Surveillance Director Fields

In SDX Configuration Editor, you can modify the following fields in the Surveillance Director pane in a sds.xml configuration file.

Virtual Router Filter

Virtual routers to be monitored by this instance of the Surveillance Director.
Value—A regular expression that matches the virtual routers to be managed.
Guidelines—For information about regular expressions, seehttp://java.sun.com/j2se/1.4.2/docs/api/java/util/regex/Pattern.html
Typically, an instance of the Surveillance Director can manage more than one virtual router; however, only one instance of the Surveillance Director manages a virtual router at one time. If more than one instance of the Surveillance Director matches the same virtual router, the first instance of the Surveillance Director that is configured and that matches the virtual router manages it.

If you change the configuration of an instance of the Surveillance Director to stop managing a virtual router, and another instance of the Surveillance Director is already configured to manage that virtual router, then the other instance of the Surveillance Director assumes management of that virtual router.
Default—No value
Examples
- .*@BRAS.*—Matches all virtual routers on routers whose names start with BRAS
- .*virneo.*@.*—Matches all virtual routers that contain virneo in the virtual router name, for a router with any name
Property name—vrFilter

IDP Service Name

Name of the service to activate in order to direct a subset of subscriber traffic to an IDP sensor.
Value—<Service name>
Default—No value
Property name—idpServiceName

Maximum Number of IP Addresses

Maximum number of subscriber IP addresses for which the associated traffic should be sent to an IDP sensor or sensor cluster at one time.
Value—Integer greater than 1
Guidelines—You must configure a value for this property. This value must be a power of 2. Ensure that the amount of traffic generated by the number of IP addresses identified by this property conforms to the capacity for the IDP system.
For JUNOSe routers, consider system load on the SAE and on the router when you use policy-based routing from JUNOSe routers to an IDP sensor. A fragment service is activated for each IP address.
Default—8
Property name—maxIps

Maximum Number of Subnets

Maximum number of CIDR subnets for which subscriber traffic can be sent to an IDP sensor at one time.
Value—Integer greater than 1
Guidelines—Using a large number of CIDR subnets can affect system performance because an aggregate service for IDP is activated once for each CIDR subnet during a specified surveillance time.
Default—4
Property name—maxSubnets

Maximum Number of IP Addresses per Subnet

Maximum number of IP addresses supported in a CIDR subnet.
Value—Integer greater than 1
Guidelines—This value must be a power of 2.
If your configuration has a JUNOS routing platform that is being managed from a JUNOS POP, set this value to the value specified for Maximum Number of IP Addresses.
Default—8
Property name—maxIpsPerSubnet

Minimum Number of IP Addresses per Subnet

Minimum number of IP addresses supported in a CIDR subnet.
Value—Integer greater than 1
Guidelines—This value must be a power of 2 to efficiently monitor subnets, and must be set to a value less than the value for the Maximum Number of IP Addresses per Subnet.
If the minimum size of a subnet is small and the IP pools do not have large contiguous address ranges, then a surveillance interval can be underused by the number of subscribers. Also with a small minimum size specified, the IP pool can be divided into numerous CIDR subnets to exclude discontinuities in the addresses. In this scenario if the value is a number greater than 1, some addresses may be infrequently or never monitored.
Default—1
Property name—minIpsPerSubnet

Surveillance Time

Length of time to monitor each set of subscribers. This value is also the session timeout for the service specified by the IDP Service Name property.
Value—Number of seconds greater than 1
Default—15
Property name—surveillanceTime

interval Between IDP Service Sessions

Length of time between when IDP service sessions time out and when the next IDP service sessions are activated.
Value—Number of seconds greater than 1
Guidelines— Typically, services for a specified set of IP addresses time out at approximately the same time; however, the length of time to deactivate the services depends on other factors, such as the number of addresses and subnets for which a service is being deactivated, the software and hardware versions of the routers, and the size of systems running the SAE. Use this property to specify how long the Surveillance Director waits for all services to become inactive before it activates services for the next set of addresses to be monitored.
If the value for this property is too long, IDP is underutilized; if it is too short, the IDP can become overloaded.
Default—5
Property name—intraSurveillanceTime

DN of Router Profiles

DN in the directory of the subscriber folder which contains the subscriber entries that correspond to router entries under the network root. For the Surveillance Director to activate a service configured for IDP integration for <vrName>@<routerName>, it constructs a DN type of subscriber ID in the form routerName=<vrName>@<routerName>, <DN of router profiles>. The Surveillance Director then uses that DN to locate the subscriber session in which to activate the service.
Value—<DN>
Default—No value
Example—ou=routers, retailername=SP-IDP, o=Users, o=umc
Property name—routerProfilesDn

Suppress IP Addresses

Specifies whether the Surveillance Director provides a value for the subrIps parameter (a list of all the individual addresses to be monitored during a surveillance interval) when it activates an IDP service. For use when traffic is sent directly from JUNOSe routers to an IDP sensor.
Value—True or false
Guidelines—Specify false for JUNOSe POPs. Specify true for JUNOS POPs.
Default—False
Property name—suppressIps