANSEC Keys” on page 434 to
determine the Protocol Processor blade responsible for distributing the DCC Keys to this
remote’s network. Note your Network ID from this procedure.
2. Log on to the idirect account of the blade identified in Step 1.
3. At the command line, enter the following command:
telnet localhost 13255
4. At the prompt, log on to the admin account.
5. Enter the following command to enable security commands:
csp enable
6. Enter the following command to update the DCC Keys:
key_ctrl net <net id> update
where <net id> is the network ID determined in Step 1.
7. You can repeat the Step 6 to ensure that no unauthorized hosts have a valid DCC Key.
WARNING! Use great caution when updating the ACC Keys. Any remote that misses two
consecutive ACC Key updates will be stranded. A site visit is required to re-
configure the ACC keys on the remote.
Note: Even if a valid ACC Key is present on a de-certified remote, the remote cannot
send or receive IP traffic if you have performed two DCC Key updates.
If you are using Local Mode (ACC Keys generated by the Protocol Processor blades), you must
execute the ACC Key update from the blade that is generating your ACC Keys. If you have one
or more GKDs configured for your TRANSEC network, you must execute the ACC Key update
from the Master GKD. (For more information, see “Setting Up Global Key Distribution” on
page 436.)
Follow these steps to update the ACC Keys in a TRANSEC network:
1. If using Local Mode:
a. Follow the steps in “Identifying the Blade that Distributes TRANSEC Keys” on page 434
to determine the Protocol Processor blade responsible for key distribution.
b. Log on to the idirect account of the blade.
c. At the command line, enter the following command:
telnet localhost 13255
d. At the prompt, log on to the admin account.
2. If you have one or more GKDs configured for your TRANSEC network:
a. Log on to the root account of the Master GKD Server.
b. At the command line, enter the command:
telnet 0 46002
c. At the Username prompt, log on to the admin account. (The default password is
iDirect.)
3. On the GKD or the Protocol Processor blade responsible for generating the ACC Keys,
enter the following command to enable security commands:
csp enable
4. If you are on a GKD Server, verify that this is the Master GKD by entering the command:
kd status
5. To update ACC Keys, enter the command:
kd keyroll update confirm
Note: The ACC Key update may take several minutes to complete. Therefore, you
should wait at least an hour before executing the kd keyroll update
command a second time.
6. To ensure that no unauthorized hosts have a valid ACC Key, wait at least one hour and
repeat Step 5.
WARNING! Any remote that misses two consecutive ACC Key updates will be stranded. A
site visit is required to re-configure the ACC keys on the remote.
Figure 396. Viewing the ACC Key Data Structure on the Protocol Processor
5. Note the number of the active key. (The active key is Key 0 in Figure 396.)
Note: If you have one or more GKDs configured for your network, it is possible that
the ACC Keys have been updated on the Master GKD but have not yet been
accepted by the Protocol Processor blade. You can enter the kd keyroll show
command on the Master GKD to ensure that the active key on the GKD matches
the active key on the Protocol Processor blade.
6. From the root account of the NMS server, enter the following command to open a secure
connection the remote.
ssh <ip address>
where <ip address> is the IP address of the remote.
7. When prompted, enter the remote’s admin password.
8. Enter the following telnet command and log on with Username admin and the remote’s
admin password:
telnet localhost
Step 6 through Step 8 are illustrated in Figure 397.
Figure 398. Viewing the Key Roll Data Structure on a Remote Modem
11. Compare the ACC Key output of the key_mgr command on the Protocol Processor (Step 4)
with the ACC Key output of the remote keyroll_mgr key command. The active key
numbers should be the same. In the example in Figure 399, the remote has successfully
received the latest ACC Keys. Therefore the number of the active key on the Protocol
Processor (on the left) is identical to the number of the active key on the remote (on the
right).
If the ACC Keys were updated again and the remote had not yet received the new key, Key 1
would become the active key on the Protocol Processor but the remote active key would
remain the same. This is shown in Figure 400.
Note: The blade responsible for sending the TRANSEC keys to a network is always the
same blade that is responsible for multicast traffic for that network.
You must know both the Protocol Processor ID and the Network ID to determine the Protocol
Processor blade responsible for propagating the keys to your network. Follow these steps to
determine the IDs:
1. In iBuilder, select Details from the View Menu.
2. Select Collapse Details Hierarchy from the View Menu
3. Click your Teleport in the iBuilder Tree
4. Click the Type column heading in the Details View to sort elements by Type.
5. Scroll down until you find the IDs of both your network and your protocol processor. In
Figure 401, the Network ID for TRANSEC Network 1 is 9. The Protocol Processor ID for
TRANSEC Protocol Processor is 2.
Once you have determined the Network ID and the Protocol Processor ID, you must identify
the Protocol Processor blade responsible for multicast traffic for your network. This is the
blade responsible for sending out the TRANSEC Keys.
Follow these steps to determine the blade that sends the TRANSEC Keys to your network:
1. Log on to the idirect account of your NMS server.
2. Enter the following command to connect to the pp_controller process for your protocol
processor.
telnet localhost <pp_controller port_number>
where <pp_controller port_number> is 15000 + the Protocol Processor ID. For the
example in Figure 401, you would enter the command telnet localhost 15002, since
the Protocol Processor ID is 2. if the Protocol Processor ID were 11, you would telnet to
port number 15011.
3. At the Username prompt, log on to the admin account of the Protocol Processor.
4. From the command line, enter the following command to determine the Tunnel Interface
IP Addresses of all blades responsible for multicast for this Protocol Processor:
blades query multicast
Sample output of this command is shown in Figure 402. In the figure, the Tunnel Interface
IP Address (eth1) of the multicast blade for Network ID 9 is 192.168.77.230.
Note: This command returns the Tunnel Interface IP address of your blade, not the
Upstream Interface IP Address. You can view both IP Addresses on the Protocol
Processor Blade dialog box in iBuilder.
A system with three GKDs and four Protocol Processor blades that propagate those keys is
shown in Figure 403.
Backup GKD Backup GKD
KeyDistributor KeyDistributor
Master GKD
KeySync KeySync
KeyDistributor
KeySync
PP Blade PP Blade
KeySync KeySync
PP Blade PP Blade
KeySync KeySync
In any established network of GKDs, there is only one Master GKD. The Master GKD is
responsible for generating the ACC Keys for all Protocol Processors that have that GKD
configured under it in iBuilder. All other GKDs (called Backup GKDs) are responsible for
synchronizing their ACC Keys with the Master GKD.
Each GKD is configured with a unique priority. The highest-priority GKD is the “configured
Master” GKD. If the Master GKD fails, the highest-priority Backup GKD will become the
“promoted Master” GKD. When the configured Master GKD recovers, it will resume the
function of ACC Key generation and the promoted Master will return to the Backup role.
Similarly, if a backup GKD loses connectivity to the Master GKD and promotes itself to Master,
it will return to Backup status when connectivity to the configured Master GKD is restored.
A Protocol Processor blade responsible for sending out the ACC Keys to one or more networks
will attempt to synchronize its keys with the Master GKD. However, if the blade cannot
communicate with the Master GKD, it may synchronize with a Backup GKD. If the blade cannot
communicate with any GKD, new ACC Keys will not be generated for the network.
Note: In order to minimize the possibility that remotes will not have a valid ACC Key,
a Protocol Processor blade that has received a new ACC Key from a GKD will not
accept the next ACC Key for one hour. This one hour wait is not enforced if Key
Updates are performed manually using the kd keyroll update confirm
command.
The following sections explain how to install and run one or more Global Key Distributors for
your TRANSEC networks.
Note: When multiple GKDs are configured, the relative priorities of the GKDs
determine which active GKD will assume the roll of Master. The highest-
priority operational GKD serves as the Master GKD responsible for
generating the ACC Keys.
5. Click OK in the GKD dialog box.
6. Repeat Step 3 and Step 4 for each additional GKD you want to add for this Protocol
Processor.
7. Click OK in Protocol Processor dialog box to save the configuration.
Note: Wait until you have created the GKD options files and started the GKDs to
apply the changes to your Protocol Processor.
The example uses a Protocol Processor configured in iBuilder with three GKDs. The options file
for the GKD with priority 30 is shown below.
[GKD_NODE_10]
connect_addr = INET;192.168.77.27;45001
priority = 10
[GKD_NODE_20]
connect_addr = INET;192.168.77.30;45001
priority = 20
[GKD_NODE_30]
connect_addr = INET;192.168.77.32;45001
priority = 30
[GKD_LOCAL_CFG]
priority = 30
Note the following regarding the sample GKD options file:
• The GKD_NODE definitions give the IP address and port number for all GKD Servers in the
GKD network as configured in iBuilder. In this case there are three GKD Servers. These
GKD_NODE definitions must be included in the GKD options file of each GKD.
• All priorities in the GKD options file must match the priorities configured for the GKD in
iBuilder. Priorities must be unique. No two GKD Nodes in an options file can have the same
priority.
• All GKD_NODE numbers must match the priorities configured in iBuilder. For example,
GKD_NODE_20 must have priority = 20.
• The GKD_LOCAL_CFG definition at the end of the options file identifies this GKD. Since
GKD_LOCAL_CFG priority is 30 in the example, this is the options file for the GKD running
on 192.168.77.32. The options file for GKD_NODE_20 would be identical to this options
file except that the final line defining the GKD_LOCAL_CFG would be priority = 20.
• Since it has the highest priority, GKD_NODE_30 is the Configured Master for this group of
GKDs. In other words, if all three GKDs are operational and connected, GKD_NODE_30 will
always assume the role of Master GKD.
Since you can create a GKD options file in any text editor, you do not have to follow the
procedure in this example. However, retrieving the options file for the Protocol Processor
allows you to cut and paste the GKD_NODE definitions into the GKD options files rather than
typing them by hand. The procedure assumes that the three GKDs in the sample options file
have been configured as shown in “Configuring GKDs in iBuilder” on page 438.
To create the GKD options file shown in the example above:
1. In the iBuilder tree, right-click the TRANSEC Protocol Processor with the configured GKD
and select RetrieveSaved Configuration.
2. Click the Save button. The options file will open in Notepad.
3. Scroll down until you find the GKD_NODE definitions for the Protocol Processor.
Figure 407. Protocol Processor Options File with GKD Node Definitions
4. Delete everything from the options file except the GKD_NODE definitions.
5. Add the following to the end of the options file:
[GKD_LOCAL_CFG]
priority = <This Node’s Priority>
where <This Node’s Priority> is the priority of the GKD that will use this options
file.
6. Select FileSave As and save the file in the folder of your choice with the name of your
choice.
7. Using WinSCP (or any other method) transfer the file to the idirect account of the GKD
Server machine.
8. Log on to the root account of the GKD Server identified by GKD_LOCAL_CFG.
9. Move the GKD options file to /etc/idirect/gkd/gkd_opts.opt. For example:
mv /home/idirect/gkd_opts_30.opt /etc/idirect/gkd/gkd_opts.opt
Note: Each GKD options file must be named gkd_opts.opt and must be present in the
directory /etc/idirect/gkd on the GKD Server.
To create the options files for the other two GKDs in the example, you could make two
additional copies of this options file and change the GKD_LOCAL_CFG definitions to match
the priorities of the other two GKD Servers.
Note: When certifying a GKD Server, you must enter port 45010 when prompted for
the port number. Do not use the default port number.
4. The GKD must be restarted after it receives its certificate. Enter the following command
to restart the GKD:
service idirect_gkd restart
5. To run the GKD service automatically at startup, enter the command:
chkconfig idirect_gkd on
6. Check the status of the GKD service by entering the command:
service idirect_gkd status
Two processes (gkd and gkd_monitor) should be running.
Note: If you add, modify or remove GKDs, you must update all GKD options files to
match the new configuration and restart the GKD service on all GKD Servers.
If this is the first time any GKD is being brought on line for this Protocol Processor, then when
you apply the changes to the Protocol Processor, the blade or blades that were responsible for
generating ACC Keys for your networks will no longer have that responsibility. Instead, they
will request the ACC Keys from the Master GKD and forward them to the network.
The blade will not accept more than one new ACC Key per hour (by default) from the GKD.
Therefore, a remote that is not in the network at the time that you bring the first GKD on line
should still be able to acquire for at least one hour. However, if that remote does not acquire
the network by the time the blade has synchronized both the current and next keys with the
GKD, it will be unable to acquire the network until its ACC Keys are manually updated. See
“Configuring the ACC Key on a Remote” on page 427.
Note: The default password is iDirect. You can change the password by following
the procedure in the next section.
To change the password of the GKD admin account to the Admin Password of an iBuilder
Protocol Processor:
1. In the iBuilder tree, right-click the Protocol Processor and select RetrieveSaved
Configuration.
2. Click the Save button. The options file will open in Notepad.
4. Copy the information highlighted in Figure 410 into the GKD options file. A sample GKD
options file is shown below.
[GKD_NODE_20]
connect_addr = INET;192.168.77.30;45001
priority = 20
[GKD_NODE_30]
connect_addr = INET;192.168.77.32;45001
priority = 30
[GKD_LOCAL_CFG]
priority = 20
[SECURITY]
admin_password =
$idi3$//kdd/$0bwUdQy2daA/d95g6/DC4KkVJ40091r0sdVSi0dqFy6lbSBO9zOiYA
qY8GtVYiCf08BricTpbNeF6C45UrNf03
5. Follow the procedure on page 441 to copy the GKD options file into the correct directory
on the GKD Server.
6. Restart the GKD service by entering the following command from the root account of the
GKD Server:
service idirect_gkd restart
7. Follow the procedure in “Logging On to the GKD Console” on page 443 to verify that the
password change was successful.
4. Enter the ks status command to determine the Key Synchronizer status of this GKD,
including:
• The Node ID of this GKD. (The Node ID equals the priority of the GKD.)
• The Current State of this Key Synchronizer.
• If the Key Synchronizer is connected, the IP Address of the GKD supplying the keys.
Figure 412 shows an example of the ks status command executed on both a Master GKD
(on the left) and on a Backup GKD (on the right).
5. Enter the kd clients command to determine the IP Addresses of all clients receiving
ACC Keys from this GKD. Clients include both Backup GKDs and protocol processor blades
responsible for distributing the ACC Keys to the networks.
Figure 413 shows an example of the kd clients command executed on a Master GKD
with two clients.
(REG) after the client IP address indicates that this client has registered with the GKD
Server. (UNREG) indicates that the client has not registered with the GKD Server. Only
registered clients will receive ACC Key updates. Under normal circumstances, clients will
always register with the GKD Server shortly after connecting and re-register periodically.
Note: If you are using the iDirect TRANSEC feature for your ABS networks, you must
set up Global Key Distribution to ensure that the Network Acquisition Keys are
the same for all networks. A remote cannot roam from one TRANSEC network to
another unless these keys are the same. See “Setting Up Global Key
Distribution” on page 436 for details.
For most parameters in map.conf, the default settings are identical and can be left
unchanged for standard installations. However, note the following differences in Figure 416:
• For Intelsat format, conveyance_file should be set to curr.in and
conveyance_format should be set to intelsat.
• For GXT format, conveyance_file should be set to Beams and conveyance_format
should be set to gxt_dir.
If you were using the ABS feature before upgrading to this release, map.conf should already
exist on your NMS server machine. If you are setting up ABS for the first time, then you can
use the template file (/etc/idirect/map/map.conf.template) on your map server machine to
create map.conf. Copy the template file to map.conf and edit the file to comply with your
format if necessary.
Note: This procedure is valid only if your map server process is running on an iDirect
server such as the NMS server or GKD server. It is not valid for a local map
server process co-located with the remote modem.
You must execute the procedure in this section during the initial set up of the ABS feature for
your network. Re-execute the procedure any time you need to add a new beam to your beam
map file.
Note: When you add a new beam, the beam name used in the conveyance beam map
file must exactly match the name of the network configured for that beam in
iBuilder. For example, if a beam name in the conveyance file is Beam_10, then
the name configured in the iBuilder tree for the corresponding network must
also be Beam_10.
The satellite provider delivers conveyance beam map files to the customer in a pre-defined
format. This format is defined in a specification document agreed upon between the beam
provider and iDirect. iDirect provides each ABS customer with a software utility that converts
the conveyance beam map files into a format that is usable by the map server. Once the
conversion is complete and the map server must be restarted, the new beam becomes
available for the map server to send to remotes using ABS.
Follow these steps to convert a conveyance beam map file from your satellite provider into
the map server format and make it available for use in your networks.
1. Log on to the map server machine as root.
2. Change to the map server directory:
cd /etc/idirect/map
Note: To configure the idirect_map service to start automatically at boot time, run
the following command as the root user: chkconfig idirect_map on
Follow these steps to modify one of the pre-configured ABS antenna definitions:
1. In iBuilder, right-click the reflector in the Remote Antenna ComponentsReflector
folder and select ModifyItem to open the Reflector dialog box (Figure 417).
2. Enter the Size of the Reflector in meters.
3. Enter the Offset Angle in degrees.
4. Select Controllable.
5. Select the Controller Type for your antenna.
6. On the right-hand side of the dialog box (Figure 417) you can define multiple Elevation /
Gain pairs, each of which represents the variation in antenna gain for a specific satellite
elevation. You can enter as many as 91 values, one for each degree between zero and 90,
inclusive.
During beam acquisition, iDirect uses these data points to interpolate the gain variation
for the elevation at the remote’s current location. This gain variation is used in the
calculation of initial transmit power. (See the iDirect Technical Reference Guide for
details on how the initial transmit power is calculated.)
Note: Elevation / Gain pairs are only applicable to flat plate antennas with
multiple plates. If you are not configuring an applicable antenna, leave this
area blank. If you are configuring an applicable antenna, please contact your
antenna manufacturer for the correct data.
Note: If you are entering Elevation / Gain pairs, then you must enter values for
both 0o and 90o. If these two values are not included, some gain variations
will be undefined.
For each Elevation / Gain pair you want to add:
a. Click the Add button to open the Gain dialog box.
Note: You can modify or remove an existing Elevation / Gain pair by selecting the
entry and clicking the Edit or Delete button. (See Figure 417.)
7. When you have finished configuring your Reflector, click OK to save your changes.
3. In the Remote Antenna section of the dialog box, enter the antenna components for your
antenna. (See “Remote VSAT Tab” on page 177 for details on configuring the fields shown
in Figure 419.)
4. To enable ABS for this remote, select one of the following for the Reflector, as shown in
figure Figure 420.
• OpenAMIP. (An open antenna controller protocol developed by iDirect.)
• DAC-97. (Used for any supported SeaTel DAC antenna controller: DAC-97 DAC-03,
DAC-2200, or DAC-2202)
• Spacetrack 4000 for Schlumberger Spacetrack 4000
• AL-7104 for the Orbit-Marine AL-7104
When you select a Reflector that supports ABS, additional configuration fields appear in the
Remote Antenna section of the remote VSAT tab. Many of these fields apply to all ABS
antennas. Other fields apply only to specific antenna types or to antennas controlled by the
OpenAMIP protocol. The two right-hand columns in Figure 421 show the fields that apply to all
ABS antennas. Additional fields appear on the bottom right of the screen when you select the
DAC-97, Al-7104 or OpenAMIP. Those additional fields are discussed later in this section.
Note: You will not see the ABS-specific fields on the right-hand side of this screen
until you have selected a controllable Reflector.
To configure the ABS-specific fields for the remote antenna:
1. Enter the IP address (Antenna Address) and port number (Antenna Port) of the antenna
on the remote LAN. This addressing is required for the remote modem to communicate
with the antenna controller.
2. In Hunt Frequency, enter the L-Band hunt frequency to be programmed into the antenna
controller. This frequency may be different for different instances of your roaming
remote, depending on the beam in which that remote instance is defined.
Figure 422 shows the additional fields that appear on the VSAT tab if you select OpenAMIP,
DAC-97 or AL-7104 as your antenna.
7. If you select a reflector configured to use the OpenAMIP controller type, the OpenAMIP
parameters shown on the left of Figure 422 appear on the VSAT tab. To configure these
parameters:
a. In Tx Frequency, enter the center frequency of your transmit carrier.
b. In Tx Bandwidth, enter the width of you transmit carrier.
c. In Hunt Bandwidth, enter the width of the Hunt Frequency.
d. In Tx Local Oscillator, enter the frequency of your transmit local oscillator. This
should match the Frequency Translation field configured for the remote’s BUC.
e. In Rx Local Oscillator, enter the frequency of your receive local oscillator. This should
match the Frequency Translation field configured for the remote’s LNB.
8. The SeaTel DAC controller type should be used for any of the four SeaTel antenna
controllers supported by the ABS feature. If you select a reflector configured to use the
SeaTel DAC controller type (such as DAC-97), the SeaTel parameters shown in the center
of Figure 422 appear on the VSAT tab. To configure these parameters:
a. Select the LNB Voltage. This is the nominal voltage being supplied by external
equipment to the LNB. You can select either 13V or 18V. The default value is 18V.
b. Select 22 KHz Tone to tell the antenna controller to enable the 22 KHz tone to the
LNB.
c. DAC 97 distinguishes a SeaTel DAC-97 from the other supported SeaTel DAC variants
(DAC-03, DAC-2200, or DAC-2202). Select this check box only if using a DAC 97
antenna controller.
d. Enter the NID. This is the Network ID of the DVB carrier specified by the Hunt
Frequency and Hunt Polarity.
e. Enter a value for DVB_FEC. This is the FEC rate of the DVB carrier specified by the
Hunt Frequency and Hunt Polarity.
9. If you select a reflector configured to use the Orbit SBC controller type (such as AL-7104),
the Orbit SBC parameters shown on the right of Figure 422 appear on the VSAT tab. To
configure these parameters:
a. Select the LNB Voltage. This is the nominal voltage being supplied by external
equipment to the LNB. You can select either 13V or 18V. The default value is 18V.
b. Select 22 KHz Tone to tell the antenna controller to enable the 22 KHz tone to the
LNB.
Note: In addition, for high-speed (greater than 150 mph) applications, a number of
custom keys and iBuilder settings should be set for your networks and remotes.
See “High-Speed COTM Custom Keys and Optimizations” on page 469 for
details.
Note: Custom keys in the [BEAMS_LOCAL] group only apply to the remote instances
on which they are defined. If you want a custom key in the [BEAMS_LOCAL]
group to apply to all instances of a remote, then you must add the custom key
to the remote in each of the remote’s networks. See “Configuring the Network
Acquisition Timers” on page 459 and “Changing the Download Timeout” on
page 460.
The general steps for configuring the custom keys defined in this section are:
1. In iBuilder, right-click the remote and select ModifyItem.
2. Click the Custom tab.
3. In the Remote-side Configuration section of the screen, configure the custom key. (See
the subsections below for definitions.)
4. Click OK to save your changes.
5. Right-click the remote in the remote’s current network in the iBuilder tree and select
Apply ConfigurationReliable Remote-Side (TCP).
The example in this figure changes the remote’s net_state_timeout (discussed below) to six
minutes. The same general steps can be used to define any of the custom keys described in
the remainder of this section.
Note: Custom keys in the [BEAMS_LOCAL] group only apply to the remote instances
on which they are defined.
Note: Custom keys in the [BEAMS_LOCAL] group only apply to the remote instances
on which they are defined.
To change this default behavior for any remote, enter a remote-side custom key of the form:
[BEAMS_LOCAL]
mapless_mute = <value>
where a <value> of 1 tells the remote to stop transmitting when running without a
beam map. A <value> of 0 tells the remote to continue to transmit when running
without a beam map.
Note: Custom keys in the [BEAMS_LOCAL] group only apply to the remote instances
on which they are defined.
Note: Do not configure this value to be less than the hysteresis used in the beam map.
only mode does not transmit, but it does receive and forward multicast traffic. For more
information on receive-only mode, see the iDirect Technical Reference Guide.
To disable or enable the receive-only mode feature on a remote, enter a remote-side custom
key of the form:
[BEAMS_LOCAL]
rxonly_enabled = <feature state>
where a value of 0 for <feature state> disables the receive-only mode feature and a value
of 1 for <feature state> enables the receive-only mode feature. Remotes configured with
rxonly_enabled = 0 will not enter receive-only mode, regardless of the EIRP value
received from the map or the state of the hardware mute signal.
Note: If you have entered a custom key of 0 to disable this feature on a remote, you
can re-enable the feature either by setting the custom key to 1 or by deleting
the custom key.
Note: Custom keys in the [BEAMS_LOCAL] group only apply to the remote instances
on which they are defined.
WARNING! You must apply this custom key to all instances of the remote.
For information on configuring and using a local map server, contact the iDirect TAC at (703)
648-8151.
D.4.1 latlong
The latlong command displays the current latitude and longitude of the remote. It also
displays the word muted if the current satellite is below the configured minimum look angle.
The precision of the values returned by the latlong command is greater than or equal to the
precision of the values returned to the remote by the antenna controller. (By contrast, the
precision sent to the NMS is in hundredths of a degree to maintain backward compatibility
with the location event format.) The latlong command is convenient when you do not want
to wait for the next location event, since the location event interval is set to five minutes by
default.
Syntax:
latlong
Example:
Figure 424 shows an example of the latlong command.
D.4.2 tlev
The tlev command sets or reads the system's global trace level.
Although there are seven trace levels, level 4 is the highest level that can be used effectively
under normal operations. At level 4, the various ABS state machines trace all state
transitions. Each time an event occurs, the name of the state machine, the current state, and
the name of the event are displayed on the screen. This provides the analyst with a clear view
of the sequence of events occurring in the software.
Syntax:
tlev Reads the trace level
tlev 0 Sets the trace level to normal, tracing critical events only.
tlev 4 Sets the trace level to the highest trace level that is practical during normal
operations
tlev 7 Sets the trace level too high to be usable during normal operations
Example:
Figure 425 shows an example of the tlev command. The command in the example sets the
trace level to 4.
Note: The antenna debug command works for all types of antennas supported by
ABS. However, the tracing for each antenna type differs dramatically because
the controller interface for each antenna type is unique.
Syntax:
antenna debug 7 7 7 7 Enables all antenna traces
antenna debug 0 0 0 0 Disables all antenna traces
Spaces are required between digits when setting the trace level.
Example:
Figure 426 shows the trace output after the antenna debug command has been issued to
enable all antenna tracing.
D.4.5 beamselector
Depending on the command line argument, the beamselector command can be used for any
of the following purposes:
• To list the set of beams available to the remote
• To switch the remote from its current beam to a new beam
• To lock the remote to a specific beam during remote commissioning
• To determine the initial Tx power offset during remote commissioning
• To determine the current Tx power as read from the beam map
• To set the trace level of the beam switch module
When using the list argument, the command displays the beam number and the beam name
for each beam in the current set of beams available in the options file. It also indicates which
beam is currently selected and which, if any, of these available beams are unknown to the
map server that provided the current map. A beam that is in the options file but unknown to
the current map server is listed as “not in map.”
Note: “Not in map” indicates that the modem does not have a map from a map server
that knows about the beam. In other words, the name of the beam in the
options file does not match the name of any beam in the map being sent to the
modem by the map server.
When using the switch argument, the beamselector command allows the operator to
initiate a beam switch. For example, the command beamselector switch 5 commands
the modem to switch from its current beam to beam 5. Once the command is issued, the
remote will reset and attempt to use the new beam. The beam numbers may be determined
by issuing a beamselector list command.
This form of the command will not permit you to switch to a beam unless that beam is both in
the map and in the current options file. If you are sure you want to switch to a beam that is
unknown or that is not in the map, you must use the -f (or “force”) option.
Syntax:
beamselector list Displays all beams available to this remote as defined in the
remote options file.
beamselector switch <beam number> Switches the remote to the beam indicated
by beam number.
beamselector switch <beam number> -f Forces the remote to switch to the beam
indicated by beam number, even if that beam is not in the map.
Example:
Figure 427 shows the results of the beamselector list command. The remote has four
beams configured in its options file. Beam 2 is the current beam.
Note: The beam names displayed by this command are identical to the beam names in
the conveyance beam map file supplied by the satellite provider, as well as to
the corresponding network names configured in iBuilder.
Note: If a remote without a high-speed COTM license exceeds 150 mph, all user
traffic to the remote is stopped.
Some settings only apply to mobile remotes in TDMA networks (TDMA remotes) while some
settings only apply to mobile remotes that transmit SCPC return channels (SCPC remotes).
The applicable type of remote is noted in each description.
Note: For Evolution eP100 remotes, many of the custom keys documented in this
appendix are configured for the high-speed setting by default. The default
settings are noted in the descriptions of the custom keys.
For high-speed remotes, iDirect recommends that you set ll_t1_retry_limit to 15. This
results in a link layer timeout of 1 minute.
Default settings:
• 15 for Evolution eP100 Remotes
• 5 for other remote model types
To change the ll_t1_retry_limit, configure the following custom key in the Hub-side
Configuration area of the Remote Custom tab:
[REMOTE_DEFINITION]
ll_t1_retry_limit = 15
To configure the Guard Band for your TDMA upstream carrier, right-click the carrier in the
iBuilder tree and select ModifyItem.
Note: Whenever your TDMA upstream carrier is assigned to an Inroute Group or the
characteristics of the downstream carrier for your network are modified, the
Guard Band reverts to the default setting of 8 symbols. Therefore, if you
changed the Guard Band and want to maintain the new setting, you must
modify your carrier and reconfigure the Guard Band after either of those
operations.
Once you have configured the Guard Band for your carrier, you should also configure the
following custom key in the Hub-side Configuration area of the Remote Custom tab for
remotes using that carrier:
[REMOTE_DEFINITION]
symbol_offset_max = <max symbol offset>
Where <max symbol offset> = Guard Band (in Symbols) / 2 – 1
The UCP averaging method selected for a remote is controlled by the Remote hub-side custom
key ucp_exponential_average_enabled, which is defined as follows:
[REMOTE_DEFINITION]
ucp_exponential_average_enabled = <Enabled Setting>
where a value of 1 for <Enabled Setting> enables exponential averaging and a value
of 0 for <Enabled Setting> enables arithmetic averaging.
Note: Some upstream modulation modes have minimum symbol rate restrictions
above 128 ksps. For details, see the Link Budget Analysis Guide for your
release.
Table 12. Minimum Symbol Rates for Upstream Carriers
TDMA SCPC
Mobile Remote Maximum Speed Maximum
Type (km/h) Acceleration (m/s2) Ku Band Ka Band Ku Band Ka Band
Maritime 25 5 128 256 128 256
Vehicular 120 10 256 512 256 512
Train 350 5 128 256 256 512
Airplane 1280 17 400 800 512 1024
3. Using iMonitor, follow the procedure on page 475 to determine the inroute ID of your SCPC
return channel.
4. In the iBuilder tree, right-click the Network in which this carrier is used and select
ModifyItem.
5. In the Network dialog box, click the Custom tab.
6. Add the following custom key:
[INROUTE_id]
fec_blocks_per_inroute_frame = n
where id is the inroute ID of the SCPC return channel determined in Step 3 and n is:
floor (FEC Blocks per Frame / 4)
For example, if the number of FEC Blocks per Frame determined in Step 2 is 10, then you
should set fec_blocks_per_inroute_frame to 2.
The remote lock feature allows individual remotes to be locked to a particular network. Once
a remote is locked with a Network Key, it only functions in a network with the same key.
There are two types of Remote Locking supported in iDirect networks:
• iDirect’s Traditional Remote Locking is supported for iNFINITI remotes and Evolution e8350
remotes. It is described in “iDirect’s Traditional Remote Locking” on page 479.
• Enhanced Remote Locking using symmetric key generation is supported on Evolution X3
and Evolution X1 remotes. However, the procedure for locking these remotes differs
based on remote model type.
• Evolution X3 Remote Locking is described in “Enhanced Remote Locking for Evolution
X3 Remotes” on page 481.
• Evolution X1 Remote Locking is describe in “Enhanced Remote Locking for Evolution
X1 Remotes” on page 485.
For all types of Remote Locking, you must create a Network Key in iBuilder before you can
lock any remotes to your network. See “Configuring the Network Key” on page 488 for details.
Note: You must know the Network Key of the remote’s network to lock your remote to
the network.
Enter the following command to lock the remote to the Network Key with a password:
rmtlock lock <network key> <password>
Where: <network key> is the Network Key you defined for your network and
<password> is 8 to 12 characters in length and conforms to password security
recommendations.
When the rmtlock command is used to change the Network Key and password, it must match
the previously-set password. You must unlock the remote before moving the remote from one
network to another network.
WARNING! Since the NMS does not store the password, it is the network operator’s
responsibility to maintain the list of passwords for your networks.
WARNING! If a password is lost, you must contact the iDirect TAC for assistance. The
TAC will validate the ownership of the unit in question before the default
password is given to the requestor.
Note: The above procedure requires iDirect internal verification and management
approval. It may take several business days to complete.
• Hard Locks: Once a remote is “soft” locked to a network, you can use the rmtlock
command to irrevocably burn the remote’s Locking Key into the remote hardware using
the same Confirmation Word that was generated for the Soft Lock. After a Hard Lock has
been burned into the remote, only a Non-Warranty RMA hardware replacement can
remove the Hard Lock. Please refer to warning notes in “Setting a Hard Lock” on
page 483.
Note: You must first Soft Lock an X3 remote to a network before you can Hard Lock
that remote.
Note: You must know the Network Key of the remote’s network to lock your remote to
the network.
Note: As a convenience, you can enter the rmtlock verify command to display the
Network Key configured for the remote.
2. Record the Confirmation Word. The Confirmation Word is required to remove the Soft
Lock or to set a Hard Lock on the remote.
3. Within 60 seconds of performing Step 1, confirm the Soft Lock by re-entering the
rmtlock command followed by the Confirmation Word:
rmtlock engage <netkey> <confirmation word>
WARNING! The following command will permanently lock the remote to the Network.
Only a hardware replacement can reverse this lock.
2. Within 60 seconds of performing Step 1, repeat the rmtlock burn command with the
Confirmation Word appended. This is the Confirmation Word that was generated when you
set the Soft Lock on this remote.
rmtlock burn <confirmation_word>
WARNING! If the Locking Key is “burned” into the remote hardware using the Hard Lock
option, the remote can only function in a network with the Network Key
associated with the Hard Lock. From this point forward, the lock is
permanent and the Locking Key can only be removed with a Non-Warranty
RMA hardware replacement.
WARNING! RMA charges of $250 (plus all shipping) will apply to all remotes returned to
iDirect for the purpose of removing a network lock.
Note: You must know the Network Key of the remote’s network to lock your remote to
the network. See “Configuring the Network Key” on page 488 for details.
Note: When locking an Evolution X1 remote, you should use the Network Key
Fingerprint to catch typographical errors and prevent accidentally locking the
remote to the wrong network. Record the Network Key Fingerprint value
returned when locking the first remote to a network, or obtain it from a
previously-locked X1 remote by entering the rmtlock status command. When
locking subsequent remotes, verify that the Network Key Fingerprint has the
same value before confirming the lock. See Step 6 on p. page 487.
1. Using a Web browser, connect to the Evolution X1 remote that you want to lock and log on
as admin.
4. Verify that the remote is not currently locked by entering the following command at the
command prompt (Figure 433):
rmtlock status
If the remote is not locked, the command will return:
state: unlocked
5. To obtain the confirmation word required to lock the remote, enter the command:
rmtlock permlock <network key>
where <network key> is the Network Key of the remote’s network.
When invoked the first time, this command will return the confirmation word required to
permanently lock the remote to the network and the Network Key Fingerprint for this
network. Sample output of this command is shown here:
netkey: 123abc
netkey fingerprint: BC61D2ED
confirmation word: ptPvoK58
instructions: Please type 'rmtlock permlock 123abc ptPvoK58' within
60 seconds to confirm.
WARNING: This will permanently lock the remote to the network. This
lock cannot be changed or removed. In order to unlock the remote,
the unit will have to be returned to iDirect under Non-Warranty
Repair.
6. If you know the Network Key Fingerprint for this network, verify that the netkey
fingerprint returned by the rmtlock permlock command is correct before
proceeding to the next step. If the fingerprints do not match, you have entered an
incorrect Network Key. Repeat Step 5 with the correct Network Key.
WARNING! The following command will permanently lock the remote to the Network.
Only a hardware replacement can reverse this lock.
7. Within 60 seconds of performing Step 5, repeat the rmtlock command again as follows:
rmtlock permlock <network key> <confirmation word>
where <network key> is the Network Key of the remote’s network and
<confirmation word> is the confirmation word that was returned in Step 5.
Sample output of this command is shown here:
state: permanently locked
netkey: 123abc
netkey fingerprint: BC61D2ED
After entering this command, your remote is permanently locked to the network.
Note: You can check the remote lock status when logged on as user or admin.
However, the Network Key Fingerprint will only be displayed if you are logged
on as admin.
If the remote is not locked to a network, the rmtlock status command returns:
state: unlocked
WARNING! RMA charges of $250 (plus all shipping) will apply to all remotes returned to
iDirect for the purpose of removing a network lock.
Transmission A protocol developed for the internet to get data from one network device to another;
Control Protocol TCP uses a retransmission strategy to ensure that data will not be lost in transmission.
(TCP)
B
A
bandwidth
ABS
adding 72
see Automatic Beam Selection
beam selection
accelerated GRE tunnels 160
see beam switching for mobile remotes; Automatic
accepting changes Beam Selection
automatically accepting changes 14 beam selection for roaming remotes 189
enabling accept changes button 14
before you start
acquisition aperture length 77
information needed 8
activating preparing equipment 8
remotes 303 blades
active users pane 385 adding 94
activity log 49 to 52 BUC 177 to 178
copying data from 52 button
list of selectable activities 49
accept changes 14
viewing 50
right mouse 26
antenna 65
antenna, adding 66
applying changes to roaming remotes 324 C
applying configurations 316
CA Foundry 417 to 432
Automatic Beam Selection 449 to 467
connecting to a host 420
adding beams to a network 451 creating a CA 419
adding elevation / gain pairs for flat plate antennas creating a certificate authority 419
454 executing 63, 418
antenna reflector definition 453 issuing host certificates 423
changing the GPS interval 461 logging on to a CA 420
changing the minimum look angle 458 navigating in 418
changing the usable beam timeout 461 revoking host certificates 424
configuring a local mapserver IP address 462
carrier
configuring a remote for 455
configuring hunt frequency 456 acquisition aperture length 77
configuring the initial tx power offset 456 adding downstream carriers 73
determining a remote’s initial tx power offset 466 adding SCPC upstream carriers 79
determining beam numbers 467 adding TDMA upstream carrier 76
disabling or enabling the rx-only feature 461 defining an alternate downstream carrier 110
forcing a beam switch 466 information rate 77
IP address of antenna 456 large block 77
muting the remote transmitter when mapless 460 small block 77
reading the tx power from the beam map 466 switching to an alternate downstream carrier 118
remote console commands 462 symbol rate 77
setting download timeout 460 transmission rate 77
setting network acquisition timers 459 uplink/downlink center frequency 74, 76, 80
setting OpenAMIP parameters 457 carrier grooming 133
setting Orbit SBC parameters 457 certificate authority, creating 419
setting SeaTel DAC parameters 457 chassis
setting up the configuration file 450 adding the initial hub chassis 277
starting the map server 452 assigning line cards to slots 282
X
X.509 certificates
issuing to hosts 423
revoking from hosts 424