Cisco Service Router Application Configuration Guide

Add to my manuals
751 Pages

advertisement

Cisco Service Router Application Configuration Guide | Manualzz

Cisco Videoscape Distribution Suite,

Internet Streamer 4.4.1 Software

Configuration Guide

April 19, 2018

Cisco Systems, Inc.

www.cisco.com

Cisco has more than 200 offices worldwide.

Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL

STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT

WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT

SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE

OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH

ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT

LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF

DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,

WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO

OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this

URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

© 2018 Cisco Systems, Inc. All rights reserved.

C H A P T E R

1

C O N T E N T S

Preface

xvii

Document Revision History

xviii

Audience

xix

Objective

xix

Document Organization

xix

Document Conventions

xx

Related Documentation

xxi

Obtaining Documentation and Submitting a Service Request

xxii

Product Overview

1-1

Overview

1-1

Ingest and Distribution

1-3

Prefetch Ingest

1-3

Dynamic Ingest

1-3

Hybrid Ingest

1-4

Live Stream Ingest and Split

1-4

Delivery

1-4

Management

1-5

Content Delivery System Architecture

1-5

Service Engine

1-6

Storage and Distribution

1-6

Stream and Cache-Fill Performance

1-13

NAS

1-15

Content Acquirer

1-16

Internet Streamer

1-16

Service Router

1-34

Request Routing Engine

1-34

Proximity Engine

1-48

Content Delivery System Manager

1-51

Authentication, Authorization, and Accounting

1-51

Device Management

1-52

Delivery Services Management

1-52

Resiliency and Redundancy

1-53

Content Acquirer Redundancy

1-53

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide iii

Contents

C H A P T E R

2

Internet Streamer Redundancy

1-53

Service Router Redundancy

1-53

Internet Streaming CDSM Redundancy

1-53

Network Design

2-1

VDS-IS Topology

2-1

Device Groups

2-2

Baseline Groups

2-3

Delivery Service

2-3

Content Acquirer

2-3

Content Acquirer Selection for Prefetched Content

2-4

Content Acquirer Selection for Dynamic or Hybrid Ingest

2-4

Location Leader

2-5

Location Leader Selection for Prefetched Content

2-5

Location Leader Selection for Live Streaming

2-5

Location Leader Selection for Dynamic or Hybrid Content

2-5

Forwarder and Receiver Service Engines

2-5

Persistent HTTP Connections

2-7

Network Partition

2-7

Delivery Service Distribution Tree

2-8

Types of Delivery Services

2-8

Methods for Ingesting Content

2-9

Origin Servers

2-9

Manifest File

2-10

Content Acquirer

2-11

Internet Streamer

2-11

Content Replication Using a Multicast Cloud

2-12

Introduction to Multicast Cloud

2-12

Distributing Content Through Replication

2-13

Unicast Replication

2-13

Multicast Replication

2-13

Configuring Multicast Distribution

2-14

Multicast Forward Error Correction and Proactive Forward Error Correction

2-15

Configuring PGM and File Transmission Parameters Using Multicast Expert Mode

2-16

APIs for Multicast Cloud

2-18

Service Workflow

2-18

Programs

2-20

Live Programs

2-20

Rebroadcasts

2-21

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide iv

C H A P T E R

3

C H A P T E R

4

API Program File

2-21

IPv6 Support for Client Interfaces

2-21

HTTPS Settings

2-25

Certificates

2-25

Traffic Separation for HTTPS

2-26

Configuring HTTPS

2-28

API Support for HTTPS

2-30

Wholesale CDN

2-30

Session and Bandwidth Quotas per Delivery Service

2-30

Monitoring Session and Bandwidth Quotas

2-31

Session and Bandwidth Quotas per Delivery Service Group

2-32

Monitoring Session and Bandwidth Quotas

2-32

Cache Storage Priority per Delivery Service

2-33

Snapshot Counters

2-33

Real-Time Exporting of Transaction Logs for Billing and Analytic Reports

2-33

APIs for Wholesale CDN

2-34

Getting Started

3-1

Initially Configuring the Devices

3-1

Logging In to the Internet Streaming CDSM

3-1

Activating and Synchronizing the Devices

3-3

Activating and Setting NTP for Each Device

3-3

Activating All Inactive Service Engines

3-5

Navigating the Internet Streaming CDSM

3-7

Devices, Services, and Other Tables

3-7

Devices Home Page

3-8

Task Bar

3-9

Configuring Primary and Standby CDSMs

3-11

Changing a Standby CDSM to a Primary CDSM

3-12

Recovering from two Primary CDSMs

3-13

Typical Configuration Workflow

3-13

Configuring Devices

4-1

Configuring Locations

4-1

Configuring Device Groups

4-4

Working with Device Groups

4-6

Aggregate Settings

4-8

Device Group Overlap

4-9

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Contents v

Contents

Configuring the Service Engine

4-10

Activating a Service Engine

4-10

Assigning Devices to Device Groups

4-15

Replication

4-16

Default Bandwidth

4-17

Scheduled Bandwidth

4-19

Configuring the NACK Interval Multiplier

4-21

Enabling SEs for Multicasting

4-21

Service Control

4-22

Configuring Service Rules

4-22

Configuring URL Signing Key

4-28

Configuring the Authorization Service

4-29

Configuring Transaction Logs

4-32

Application Control

4-39

Configuring Default and Maximum Bandwidth

4-39

Configuring Bandwidth Schedules

4-40

Configuring Windows Media Streaming—General Settings

4-43

Configuring Windows Media Streaming—Bypass List

4-45

Configuring Movie Streamer—General Settings

4-46

Configuring RTSP Advanced Settings

4-48

Configuring Flash Media Streaming—General Settings

4-48

Configuring Flash Media Streaming—FMS Administrator

4-49

Configuring Flash Media Streaming—Service Monitoring

4-49

Configuring Web Engine HTTP Cache Freshness

4-50

Configuring Tmpfs Size Settings

4-51

Configuring TCP Timeout

4-51

Configuring HTTP Options

4-52

General Settings

4-52

Configuring Content Management

4-52

Login Access Control

4-55

Authentication

4-62

Scheduling Database Maintenance

4-66

Setting Storage Handling

4-67

Network Settings

4-69

Configuring Notification and Tracking

4-87

Configuring Troubleshooting

4-103

Configuring Service Router Settings

4-104

Configuring Cache Router Settings

4-104

Configuring Memory Limitation Settings

4-105

Configuring ABR Latency

4-105

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide vi

C H A P T E R

5

Contents

Configuring the Service Router

4-106

Activating a Service Router

4-106

Configuring Routing Settings

4-110

Configuring Request Routing Settings

4-110

Configuring IP-based Redirection

4-115

Configuring DNS-based Redirection

4-115

Configuring Redirect Burst Control

4-116

Configuring Cross-Domain Policy

4-116

Configuring the Proximity Server Settings

4-117

Configuring Application Control

4-128

Configuring Load Monitoring

4-128

Configuring Last-Resort Routing

4-130

Creating ASX Error Message Files for Windows Media Live Programs

4-133

Configuring Domain Subscription

4-134

Configuring Memory Limitation Settings

4-134

Configuring Transaction Logs for the Service Router

4-135

Configuring the CDSM

4-141

Configuring Services

5-1

Configuring Delivery Services

5-1

Creating Delivery Service

5-1

Content Origins

5-34

Creating Multicast Clouds

5-41

Assigning SEs to a Multicast Cloud

5-45

Assigning Multicast Clouds to Delivery Services

5-47

Creating Storage Priority Classes

5-48

Creating Delivery Service Group

5-49

Configuring Programs

5-51

Defining a Program

5-52

Configuring Live Programs

5-52

Priming a Live Delivery Service

5-56

Windows Media Streaming Live Streaming Encoder Failover

5-57

Configuring a Rebroadcast

5-58

Viewing the Multicast Addresses

5-61

Viewing Programs

5-62

Viewing and Modifying API Programs

5-63

Previewing a Program

5-64

Copying a Program

5-64

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide vii

Contents

C H A P T E R

6

C H A P T E R

7

Configuring the System

6-1

Configuring AAA

6-1

Creating, Editing, and Deleting Users

6-2

Creating, Editing, and Deleting Roles

6-5

Creating, Editing, and Deleting Domains

6-6

Viewing Locked Users

6-7

Changing a Password

6-7

Configuring System Settings

6-8

System Properties

6-8

Configuring Device Offline Detection

6-10

Configuring Distribution QoS

6-11

Configuring Service Routing

6-12

Coverage Zone File Registration

6-13

Configuring Global Routing

6-14

Authorization File Registration

6-15

NAS File Registration

6-16

CDN Host File Registration

6-17

HTTPS Settings

6-18

Configuring HTTPS General Settings

6-19

Uploading or Importing a Root CA File

6-20

Uploading a CRL File

6-21

Scheduling a CRL File

6-22

Uploading Certificate and Key Files

6-23

Scheduling Web Engine Notification of Certificate and Key Files

6-23

Configuring the CDSM to Communicate with an External System

6-24

Viewing or Downloading XML Schema Files

6-26

Configuring Licenses

7-1

Viewing CDN License Summary

7-2

Configuring License Files

7-3

Purchase Information

7-3

License Logs

7-4

C H A P T E R

8

Monitoring the Videoscape Distribution Suite, Internet Streamer

8-1

System Monitoring

8-1

System Status

8-1

Device Alarms

8-4

Service Alarms

8-5

License Alarms

8-6

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide viii

System Home Page

8-7

System Audit Logs

8-9

System Port Numbers

8-10

Device Monitoring

8-13

Devices Table

8-13

Devices Home Page

8-15

Using show and clear Commands

8-17

Using the CDSM show or clear Command Tool

8-17

Core Dump Files

8-24

CPU Utilization

8-25

Reports

8-26

Bandwidth Served

8-27

Bandwidth Efficiency Gain

8-28

Streaming Sessions

8-29

Delivery Service Monitoring

8-30

Delivery Services Table

8-30

Processing Content Deletion

8-34

Content Deletion Tasks

8-35

Replication Status for a Delivery Service

8-37

Content Replication Status by Delivery Service

8-40

Content Replication Status by Device

8-42

Viewing Statistics

8-44

Viewing Service Engines and Device Group Statistics

8-44

Viewing Routing Statistics

8-46

Viewing Replication States

8-46

Viewing Proximity Engine Statistics

8-48

Viewing Overall Proximity Statistics

8-48

Viewing IS-IS Statistics

8-50

Viewing OSPF Statistics

8-51

Viewing SRP Statistics

8-53

Log Files

8-54

Transaction Logs

8-54

Transaction Log Formats for Acquisition and Distribution

8-55

Transaction Log Formats for Web Engine

8-58

Client Transaction Logs

8-58

Ingest Transaction Logs

8-65

Transaction Logging and NTLM Authentication

8-69

Usage Guidelines for Log Files

8-69

Working Logs

8-70

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Contents ix

Contents

C H A P T E R

9

Archive Working Log

8-70

Exporting Log Files

8-71

Windows Media Transaction Logging

8-72

Windows Media Client Transaction Logs

8-72

Windows Media Ingest Transaction Log

8-82

Movie Streamer Transaction Log Fields

8-83

Flash Media Streaming Transaction Log Fields

8-84

Event Status Codes in Flash Media Streaming Access Logs

8-89

Events in Flash Media Streaming Access Logs

8-91

Service Router Transaction Log Fields

8-92

Service Monitor Transaction Logs

8-93

Content Manager Transaction Log Fields

8-98

Web Engine User Level Session Transaction Logs

8-99

Web Engine Custom Formats for ABR and Generic Session HTTP Transactions

8-100

Per Session Log

8-101

Snapshot Counter Transaction Logs

8-103

Transaction Log Formats for Geo-IP

8-106

Maintaining the Videoscape Distribution Suite, Internet Streamer

9-1

Software Upgrade

9-1

Getting a Software File from Cisco.com

9-1

Pre-positioning a Software File

9-2

Finding the Software Version of the Devices

9-3

Configuring the Software Image Settings

9-3

Upgrading the Software

9-6

Downgrading the Software

9-6

Interoperability Considerations

9-7

Upgrading Software by Device Groups

9-7

Software Upgrades by Device

9-9

Rebooting Devices

9-10

Deleting a Device

9-10

Deleting a Warm Standby CDSM

9-13

Replacing a Device

9-13

Replacing a CDSM

9-13

Replacing an SE or SR

9-14

Backup and Recovery Procedures

9-16

Performing Backup and Restore on the CDSM Database

9-16

Using the Cisco VDS-IS Software Recovery CD-ROM

9-17

System Software Components

9-17

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide x

A P P E N D I X

A

A P P E N D I X

B

Getting the Cisco VDS-IS Software Recovery File from Cisco.com

9-18

Installing the Software Using the Recovery CD-ROM

9-18

Recovering the System Software

9-19

Recovering a Lost Administrator Password

9-22

Recovering from Missing Disk-based Software

9-23

Recovering VDS-IS Network Device Registration Information

9-25

Disk Maintenance

9-27

Disk Error Handling

9-27

Disk Latent Sector Error Handling

9-27

SMART Sector Errors

9-28

disk repair Command

9-32

Removing and Replacing Disk Drives

9-34

Replacing a Disk

9-35

Troubleshooting

A-1

Troubleshooting Service Router Configurations

A-1

Troubleshooting the Distribution Hierarchy

A-2

Troubleshooting Content Acquisition

A-3

Enabling the Kernel Debugger

A-6

Troubleshooting Web Engine Cache Status Codes

A-7

Creating Manifest Files

B-1

Introduction

B-1

Manifest File Requirements

B-2

Working with Manifest Files

B-2

Specifying a Single Content Item

B-2

Specifying a Crawl Job

B-3

Understanding the Prefix Attribute

B-5

Writing Common Regular Expressions

B-6

Scheduling Content Acquisition

B-6

Specifying Shared Attributes

B-7

Specifying a Crawler Filter

B-7

Specifying Content Priority

B-9

Generating a Playserver List

B-10

Customized Manifest Playserver Tables and the HTTP Playserver

B-11

Specifying Attributes for Content Serving

B-11

Specifying Time Values in the Manifest File

B-12

Refreshing and Removing Content

B-13

Specifying Live Content

B-14

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Contents xi

Contents

Specifying Hybrid Ingest Content

B-15

Manifest Validator Utility

B-15

Running the Manifest Validator Utility

B-15

Valid Manifest File Example

B-16

Invalid Manifest File Example

B-17

Understanding Manifest File Validator Output

B-18

Syntax Errors

B-18

Syntax Warnings

B-18

Correcting Manifest File Syntax

B-19

Manifest File Structure and Syntax

B-19

CdnManifest

B-22

playServerTable

B-23

playServer

B-24

options

B-25

server

B-26

host

B-26

proxyServer

B-28

item

B-29

crawler

B-37

item-group

B-40

matchRule

B-43

match

B-44

contains

B-45

XML Schema

B-46

PlayServerTable XML Schema

B-46

Default PlayServerTable Schema

B-47

Manifest File Time Zone Tables

B-47

A P P E N D I X

C

Creating Coverage Zone Files

C-1

Introduction

C-1

Zero-IP Based Configuration

C-2

Invalid IPv4 Addresses in Coverage Zone File

C-3

Coverage Zone File Example

C-3

Scenario 1: Coverage Zone with Client Network Only

C-4

Scenario 2: Coverage Zone with Geographical Location of the Datacenter Only

C-4

Scenario 3: Coverage Zone with Client Network and Geographical Location of the Datacenter

C-5

Scenario 4: Coverage Zone for Same Client Network with Different Weighted SEs

C-5

Scenario 5: Coverage Zone with Restricted List of SEs Used for Proximity-Based Routing

C-6

Scenario 6: Coverage Zone for IPv6 Client Networks

C-7

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide xii

A P P E N D I X

D

A P P E N D I X

E

Contents

Creating Geo/IP Files

D-1

Introduction

D-1

Processing Order

D-4

Service Rule Config File

D-4

Understanding the Allow and Deny Conditions

D-5

Allow Conditions

D-5

Deny Conditions

D-5

Order Tag

D-5

Order Scenarios

D-6

Geo/IP File Examples

D-16

Creating Service Rule Files

E-1

Introduction

E-1

Converting Old Service Rules to New Service Rules

E-2

Adding a Service Rule File to the VDS

E-3

Service Rule File Structure and Syntax

E-4

Pattern Matching

E-11

Rule Action Processing

E-12

Rule Actions for Web Engine

E-13

URL Resolve

E-13

URL Redirect

E-18

Force Revalidation

E-18

URL Generate Signature

E-18

URL Signing Key in the Service Rule File

E-19

Windows Media Streaming ASX Files with URL Signing

E-21

HTTP Header Manipulation

E-25

Converting Old Windows Media Streaming Service Rules for URL Signing and Validation

E-27

Rule Actions for Flash Media Streaming

E-28

Converting Old Flash Media Streaming Service Rules

E-28

Support for SWF Validation

E-31

SWF Validation Process

E-31

Support for DSCP Marking

E-33

Service Rule File Examples for Header Manipulation

E-33

Service Rule File for URL Validation and the Exclude-Validation Attribute

E-35

Exclude Client IP address from URL Validation

E-36

Exclude Expiry Time from URL Validation

E-36

Exclude Both the Client IP address and the Expiry Time from URL Validation

E-37

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide xiii

Contents

A P P E N D I X

F

A P P E N D I X

G

A P P E N D I X

H

A P P E N D I X

I

ABR Session-Based Encryption and Session Tracking

F-1

Introduction

F-1

HLS Session-Based Encryption

F-2

HLS Solution Components

F-3

HLS Out of Band Manifests

F-3

HSS Session-Based Encryption

F-3

Session Tracking

F-4

Session Cookie

F-4

ABR Session Tracking Client IP address Validation

F-4

Generic Session Tracking Client IP address Validation

F-4

Key Parameters

F-5

Configuring Session-Based Encryption and Session Tracking

F-5

Service Rule Configuration for Session-Based Encryption and Session Tracking

F-5

Service Rule Example for Session-Based Encryption and Session Tracking

F-6

SetParameter Names and Values

F-8

Session Resolve Rule

F-17

Session Start and Stop Notification Configuration

F-18

Key Management Server Interface

F-20

Transaction Logs for Session-Based Encryption and Session Tracking

F-23

ABR Latency

G-1

Introduction

G-1

Configuring ABR Latency

G-1

Configuring per Delivery Service

G-3

Creating NAS Files

H-1

Introduction

H-1

Reading NAS Metadata

H-2

Configuring NAS

H-3

NAS Mount Removal

H-3

Creating a NAS XML File

H-4

NAS XML File Example

H-4

Creating CDN Host Files

I-1

Introduction

I-1

Configuring CDN Host File

I-1

CDN Host File Example

I-2 xiv

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

A P P E N D I X

J

A P P E N D I X

K

A P P E N D I X

L

Contents

URL Signing and Validation

J-1

Introduction

J-1

URL Signing Components

J-1

Supported Protocols and Media

J-2

Configuring the VDS-IS for URL Signing

J-3

Configuring URL Signing

J-3

Configuring Service Rules for URL Signing

J-4

Configuring URL Signing Key

J-5

URL Signing and Validating

J-6

URL Signing Script for Symmetric Keys

J-6

URL Signing Version

J-6

Example of a Python URL Signing Script

J-7

Running a Python URL Signing Script

J-11

URL Signing and Flash Media Streaming

J-13

Importance of Device Synchronization

J-13

Understanding the Signing Procedure

J-14

Public Key URL Signing for Asymmetric Keys

J-15

How Public Key URL Signing Works with VDS-IS

J-15

URL Signing C Program

J-16

CLI Commands

K-1

Multi-Port Support

K-1

Configuring Port Channel

K-6

Redundant Dedicated Management Ports

K-6

Configuring Redundant Management Ports

K-7

Switch Port-Channel Configuration for Content Acquirer and Edge Service Engine

K-9

Verifying Port Channel Configuration

K-9

Configuring Last-Resort Routing

K-11

Configuring Standby Interfaces

K-12

Standby Interface with Switch Failover Configuration Procedure

K-15

Verifying the Videoscape Distribution Suite, Internet Streamer

L-1

Verifying the Web Engine

L-1

Verifying Preingested Web Content

L-1

Verifying Dynamically Ingested Web Content

L-4

Verifying the Windows Media Streaming Engine

L-9

Verifying Preingested Windows Media Content

L-9

Verifying Dynamically Ingested Windows Media Content

L-10

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide xv

Contents

A P P E N D I X

M

A P P E N D I X

N

A P P E N D I X

O

Verifying Windows Media Live Content Playback

L-12

Verifying the Movie Streamer Engine

L-13

Preparing Movie Streamer Content for Ingest

L-13

Verifying Preingested Movie Streamer Content

L-15

Verifying Dynamically Ingested Movie Streamer Content

L-18

Verifying Movie Streamer Live Content Playback

L-19

Verifying the Flash Media Streaming Engine

L-21

Verifying Flash Media Streaming Preingested Content

L-22

Verifying Flash Media Streaming Dynamically Ingested Content

L-26

Verifying Flash Media Streaming—Live Streaming

L-29

Specifications and Part Numbers

M-1

Application License

M-1

Advanced Feature License

M-2

Capacity License

M-2

Other Licenses

M-2

Generating Self-Signed Certificates with VDS-SM

N-1

Generating a Root Certificate

N-2

Generating a Server Certificate

N-2

Generating a Client Certificate

N-4

Installing Certificates on VDS-SM

N-5

Validating Configurations

N-6

Credit Information

O-1 xvi

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Preface

This preface describes the audience, objectives, organization, and conventions of the Cisco Videoscape

Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide.

It also references related documentation and describes how to obtain documentation and submit a service request.

Document Revision History, page xviii

Audience, page xix

Objective, page xix

Document Organization, page xix

Document Conventions, page xx

Related Documentation, page xxi

Obtaining Documentation and Submitting a Service Request, page xxii

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide xvii

Document Revision History

Date

April 19,

2018

Change Summary

Updated for VDS-IS 4.4.1.

• Updated

Table E-3 , “Service Rule File Elements”

.

Updated Last resort routing section in “Product Overview” chapter.

Added “Configuring ABR Latency” section in “Configuring the devices” chapter.

Updated the

“Request Routing Settings—General Settings Fields” table for

“ Last Resort Routing for Exceeded Bandwidth”.

Updated the

“General Settings Fields” for “

ABR Latency Settings”.

November

21, 2017

• Added Appendix G “ABR Latency”.

Updated for VDS-IS 4.3.3.

September

26, 2017

• Updated “Disable kernel cache fill”, content under “Service Engine Settings” section in “Configuring Services” chapter.

Updated for VDS-IS 4.3.3, added a Note in “Configuring the Authorization

Service”, section in “Configuring the devices” chapter.

October

25,2016

Updated for VDS-IS 4.3.2

• Added “Configuring HTTP Options” in the Configuring Devices.

July 01,

2016

February

29, 2016

• Added “ String” field feature under “Table 5-5 Advanced Settings for Serving

Content .

Updated for VDS-IS 4.3.2

Introduces an Optional element for Geo/IP XML

Updated for VDS-IS 4.3.1

• Added new section “CDN Host File Registration” in Configuring the System chapter.

Updated Geo-IP Plug-in Schedule information in Configuring Services chapter.

Added new section “Transaction Log Formats for Geo-IP” in Monitoring the

Videoscape Distribution Suite, Internet Streamer.

• Added Appendix H “Creating CDN Host Files”.

Updated for VDS-IS 4.2.1

August 7,

2015

March 27,

2015

Initial Release xviii

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Audience

This guide is for the networking professional managing the Cisco Videoscape Distribution Suite, Internet

Streamer, hereafter referred to as the VDS-IS. Before using this guide, you should have experience working with Cisco IOS software and be familiar with the concepts and terminology of Ethernet, local area networking, and Internet streaming.

Objective

This guide provides the information that you need to configure and monitor the VDS-IS.

This guide provides procedures for using the commands that have been created or changed for use with the VDS-IS. It does not provide detailed information about these commands.

This guide does not describe system messages that you might encounter or how to install your VDS-IS.

See the

“Related Documentation” section on page xxi for links to documentation online.

For documentation updates, see the release notes for this release.

Document Organization

Chapter or Appendix

Chapter 1, “Product Overview”

Chapter 2, “Network Design”

Chapter 3, “Getting Started”

Chapter 4, “Configuring Devices”

Chapter 5, “Configuring Services”

Chapter 6, “Configuring the System”

Description

Provides a brief introduction to the VDS-IS.

Describes the VDS-IS topology, elements of a Delivery

Service, and the Delivery Service workflow.

Provides information about initially configuring the devices to communicate with the Content Delivery

System Manager (CDSM), configuring a standby CDSM, navigating the CDSM, and a typical configuration workflow.

Provides information on configuring the devices in the

VDS-IS.

Provides information about configuring delivery services.

Provides information on system configuration for the

VDS-IS.

Provides information on licenses for the VDS-IS.

Provides information on monitoring the VDS-IS.

Chapter 7, “Configuring Licenses”

Chapter 8, “Monitoring the Videoscape

Distribution Suite, Internet Streamer”

Chapter 9, “Maintaining the Videoscape

Distribution Suite, Internet Streamer”

Appendix A, “Troubleshooting”

Provides information on upgrading the VDS-IS software, deleting devices from the system, performing disk maintenance, and removing content from the system.

Discusses troubleshooting Service Routers, and the acquisition and distribution of content.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide xix

Chapter or Appendix

Appendix B “Creating Manifest Files.”

Appendix C, “Creating Coverage Zone

Files,”

Appendix D “Creating Geo/IP Files.”

Description

Provides information on creating and validating a

Manifest file.

Provides information on creating and validating a

Coverage Zone file.

Provides information on creating Authorization Service files.

Appendix E “Creating Service Rule Files.”

Provides information on creating Service Rule XML files.

Appendix F “ABR Session-Based

Encryption and Session Tracking.”

Provides information on Session-Based Encryption and

Session Tracking.

Appendix H “Creating NAS Files.”

Provides information on creating NAS XML files.

Appendix J “URL Signing and Validation.”

Describes the URL signing script for URL signature creation at the portal.

Appendix K, “CLI Commands”

Appendix L “Verifying the Videoscape

Distribution Suite, Internet Streamer.”

Appendix M, “Specifications and Part

Numbers”

Provides information on configuring port channels, last resort routing domains, and other CLI commands.

Describes procedures for verifying the VDS-IS using different media players.

Provides information about the software licenses for the

VDS-IS.

Document Conventions

Convention Description boldface italic x | y | z }

font

font

Option > Option

[ ]

{

[ x | y | z ]

Commands and keywords are in boldface .

Arguments for which you supply values are in italics .

Used to define a series of menu options.

Elements in square brackets are optional.

Alternative, mutually exclusive, keywords are grouped in braces and separated by vertical bars.

Optional alternative keywords are grouped in brackets and separated by vertical bars.

string A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks.

Terminal sessions and information the system displays are in screen

font.

screen

font boldface screen

font Information you must enter is in boldface screen

font.

italic screen font Arguments for which you supply values are in italic screen

font.

^ The symbol ^ represents the key labeled Control—for example, the key combination ^D in a screen display means hold down the Control key while you press the D key.

xx

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Convention

< >

!, #

Description

Nonprinting characters, such as passwords, are in angle brackets in contexts where italics are not available.

An exclamation point ( ! ) or a pound sign ( # ) at the beginning of a line of code indicates a comment line.

Note Means reader take note . Notes contain helpful suggestions or references to materials not covered in the manual.

Caution Means reader be careful . In this situation, you might do something that could result in equipment damage or loss of data.

Tip Means the following information might help you solve a problem.

Related Documentation

These documents provide complete information about the VDS-IS and are available on the Cisco.com:

• Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Cisco VDS Internet Streamer 3.0–3.1 Quick Start Guide

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Command Reference Guide

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 API Guide

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Alarms and Error Messages Guide

Release Notes for Cisco Videoscape Distributions Suite, Internet Streamer 4.4.1

Cisco Videoscape Distribution Suite, Internet Streamer 4.1 Software Installation Guide for non-CDEs

Cisco Videoscape Distribution Suite, Internet Streamer Virtualization Guide

Cisco Videoscape Distribution Suite, Internet Streamer Hybrid Streamer Guide

Cisco Content Delivery Engine 205/220/250/280/420/460/470 Hardware Installation Guide

Regulatory Compliance and Safety Information for Cisco Content Delivery Engines •

• Open Sources Used in VDS-IS Release 4.4.1

You can access the software documents at the following URL: http://www.cisco.com/en/US/products/ps7127/tsd_products_support_series_home.html

You can access the hardware documents for the CDEs at the following URL: http://www.cisco.com/en/US/products/ps7126/tsd_products_support_series_home.html

You can access the hardware documents for non-CDEs at the following URLs:

• Cisco UCS C200 Installation and Service Guide http://www.cisco.com/en/US/docs/unified_computing/ucs/c/hw/C200M1/install/c200M1.html

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide xxi

Cisco UCS C210 Installation and Service Guide http://www.cisco.com/en/US/docs/unified_computing/ucs/c/hw/C210M1/install/C210M1.html

Cisco UCS C220 Installation and Service Guide http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/hw/C220/install/C220.html

Cisco UCS C240 Installation and Service Guide http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/hw/C240/install/C240.html

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation, at the following URL: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0. xxii

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

C H A P T E R

1

Product Overview

This chapter introduces the Cisco Videoscape Distribution Suite, Internet Streamer (VDS-IS).

Overview, page 1-1

Content Delivery System Architecture, page 1-5

Overview

The Cisco VDS-IS is a distributed network of Content Delivery Engines (CDEs) running Content

Delivery Applications (CDAs) that collaborate with each other to deliver multi-format content to a variety of client devices. The client devices supported are personal computers and Wi-Fi-enabled mobile devices, such as personal digital assistants (PDAs).

The VDS-IS supports a variety of mechanisms to accelerate the distribution of content within the content delivery network. It also offers an end-to-end solution for service providers to ingest and stream entertainment-grade content to subscribers.

The VDS-IS functionality can be separated into four areas:

• Ingest

Distribution

Delivery

• Management

Each CDE in the VDS-IS contributes to one or more of these functions as determined by the CDAs

running on it. Table 1-1 describes the relationship between the CDA names and the Internet Streaming

Content Delivery System Manager (CDSM) device names.

Table 1-1 CDA Mapping to Functionality and CDSM

CDA Name Functionality CDSM Device Name

Internet Streamer (+ Content Acquirer) Ingest, distribution, and delivery

Service Router

Service Engine (SE)

Redirect client requests for delivery Service Router (SR)

Internet Streaming Content Delivery

System Manager

Management CDSM

The Service Engine can function as a Content Acquirer and Internet Streamer, or just as an Internet

Streamer.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-1

Chapter 1 Product Overview

Overview

Figure 1-1

shows the major elements of a VDS-IS network. How content flows, from ingest to distribution within the VDS-IS, to delivery to client devices, is dictated by the content delivery services defined for each content origin. A Delivery Service is a configuration defined by using the CDSM and consists of configuration parameters that dictate how content is ingested and distributed, and what content is delivered to the client devices. Some of the primary Delivery Service definition parameters are as follows:

Origin server

Service routing domain name

Service Engines participating in the Delivery Service

Service Engine designated as the Content Acquirer

The Content Acquirer is only active on one Service Engine in each Delivery Service.

Figure 1-1 High-Level View of the Cisco VDS-IS metadata

Asset

Management

System

Content provider content

Origin servers content

Service Engine

Internet Streamer

GigE Service Engine

Internet Streamer

GigE

GigE management

Switched network

Service Engine

Content Acquirer

Service Router

Proximity Engine

CDSM

GigE

GigE

Internet Streamer management

Service Engine

GigE

GigE

GigE

Switched network

Access point

Access point

CMTS

CMTS

CMTS

RF

RF

RF

HFC

GigE

Geo-Location servers

Service Router

Request Routing Engine

DNS servers

Modem

Access point

The following sections briefly describe the elements of the VDS-IS. For more detailed information, see the

“Content Delivery System Architecture” section on page 1-5 .

1-2

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Overview

Ingest and Distribution

The Service Engine designated as the Content Acquirer for a Delivery Service is the ingest device.

VDS-IS supports the following methods of content ingest:

• Prefetch ingest

Dynamic ingest

Hybrid ingest

• Live stream ingest and split

The distribution of content within the VDS-IS is determined by the method of ingest used.

Prefetch Ingest

The Content Acquirer receives metadata from the back-office in the form of an XML-formatted Manifest file, and using the information in the file, pulls the content into storage on the Content Acquirer. The content can be ingested by using different protocols. The supported protocols are FTP, HTTP, HTTPS, and CIFS, which are files copied to the Service Engine. The ingested content is then distributed to all

Service Engines in the content Delivery Service. The content is stored on each Service Engine’s hard disk for a configurable amount of time or until the content entry gets deleted from the Manifest file. This is called content pinning .

The Manifest file can be used to specify different policies for content ingest and also for streaming the prefetched content. For example, the policy could include specifying the expiry of the content, setting time windows in which the content is made available to users, and so on.

Note The content type (MIME) value cannot exceed 32 characters.

Dynamic Ingest

Content can be dynamically ingested into the VDS-IS. Dynamic ingest is triggered when a Service

Engine’s Internet Streamer application does not find a client’s requested content in its local hard disk storage. All Service Engines participating in the content Delivery Service coordinate to form a content distribution tunnel starting at the origin server and ending at the Service Engine responding to the client request. As the content flows through this tunnel, the participating Service Engines cache a copy of the content. Subsequent requests for the same content are served off the VDS-IS network. Content ingested and distributed by this method is deleted if clients do not request it frequently.

The Internet Streaming CDSM manages this ingest method internally, not by instructions embedded in a Manifest file, and manages the storage automatically. The Internet Streaming CDSM also provides the ability to purge any dynamically ingested content out of the Service Engines. Content is identified by a

URL, which is also used to delete the content.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-3

Chapter 1 Product Overview

Overview

Hybrid Ingest

The hybrid ingest method provides a very powerful solution by combining the features of the prefetch ingest and the dynamic ingest methods. The metadata and control information about the content, defined in the Manifest file, is propagated and pinned to all Service Engines participating in the content Delivery

Service. However, the content is not prefetched. Ingest occurs upon user request for the content. Content that is cached on the Service Engines by using this method is subject to the same deletion rules as the dynamic ingest method. The metadata that is propagated can be used to specify explicit controls and policies for streaming the content.

Live Stream Ingest and Split

The live stream ingest method distributes a live content feed to all of the Service Engines participating in the content Delivery Service and helps to scale the content delivery to a very large audience. This method leverages the live stream splitting capabilities of the Internet Streamer application and optimizes the access by doing a one-to-many split to all Service Engines in the content Delivery Service. The

Internet Streaming CDSM provides the necessary interface to schedule the streaming of live programs.

Advanced techniques are used to enhance the performance of live streaming.

Delivery

The Service Router handles client requests for content and determines the best Service Engine to deliver it based on proximity, load and health states.

Once the best Service Engine has been determined, the content is delivered to the client device by means of one of the following mechanisms:

• Static Content Download using HTTP —Content is downloaded by the client device before it can be rendered to the user.

Progressive Content Download using HTTP —Content is rendered in segments to the user before it has been fully downloaded.

Content Streaming using HTTP, RTMP, RTSP, or RTP —Content is streamed to the client device,

Service Engines collect feedback and can fine-tune streaming. Advanced error recovery can also be performed. This is a very common method of streaming video content to client devices.

Table 1-2 lists the content types and formats, content transport protocols, and client types supported by

the VDS-IS.

Table 1-2 Supported Content Types

Content Types and

Formats

Windows Media

(WMA, WMV, ASF, and others) VC-1

QuickTime (MOV), hinted (3GP) files

Transport

Protocols Typical Client Types

RTP,

RTSP,

HTTP

Windows Media Player 9, 10, 11 on PC

Windows Media Player 9 for Mac

Windows Media Technology (WMT) Silverlight

RTP,

RTSP,

HTTP

Access

Network Type

Wired

Wi-Fi

Cellular

On PC: QuickTime Player, QuickTime Pro 6 or 7,

RealPlayer 10 or 11 (3GP only), VLC player

On Mac: QuickTime Player, QuickTime Pro 6 or

7, RealPlayer 10 for Mac OS X (3GP only)

Wired

Wi-Fi

Cellular

1-4

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

Table 1-2 Supported Content Types (continued)

Content Types and

Formats

Transport

Protocols Typical Client Types

Web browsers and other HTTP clients Other Hypertext and image files (HTML,

JPEG, and so on)

HTTP

MPEG (MP1, MP2,

MP4)

RTP,

RTSP

MPEG clients

Adobe Flash (SWF,

FLV, MP3)

RTMP,

HTTP

Note For Flash Media Streaming, the Adobe

Flash Media Player 9 update 3, Adobe

Media Player, and Adobe Air, are the only players that support MPEG-4.

Adobe Flash Player 9 for Windows, Mac OS, and

Linux

H.264

RTMP,

HTTP

H.264 clients

Note

Access

Network Type

Wired

Wi-Fi

Cellular

Wired

Wired

Wi-Fi

Cellular

Wired

For Flash Media Streaming, the Adobe

Flash Media Player 9 update 3 is the only supported player.

Note RTMP is part of the Flash Media Streaming feature.

Management

The Internet Streaming CDSM, a secure web browser-based user interface, is a centralized system management device that allows an administrator to manage and monitor the entire VDS-IS network. All devices, Service Engines and Service Routers, in the VDS-IS are registered to the Internet Streaming

CDSM.

Service Engines can be organized into user-defined device groups to allow administrators to apply configuration changes and perform other group operations on multiple devices simultaneously. One device may belong to multiple device groups.

The Internet Streaming CDSM also provides an automated workflow to apply a software image upgrade to a device group.

Content Delivery System Architecture

The VDS-IS consists of an Internet Streaming CDSM, one or more Service Engines, and one Service

Router. For full redundancy, a VDS-IS would include an additional CDSM and Service Router. The

Service Engine handles content ingest, content distribution within the VDS-IS, and content delivery to client devices. The Service Router handles client requests and redirects the client to the most appropriate

Service Engine. The Internet Streaming CDSM manages and monitors the VDS-IS, the delivery services, and all of the devices in the VDS-IS.

Service Engine

Service Router

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-5

Chapter 1 Product Overview

Content Delivery System Architecture

Content Delivery System Manager

Resiliency and Redundancy

Service Engine

Each Service Engine can function as a Content Acquirer and Internet Streamer, or just as an Internet

Streamer. Based on the Service Engines’ assignments to different delivery services, the right set of applications supporting the functions is enabled. For example, only one Service Engine is assigned the role of Content Acquirer in each Delivery Service. In addition, the Service Engine assigned as the

Content Acquirer in a Delivery Service also includes the functions of an Internet Streamer.

Storage and Distribution

Both the Content Acquirer and the Internet Streamer applications have storage and distribution functions within the VDS-IS, which include the following:

• Management of the physical storage of content and metadata. Content URLs are translated into their physical file paths for content retrieval, deletion, and update.

Management of dynamically ingested content and periodic replacement of content not accessed frequently. Content replacement is performed by sophisticated content-replacement algorithms. The algorithms add weight to the content according to size, frequency of access, and other attributes to produce the list of content that needs to be purged.

Ingest of prefetched content and retrieval of such content for distribution to other Service Engines in the same Delivery Service.

Maintenance of information about the entire VDS-IS topology and all of the delivery services. This includes upkeep of a list of Service Engines in the same Delivery Service that is used for distributing prefetched, dynamic, and live stream content.

Maintenance of the database that stores and distributes metadata about the content, and the topology and Delivery Service information.

Distribution of content on a per-Delivery Service basis, where the flow path of content could differ from one Delivery Service to another.

FastCAL

The Content Abstraction Layer (CAL) library provides an interface to the Content Delivery Network File

System (CDNFS). The CAL library monitors the content in the CDNFS and communicates with the

Content Manager process to evict less popular content.

The Fast Content Abstraction Layer (FastCAL) library provides quick response time for high-performance Web Engine create, update, lookup, and delete operations. All other protocol engines and modules, including live streaming for Flash Media Streaming and RTSP gateway, continue to use the CAL library and Unified Namespace (UNS) process. Flash Media Streaming VOD (prefetched, hybrid and dynamically cached content) use FCAL by way of the Web Engine. FastCAL communicates with the Content Manager for popularity tracking. Lookup notifications are also sent from FastCAL to the Content Manager.

Disk Path

FastCAL creates the disk path for cache content. An example of a disk path with an HTTP content URL of http://192.168.1.9/vod/foo.flv follows:

1-6

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

/disk11-01/c/192.168.1.9/1d/a1/1da1394af838bbcb45af78fd5681abeb/foo.flv.http

The disk path for the prefetched HTTP content URL, http://192.168.1.9/vod/c5.flv, translates to the following:

/disk03-01/p/192.168.1.9/1d/a1/1da1394af838bbcb45af78fd5681abeb/c5.flv

Disk Allocation

Disk usage for all disks is maintained in shared memory, which is updated by the Content Manager with actual disk usage and by FastCAL when new content is created. FastCAL creates predefined buckets , which are groups of disks. The number of disks per bucket varies, and the number of buckets varies; it is determined by the CDE model.

The CDNFS disk mount point is always displayed as disk XX-YY , where XX is the disk number and YY is the partition. Every content URL is always associated with the same bucket, so lookup, create, and delete always happen within the same bucket. This method avoids searching all disks on the CDE. If a bucket has no disks (because of disk failure, unmounting of the disks, and so on), content is served from the network. The incoming traffic to the SE is distributed evenly to the buckets, which means that if the number of available disks in a bucket is less than the other buckets, the other disks in the impaired bucket are used more, which may impact performance.

Bucket Allocation

A hashing algorithm is used to generate a hash of the content URL, on which a calculation is performed to determine the bucket for the content. This ensures content is distributed evenly among all of the buckets.

Content Manager

The Content Manager module keeps track of all the files in CDNFS, and maintains all content popularity information and stores it in a snapshot file. the Content Manager includes the following enhancements:

• Improved the cache content storage:

– For a platform with physical memory size less than 32 GB(33,554,432 KB), the maximum cached file entries is 20 million and the maximum cached directories 1 million.

– For a platform with physical memory size more than 32 GB(33,554,432 KB), the maximum cached file entries is 50 million and the maximum cached directories 10 million.

Increase maximum length of URL to 2048 characters

Note In calculating the maximum length of the URL (2048 characters), an MD5 hash must be considered as part of the overall URL length, therefore the maximum length of the URL should not exceed 2028 characters.

Continue to manage cache content objects for all protocol engines

Maintains share memory containing disk related information

Monitors disk usage periodically and starts eviction when usage exceeds threshold

Receives updates on disk information based on CMGRSlowScan process, which scans the entire system after every Primary start-time of slowscan. The Primary start-time of slowscan (or Secondary start-time of slowscan) is set in the Devices > Devices > General Settings > Content Management page in the CDSM GUI.

Receives updates on each disk during start-up from CMgrSnapshotReader.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-7

Chapter 1 Product Overview

Content Delivery System Architecture

Note We recommend that any CDE model that has hard-disk drives (HDDs) instead of solid-state drives

(SSDs), and is used to stream ABR content, be configured with a maximum of 5 million objects instead of the 20 million objects. This is because HDD-based hardware requires more seek time to access content. The software can handle 20 million objects, but the hard-drive access time impacts the ABR streaming performance. ABR content consists of a large number of small files, which results in a lot of overhead.

For long-tail content (Windows Media Streaming, Flash Media Streaming, Movie Streamer, and progressive download), the maximum number of content objects can be configured with the default of

20 million objects on HDD-based hardware models.

Two of the HDD-based hardware models are the CDE220-2G2 and CDE250-2M0.

Content Types

The Content Manager manages content object types in the following ways:

• Cache content—Maintains file information such as disk path, file size, and priority

Prefetched content—Maintains prefetched file disk path in memory to manage the number of prefetched assets in the system

Hybrid content—Handles the same as cache content, maintains file information

Related content—Maintains information on parent content disk location, aggregated size and hit count

Create

When a file is created (added), FastCAL library updates the Content Manager with the file location,

URL, file size, and hit counts.

If the cache-fill rate (creation rate) is much faster than the deletion rate, the Content Manager sets the unwritable flag for that disk. If a protocol engine wants to create content in the system, FastCAL avoids using that disk for the file creation. If all disks are unavailable, the protocol engine performs a bypass or cut-through operation.

The Content Manager sets the disk unwritable flag for the following reasons:

• Disk usage reaches the DiskStopCreate high watermark (98 percent)

Total cache content objects reaches the ObjCntStopCreate high water mark (105 percent)

• Deletions exceeds 5000 entries

The Content Manager removes the disk unwritable flag when the following occurs:

Disk usage is below the DiskStartCreate low watermark (95 percent)

Content object count is below the ObjCntStartCreate low watermark (100 percent)

• Deletion entries drop below 5000

The status of whether the cache content can be stored is displayed in the show cdnfs command.

Update

The Content Manager monitors the cached and prefetched content, but not live content. FastCAL updates the content creation time (if created), hit count, file size, and disk path information in the Content

Manager when there is a popularity update call from the protocol engine. Whenever there is a cache content popularity update, the Content Manager stores the popularity information and the file path of the

1-8

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture content, and computes the popularity (priority) of the content. If the update is a prefetched content popularity update, the Content Manager ignores the message, but continues to monitor the prefetched

URL for statistics.

Because of the Web Engine’s capability to request bundling, multiple requests can be severed by a single datasource. The datasource keeps track of the requests that are served from it and calls the popularity update at the end of its lifecycle (before eviction of the datasource).

Delete and Eviction

Deletion operating is when a file is deleted through the CLI or by the protocol engine. The FastCAL library deletes the content object from the disk first, then sends a message to the Content Manager to remove the entry for the deleted content object. If the message is lost, the Content Manager deletes the entry by way of the sanity check which runs after Slow Scan (CMGRSlowScan) is finished or through the eviction process.

The Content Manager is involved in evicting content. If the disk usage high-watermark is reached, the

Content Manager starts the eviction process by deleting cached content with the lowest priority first. If the protocol engine uses FastCAL to delete the content, FastCAL deletes the content and updates the

Content Manager.

Note The disk path is maintained in a hierarchical manner by breaking the down disk path with the directory node (Dir Node) and file node (File Node). If the number of Dir Nodes exceeds the limit (one million), the Content Manager starts evicting files in a similar process to object count eviction.

Priority Calculation

The priority calculation is based on the current hit count, the size of the content object, and the decay of the content object. The popularity of the content decays over a period of time if the content is not accessed.

By default, the Content Manager prefers to keep small content objects over large content objects, because the overhead of fetching a small object is higher than larger objects. However, this preference is configurable in the following ways:

CDSM GUI: By choosing the Devices > Devices > General Settings > Content Management page,

Cache content eviction preferred size drop-down list.

CLI: By using the cache content eviction-preferred-size {large | small} command.

Deletion Scenarios

There are five scenarios in which the Content Manager removes content:

1.

2.

3.

The disk usage exceeds threshold.

Content objects exceed the cache content max_cached_entries command value.

4.

5.

6.

The Cached directories exceed the cache content max-cached-dirs command value.

The Delivery Service or SE is removed from the CDSM GUI.

The disk is removed or marked as “bad.”

The clear cache all command is entered.

The first two can be categorized as priority-based content eviction, the following two can be categorized as top-down tree-structure deletions, and the last one can be categorized as a forking deletion. In all scenarios, the Content Manager removes all entries for the associated content, and deletes all content from storage (with the exception of disk removal).

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-9

Chapter 1 Product Overview

Content Delivery System Architecture

Disk Usage Exceeds Threshold

The Content Manager keeps track of disk usage. If the disk usage reaches the disk usage high watermark

(93 percent), the Content Manager starts the eviction process. When the disk usage reaches the disk usage low watermark (90 percent), the eviction process stops. The eviction process is based on the following criteria:

• Priority of the content on each disk

• Available space on each disk

Content Count Exceeds Maximum Allowed

The default maximum numbers of cached entries and directories depend on the platform. If the maximum is exceeded for max-cached-entries or max-cached-dirs, the Content Manager starts the eviction process.

Delivery Service or SE Removal

If a Delivery Service is removed from the CDSM or an SE is deregistered from a Delivery Service, the

Content Manager creates a deletion task and starts deleting all associated cache content. For prefetched content, the Content Manager removes all references, and Acquisition and Distribution handles the content object deletion.

Disk Removal or Disk Marked as Bad

If a disk has gone “bad” and is removed from the system, UNS is notified. UNS internally calls FastCAL, which notifies the Content Manager. The content object information is removed from the Content

Manager. The Content Manager also monitors the disk status every three seconds, and if a disk is removed, the Content Manager removes all associated entries for it.

clear cache all Command

If the clear cache all command is entered, the Content Manager creates a child process to delete the cache content. The progress of the clear cache all operation is shown in the show cache command output.

Addition and Deletion Processes

Content addition stops at 105 percent of the maximum object count or 95 percent of the CDNFS capacity

(disk usage). For example, if the maximum number of objects has been configured as 20 million, the

VDS-IS starts deleting content if the object count reaches 20 million, but adding content is still allowed.

Adding content stops when the maximum number of content objects reaches 21 million(105 percent of

20 million), which allows time for the content deletion process to reduce the number of objects in the

VDS-IS to the configured limit. Adding content resumes only after the number of objects is 20 million or less. The same logic applies to disk usage. The deletion process starts when the disk usage reaches 93 percent, adding content stops when the disk usage reaches 98 percent, and adding content resumes only after the disk usage percentage reaches 95 percent or less.

If adding content has been stopped because either the content count reached 105 percent of the limit or the disk usage reached 98 percent of capacity, the unwritable flag is set in the share memory and when the protocol engine calls create, FastCAL library looks into the share memory and denies the creation request. The protocol engine performs a bypass or cut-through operation.

The show cdnfs usage command shows the current status of whether the content is able to be cached or not.

The following is sample output from the show cdnfs usage command:

# show cdnfs usage

Total number of CDNFS entries : 2522634

Total space : 4656.3 GB

1-10

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

Total bytes available : 4626.0 GB

Total cache size : 2.4 GB

Total cached entries : 2522634

Cache-content mgr status : Cachable

Units: 1KB = 1024B; 1MB = 1024KB; 1GB = 1024MB

If the maximum object count is reached, the following is displayed:

Cache-content mgr status: Not cacheable on the following disk(s): [/disk00-06]

[/disk01-06] [/disk02-01]

105% of max obj count reached : [/disk00-06] [/disk01-06] [/disk02-01]

If the disk usage reaches more than 98 percent, the following is displayed:

Cache-content mgr status: Not cacheable on the following disk(s): [/disk01-06]

[/disk02-01]

98% of disk usage reached: [/disk01-06] [/disk02-01]

Starting from Release 3.3, VDS-IS supports content deletion per Delivery Service and per Service

Engine by using wildcards. To remove the dynamically cached content in SEs, you need to request for a content deletion task from the CLI, or the CDSM GUI, or using the API

For each URL, the deletion request will be sent to all Service Engines assigned to the Delivery Service by default. It is also possible for the user to select specific Service Engines to delete content on.

If a Delivery Service or content origin is deleted, all of its cached content will be automatically deleted; the user will not need to manually delete contents for a non-existing Delivery Service or content origin.

For more information on content deletion and deletion tasks, see the

“Content Deletion Tasks” section on page 8-35 .

Eviction Protection

The Content Manager provides configurable eviction protection for small size content and large size content. The Content Manager eviction algorithm is triggered when the disk usage reaches 93 percent or when the cached object count reaches the configured maximum object count. The eviction algorithm assigns a priority number to each content object based on an algorithm similar to the greedy-dual-size-frequency (GDSF) algorithm. The priority number is based on the size and usage of the object. Small objects are given preference over large objects; that is, they are less likely to be deleted.

To protect incoming small objects from being deleted, use the cache content small-file-eviction-protection global configures command. The cache content small-file-eviction-protection command allows you to set the maximum content size (500 KB, 1 MB,

2 MB, 4 MB, 10 MB and 20 MB) and the minimum age (5, 10, 15, 30 minutes) of the content object to be protected from deletion. For example, to set the eviction protection for content objects smaller than

20 MB that were ingested in the last 30 minutes, you would enter the following command:

#(config) cache content small-file-eviction-protection max-size-20MB min-duration-30min

If the content object being cached is smaller than the configured size, it is inserted into a protection table along with the current time stamp. If the difference between the object's time stamp and the current time is greater than the configured time duration, the object is removed from the protection table.

To protect incoming large objects from getting a low priority and being deleted, use the cache content eviction-protection global configure command. The cache content eviction-protection command allows you to set the minimum content size (100 MB, 500 MB, 1 GB, and 4 GB) and the minimum age

(1-4 hours for 100 MB size, 1, 4, 8, or 24 hours for all other sizes) of the content object to be protected from deletion. For example, to set the eviction protection for content objects larger than 100 MB that were ingested in the last two hours, you would enter the following command:

#(config) cache content eviction-protection min-size-100MB min-duration-2hrs

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-11

Chapter 1 Product Overview

Content Delivery System Architecture

If the content object being cached is larger than the configured size, it is inserted into a protection table along with the current time stamp. If the difference between the object's time stamp and the current time is greater than the configured time duration, the object is removed from the protection table.

When the eviction algorithm is triggered, before it selects an object for deletion, it first looks at the protection table, and if the object is found, it is skipped for that iteration. The clear-cache-content command also checks the protection table before deleting an object. The clear-cache-all command does not check the eviction protection table; only the cache content is deleted. As for relative cache content, content in the protection table might still be deleted if the relative content is not protected. The small content eviction protection and large content eviction protection is disabled by default.

If the Content Manager eviction algorithm is not able to find any content to delete, a syslog message is sent to notify the administrator to revisit the configuration. Changing the settings of the cache content small-file-eviction-protection or cache content eviction-protection command only affects the content that is currently in the protection table and any new content that is added. Any object that is removed from the protection table prior to the configuration change is not brought back into the protection table.

The no cache content small-file-eviction-protection max-size-xx duration-xx command removes all small content protection entries in the eviction protection table. The no cache content eviction-protection min-size-xx duration-xx command removes all large content protection entries in the eviction protection table. Reloading the SE clear all entries in the eviction protection table.

Web Engine Integration with FastCAL

The Web Engine calls FastCAL directly for content creation, lookup, update, and deletion.

CAL Queue Limits

The CAL queue is limited to 3000 tasks on the CDE250 and 1500 tasks on all other CDEs. When the

CAL queue threshold is exceeded, the Web Engine does not add anymore disk operation tasks (creates, updates, or popularity updates) and a trace message is logged with the following string:

Reason: CalQThreshold Exceeded!

A new output field, “Outstanding Content Popularity Update Requests,” has been added to the show statistics web-engine detail command. At any point, the sum of the “Outstanding Content Create

Requests,” “Outstanding Content Update Requests,” and “Outstanding Content Popularity Update

Requests,” output fields is always less than the threshold. If the sum of these three output fields exceeds the CAL queue threshold, no more create, update, and popularity update tasks are performed, the

“Reason: CalQThreshold Exceeded!” trace message is logged, and content is served as follows:

• Large content files are served by way of bypass

• Small content files are served from tmpfs and the files are evicted from tmpfs without moving them to disk

UNS Integration with FastCAL

UNS is the process that is called by other modules like CMS, Acquisition and Distribution, and

Streamscheduler to access the CDNFS content by way of the CAL–UNS client library. UNS still handles

Movie Streamer and Windows Media Streaming content (both prefetched and cached), and live streaming content for Flash Media Streaming.

UNS uses FastCAL for any disk-based operation. The Content Manager and FastCAL handle accounting of disk usage and new content allocation to the disks for all modules.

1-12

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

Stream and Cache-Fill Performance

The Stream and Cache-Fill feature improves performance in the following ways:

• QoS support. Using QoS together ensures that sessions receive either best effort or a guaranteed rate while not exceeding overall system capacity.

File-level hole management is supported, allowing partially-filled files to be streamed, and multiple-parallel fills and streams to be attached to the same file at various offsets.

Higher performance data transmission engine provides better throughput

Hole management is not used for small files, because the sessions are over quickly, and the entire file is always downloaded from the Origin server. Encrypted HLS traffic and HTTPS traffic do not use the

Stream and Cache-Fill components, because HTTPS traffic is encrypted in the user space, and encrypted

HLS traffic is similar to small ABR files.

With ABR large files, files are either stitched from fragments or they are natively large files. Clients are more likely to stop streaming from an ABR large file when they shift bit rates, so files may have holes.

Hole management and QoS optimize the serving of large ABR files. There is a large improvement in performance with ABR large files and the Stream and Cache-Fill feature.

Large file progressive download traffic is similar to large ABR files, but the client is likely to stay on a bit rate longer because it does not automatically adjust its rate. This traffic type also sees a large performance improvement, for the same reasons as large ABR files.

Stream and Cache-Fill Feature Components

The Stream and Cache-Fill feature consists of the following components:

QoS Types, page 1-13

Hole Management, page 1-14

QoS Types

The Stream and Cache-Fill feature adds support for the following QoS classes:

• Hard Guaranteed (HG)—Flows assigned a bit rate that is maintained under any circumstances. The bandwidth allocated for these sessions is never reused by other sessions. HG is not directly selectable.

Note HG is not supported in Release 3.1.

Soft Guaranteed (SG)—Flows assigned a fixed bit-rate, unlike HG, any unused bandwidth assigned can be reused by other sessions. SG and best effort (BE) flows can continue to be admitted even if the total requested SG rate exceeds system capacity, as long as the total measured rate does not exceed the total system capacity. This is a statistical guarantee in the sense that it is expected to be guaranteed in most circumstances.

Best Effort (BE)—Depending on whether the traffic is VOD or live, the bandwidth allocation behaves differently.

– In the VOD case, all BE streams are given an equal share of any disk bandwidth left over after guaranteed sessions are satisfied.

– In the live case, each BE client is allowed to stream at a rate limited only by CPU and network interface bandwidth.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-13

Chapter 1 Product Overview

Content Delivery System Architecture

The system has an administratively-defined minimum best-effort rate for VOD BE sessions. New sessions are only admitted if the global best-effort rate does not fall below the minimum. This way the SE does not stream countless sessions at very low bit-rates.

• On any given SE, live BE traffic cannot be mixed with any other type of QoS, but VOD BE can be mixed with guaranteed QoS types.

Table 1-3 summarizes the different QoS types in the VDS-IS. The types listed in bold are introduced with

this feature.

Table 1-3 Supported QoS Types

QoS Type

Hard Guaranteed

(HG)

Minimum Guaranteed

Rate

Protocol Engine requested rate

Maximum Rate

Other Compatible

QoS Types

Protocol Engine requested rate SG, BE

(not supported in

Release 3.1)

Soft Guaranteed (SG) Delivery service bitrate Delivery service bitrate

Best Effort VOD

(BE-VOD)

Globally configured minimum

(Total disk rate - Total (SG +

HG) rate) / number BE sessions

Best Effort Live

(BE-live)

Fixed Bit Rate

Best Effort

None

None

None

Determined by CPU and network cards

Delivery service bitrate

Determined by CPU, network cards and disk

HG, BE

SG

None

None

None

There is no performance penalty for using any QoS type. The QoS types are defined indirectly through the delivery services.

QoS statistics can be viewed by using the show statistics admission command.

Note Only admission statistics can be cleared. QoS statistics are dynamically measured quantities rather than counters; and therefore, cannot be cleared.

Hole Management

Although hole management is not directly visible as a feature to the user, it has a great impact on system behavior. The basic ideas of hole management are as follows:

Multiple fills can run on a single file at different offsets

Play request is considered a hit either if the entire request range is filled, or a currently active fill will eventually fill that range

• Maximum number of holes per file is limited for file system robustness reasons

Holes in a file are created in two cases:

1.

2.

If the last client aborts the session and fills are still going to the file.

When fills are aborted for some other reason like the Origin server drops the connection.

In either case, hole management is equipped to handle these holes by starting fills as needed to bridge holes and limit the total number of holes in a file if required.

1-14

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

When a client aborts a session, any associated fill task normally continues to completion, until either the entire hole is filled or until the end of file. The exception to this is when no more clients are playing the file. In this case, all fills are aborted.

NAS

Network-attached Storage (NAS) is supported as a read-only storage repository at the root location

(Content Acquirer) in the VDS-IS. Content is written to NAS by an external agent, such as the Origin

Server, a publishing subsystem, or a data storage application. NAS offers a new content category, similar in characteristics to dynamically-cached content, which does not require metadata attachment.

Note NAS is only supported in lab integrations as proof of concept.

The following rules apply to NAS support:

• NAS cannot be used as a source for prefetched or hybrid content.

• Only content serviced by the Web Engine is supported (HTTP content and Flash Media Streaming).

Note NAS for Windows Media Streaming and Movie Streamer is not supported.

Only Network File System (NFS) mounts are supported for acquiring content from NAS.

Content acquired from NAS is not written to local storage on the SEs at the root location; when reading content, NAS is considered an extension of the local file system.

If there is more than one SE at a root location for a Delivery Service, then the SE that acquires the content from NAS is based on a hash of the content URL (similar to dynamically-cached content).

NFS share can be mounted from multiple IP addresses simultaneously.

Multiple mounts for the same volume on a NAS is supported.

NAS should be collocated with the SEs at the root location; if WAN link is used, then WAN link failover scenario should be provided.

IP address failover by NAS should be implemented to avoid service disruption.

NAS is not applicable to live streaming.

NAS lookup is tried before pulling content from the Origin Server.

When the Web Engine performs FastCAL lookup, NAS file lookup is performed first; followed by cached content, then prefetched content.

In a cache-miss scenario, the Origin Server is queried last.

Note Ingress traffic from NAS mounts is not distributed evenly over port channels. Separate interfaces can be used for NAS outside of the port-channel configuration to achieve better load balancing. Ingress traffic to the VDS-IS is determined by the switch, this applies to all application traffic over port channels.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-15

Chapter 1 Product Overview

Content Delivery System Architecture

Content Acquirer

Every Delivery Service requires a Content Acquirer, which is a CDA that resides on every Service

Engine. The Content Acquirer CDA becomes active when the Service Engine is designated as the

Content Acquirer in a Delivery Service. The Content Acquirer has the following functions and capabilities:

• Fetches content from origin servers using HTTP, HTTPS, FTP, or CIFS (Dynamic ingest supports

HTTP only).

• Creates and distributes the metadata for each of the prefetched contents according to the Manifest file and the information returned by the origin server.

Once the Content Acquirer has ingested the content and distributed the metadata, it creates a database record for the metadata and marks the content ready for distribution. All other types of ingest (dynamic, hybrid, and live stream) are handled by the Content Acquirer as well.

Starting with Release 3.2.2, when the Content Acquirer sends a request to the Origin Server and when the Content Acquirer distributes the content through multicast, Differentiated Services Code Point

(DSCP) marking is done on the outgoing content request to the Origin Server and on the data distributed through multicast to other Internet Streamers.

QoS value for content ingest and QoS value for multicast data set in Delivery Services Definition page in CDSM GUI are used as DSCP values when the Content Acquirer does content ingest from the

Origin Server and when the Content Acquirer does content distribution to other Internet Streamers respectively.

Note Starting with Release 3.3.0, VDS-IS supports per-session DSCP marking for Flash Media Streaming for both VOD and live which is configured differently by Service Rule file.

Internet Streamer

All Internet Streamers participating in a Delivery Service pull the metadata from a peer Internet Streamer called a forwarder , which is selected by the internal routing module. Each Internet Streamer participating in a Delivery Service has a forwarder Internet Streamer. The Content Acquirer is the top-most forwarder in the distribution hierarchy. In the case of prefetched ingest, each Internet Streamer in the Delivery Service looks up the metadata record and fetches the content from its forwarder. For live or cached content metadata, only the metadata is distributed.

The content associated with the metadata for live and cached content is fetched by the specified protocol engine, which uses the dynamic ingest mechanism. When a request for a non-prefetched content arrives at an Internet Streamer, the protocol engine application gets the information about the set of upstream

Internet Streamers through which the content can be acquired. In the case of dynamic ingest, the Internet

Streamer uses the cache routing function to organize itself as a hierarchy of caching proxies and performs a native protocol cache fill. Live stream splitting is used to organize the Internet Streamers into a live streaming hierarchy to split a single incoming live stream to multiple clients. The live stream can originate from external servers or from ingested content. Windows Media Engine, Movie Streamer

Engine, and Flash Media Streaming engine support live stream splitting.

Note VDS-IS Release 3.2.2 supports only prepositioned content and does not support Live Stream, Windows

Media Engine, Movie Streamer Engine, and Flash Media Streaming because this release is primarily intended for VOD applications.

1-16

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

The Internet Streamers use service control to filter and control incoming requests for content. The

Service Rules and Authorization Server with IP address and geographic-location blocking are some of the functions that are encapsulated under the Service Control option in the Internet Streaming CDSM.

The Internet Streamers send keepalive and load information to the Service Router that is participating in the same Delivery Service. This information is used by the Service Router to choose the most appropriate

Internet Streamer to handle the request.

Starting with Release 3.2.2, when the receiver sends a NAK packet to the sender for any missed data packets, Differentiated Services Code Point (DSCP) marking is done on the NAK packet sent.

The DSCP value is obtained from the value set for QoS value for multicast data set from the Delivery

Services Definition page in the CDSM GUI is used as DSCP value when the receiver sends NAK packet to the sender.

The Internet Streamer function is implemented as a set of protocol engine applications. The protocol engine applications are as follows:

Web Engine, page 1-17

Windows Media Streaming Engine, page 1-21

Movie Streamer Engine, page 1-26

Flash Media Streaming Engine, page 1-28

Web Engine

All HTTP client requests that are redirected to a Service Engine by the Service Router are handled by the Web Engine. On receiving the request, the Web Engine uses its best judgment and either handles the request or forwards it to another component within the Service Engine. The Web Engine, using HTTP, can serve the request from locally stored content in the VDS-IS or from any upstream proxy or origin server.

An HTTP client request that reaches the Service Engine can either be from a Service Router redirect or from a direct proxy request.

On receiving an HTTP request for content, the Web Engine decides whether the content needs to be streamed by the Windows Media Engine, and if so, hands the request over to the Windows Media Engine, otherwise the request is handled by the Web Engine. The message size between Web Engine and

Windows Media Streaming is 12 KB.

The Web Engine interfaces with the storage function in the Service Engine to determine whether the content is present locally or whether the content needs to be fetched from either an upstream Service

Engine or the origin server.

Starting with Release 3.2.2, when the Web Engine requests content from the Origin Server, DSCP marking is done on the outgoing content request from Web Engine to Origin Server. The Web Engine uses the QoS value for content ingest value set in Delivery Services Definition page in CDSM GUI when it does content ingest from the Origin Server.

Note The Web Engine supports the following:

Optimization for small content objects

Optimization of Adaptive Bitrate Streaming for Move, Apple iPhones, and Smooth HD

• Move video on demand (VOD) streaming

Move live streaming

MP3 live streaming

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-17

Chapter 1 Product Overview

Content Delivery System Architecture

• Interoperation with Apple’s media stream segmenter, as well as Microsoft’s Internet Information

Services 7.0 (IIS7.0) Smooth Streaming.

Apple’s media stream segmenter segments encoded media into separate files for streaming to iPhones.

Microsoft’s IIS Smooth Streaming offers adaptive streaming of high-definition (HD) content.

• HTTP GET and HEAD request methods.

Bursts of traffic (such as 800 connections per second) may cause the Web Engine to become disabled before it can transmit notification to the SR that the threshold has been reached.

When the content file is smaller than the chunk size, the Unified Kernel Streaming Engine (UKSE) sends the entire file immediately. In this case, the UKSE does not check pacing; therefore, the bit rate for files smaller than the chunk size is not honored.

1-18

Cache-Fill Operations

The Web Engine communicates to the upstream Service Engine for cache-fill operations. This interaction is based on HTTP. This cache-fill operation is on demand and therefore only occurs when the content is not stored locally. The upstream Service Engine can be selected dynamically by means of the

Hierarchical Cache Routing Module, or can be configured statically through the Internet Streaming

CDSM. The Hierarchical Cache Router generates a list of upstream Service Engines that are alive, ready to serve the request, and part of the Delivery Service. If the Web Engine is unsuccessful in locating the content on one of these Service Engines, the content is retrieved from the origin server.

Note When cache-control:no-store is sent in a 200 response from the Origin server, the Web Engine respects the no-store header and does not cache the content. However, if no-store is appended to the cache-control header in a 304 response, the no-store header does not trigger deletion of the content from the disk. The

304 response only triggers updating the cache with the recent header attributes sent in the 304 response header.

The Web Engine supports request headers and entity headers as described in the HTTP 1.1 specification

(RFC 2616). The Web Engine allows VDS-IS domain and HCACHE custom headers only when sent from an SE.

Web Engine respects the following date formats:

• Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822, updated by RFC 1123

• Sun Nov 6 08:49:37 1994 ; ANSI C's asctime() format

The following format is obsolete and is not supported:

• Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036

If the headers (for example, the expiry header) are received with a non-supported date format, the Web

Engine continues to cache the content, but subsequent requests for the same URL are revalidated as the content is considered expired.

Whether the content is found locally or retrieved and stored through the cache-fill operation, the Web

Engine serves the content based on the following:

• Freshness of content —The freshness of prefetched content is governed by a Time to Live (TTL) value set for the content in the Delivery Service configuration. The TTL specifies the rate at which content freshness is checked. This setting is configured for each Delivery Service either by using the

CDSM or by specifying this setting in the Manifest file for the Delivery Service.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

For cached content, which is content ingested by means of the dynamic ingest or the hybrid ingest method, the freshness check is performed by the Web Engine in compliance with RFC 2616. If the origin server does not provide an expiry time, the Web Engine uses the age multiplier setting, the minimum TTL setting, and the maximum TTL setting to determine the freshness of the content. If the Web Engine performs the calculation and determines that the content should be checked for freshness with the origin server, and the origin server is unreachable, the client receives a 504 error.

Note This algorithm is used to determine freshness for cached content based on the expire time. It is not used to determine the popularity of the content.

This expiry header validation is just one case used to decide whether content revalidation is needed or not. Revalidation is also decided based on cache control headers that are part of request headers, and the min-fresh, max-stale, max-age parameters that can come in both request and response headers.

Revalidation is enabled by default for the Web Engine.

If the origin server provides the expire time, it is used to determine the freshness of the content. If the expire time is not available, the expire time of the content is calculated as follows:

Expire_time = ( Create_time – Last_modified_time_from_origin_server ) * age multiplier

The create time is the time on the VDS-IS when the content was cached. The last modified time is the time the content was last modified on the origin server. The age multiplier value (as a percentage) is used to shorten the time that it takes to have the content revalidated.

For example, if the create time was May 5, 2009 12:00 and the origin server last modified the content on May 1, 2009 12:00, then the expire time would be 4 days. If the age multiplier was set to 50 percent, the expire time would be 2 days.

The calculated expire time is compared with the minimum TTL and maximum TTL settings. If the expire time is greater than the maximum TTL, the maximum TTL is used as the expire time. If the expire time is less than the minimum TTL, the minimum TTL is used as the expire time.

Using the example above, if the minimum TTL was 3 days and the calculated expire time was 2 days, then the minimum TTL is used as the expire time. If the maximum TTL is 10 days, then the calculated expire time still uses the minimum TTL of 3 days as the expire time. The min/max TTL algorithm follows:

Expire_time = if (MINTTL < Expire_time < MAXTTL), then Expire_time

else if Expire_time < MINTTL, then MINTTL

else MAXTTL

The expire time is compared with the cache age to determine whether the content needs to be revalidated by the origin server. If the cache age is less than or equal to the expire time, then the content is considered fresh. The following calculation is used to determine the cache age:

Cache_age = Current_time – Create_time

In our example, if the current time is May 25, 2009 12:00 and the create time is May 5, 2009 12:00, then the cache age is 20 days. The cache age of 20 days is compared to the expire time, which in our example is 2 days, and because the cache age is greater than the expire time the content is revalidated with the origin server. When the content is revalidated it gets a new create time. To compute a more accurate cache age, the response delay is considered. The response delay is calculated as follows:

Response_delay = Create_time – Time_request_sent_to_origin_server

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-19

Chapter 1 Product Overview

Content Delivery System Architecture

In our example, the create time is May 5, 2009 12:00, and if the origin server takes 2 minutes to respond to the request for content (because of network-imposed delays), the response delay is May

5, 2009 11:58. This allows the cache age to be calculated based on the time the request was initiated, not the time the response was received.

Rate of data transfer —The rate at which the content is sent can be configured on a per-delivery basis. By default, LAN bandwidth is used.

Content completeness —Prefetched content is stored locally in the VDS-IS in its entirety. For cached content, there are two cases when the content is not complete:

The Web Engine process halts or the Service Engine experiences a failure in the process of caching the content. In this case, the subsequent request starts the cache fill anew.

The content is in the process of being cached by another request. In this case, the subsequent request is served from the cached content.

Dynamic Caching

Starting with Release 3.2.2, dynamic caching is configurable per Delivery Service. By default, dynamic caching is enabled. If a content requested by the client is not present in the cache then the Web Engine sends a request to an upstream streamer to acquire the contents, caches the contents and then delivers it to the client.

By making the dynamic caching configurable at Delivery Service level, the user has the option of disabling the lookup from the origin server.

If the requested content is not available in a particular streamer or service engine, and dynamic caching is disabled, the client receives a 403 error response (HTTP FORBIDDEN).

The dynamic caching feature is configured in the Services > Service Definition > Delivery Services >

General Settings page in the CDSM GUI.

If dynamic caching is disabled, only prepositioned content and contents cached before dynamic caching was disabled for which cache revalidation is not required will be served to the client.

The dynamic cache setting for a given Delivery Service will override the following configuration properties:

• The web-engine cache settings for age-multiplier, max-ttl, min-ttl will not be affected by dynamic caching configuration.

The web-engine revalidation setting will be overridden by the dynamic cache setting for a given

Delivery Service. No cache revalidation will be done if dynamic caching is disabled for the contents pertaining to that Delivery Service. If the complete content is available, it is served without any revalidation.

The cache bypass requests will not be processed if dynamic caching is disabled.

• If dynamic caching is disabled and only partial content is available, then client receives a 403 error message.

Per-Request HTTP Headers from Redirected URLs

When the VDS-IS is integrated with products such as the Content Adaptation Engine (CAE), Service

Engines are used to serve over-the-top content. In such scenarios, the VDS-IS provides HTTP headers similar to that of the Origin server. The information in the HTTP header can be unique to a user session.

The CAE retrieves this information from the Origin server response and provides it as a query parameter within the URL. This information is intact when received by the Service Engine following redirections from the CAE and Service Router. The Web Engine retrieves the “_resp_hdrs_” value from the received

URL. The retrieved value is % unescaped, and parsed for use when serving the content.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-20

Chapter 1 Product Overview

Content Delivery System Architecture

As indicated in RFC 2396, a query parameter cannot contain the reserved characters ;/?:@&=+,$ and thus are escaped using % encoding. The query string must have the “_resp_hdrs_” tag. A URL with the

“_resp_hdrs_” tag has the following format: http://<URL to serve>?_resp_hdrs_=<strings to include in the http headers>

The following is an example of a URL with the “_resp_hdrs_” tag and value: http://nas_url_to_serve?_resp_hdrs_=Set-Cookie%3A%20ff%3DrlsBo4v%3B%20path%3D/%3B%20 domain%3D.site.com

HTTP Error Response Caching

Caching HTTP error responses from the Origin Server provides the Web Engine with the ability to validate incoming requests faster and reduce unnecessary access to the Origin Server.

As an example, the Origin Server sends back a response with the status “503 Service Unavailable” and includes the maximum age in the response. The Web Engine caches the response locally, and for any subsequent client requests for the same content, the Web Engine compares the cached response age with the maximum age returned in the response. If the cached response is expired, the Web Engine rechecks the Origin Server; otherwise, the Web Engine sends the cached response to the client.

The HTTP response headers must include the max-age, expiry, etag, and other fields that are required to determine whether the responses can be cached.The HTTP response headers that can be cached are those that indicate some error has occurred with respect to the client request (4xx or 5xx status codes).

Note Error response 416 is not cached when the Origin server responds with Transfer-Encoding:Chunked header. Whenever the Origin server sends chunked encoding, whatever status is returned, the response is not cached.

Service Rules

Service rules can be configured that dictate how the Web Engine responds when client requests match specific patterns. The patterns can be a domain or host name, certain header information, the request source IP address, or a Uniform Resource Identifier (URI). Some of the possible responding actions are to allow or block the request, generate or validate the URL signature, or rewrite or redirect the URL.

Note The following Service Rule actions are supported for the Web Engine: allow, block, rewrite the URL, no cache, redirect the URL, resolve the URL, revalidates cache, and validate the URL signature.

Windows Media Streaming Engine

The Windows Media Streaming engine uses Windows Media Technology (WMT), a set of streaming solutions for creating, distributing, and playing back digital media files across the Internet. WMT includes the following applications:

Windows Media Player—End-user application

Windows Media Server—Server and distribution application

Windows Media Encoder—Encodes media files for distribution

Windows Media Codec—Compression algorithm applied to live and on-demand content

Windows Media Rights Manager (WMRM)—Encrypts content and manages user privileges

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-21

Chapter 1 Product Overview

Content Delivery System Architecture

The Windows Media Streaming engine streams Windows Media content, with the capability of acting both as a server and as a proxy. It streams prefetched content to the Windows Media Player, acts as a proxy for client requests, splits a live stream into multiple live streams, and caches content requested from remote servers.

Windows Media Streaming engine acts as Windows Media Server for prefetched or cached content stored locally. The request is served by RTSP and HTTP. Windows Media Streaming engine checks with the storage function on the Service Engine to see whether the content is stored locally; if the content is not found, Windows Media Streaming engages the Windows Media Proxy.

The WMT Proxy works like the cache-fill operation in the Web Engine. See the

“Cache-Fill Operations” section on page 1-18 . There are two options:

Hierarchical Caching Proxy—If content is not found locally, Windows Media Streaming checks the upstream Service Engines first before pulling the content from the origin server.

Static Caching Proxy—The administrator statically configures Service Engines as upstream proxies.

The WMT Proxy accepts and serves streaming requests over RTSP and HTTP.

For information on cache management for Windows Media Streaming, see the

“Content Manager” section on page 1-7

.

Fast Start

Fast Start provides data directly to the Windows Media Player buffer at speeds higher than the bit rate of the requested content. After the buffer is filled, prefetched, cached, or live content stream at the bit rate defined by the content stream format. Fast Start does not apply to content that is dynamically ingested. Only Windows Media 9 Players that connect to unicast streams using MMS-over-HTTP or

RTSP can use Fast Start. The Fast Start feature is used only by clients that connect to a unicast stream.

With live content, Windows Media Streaming needs to hold the content in its buffer for a few seconds.

This buffer is used to serve Fast Start packets to subsequent clients that request the same stream as the initiating first client request. The first client triggers the process, with the subsequent clients benefiting from Fast Start.

Fast Cache

Fast Cache allows clients to buffer a much larger portion of the content before rendering it. Fast Cache is supported only for TCP. Windows Media Streaming streams content at a much higher data rate than specified by the stream format. For example, using Fast Cache, Windows Media Streaming can transmit a 128-kilobit per second (Kbps) stream at 700 Kbps. This allows the client to handle variable network conditions without perceptible impact on playback quality. Only MMS-over-HTTP and RTSP requests for prefetched or cached content support Fast Cache. The speed is determined by the client’s maximum rate and the configured Fast Cache rate—whichever is smaller.

Fast Stream Start

The first client requesting a live stream often experiences the longest wait time for the content to begin playing. Users can experience long wait times because of the full RTSP or HTTP negotiation that is required to pull the live stream from the source. Delays can also occur if the edge Service Engine has not buffered enough stream data to fill the player’s buffer at the time the content is requested. When the buffer is not filled, some data to the client might be sent at the linear stream rate, rather than at the Fast

Start rate. With Fast Stream Start, when a live stream is primed, or scheduled and pulled, a live unicast-out stream is pulled from the origin server to a Service Engine before a client ever requests the stream. When the first request for the stream goes out, the stream is already in the Delivery Service.

1-22

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

Caching SDP Files for RTSP Broadcast Live

Live streaming is content that is streamed while it is still being encoded by an encoder. The two kinds of Windows Media live streaming are as follows:

• Playlist live—One or more content items are streamed sequentially.

• Broadcast live—Live and prerecorded content can be streamed to more than one client simultaneously. The SE streams the content to all clients, which does not allow the clients to perform seeks on the stream.

Streaming is accomplished by using HTTP live or RTSP live. HTTP live uses Windows Media Streaming

Protocol (MS-WMSP) where the wms-hdr in the WMS-Describe-Response describes the content. RTSP live uses RTSP where the Session Description Protocol (SDP) file in the DESCRIBE response describes the content.

The RTSP playlist live SDP file cannot be cached because the SDP file keeps changing to reflect the different content playlists.

The SDP file for RTSP broadcast live does not change unless the program is stopped, so it can be cached on the streaming SE. Once the SDP file is cached, it can be used to compose the DESCRIBE response.

No further requests for the SDP file from the upstream server (SE, Content Acquirer, or Origin server) are necessary.

Note The SDP file cannot be cached if content requires authorization by either the Origin server or the SE.

Live Stream Splitting

Live stream splitting is a process whereby a single live stream from the origin server is split and shared across multiple streams, each serving a client that requested the stream. When the first client that requested the stream disconnects, Windows Media Streaming continues to serve the subsequent requesting clients until all requesting clients have disconnected. Live stream splitting using content that is already stored locally is generally better than using content from the origin server; this is because the

Service Engine is typically closer to the requesting clients, and therefore network bandwidth to the origin server is freed up.

To avoid doing a CAL lookup resolve for each incoming Windows Media Streaming live request, the live hierarchical splitting URL is cached and is then used by all subsequent Windows Media Streaming live requests for the same live program.

Note When using Windows Media Server 2008 as the origin server, the source content type must be a playlist or encoder type.

Live stream splitting can either be unicast or multicast, depending on the configuration, capabilities and limitations of the network. Windows Media Streaming can receive and deliver Windows Media content over IP multicast or unicast transmission in the following combinations:

• Unicast-In Multicast-Out

Multicast-In Multicast-Out

Unicast-In Unicast-Out

Multicast-In Unicast-Out

Note For multicast-in (to the SE) to work, the network needs to be multicast-enabled.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-23

Chapter 1 Product Overview

Content Delivery System Architecture

Multicast-Out

Windows Media Streaming can be used in a live or rebroadcast program to deliver multicast streams to client devices. The source of the stream can be multicast, unicast, or a local file. The program can be scheduled, continuous, or play once. The content can be either live or rebroadcast. Windows Media

Streaming creates a Windows Media file (.nsc) that contains session information including the multicast

IP address, port, Time to Live (TTL), and so on. The client requests the .nsc file using HTTP. Once the file is downloaded, the client parses it and sends an Internet Group Management Protocol (IGMP) join to receive the multicast stream. A client can start and stop the stream, but cannot pause, fast-forward, or rewind it.

Unicast-Out

Windows Media Streaming can act as a broadcast publishing point to deliver live streams, prefetched/cached content, or content from dynamic ingest, to a requesting client. The source of the stream can be multicast, unicast, or a local file. Windows Media Streaming can also perform live stream splitting if more than one client requests the same content. The Delivery Service can be used to simulate an experience similar to viewing a TV program even if the source of the stream is a Video on Demand

(VOD) file. A client can start and stop the stream but cannot pause, fast-forward, or rewind it. When a

Delivery Service is configured, a client makes a request to the Windows Media Engine, which is acting as the Windows Media Server, and Windows Media Streaming checks to see whether the incoming stream is present. If it is, Windows Media Streaming joins the stream and splits it to the new client. If the request is the first client request for this stream, Windows Media Streaming sends the request to the origin server and then serves it to the new client.

ASX Request Handling

Web Engine generates meta-responses for the following Windows Media Streaming ASX requests:

Requested Windows Media Streaming asset is prefetched

Unicast (.asx) request for Windows Media Streaming live program is scheduled

• Multicast (.nsc.asx) request for live program is scheduled

When the wmt disallowed-client-protocols command is configured, Web Engine generates the meta-response based on the protocols enabled. When both RTSPU and RTSPT are disabled, only the

HTTP URL is generated in the meta-response. However, when HTTP is disabled, the generated ASX file still contains the HTTP URL, so that the content can be served by the Web Engine as a progressive download (as opposed to live streaming by Windows Media Streaming). For .nsc.asx files, only the

HTTP URL is generated.

VOD ASX Request

Web Engine does lookups for incoming ASX requests in the following manner:

• If the ASX asset is cached or prefetched, the asset is served.

• If the ASX asset is not found, Web Engine strips the .asx extension from the URL and performs the lookup again.

– If the asset is found (after stripping the .asx from the URL), Web Engine generates the meta-response for the requested Windows Media Streaming ASX request.

– If the asset is not found (after stripping the .asx from the URL), no meta-response is generated and the request is treated as a cache miss.

1-24

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

Live ASX Request

In the case of a unicast live request or a multicast live request, the Web Engine generates the meta-response for found assets. If the asset is not found, Web Engine generates a “403 Forbidden” error message and sends it to the client.

NSC Request Handling

An NSC request is a managed live streaming request. When the live program schedule is started, the NSC content is created by Windows Media Streaming.

For Web Engine lookups of NSC files, CAL returns the NSC file location where the content can be served from, or returns “Not in Schedule.”

Authentication

Windows Media Streaming supports pass-through authentication. The following authentication mechanisms are supported in pass-through mode:

• Anonymous

NTLM

Negotiate (Kerberos)

• Digest access authentication

With pass-through authentication, Windows Media Streaming establishes a tunnel between the client and the origin server so that the origin server can authenticate the client.

Bandwidth Management

Bandwidth management of Windows Media content can be controlled by setting limits for incoming and outgoing bandwidth and session bit rate and Fast Start maximum bandwidth. In addition, in the case of live streaming, contributing origin servers can by identified to allow incoming content to exceed the bandwidth check to support high demand scenarios. The Windows Media bandwidth management capabilities are described in

Table 1-4

.

Table 1-4 Bandwidth Management Capabilities

Bandwidth

Management

Incoming

Bandwidth

Description

The bandwidth for Windows Media content coming into the Service Engine, from either an upstream Service Engine or from the origin server.

Outgoing

Bandwidth

Incoming Session

Bit Rate

The bandwidth for streaming Windows Media content to the end user from the

Service Engine.

The maximum bit rate per session that can be delivered to the Service Engine from the origin server or upstream Service Engine.

Outgoing Session

Bit Rate

The maximum bit rate per session that can be delivered to a client.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-25

Chapter 1 Product Overview

Content Delivery System Architecture

Table 1-4

Bandwidth

Management

Incoming

Bandwidth

Bypass List

Fast Start

Maximum

Bandwidth

Bandwidth Management Capabilities (continued)

Description

The list of identified hosts allowed to bypass the incoming bandwidth check for broadcast or multicast live content.

Maximum bandwidth allowed per player when Fast Start is used to serve packets to each player. Increased bandwidth initially used by the Fast Start feature can overburden a network if many players connect to the stream at the same time. To reduce the risk of network congestion caused by the Fast Start feature, limit the amount of bandwidth the Fast Start feature uses to stream to each player.

Movie Streamer Engine

The Movie Streamer Engine is an open-source, standards-based, streaming server that delivers hinted

MPEG-4, hinted 3GP, and hinted MOV files to clients over the Internet and mobile networks using the industry-standard RTP and RTSP. Hinted files contain hint tracks, which store packetization information that tell the streaming server how to package content for streaming.

The Movie Streamer Engine is an RTSP streaming engine that supports Third Generation Partnership

Project (3GPP) streaming files (.3gp). Support of 3GPP provides for the rich multimedia content over broadband mobile networks to multimedia-enabled cellular phones.

Note The streaming capability of Movie Streamer Engine only depends on the movie file format or stream transport type. It is independent of codec types. Movie Streamer supports any client player that can fetch media streams by way of RTSP or RTP. However, the client player must have the correct codec to render the stream correctly.

The Movie Streamer Engine can act as both a server and a proxy. It streams prefetched or RTSP-cached content to RTSP clients, acts as a proxy for client requests, splits a live stream into multiple live streams, and caches content requested from remote servers.

After the RTSP request comes into the Movie Streamer, the URI in the RTSP request is modified to reflect the result of the mobile capability exchange. The Movie Streamer checks with the storage function on the Service Engine to see whether the content is stored locally. If the content is not found or if an RTSP-cached content version needs freshness validation, the Movie Streamer engages the Movie

Streamer proxy.

In the case of an RTSP-cached content version verification, the Movie Streamer proxy forwards the

DESCRIBE request to the origin server for a response containing the Last-Modified-Time header in the response. If the Last-Modified-Time matches the cached version, the Movie Streamer streams the cached content; otherwise, the Movie Streamer proxy forwards the request to the origin server for RTSP negotiation. Then, a client session and a server session are created.

• Server session is responsible for connecting to the origin server to fetch the content and cache it locally. The server session generates the media cache file and the linear hint files.

Client session is responsible for streaming the locally cached file to the client.

Client and server sessions are separated so that multiple server sessions can be spawned for the same

URL to cache content from different starting points or at faster speeds, or both. This increases the speed of fetching the content. The client session starts to stream from the cached content that the server session is writing.

1-26

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

The Movie Streamer proxy works like the cache-fill operation in the Web Engine and the Windows

Media Engine, except for the minimum TTL value. The Movie Streamer’s minimum TTL value is always zero. See the

“Cache-Fill Operations” section on page 1-18 . There are two options:

Hierarchical Caching Proxy—If content is not found locally, the Movie Streamer checks the upstream Service Engines first before pulling the content from origin server.

Static Caching Proxy—The administrator statically configures Service Engines as upstream proxies.

For information on cache management for the Movie Streamer, see the

“Content Manager” section on page 1-7

.

The Movie Streamer supports basic pass-through proxy mode for certain conditions where caching cannot be performed. Such conditions include, but are not limited to, the Service Engine running out of disk space.

Transport Types

Prefetched content can be delivered by the non-accelerated method or the accelerated method.

Non-prefetched content (proxied or cached content) is always delivered by the accelerated method. The content is delivered to the client device by one of the following mechanisms:

• Non-Accelerated —This method has limited concurrent streams and total throughput, but supports many transport formats. The non-accelerated method supports the following transport formats:

– RTP over UDP

– Reliable UDP

Accelerated —This method supports only RTP over UDP. Content must be reprocessed by the

Movie Streamer Linear Hinter. The linear hinter process can be initiated manually by the administrator or dynamically triggered by the first request for the content.

The Movie Streamer Linear Hinter process may take a while, so the first request that triggers this process is served by the non-accelerated method. All subsequent requests are served by the accelerated method.

The first client request for content that requires proxying or caching experiences a delay, because all proxying and caching requires the accelerated method.

Live Stream

The Movie Streamer Engine supports multicast reference URLs (Announce URLs) for programs that are created through the Internet Streaming CDSM. The multicast reference URL, which is in the form of http:// Service Engine IP address / Program ID .sdp, is resolved by the Movie Streamers that are serving the live program.

QuickTime live typically has a UDP socket pair (for RTP and RTCP) per track, and each client session typically has two tracks (audio and video).

Note The following rules apply to live splitting:

1.

2.

For unicast streaming, the client request must be sent by RTSP.

For multicast streaming, the client request must be sent by HTTP.

Authentication

The Movie Streamer Engine supports the Basic authentication mode.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-27

Chapter 1 Product Overview

Content Delivery System Architecture

URL Signing

For more information see the

“URL Signing”

section

on page 1-30 .

Flash Media Streaming Engine

The Flash Media Streaming engine incorporates the Adobe Flash Media Server technology into the

VDS-IS platform. The Flash Media Streaming engine is capable of hosting Flash Media Server applications that are developed using ActionScripts, such as VOD (prefetched content, or dynamic or hybrid ingested content), live streaming, and interactive applications.

Note Starting with Release 4.0, the Flash Media Server 3.5 is upgraded to Adobe Media Server 5.0.2.

The Flash Media Streaming engine supports the Adobe Flash Media Rights Management Server

(FMRMS) for VOD content; it is not supported for live streaming. Adobe FMRMS protects media content delivered to Adobe Media Player and Adobe AIR applications. FMRMS is also available for proxied content, if Adobe supports the content type. For more information about the Adobe Flash Media

Rights Management Server, see www.adobe.com

.

Note VDS-IS supports the Adobe Flash Media Server Administration APIs and the Administration Console that was built using the Administration APIs. These APIs can be used to monitor and manage the Adobe

Flash Media Server running on a Cisco VDS-IS Service Engine. See the

“Configuring Flash Media

Streaming—General Settings,” page 4-48 for more information.

Upon receiving a client request for VOD content, the edge Service Engine does the following:

• If the content is present, the edge Service Engine streams it using RTMP.

• If the content is not present, the edge Service Engine uses HTTP to fetch the content from the origin server and serves it using RTMP.

No client information is sent to the origin server. No per-client control connection is present between the edge Service Engine and the origin server for VOD streaming.

HTTP Requests

Flash Media Streaming encompasses all flash applications, from simple Flash Video (FLV) files to more complex Small Web Format (SWF) files. All HTTP client requests for SWF files, that are redirected to a Service Engine by the Service Router, are handled by the Web Engine. The Web Engine, using HTTP, serves the request from locally stored content in the VDS-IS or from any upstream Service Engine or

origin server. See the “Web Engine” section on page 1-17

for more information.

RTMP Requests

The SWF file is a compiled application that runs on the Adobe Flash Player, and may contain Real Time

Media Protocol (RTMP) calls to FLV, MPEG-4 (H.264), or MP3 files. RTMP calls, in the form of URL requests, are routed to a Service Engine by the Service Router.

Flash Media Streaming supports RTMP and RTMPE on port 1935 only. RTMPE is the secure flash streaming technology from Adobe. Encrypted RTMP (RTMPE) is enabled on Flash Media Streaming by default, and allows you to send streams over an encrypted connection without requiring certificate management.

1-28

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

Flash Media Streaming also supports RTMPT and RTMPTE on port 80. RTMP Tunneled (RTMPT) encapsulates the RTMP data within HTTP requests to traverse firewalls. RTMP Tunneled Encrypted

(RTMPTE) encrypts the communication channel, tunneling over HTTP.

Note The Service Router uses RTMP redirection to direct the client’s Flash Player to the best Service Engine based on load balancing and resiliency. RTMP redirections are supported only by Adobe Flash Player 9.

All older Flash Players do not support RTMP redirection.

Note For VOD streams, all RTMP calls in the SWF file must be in the following format: rtmp://rfqdn/vod/path/foo.flv

In this format, rfqdn is the routing domain name of the Service Router, vod is the required directory, and path is the directory path to the content file that conforms to the standard URL specification.

If you are unable to store the VOD content in the required vod directory on your origin server, you can create a VOD virtual path for all RTMP requests. All client requests for RTMP calls still use the rtmp://rfqdn/vod/path/foo.flv format for VOD streams, but the SE replaces the vod directory with the string specified in the flash-media-streaming application-virtual-path vod map command.

Use the flash-media-streaming application-virtual-path vod map mapping string command on each

SE participating in a Flash Media Streaming Delivery Service. The mapping string variable accepts all alphanumeric characters and the slash (/) character, and can be from 1 to 128 characters. For example, to map the “vod” directory to “media” for the go-tv-stream.com origin server, use the flash-media-streaming application-virtual-path vod map media command.

If comedy.flv is the content being requested, the RTMP call in the SWF file would be rtmp://go-tv-stream.com/vod/comedy.flv. The SE would replace the “vod” directory and request http://go-tv-stream.com/media/comedy.flv from the upstream SE or origin server.

If just the slash (/) character is used to replace the “vod” directory, the SE request would be http://go-tv-stream.com/comedy.flv.

For prefetched and cached content, the Flash Media Streaming engine uses RTMP or RTMPE over port

1935. The Flash Media Streaming engine also supports RTMPT and RTMPTE over port 80. For content that is not found locally, the Flash Media Streaming engine communicates with the Web Engine, that in turn communicates with the upstream Service Engine for cache-fill operations. See the

“Cache-Fill

Operations” section on page 1-18

. This interaction uses HTTP. Once the content is in the process of being retrieved by the Web Engine, the Flash Media Streaming engine uses RTMP to begin streaming the content.

The following describes the characteristics of caching content using HTTP for RTMP client requests;

1.

2.

3.

4.

Origin server-based cache validation is still honored for the cached content.

Client-side Web Engine rules are bypassed for the RTMP client request.

If HTTP headers from the origin server have the “no-cache” attribute set, content is not cached, and transparent proxy is performed to stream RTMP.

Transparent proxy from HTTP to RTMP is supported. Flash Media Streaming engine begins RTMP streaming while content is still being fetched using HTTP proxy mode.

Any HTTP configuration that prevents content from being cached still applies for RTMP requests. The

Flash Media Streaming engine uses multiple HTTP-based range requests in such cases.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-29

Chapter 1 Product Overview

Content Delivery System Architecture

Multi-Bit Rate Streaming

Flash Media Streaming supports multi-bit rate streaming, also known as dynamic streaming. Dynamic streaming offers the ability to adjust the bit rate used to stream video to clients to adapt to changes in network conditions.

Multi-bit rate streaming has the following requirements:

The origin server must be running Flash Media Server 3.5

The client must be using Flash Media Player 10 or later

The encoder for VOD must be running Flash Media Encoder CS4

The encoder for live streaming must be running Flash Media Live Encoder 3 •

For VOD, the encoder creates different bit rates for the content. For live streaming, the encoder publishes three streams with different bit rates to the origin server.

With Flash Media Player 10, there are new QoS properties that provide information about the stream and video performance and network capabilities; for example, when the NetStreamInfoBytesPerSecond field changes, the client can request a different bit rate for the stream.

The client player sends the command to switch or swap the stream. When network changes occur, the client sends a switch command to request the content be streamed with a higher or lower bit rate. Swap is used when swapping streams in a playlist (for example, advertisements). The bit rate change request works for both VOD and live streaming. The supported formats are H.264 and FLV. The client-side

ActionScripts should use play2() instead of play() for smooth stream transitions.

Flash Media Streaming Proxy

The Flash Media Streaming engine can deliver content acting as an origin server or as a proxy server.

The Flash Media Streaming engine acts as a proxy server when content cannot be cached due to the origin server’s configuration or due to the Service Engine’s Web Engine configuration. Content is ingested and distributed using HTTP, whether the client request for the content used HTTP or RTMP.

Note Any content that does not contain “live” or “vod” in the path is automatically proxied.

Unicast Streaming

The Flash Media Streaming engine supports unicast flash streaming.

URL Signing

Flash Media Streaming supports signed URLs, which adds additional security. The URL signature generation is based on a key that is a shared secret between the component generating the URL signature and the component validating the URL signature. The URL signature can be generated by the Service

Engine, another component external to the Service Engine, or the web portal.

For more information about the URL signatures, see the “Configuring URL Signing Key” section on page 4-28 .

1-30

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

Codecs

Flash Media Streaming supports the On2 VP6 codec, as well as those listed in

Table 1-5

.

Table 1-5 Codecs Supported in Flash Media Streaming

Standard

ISO/IEC 14496-3

ISO/IEC 14496-10

ISO/IEC 14496-12

3GPP TS 26.245

Details

MPEG-4 Part 3, also known as AAC+, HE-AAC. A set of compression codecs for perpetual coding of audio signals, including some variations of Advanced

Audio Coding (AAC), as well as AAC Main, AAC LC, and SBR.

Advanced Video Coding (AVC), also known as H.264/AVC.

All levels of applications are supported, Base (BP), Main (MP), High (HiP),

High 10 (Hi10P), and High 4:2:2 Profile (Hi422P).

This standard is technically identical to the ITU-T H.264 standard.

ISO Base Media File Format. A file format for storing media content containing one audio track (either ISO/IEC 14496-3 [AACPlus] or MP3), and one video track (either ISO/IEC 14496-10 [H.264 or AVC] or VP6).

Time text format.

Flash Media Streaming DCSP Marking

Starting with Release 3.3.0, VDS-IS supports per session DSCP marking for Flash Media Streaming including both VOD and Live.

The DSCP value is a 6-bit field in the IP header, which takes any value between 0 and 63. The Delivery

Service specific DSCP value shall be set using the AuthSvr Service Rule file. A new XML tag is added in the rules XML file

<Rule_Dscp matchGroup="grp1" protocol="rtmp" dscp-bits="10"/>

The above rule will match the matchGroup defined by a regex pattern or domain name and the attribute dscp-bits will be applied to the matching pattern. The attribute is the DSCP value ranging from 0 to 63.

If the dscp bits is not specified in the rules xml file, the default DSCP value i.e., 0 is considered.

Using rule files provides flexibility to apply DSCP values to different matched patterns such as domain name, URL, IP address, and so on. To support DSCP per Delivery Service, you need to configure the

Delivery Service domain name in the rule file.

Note The FMS per session DSCP marking feature is supported only on IPv4 protocol. The feature is disabled for IPv6 protocol by default.

Live Streaming

Flash Media Streaming uses RTMP to stream live content by dynamic proxy. Configuration of live or rebroadcast programs is not required. When the first client requests live streaming content, the stream is created. There are no limits to the number of live streams other than the system load. Live streaming uses distributed content routing to distribute streams across multiple Service Engines.

Upon receiving a client request for live content, the edge Service Engine does the following:

If the live stream is already present, the edge Service Engine attaches the new client to the existing stream. No message is sent to the origin server and no connection is set up.

If the live stream is not present, VDS-IS creates a connection to the origin server to get the stream.

No client information is sent to the origin server.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-31

Chapter 1 Product Overview

Content Delivery System Architecture

No per-client control connection is present between the edge Service Engine and the origin server for live streaming.

For Flash Media Streaming, a Delivery Service can be used for prefetched content, cached content, dynamically cached content, and live content. Because Flash Media Streaming uses dynamic proxy to stream live content, no disk space is used to store content. A Service Engine can act as the origin server for streaming live content, provided the SE designated as the origin server is not assigned to the Delivery

Service that is streaming the live content.

The Flash Media Streaming engine automatically retries a connection to an upstream Service Engine or the origin server if the upstream live-splitting connection fails. This switchover does not require any additional retries from the client side. Clients see a subsecond buffering, after which video continues to play. This feature does not address switchover when the Service Engine that is streaming to the client fails. The primary advantage is increased resiliency in the VDS-IS infrastructure. In other words, if a

Service Engine fails, the downstream Service Engine automatically tries to connect to an upstream

Service Engine in the path, and if it fails to connect, then a connection to the origin server is automatically made.

The Adobe Flash Media Encoder can publish the streams to any Adobe Flash Media Server acting as the origin server. Clients use the RFQDN to get the live content. The request from the client for

“streamname” is mapped to origin_appinst_streamname internally in the VDS-IS to differentiate between two streams with the same name in two different delivery services.

Note All RTMP calls for live content in the SWF file must be in the following format: rtmp://rfqdn/live/path/foo.flv

In this format, rfqdn is the routing domain name of the Service Router, live is the required directory, and path is the directory path to the content file that conforms to the standard URL specification.

Flash Media Streaming supports live stream splitting. For more information about live stream splitting, see the

“Live Stream Splitting” section on page 1-23

.

Flash Media Streaming Query String

Previously, if an RTMP request had a query string in the URL for VOD, the Web Engine could decide whether or not to cache the content based on the Web Engine configuration. However, if the query string in the RTMP URL included the end-user specific parameters and not the stream name, every request would have a different URL because every user has a different query string. This leads to the same content getting cached multiple times.

The flash-media-streaming ignore-query-string enable command tells Flash Media Streaming to remove the query string before forwarding the request to the Web Engine in the case of VOD, or before forwarding the request to the forwarder SE in the case of live streaming.

If URL signature verification is required, the sign verification is performed before the query string check is invoked. The URL signing and validation, which adds its own query string to the URL, continues to work independently of this enhancement.

When the flash-media-streaming ignore-query-string enable command is entered, for every request in which the query string has been ignored, a message is written to the FMS error log, and the Query

String Bypassed counter is incremented in the output of the show statistics flash-media-streaming command. The FMS access log on the edge SE contains the original URL before the query string was removed.

The flash-media-streaming ignore-query-string enable command affects every VOD and live streaming request and is not applicable to proxy-style requests.

1-32

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

Interactive Applications

Flash Media Streaming supports pass-through (proxy) functionality for interactive applications

(non-VOD and non-live). The interactive applications are hosted on a Flash Media Interactive Server that is external to the VDS-IS.

Note For the edge server proxy to function correctly, the origin server must be running Adobe Flash Media

Server 3.5.

Direct routing from the Service Engine, acting as the Flash Media Streaming edge server proxy, to the origin server (the Flash Media Interactive Server) is supported by way of the hierarchical path of Service

Engines to the origin server. Every Service Engine that receives the request proxies it to the next SE along the path, where it reaches the origin server. Using the Delivery Service framework, the origin server is abstracted from the client request by using the Service Router Domain Name (SRDN), which resolves to the Service Engine that accepts the user connection and forwards the request to the origin server. Flash Media Streaming includes the edge server (proxy) mode, and by default, all non-live and non-VOD applications are proxied by using the edge server. Flash Media Streaming selectively picks connections for processing in edge server mode and aggregates connections to the origin servers.

Note The video and audio content used in an interactive application is cached on the SE acting as the Flash

Media Streaming edge server proxy and is not removed when Flash Media Streaming is disabled. The maximum storage allowed for cached content associated with interactive applications is 2 GB. The only way to delete this cached content is to use the clear cache flash-media-streaming command or to reload the VDS-IS software on the SE.

VDS-IS supports implicit URI as the method that allows the client to connect with the edge server without exposing the origin server. The URI would look like this: rtmp://edge1.fms.com/ondemand

.

Request routing based on SWF files or using RTMP redirection is supported. However, RTMP redirection requires more changes in the client code. SWF file-based redirection is recommended. SWF redirection works as follows:

1.

4.

5.

2.

3.

The SWF files and associated HTML pages are either prefetched or hosted in the origin server.

The client uses a web browser to access the HTML page, which also loads the SWF file.

The SWF file is accessed using the SRDN.

The Service Router redirects the request to a Service Engine.

6.

7.

8.

The SWF file is downloaded to the web browser.

The ActionScript in the SWF file attempts to connect to the same host from where the SWF file was downloaded. This is an RTMP connection that reaches the Service Engine.

The Service Engine checks for the application type in the URI, and if it is not VOD or live, the processing is moved to the edge server mode and the connection is forwarded to the origin server.

The Service Engine tunnels the data between the client and the origin server.

Note Changes to a Delivery Service do not affect existing connections to the Flash Media Interactive Server

(origin server). Only new connections are affected by changes to a Delivery Service.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-33

Chapter 1 Product Overview

Content Delivery System Architecture

Note URL signing for interactive applications is supported. For more information, see the

“URL Signing and

Flash Media Streaming” section on page J-13

.

Service Router

The Service Router has three parts:

Request Routing Engine, page 1-34

Proximity Engine, page 1-48

The Service Router can be configured as both the Request Routing Engine and the Proximity Engine, or the Service Router can be configured only as the Request Routing Engine. Additionally, the Service

Router can act as a standalone Proximity Engine by not configuring the Request Routing Engine as the authoritative DNS server.

The Proximity Engine contains the functionality of the Proximity Servers used for proximity-based routing. See the

“Proximity-Based Routing” section on page 1-41

for more information on this routing method. The Proximity Engine peers with network routers and listens in on route updates to get topology and routing path information. This information is used to locate the closest resource in the network.

Real-time measurements of reachability and delay are also considered. See the “Proximity Engine” section on page 1-48 for more information on the Proximity Engine.

Request Routing Engine

The Request Routing Engine mediates requests from the client devices and redirects the requests to the most appropriate Service Engine. It monitors the load of the devices and does automatic load balancing.

The Request Routing Engine is the authoritative Domain Name System (DNS) server for the routed request for the fully qualified domain name (FQDN) of the origin server. In other words, the Request

Routing Engine responds to any DNS queries for that domain.

Routing Redirection

There are three ways for client requests to get routed to the Request Routing Engine and on to the Service

Engine:

Router fully qualified domain name (RFQDN) redirection

DNS-based redirection

IP-based redirection

RFQDN Redirection

RFQDN redirection is the default configuration. With RFQDN redirection, client requests are resolved to the Request Routing Engine by the DNS server and the Request Routing Engine redirects the request to the Service Engine based on route tables created from the Coverage Zone file and the current load of the Service Engines. The redirected URL is http://SENAME.SE.RFQDN/relative_path_of_content, where SENAME is the hostname of the Service Engine.

Note The redirected URL for Flash Media Streaming requests is: rtmp://SENAME.SE.RFQDN/application_name/encoded (relative_path_of_streamname), where

SENAME is the hostname of the Service Engine.

1-34

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

Figure 1-2 describes the Request Routing Engine workflow for RFQDN redirection.

Figure 1-2 Request Routing Engine Workflow for RFQDN Redirection

In

Figure 1-2 , the client sends a request for a video file (for example, sample.wmv) to

http://video.cds.com. The browser in turn sends a recursive DNS request to resolve video.cds.com through the DNS proxy.

The Service Router is configured to be the authoritative DNS for video.cds.com. The DNS proxy resolves video.cds.com to the Service Router’s Request Routing Engine and sends the Service Router IP address back to the client. The client then sends a request for sample.wmv to the Service Router.

The Request Routing Engine chooses the Service Engine to redirect the request to based on load, location, and other factors. A 302 redirect message is sent to the client with the redirected URL http://se1.se.cds.com/sample.wmv.

A DNS request is sent to the Request Routing Engine again through the DNS proxy to resolve se1.se.cds.com. The Request Routing Engine returns the IP address of se1 to the DNS proxy which is forwarded to the client. The client then contacts the Service Engine (se1) directly and requests the sample.wmv. The Service Engine streams the requested content to the client.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-35

Chapter 1 Product Overview

Content Delivery System Architecture

DNS-Based Redirection

DNS-based redirection enables requests to get directly routed to the Service Engine without any 302 redirects. It also allows content to be streamed without transforming the request URL.

Note When DNS-based redirection is used, for application-level requests, last-resort redirection is supported.

However, on the DNS plane, an A record with the last-resort domain name or IP address is not returned.

Figure 1-3

describes the Service Router’s Request Routing Engine workflow using DNS-based redirection.

Figure 1-3 Request Routing Engine Workflow with DNS-Based Redirection

When DNS-based redirection is enabled, the DNS proxy contacts the Request Routing Engine to resolve video.cds.com (step 8 in

Figure 1-3 ), the Request Routing Engine determines which Service Engine to

redirect the request to based on load, location, and other heuristics, and directly returns the appropriate

Service Engine’s IP address instead of the Service Router’s IP address. The client then directly requests the content from the Service Engine instead of the Service Router.

1-36

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

Note The TTL for the DNS proxy requests is one second. A one-second TTL ensures that the DNS proxy keeps sending requests to the Request Routing Engine, which in turn causes the Request Routing Engine to determine the best Service Engine at that point in time, and not to redirect the request to the same SE.

Note There are certain side effects in adopting this approach. They are as follows:

• When creating the Coverage Zone file, the IP address of the DNS proxy needs to be used for the client IP address range.

If proximity-based routing is enabled, it uses the IP address of the DNS proxy in computing the proximity.

If location-based routing is enabled, the location of the DNS proxy is taken into consideration in the selection of the SE.

Service-aware routing cannot be used because the protocol and content type are not considered at the DNS level.

Content-based routing cannot be used because the protocol and content type are not considered at the DNS level.

To configure DNS-based redirection, use the service-router redirect-mode dns-redirect command.

service-router redirect-mode dns-redirect { all | domain domain }

The following example enables DNS-based redirection with the cdsfms.com domain as the domain used to redirect all client requests to:

SR(config)# service-router redirect-mode dns-redirect domain cdsfms.com

To display information about the redirect mode, use the show service-router redirect-mode command.

To display the statistics, use the show statistics service-router summary command and the show statistics se command. The output for the DNS-Based Redirection feature is listed as DNS Requests. In addition to these two show commands, there is also the show statistics service-router dns command.

IP-Based Redirection

When IP-based redirection is enabled, the Request Routing Engine uses the IP address of the Service

Engine in the URL instead of the hostname. The redirected URL is http://<se ip addr>/ipfwd/<rfqdn>/<path>. The IP-based redirection method avoids the extra DNS lookup that was required in the RFQDN redirection.

Note The Web Engine does not support IP-based redirection.

Off-Net and On-Net Clients

The Request Routing Engine chooses the Service Engine based on two scenarios:

• Client is directly connected to the service provider’s network (on-net).

• Client is roaming outside the home network (off-net).

When clients are connected to the service provider’s network, the Service Engine is chosen based on the requested FQDN, the client’s IP address, and the responsiveness of the Service Engine. The Request

Routing Engine compares the client’s IP address against a table of address ranges representing the client

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-37

Chapter 1 Product Overview

Content Delivery System Architecture subnets assigned to each Service Engine. This table is known as the Coverage Zone file . The Coverage

Zone file provides information on the proximity of the client to the Service Engine based on each client’s

IP address.

If the client is not connected to the service provider network and location-based routing is enabled, the

Request Routing Engine compares the latitude and longitude of each Service Engine, which is defined in the Coverage Zone file, with the latitude and longitude of the client, which is obtained from the

Geo-Location servers, to assign a Service Engine that is geographically closest to the client. For more information, see the

“Location-Based Routing” section on page 1-41 .

Coverage Zone File

When a Service Engine is registered to the CDSM, it is assigned a default Coverage Zone file that is created by the CDSM using the interface IP address of the Service Engine. The default Coverage Zone file can be unassigned, and a custom coverage zone can be created using the Coverage Zone file.

A Coverage Zone file is an XML file containing coverage zone entries for each client IP address range, the Service Engine serving that range, the latitude and longitude of the Service Engine, and a metric value. The Coverage Zone file can be referenced by a URL and imported into the CDSM, or uploaded from a local machine. The Coverage Zone file can be set as the default for a specific Service Router or for all Service Routers in the VDS-IS network.

When content is requested by a client, the Request Routing Engine checks the client’s IP address to find the coverage zone that contains that IP address. The Request Routing Engine then selects the Service

Engine that serves this coverage zone.

Note When DNS-based redirection is enabled, the Coverage Zone file needs to have entries with respect to the

IP address of the DNS proxies instead of the client IP address.

If a specific IP address is in multiple coverage zones, the one with the more specific range is selected.

If no match is found in the coverage zone data and if location-based routing or proximity-based routing is enabled on the Request Routing Engine, the Request Routing Engine looks up the best Service Engine closest to the client. If the Request Routing Engine is unable to redirect the request, the Request Routing

Engine sends an error response to the client.

A coverage zone can be associated with one or more Service Engines. Each Service Engine can have its own unique coverage zone, or the Service Engines can be associated with more than one coverage zone and have over lapping coverage zones.

1-38

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

In Figure 1-4 , all Service Engines serve Coverage Zone 1, and Service Engine 1 is specifically associated

with Coverage Zone 2, a subset of Coverage Zone 1.

Figure 1-4 Coverage Zone Example

S ervice Engine 1

Cover a ge Zone 2

S ervice Engine 2

Cover a ge Zone 1

S ervice Engine 3

If a coverage zone is served by multiple Service Engines, all Service Engines are put in the routing table.

The metric value, entered in the Coverage Zone file, indicates the proximity of the Service Engine to the client. When multiple Service Engines serving a coverage zone are on the same subnet and have the same metric value, and load-based routing is not enabled, the Request Routing Engine uses round-robin routing to redirect the client. If load-based routing is enabled, the load of the Service Engines are used to determine the best Service Engine to redirect the client.

Routing Methods

The Request Routing Engine chooses the best Service Engine based on whether the Service Engine is participating in the Delivery Service for which the origin server matches that of the requested domain, and whether the Service Engine is assigned to serve the client’s network region, as defined in the

Coverage Zone file.

If the client’s subnet is not defined in the Coverage Zone file, the Request Routing Engine checks the following routing methods to see if they are configured:

Load-Based Routing, page 1-40

Proximity-Based Routing, page 1-41

Location-Based Routing, page 1-41

Zero-IP Based Configuration, page 1-41

Last-Resort Routing, page 1-42

Service Aware Routing, page 1-43

Content-Based Routing, page 1-45

Note The keepalive messages between the Service Router and Service Engine are transmitted and received on port 2323. However, the software inter-operates with older software releases that do not use port 2323 for keepalive messages. If a firewall is configured between the Service Engine and the Service Router, port 2323 (UDP) must be opened for the keepalive message to go through.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-39

Chapter 1 Product Overview

Content Delivery System Architecture

Figure 1-5

describes the order in which the different routing methods are addressed in the Request

Routing Engine.

Figure 1-5 Request Routing Engine Workflow of Routing Methods

Load-Based Routing

Load-based routing is enabled by default and cannot be disabled. In load-based routing, the routing decision is made according to the capacity and load of the Service Engines.

1-40

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

The load of the Service Engine is determined by different parameters, such as processor usage, memory usage, disk usage, the number of current Windows Media streams being served, and so on. The current load is compared with the thresholds configured for the Service Engine. If a threshold has been exceeded for a Service Engine it is excluded from the routing table.

Note Bursts of traffic (such as 800 connections per second) may cause the Web Engine to become disabled before it can transmit notification to the SR that the threshold has been reached.

Proximity-Based Routing

Proximity-based routing offers more intelligence to service routing by using network proximity for

Service Engine selection. In proximity-based routing, the Request Routing Engine uses the collocated

Proximity Engine, or an external Proximity Server that runs routing protocols to get route updates from network routers. A Proximity Server listens for OSPF, BGP, and IS-IS updates and provides proximity information between clients requesting content and Service Engines that have the requested content. It provides a list of Service Engines to the Request Routing Engine ranked in order of optimal routes for content and messages in a network.

Proximity-based routing is used to select the closest Service Engine for a specified client IP address. The

Proximity Engine and Proximity Server communicate with network routers and listen in on route updates and gets topology and routing path information. This information is used to locate the closest resource in the network. Real-time measurements of reachability and delay are also considered.

For information on the collocated Proximity Engine, see the

“Proximity Engine” section on page 1-48

.

Location-Based Routing

Location-based routing is used for off-net clients. Off-net clients are clients that are not directly connected to the service provider network. Location-based routing is designed to work with load-based routing. When both are enabled, the Request Routing Engine first looks up the client IP address in the

Coverage Zone file. If there is no subnet match, the client’s geographical location is compared to the geographical location of the Service Engines listed in the Coverage Zone file, and the closest and least-loaded Service Engine is selected. Geographically locating a client is used when users roam outside of their home network.

To provide routing to off-net clients, the Request Routing Engine communicates with a Geo-Location server, which maps IP addresses to a geographic location. For redundancy, the CDSM can be configured with a primary and secondary Geo-Location server.

The Geo-Location server identifies the geographical location of an off-net client by the latitude and longitude of the client. The Request Routing Engine compares the client’s location with the location of the Service Engines participating in that Delivery Service and chooses the best Service Engine to serve the content.

Zero-IP Based Configuration

The zero-ip based configuration is a catch-all condition for routing. It can be used in combination with proximity-based routing and location-based routing. If an SE cannot be found through location-based routing or proximity-based routing, the zero-ip based configuration is taken into account for selecting an SE.

The zero-ip based configuration is a network entry in the Coverage Zone file defined as 0.0.0.0/0. It matches all client subnets. If the client subnet does not match any of the other network entries in the

Coverage Zone file and a 0.0.0.0/0 network entry exists, then the SEs listed for that entry are considered for serving the client request.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-41

Chapter 1 Product Overview

Content Delivery System Architecture

Last-Resort Routing

Last-resort routing is useful when all Service Engines have exceeded their thresholds or all Service

Engines in the domain are offline, or the client is unknown. If last-resort routing is configured, the

Request Routing Engine redirects requests to a configurable alternate domain or translator response domain when all Service Engines serving a client network region are unavailable, or the client is unknown. A client is considered unknown if the client’s IP address is not part of a subnet range listed in the Coverage Zone file, or part of a defined geographical area (for location-based routing) listed in the

Coverage Zone file.

Note When DNS-based redirection is used, for application-level requests, last-resort redirection is supported.

However, on the DNS plane, an A record with the last-resort domain name or IP address is not returned.

Last-resort routing works dynamically. When the load of one or more Service Engines in the original host domain is reduced below threshold limits or the Service Engines are reactivated, new requests are routed to the original host domain automatically.

Last-resort routing allows redirecting a request to an alternate domain or Origin server (if Enable Origin

Server Redirect is enabled) for one of the following conditions:

All SEs in the Delivery Service have exceeded their thresholds

All SEs in the Delivery Service are unavailable or no SEs are assigned to the Delivery Service

• The client is unknown

Redirecting to the Origin server is allowed if the Enable Origin Server Redirect field is enabled for the content origin. The default setting is enabled. For more information on this configuration parameter, see the

“Content Origins” section on page 5-34 .

Note Unknown clients are only redirected to the alternate domain (last-resort domain) or translator response domain when the Allow Redirect All Client Request check box is checked or the equivalent service-router last-resort domain < RFQDN > allow all command is entered.

If the last-resort domain or the translator response domain are not configured and the Service Engine thresholds are exceeded, known client requests are redirected to the Origin server (if Enable Origin

Server Redirect is enabled) and unknown clients either receive an error URL (if the Error Domain and

Error Filename fields are configured), or a 404 “not found” message.

Last-resort routing could also be configured to redirect a client to an error domain and filename.

The URL translator provides a way to dynamically translate the client request URL to redirect the client to a different CDN. With the URL translator option, the following occurs if the SR uses last-resort routing for a client request:

1.

The SR contacts the third-party URL translator through the Web Service API. The Web Service API is described in the Cisco Videoscape Distribution Suite, Internet Streamer 4.2.1 API Guide .

2.

3.

The third-party URL translator sends the translated URL in the response to the SR.

The SR sends a 302 redirect message to the client with the translated URL it received from the third-party URL translator.

The timeout for connecting to the URL translator server is 500 milliseconds. There are no retries if the

URL translator cannot be reached.

If there is no configuration on the URL translator for the requested domain or the connection timeout threshold has been reached, the SR last-resort routing falls back to the alternate domain configuration.

1-42

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

Alternate domain last-resort routing supports requests from RTSP, HTTP (including MMS-over-HTTP), and RTMP clients.

URL translator last-resort routing supports RTSP and HTTP client requests. For Flash Media Streaming clients (RTMP), the client must be able to handle redirects to a different application name. Most Flash clients cannot support a stream name change; so the filename returned by the translator is ignored.

Bandwidth Quota Exceed for Last Resort Routing

Starting from Release 4.4.1, Cisco VDS-IS supports bandwidth quota exceed for Last resort routing.

When the bandwidth quota exceeds, the client request to last resort domain which involves the following steps to handle by the SR.

1.

2.

3.

4.

5.

The Service Router will validate the bandwidth, that has crossed the configured bandwidth quota on each request arrived at Service Router.

The Service Router will validate the last resort routing is configured or not.

The Service Router will validate the bandwidth exceed routing is enabled or not.

If all the above conditions are satisfied and the bandwidth quota is exceeded, then the request is routed to the last resort domain based on the last resort routing configuration.

Otherwise, if the bandwidth quota is exceeded, then the Service Router will respond with service unavailable 503 .

HTTPS Support for Last Resort Routing

Starting from Release 4.4.1, Cisco VDS-IS supports Last resort routing for HTTPS and could be configured to redirect a client to its alternate domain.

The https-dns-redirection should be enabled for supporting last resort routing for HTTPS domain. By default https-dns-redirection is disabled.

If the last resort alternate domain is configured and the SEs are fully loaded, the https request are routed to the alternate domain. The alternate domain should be resolved in the DNS.

Service Aware Routing

Service-aware routing is enabled by default and cannot be disabled. In service aware routing, the Request

Routing Engine redirects the request to the Service Engine that has the required protocol engine enabled, the required protocol engine is functioning properly and has not exceeded its threshold, and the SE has not exceeded its thresholds as configured. See the

“Setting Service Monitor Thresholds” section on page 4-89

for more information.

The following user agents are served by the Windows Media Engine:

• Natural Selection (NS) player and server

• Windows Media player and server

The following user agents are served by the Movie Streamer Engine:

QuickTime player and server

RealOne player

RealMedia player

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-43

Chapter 1 Product Overview

Content Delivery System Architecture

Note In addition to redirecting requests based on the user agents listed in this section, requests for content with the following file extensions are served by Windows Media Engine (both HTTP and RTSP requests):

• wma

• wmv asf asx

Requests for content with the following file extensions are served by the Movie Streamer Engine:

3gp

3gp2 mov mp4

When a request reaches the Service Router, the Request Routing Engine generates a hash from the URI.

The Request Routing Engine first generates a list of Service Engines to best serve the request based on service aware routing. The Request Routing Engine then reorders the list based on the hash and selects the best Service Engine. Because the hash generated for the same URI is equal, typically the same

Service Engine is selected. If the Service Engine is overloaded, the next Service Engine in the list is selected.

For service aware routing, some of the services running on a Service Engine are protocol based. When protocol-based services associated with a protocol engine are stopped on a Service Engine, the Request

Routing Engine excludes this Service Engine from the list of possible Service Engines that can serve requests for this type of content. The Request Routing Engine identifies the protocol engine that serves the request based on the user-agent in the request. For example, if some Windows Media Engine-related services are stopped, the Service Engine can still serve Web Engine requests. However, if the request for

Web Engine content is sent from a Windows Media Player, the Request Routing Engine excludes the

Service Engine from the list of possible Service Engines that can serve the request.

Note If the Web Engine is disabled on the Service Engine, the Service Engine does not get selected for serving any requests, including Windows Media Streaming, Flash Media Streaming, and Movie Streamer.

Note For service aware routing, if a threshold is exceeded for all Service Engines, the Request Routing Engine redirects the client request to the origin server if a last-resort alternate domain is not configured. If a last-resort alternate domain is configured, the alternate domain takes precedence over the origin server.

For a managed-live URL, if the origin server does not match the source of the live program, the above case fails. For the above case to work, the origin server host must be configured to match the live program source. In addition, the origin server stream name must be the same as the live program name.

1-44

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

Content-Based Routing

In content-based routing, the Request Routing Engine redirects the request based on the URI. Requests for the same URI are redirected to the same Service Engine, provided the Service Engine’s thresholds are not exceeded. If the same SE is not available, requests are routed to the next best SE. If the original

SE is available again, requests are routed back to it irrespective of the number of interim redirects to the second best SE.

The same content can be stored in more than one Service Engine if the number of redundant copies is set to more than one. Redundancy is used to maximize the cache-hit ratio. If redundancy is configured with more than one copy, multiple Service Engines are picked for a request with the same URI hash.

Content-based routing is best suited for cache, prefetched, and live program requests to maximize the cache-hit ratio.

Note A client RTMP URL request for Flash Media Streaming does not contain the stream name; therefore, a client’s URL requests for different RTMP streams could seem the same. For this reason, content-based routing may not be efficient for Flash Media Streaming because a different directory needs to be created for each stream to differentiate the content.

Note Content-based routing does not work with clients sending signed URL requests. The hashing algorithm for content-based routing considers the whole signed URL, so a signed URL request for the same content may be redirected to a different SE.

Request Routing Engine Workflow of Coverage Zone, Proximity-Based Routing, and Location-Based Routing

The Request Routing Engine workflow for clients connected to the service provider’s network is as follows:

1.

2.

The client sends the DNS query for the routed FQDN to the local DNS server.

The DNS server replies with the Service Router IP address.

3.

4.

The client issues an HTTP, RTMP, or RTSP request to the Service Router.

If the Request Routing Engine finds the client’s subnet in the Coverage Zone file, the following occurs: a.

The Request Routing Engine chooses the appropriate Service Engine and performs a protocol-specific redirection.

b.

The client issues an HTTP, RTMP, or RTSP request to the Service Engine.

c.

The Service Engine serves the content.

If the Request Routing Engine does not find the client’s subnet in the Coverage Zone file and proximity-based routing has been enabled, the following occurs: a.

The Request Routing Engine communicates with the Proximity Engine and gets the SE proximity list with the SEs that have the least network cost listed first.

b.

The Request Routing Engine selects the closest Service Engine for the specified client IP address.

c.

The Request Routing Engine performs a protocol-specific redirection with the closest Service

Engine.

d.

The client issues an HTTP, RTMP, or RTSP request to the Service Engine.

e.

The Service Engine serves the content.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-45

Chapter 1 Product Overview

Content Delivery System Architecture

If the Request Routing Engine does not find the client’s subnet in the Coverage Zone file and location-based routing has been enabled, the following occurs: a.

The Request Routing Engine communicates with a Geo-Location server and gets the geographical coordinates of the client’s IP address.

b.

The distance is calculated between the client and the Service Engines, and the Service Engine closest to the client is selected.

c.

The Request Routing Engine performs a protocol-specific redirection with the closest Service

Engine.

d.

The client issues an HTTP, RTMP, or RTSP request to the Service Engine.

e.

The Service Engine serves the content.

When a Service Router is registered with the CDSM, the CDSM propagates the Service Router’s IP address to all of the registered devices. The Service Engine sends a keepalive message to the Service

Router on a periodic interval, which consists of information about the SE resources (such as disk, CPU, memory, and network interface usage). The Request Routing Engine uses the Service Engine’s load and liveness information for generating the routes.

The VDS-IS can have more than one Service Router to support Service Router failover. In line with failover, the DNS server should be configured with multiple Service Routers for the same routed FQDN.

Note DNS entries for all FQDNs must be delegated to the Service Router. In the DNS server’s database file, a name server record must be entered for each FQDN that routes to the Service Router.

Request Redirection

The Request Routing Engine supports the following redirections:

• HTTP ASX Redirection Used if the requested file has an.asx extension. This redirection method is used for Windows Media Technology. To use the HTTP 302

redirection instead, see the “Configuring Application Control” section on page 4-128 .

• HTTP 302 Redirection Used if the protocol is HTTP and the file extension is not .asx. This is the native HTTP redirection.

• RTSP 302 Redirection Used if the protocol is RTSP and the client is QuickTime or Windows

Media. This is the native RTSP redirection.

• RTMP 302 Redirection Used if the protocol is RTMP and the client is Adobe Flash Player,

Adobe Media Player, or Adobe Flash Lite Player.

Normal requests for files with an .asx extension returns a status 200, unless HTTP 302 redirection is enabled.

Cross-Domain Policy

For Flash Media Streaming, when a client requests content from a portal. and the content contains a request to a different remote domain (the origin server in the case of the VDS-IS), the request cannot be served unless the remote domain (origin server) has a crossdomain.xml that grants access to the original portal.

1-46

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

For example, if a client request is for abc.com/streaming.html, and the content in streaming.html has a request to cds-origin.com/vod/sample.flv, the client requests a crossdomain.xml. The crossdomain.xml allows access to abc.com, which allows the streaming of sample.flv.

If the cds-origin.com does not have crossdomain.xml, then the request is denied.

Note For Flash Media Streaming, the remote domain request is looked up in the crossdomain.xml file. For

Microsoft Silverlight, the remote domain request is looked up in the clientaccesspolicy.xml file.

In the VDS-IS, instead of directly going to cds-origin.com, the request first comes to the Service Router.

When the request for crossdomain.xml comes to the Service Router, the Request Routing Engine sends it to the client. This XML file grants access to the portal for the file requested. The client then sends the request for the file, which is then served.

Note For Windows Media Streaming Silverlight the clientaccesspolicy.xml file is requested only when web service calls are made. Depending on the client player, for both Windows Media Streaming Silverlight and Flash Media Streaming applications, the clientaccesspolicy.xml and crossdomain.xml need to be provisioned on the origin server.

Note Flash Media client players that use FLVPlaybackComponent do not currently request the crossdomain

XML file for video files. The crossdomain request is issued only when a query string is present. In such cases, the video gets downloaded but does not play.

Configuring and Monitoring the Cross-Domain Policy Feature

The Cross-Domain Policy feature can be enabled through the CDSM. See the

“Configuring

Cross-Domain Policy” section on page 4-116

for more information.

Logging information can be found in the /local/local1/errorlog/service_router_errorlog.current file.

When the Request Routing Engine sends the crossdomain.xml to a client, the “crossdomain.xml served to client” message is logged. When the Request Routing Engine sends the clientaccesspolicy.xml file to a client, the “clientaccesspolicy.xml served to client” message is logged.

The show statistics service-router summary command displays an increase in the number of the HTTP

Requests (normal) in Request Received section of the output.

Note The crossdomain.xml or clientaccesspolicy.xml file served by the SR is logged as 200 OK, and the request redirect is logged as a 302.

Unified Routing Table

The unified routing table uses one global route context for all domains, with all SEs from the Coverage

Zone file added to one set of route tables. This is a good option if the VDS-IS serves a number of different domains (configured as delivery services), but uses the same set of SEs for the different delivery services (domains). By enabling the unified routing table in this scenario, the memory usage on the SR is reduced.

If the VDS-IS is configured with fewer domains or the SEs are not all serving the same domains, then the memory usage is not impacted as much, and not enabling unified routing may be a better option.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-47

Chapter 1 Product Overview

Content Delivery System Architecture

The unified routing table option is disabled by default. To enable unified routing on the SR, enter the service-router unified-routing -table enable command.

Note Not enabling the unified routing table increases the memory usage on the SR. Make sure the memory usage does not exceed the recommended limit, which is 1.5 GB when the SR is running with a load and no configuration changes are occurring.

Proximity Engine

The Proximity Engine leverages routing information databases (IGP and BGP) by interconnecting and peering with routers. This information is used to compute the network distance between a source address, referred to as the proximity source address (PSA) and a target address, referred to as the proximity target address (PTA). This distance is known as the proximity rating of the PTA .

The Proximity Engine is configured as one of the Proximity Servers for the proximity-based routing method. See the

“Proximity-Based Routing” section on page 1-41

for more information.

Note The Proximity Engine only participates in the Open Shortest Path First (OSPF), Intermediate

System-to-Intermediate System (IS-IS), and Border Gateway Protocol (BGP) to gather information to make proximity decisions. The Proximity Engine is not a router and does not ever use the information to route traffic.

Note The Proximity Engine is only supported on the CDE205 and the CDE220-2G2 platforms.

The standby interface is not supported for Proximity Engine. Use port channel configuration instead.

The Proximity Engine operates in an IP routing domain where the Interior Gateway Protocol (IGP) or

BGP is used to distribute routing information across the domain. For the proximity function to work, at least one of the following is required:

• Enabled link-state protocol, such as OSPF or IS-IS for IGP proximity, which is required if the

Proximity Engine is going to peer with IGP routers.

• Enabled policy routing protocol, such as BGP for best-path proximity and location-community proximity, which is required if the Proximity Engine is going to peer with BGP routers.

Note All BGP routes must resolve to IGP next hops or directly connected routes.

Routers running OSPF or IS-IS establish adjacencies with their directly connected neighbors and exchange their connectivity view (that is, each router advertises its visibility about its adjacencies).

Advertisements are flooded throughout the whole routing area and each router stores each received advertisement in a link-state database (LSDB).

The LSDB contains the topology of the whole network and each router uses it to compute the Shortest

Path Tree and the Routing Information Base (RIB) that contains each known IP prefix in the network and its corresponding next-hop.

OSPF and IS-IS are the two IP link-state protocols. They operate quite similarly:

• Establish adjacencies with directly connected neighbors

1-48

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

Create a routing update packet (OSPF LSA and ISIS LSP) containing the router connectivity

Flood routing updates (LSA or LSP) throughout the routing area

Collect all received routing updates in a LSDB •

Compute shortest first path (SPF) algorithm

Populate the RIB with the result of SPF

The difference between OSPF and IS-IS is in the way packets are formatted and exchanged

(encapsulation) and in the way adjacencies and flooding are handled over broadcast media. From a routing computation perspective, both protocols behave the same and therefore the Proximity Engine operates the same in networks deploying OSPF or ISIS.

The Proximity Engine makes proximity decisions using information from the same link-state database that is passed between routers using OSPF or IS-IS. For these reasons, the Proximity Engine must be configured to make either OSPF or IS-IS adjacencies to gather link-state database information for routers in the same autonomous system, and BGP adjacencies to gather the BGP routing information for routers in the different autonomous systems.

Proximity Engine Request Flow

Following is the Proximity Engine request flow:

1.

The Request Routing Engine sends the proximity request to the Proximity Servers, the first of which could be the collocated Proximity Engine.

The proximity request specifies a PSA (the client’s IP address) and a set of one or more PTAs (IP addresses of the SEs).

2.

3.

The Proximity Engine receives the proximity request and performs a route lookup on the PSA.

The Proximity Engine determines whether the request should be handled by IGP, BGP, or locally.

Local routing is used when both the PSA and PTA are both local to the network. If the proximity algorithm for BGP location community is enabled, and the PSA has community attribute information, then both BGP and IGP routing information is considered.

4.

The Proximity function takes into account:

• Routing topology

Inter-autonomous system reachability

Optimal path taken by the requested data

The Proximity Engine sends the response back to the Request Routing Engine.

In the proximity response, the Proximity Engine returns a list of proximity target addresses and the cost associated with each address. This list includes all of the IP addresses of all of the SEs registered to the CDSM. Using the proximity response data, the Request Routing Engine can select the closest (best) target.

Note If multi-port support is configured on the with multiple IP addresses, only one valid IP address of that SE is included in the list. If this is selected, it can load balance the requests among the streaming interfaces.

Proximity Ranking

The proximity ranking could include the following proximity algorithms:

1.

BGP community-based proximity

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-49

Chapter 1 Product Overview

Content Delivery System Architecture

2.

BGP best-path proximity

3.

IGP proximity

The first two algorithms are only used if they are enabled. The last one, IGP proximity, is enabled when an IGP is configured.

The proximity ranking always contains the proximity target list (PTL) addresses in the same order as above. For example, if there is a PSA and two PTAs (PTA1 and PTA2), and all proximity algorithms are enabled, the following rules are applied:

1.

If PSA and PTA1 have at least one community in common and PTA2 does not have a common community, PTA1 is preferred over PTA2.

2.

3.

4.

5.

If both PTA1 and PTA2 have at least one community in common as the PSA, the next weight is considered.

The larger the number, the more weight the community has. If PTA1 has a weight of 5 and PTA2 has a weight of 2, PTA1 is preferred over PTA2.

If both PTA1 and PTA2 have the same weight, the next algorithm is considered, which is BGP best-path.

For BGP best-path, the PTA with the smallest AS-hop count is preferred. If both PTAs have the same

AS-hop count, the next and final algorithm is considered, which is IGP proximity.

For IGP proximity, the PTA with the lowest IGP metric is preferred.

BGP Proximity Algorithms

Community-Based Proximity

Two distinct proximity algorithms are used:

• IGP-proximity algorithm gives an ordered list of SE IP addresses known in the IGP database (OSPF or IS-IS).

• BGP-proximity algorithm gives an ordered list of SE IP addresses known in the BGP table.

While the combination of the IGP and BGP basic proximity is sufficient for the proximity calculation for most network deployments, they may not be appropriate for some network deployments, such as a

Multiprotocol Label Switching (MPLS) network. Most of the time it is sufficient to rank the prefixes and make the recommendation for the prefixes based on whether the PSA and the PTA are in the same rack

(the most preferred ranking), the same point of presence (POP), the same city, or the same autonomous system (AS) (the least preferred).

When the BGP community-based proximity option is enabled, additional location information is included in the proximity calculation to influence application-level traffic optimization in the network.

When the community-based proximity option is not used, the proximity request is handled by IGP proximity.

The BGP community-based proximity requires that the PSA has a BGP community string. PTAs that have the same BGP community string as the PSA are ranked as more preferred than PTAs that do not have the same BGP community string as the PSA. The association of PSA and PTA community attributes is configurable by specifying the target (PTA) community values to association with the location (PSA) community, and optionally assigning a preference level. For more information, see the

“Configuring the

BGP Community-based Proximity Settings” section on page 4-124 . For the remaining PTAs that have

different community strings, they are ranked by IGP proximity.

1-50

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

Best-Path Proximity

Note Best-Path proximity algorithm requires the configuration of the BGP proximity settings.

When the BGP best-path proximity option is enabled, the BGP best-path algorithm ranks each route included in the PTA based on the attribute values associated with each route.

Redirect Proximity

Note Redirect proximity algorithm requires the configuration of the SRP and the BGP proximity settings.

If the PSA is learned from another AS, the current Proximity Engine does not have the best knowledge to handle the request. In this case, if the BGP redirect proximity option is enabled, the Proximity Engine sends back a Redirect response to the Service Router. The Redirect response contains the list of

Proximity Engines that reside in the same AS as the PSA. The Service Router then sends the proximity request to one of these Proximity Engines.

Service Routing Protocol

The Service Routing Protocol (SRP) uses distributed hash table (DHT) technology to form a distributed network of Proximity Engines. SRP is highly scalable and resilient. SRP is implemented as an overlay network on top of IPv4 or IPv6 transport. Currently, only IPv4 is supported.

Note SRP is required if the Redirect proximity algorithm is enabled. SRP is used to gather and store information about all of the Proximity Engines that are available for redirection.

A DHT network is a logical network composed of Proximity Engines that have the same DHT domain.

Although DHT does not play any direct role in responding to the proximity service, it is the integral part of the Proximity Engine system that gathers and stores information about other Proximity Engines in the network to form a cohesive, resilient proximity service network.

Content Delivery System Manager

The Internet Streaming Content Delivery System Manager (CDSM) is a web browser-based user interface. The Internet Streaming CDSM allows the administrator to configure, manage, and monitor delivery services and devices in the Cisco Videoscape Distribution Suite, Internet Streamer (VDS-IS).

Application programming interfaces (APIs) are provided for backoffice integration with the Internet

Streaming CDSM.

Authentication, Authorization, and Accounting

The Internet Streaming CDSM uses HTTPS to secure the administrator’s session. Multiple users can perform administrative operations by using the Internet Streaming CDSM. The administrator can configure certain users to have either view-only rights for monitoring the VDS-IS, or full rights that allow configuration changes as well as monitoring capabilities.

User accounts and groups can be added to the Internet Streaming CDSM and given roles and rights for accessing configuration information. It is also possible to segregate and group objects and give access to a limited group of users.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-51

Chapter 1 Product Overview

Content Delivery System Architecture

User authentication can be configured to use RADIUS and TACACS+ servers when available, otherwise the Internet Streaming CDSM provides its own authentication server.

The VDS-IS wide policy and status information is maintained in a relational database on the Internet

Streaming CDSM. This information is propagated and synchronized with all devices in the VDS-IS network.

As part of the network management process, the administrator can perform basic administration operations on the Internet Streaming CDSM database, including backup and restore.

Device Management

The Internet Streaming CDSM sends device configuration changes to the selected device or group of devices once the change has been submitted. The device sends any configuration changes that were made locally to the CDSM, and also provides periodic status information.

Devices can be organized into user-defined device groups, which allow administrators to apply configuration changes and perform other group operations on multiple devices simultaneously. Because a device can belong to multiple device groups, this reduces the management overhead of the administrator. Device groups allow for a single instance of management thus eliminating the need to repeat the same step for each device.

The Internet Streaming CDSM also provides an automated workflow to apply software upgrades to the devices in a device group.

Higher Storage Utilization of VDS-IS

Storage across multiple Service Engines is virtually divided into buckets where each Service Engine serves only a subset of the total content. Both the local storage and RAM of the Service Engines can function as an aggregated distributed service, providing unlimited scalability. Linear scaling of the

VDS-IS storage is accomplished by adding more Service Engines to one location. This addresses the demands of the “Long Tail” use case relevant to the Service Engines. The Long Tail is the realization that the sum of many small markets is worth as much, if not more, than a few large markets. Long-tail distribution is the possibility that extremely infrequent occurrences in traffic are more likely than anticipated.

This higher storage utilization provides the following:

• Overall better system performance

Higher in-memory cache hit ratio

Deterministic resiliency in case of failures or overload due to very popular content (This is useful when customers have live, prefetched, and cached assets more than 4.5 terabytes of content on one

Service Engine.)

The content distribution is resilient and stateless. If the load of all content mapped to one Service Engine increases, the load is automatically spread to other Service Engines without requiring any administrator intervention.

Delivery Services Management

The Internet Streaming CDSM provides the configuration and monitoring of delivery services, which defines how content is ingested, stored, cached, and published. The Internet Streaming CDSM provides the Service Engines with information about the delivery services and which Service Engines are participating in the Delivery Service.

1-52

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 1 Product Overview

Content Delivery System Architecture

In addition to using the Internet Streaming CDSM to define delivery services, an XML file called a

Manifest file can be used to define a Delivery Service. The Manifest file and APIs serve as the basis for backoffice integration. For more information about the Manifest file, see the

“Manifest File” section on page 2-10

.

Resiliency and Redundancy

A VDS-IS that is designed with full redundancy and no single point of failure includes redundant

Internet Streaming CDSMs and Service Routers. The redundancy mechanisms for the Content Acquirer and Internet Streamer applications running on the Service Engines operate differently.

Content Acquirer Redundancy

In the event of a primary failure on the Content Acquirer, the failover mechanism supports the election of a backup Content Acquirer. A failover requires that both the primary and backup Content Acquirer be located in the root location of the Delivery Service.

Live Programs

If the Content Acquirer receives a live program as a multicast stream from the origin server, upon failure of the primary, the backup Content Acquirer assumes control of that program’s streaming and the program continues without interruption. This process is transparent to the end user. When the primary

Content Acquirer comes back online, it receives the live stream from the active secondary Content

Acquirer and does not fall back (regain its primary status) until the live program has finished or has been restarted.

If the Content Acquirer receives the program as a unicast stream from the origin server, the failover mechanism is not supported. If the primary Content Acquirer fails while a program is playing, the person viewing the program must re-request the program.

Internet Streamer Redundancy

If a Service Engine running the Internet Streamer application fails, the Service Router stops receiving keepalive messages from that Service Engine. When a new request comes in, the Service Router does not redirect the request to that Service Engine; instead, it redirects the request to other Service Engines within the same Delivery Service. All the existing sessions on the failed Service Engine terminate and the affected end users must re-request the content.

Service Router Redundancy

If the VDS-IS network is designed with multiple Service Routers, all Service Routers are aware of all

Service Engines in the VDS-IS. The DNS servers must be configured with multiple Service Routers and the failover is handled by the DNS servers.

Internet Streaming CDSM Redundancy

The Internet Streaming CDSM can operate in two different roles: primary and standby. The primary role is the default. There can only be one primary active in the VDS-IS network; however, you can have any number of Internet Streaming CDSMs operating in standby to provide redundancy and failover capability.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

1-53

Chapter 1 Product Overview

Content Delivery System Architecture

Primary and standby CDSMs must be running the same version of software. We recommend that the standby CDSM be upgraded first, followed by the primary CDSM.

The Internet Streaming CDSM design principle is that the management device is never in the service delivery path. When the CDSM fails, the rest of the VDS-IS continues to operate. A CDSM failure does not affect any services delivered to end users, and all content ingest continues. The only negative effect is that the administrator cannot change configurations or monitor the VDS-IS. As soon as a failure to connect to the CDSM is noticed, the administrator can activate the standby CDSM. For information on making the standby CDSM the primary CDSM, see the

“Changing a Standby CDSM to a Primary

CDSM” section on page 3-12 .

1-54

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

C H A P T E R

2

Network Design

Provisioning the Cisco Videoscape Distribution Suite, Internet Streamer (VDS-IS) consists of two stages:

• Register the devices to the Internet Streaming Content Delivery System Manager (CDSM) and define the network topology and device groups.

• Configure the delivery services that deliver content to the clients.

This chapter describes the details of the two stages of provisioning a VDS-IS network, how the metadata and the content flows through the VDS-IS, and the features that determine your network design.

VDS-IS Topology, page 2-1

Delivery Service, page 2-3

Content Replication Using a Multicast Cloud, page 2-12

Service Workflow, page 2-18

Programs, page 2-20

IPv6 Support for Client Interfaces, page 2-21

HTTPS Settings, page 2-25

Wholesale CDN, page 2-30

Note To achieve the best throughput, we recommend that you configure port channels for the Gigabit Ethernet

interfaces. For more information, see the “Configuring Port Channel” section on page K-6 .

VDS-IS Topology

In the VDS-IS topology, the Service Engines are grouped together into locations, such that a Location

Tree is a set of locations organized in the form of a tree. The Location Tree represents the network topology configuration that is based on parent-child relationships. The locations are well connected and have similar connectivity properties to the outside world. A location generally implies topological proximity. Each location can have a parent relationship and multiple child relationships, such that each location can have zero to one parent locations and zero to many child locations. These relationships guide how content flows among locations but does not restrict content flow in any direction.

Locations are also classified into tiers. Each tier consists of locations belonging to the same tier. All locations with no parents belong to Tier 1. All locations that are children of Tier 1 locations belong to

Tier 2.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-1

Chapter 2 Network Design

VDS-IS Topology

Figure 2-1

The VDS-IS topology can consist of one or more topological Location Trees. A VDS-IS network is limited by the maximum depth of four tiers.

Figure 2-1

illustrates two location trees, with the parent-child relationship of each location indicated by a solid line and each tier indicated by a dotted line.

Location Trees Example

San Francisco - Financial Concord

Tier 1

South San Francisco San Francisco - Mission Pleasant Hill Walnut Creek

Tier 2

Daly City San Mateo

San Francisco -

Bay View District

San Ramon

Tier 3

Half Moon Bay

Tier 4

The Location Trees define preferred distribution routes. The Tier 1 locations are located closest to the

Internet or backbone. Tier 1 locations can communicate with all other Tier 1 locations.

Note The VDS-IS does support clients that are behind a NAT device or firewall that have shared external IP addresses. In other words, there could be a firewall between the VDS-IS network and the client device.

However, the NAT device or firewall must support RTP/RTSP.

Device Groups

Device groups offer a way to group similar devices and configure all of the devices in a group at one time. Service Engines can be assigned to multiple device groups when the Device Group Overlap feature is enabled.

A device in a device group can have individual settings different from other devices in the group, and its settings can revert back to the group settings. The last configuration submitted for the device, whether group or individual, is the configuration the device uses.

In addition to group configuration and assignment, the CDSM allows the following:

Hiding configuration pages of a device group

Adding all newly activated devices to a device group

• Forcing device group settings onto all devices assigned to a group

A device can be assigned to a device group in one of two ways:

• From the Device Assignment page

From the Device Group Assignment page

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-2

Chapter 2 Network Design

Delivery Service

Baseline Groups

A baseline group is a special type of device group that denotes a group of devices for a particular service.

There are three baseline groups:

• Web Baseline Group—Used for web-based content

Video Baseline Group—Used for video content

Platform Baseline Group—Used for platform-specific configurations

A device group can be configured as a baseline group. A device can be assigned to a baseline group in the following three ways:

• From the Devices home page.

From the Device Assignment page.

From the Device Group Assignment page.

Delivery Service

A Delivery Service is a configuration that defines how content is acquired, distributed, and stored in advance of a client request (prefetch), and after a client request (cached). Content from a single origin server is mapped to a set of Service Engines by a Delivery Service. Content objects associated with a specific Delivery Service have a common domain name; in other words, the content in a specified

Delivery Service resides in a single location on an origin server. Each Delivery Service maps service routing domain names to origin servers one-to-one for Service Router DNS interception.

The CDSM is used to create the topology and configure the delivery services. All Service Engines and

Service Routers that register with the CDSM are populated with the topology and the information about the configured delivery services.

The designated Content Acquirer is the only role which is administratively defined in the CDSM, all other roles, based on the topology and Delivery Service subscription, are assumed by the Service

Engines automatically.

Both prefetched content and on-demand (dynamic and hybrid) content caching is supported. Different algorithms are used to elect the Service Engines for the various roles based on the type of content being distributed.

Content Acquirer

For each Delivery Service, there is only one Content Acquirer but multiple Service Engines. The location that has the Content Acquirer for a Delivery Service is called the root location . Other Service Engines in the root location that are assigned to the same Delivery Service can act as backup Content Acquirers if the configured Content Acquirer fails.

Note The locations can be virtual. For example, a location can consist of the enterprise data center and the backup data center. The SEs in both the data center and the backup data center can be backup Content

Acquirers for each other.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-3

Chapter 2 Network Design

Delivery Service

For Content Acquirer redundancy, a Delivery Service must have at least two SEs located in the root location. If the primary Content Acquirer fails or becomes overloaded, the SEs in the Delivery Service use the selected backup Content Acquirer (there could be several SEs assigned to the Delivery Service that are collocated at the root location).

Content Acquirer Selection for Prefetched Content

For prefetched content, the designated Content Acquirer always performs the content acquisition. Only in an event of a failure does another Service Engine in the same location assume the Content Acquirer role.

The selection algorithm runs in every Service Engine in the root location (also known as the Content

Acquirer location). The algorithm always runs in context of a Delivery Service; that is, only the Service

Engines subscribed to the same Delivery Service are considered in the selection.

Each Service Engine creates an ordered list of Service Engines belonging to the same location and subscribed to the same Delivery Service. In the root location, the designated Content Acquirer is always added as the first entry in the list.

At steady state when there are no failures, the designated Content Acquirer performs the content acquisition. Each Service Engine in the Delivery Service gets the content and metadata from the Content

Acquirer by way of forwarder Service Engines and receiver Service Engines. Every Service Engine polls its forwarder Service Engine periodically for content and metadata. For more information, see the

“Forwarder and Receiver Service Engines” section on page 2-5

.

In the event that the Content Acquirer fails, the periodic polls for metadata fail causing the Service

Engines to run the Content Acquirer election algorithm.

Each Service Engine creates the ordered list again. The list looks the same as the previous list, except that the Content Acquire which just failed is not considered in the election process. The Service Engine that appears second in the ordered list now assumes the role of the Content Acquirer.

Content Acquirer Selection for Dynamic or Hybrid Ingest

For on-demand content, which is dynamic or hybrid ingest, the designated Content Acquirer is only used to determine the location of where to acquire the content from the origin server directly. All of the

Service Engines in the root location are eligible to acquire the content. The Service Engine selected to acquire the content is based on a URL hash. Content acquisition and storage is spread across multiple

Service Engines.

The selection algorithm runs on every Service Engine in the root location (also known as the Content

Acquirer location). The algorithm always runs in context of a Delivery Service; that is, only Service

Engines subscribed to the same Delivery Service are considered in the selection.

Each Service Engine creates an ordered list of Service Engines belonging to the same location and subscribed to the same Delivery Service. This ordering is based on a index created by a URL hashing function. At steady state when there are no failures, the Service Engine that appears first in the list performs the content acquisition.

In addition to the URL-based list ordering, the health and the load of the Service Engines are also considered in the selection. Service Engines that do not have the applicable protocol engine enabled, failed Service Engines, and Service Engines with load thresholds exceeded are eliminated from the selection process. If a Service Engine is eliminated from the list, the next Service Engine in the ordered list is used to acquire the content.

2-4

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 2 Network Design

Delivery Service

Location Leader

All other locations (that is, non-root locations) in the Delivery Service have an SE designated as the location leader . The location leader is determined automatically by the CDSM. The other SEs act as backup location leaders in case the location leader fails. In the same location, different delivery services may have different SEs as their location leaders. The location leader gets the Delivery Service content from outside the location, while the other SEs in the location get the content from the location leader.

This reduces the distribution traffic on low-bandwidth links, because the SEs in the same location are likely to be on the same LAN.

Use the show distribution forwarder-list and show distribution location location-leader-preference commands to see the location leader for a Delivery Service.

Location Leader Selection for Prefetched Content

The location leader selection for prefetched content is based on the same algorithm that is used for the

Content Acquirer backup selection for prefetched content, except that the Service Engines are ordered based on an internal ID assigned at the time of registering to the CDSM. The first Service Engine in the list is selected. In the root location, the designated Content Acquirer is always the location leader.

Location Leader Selection for Live Streaming

For live streaming, the location leader selection is based on the program URL hash and the service availability. Each program within a Delivery Service could have different location leaders. Depending on the URL hash and the number of SEs in the location, some SEs could be acting as the location leader for more than one program.

Location Leader Selection for Dynamic or Hybrid Content

For on-demand content, which is dynamic ingest or hybrid ingest, the location leader selection is based on the same algorithm that is used for the Content Acquirer selection for on-demand content, with the algorithm repeated for each location. This mechanism helps distribute the load, improve cache hits, and reduces redundant content (which contributes to storage scalability). The location leader selection is very similar to how a location leader is selected for live streaming content.

Forwarder and Receiver Service Engines

Content distribution flows from the Content Acquirer to the receiver Service Engine (SE) by way of store and forward. A receiver SE does not just go directly to the Content Acquirer for content. Rather, it finds out who its upstream SE (the forwarder SE) is and pulls the content from that forwarder. The forwarder

SE in turn pulls the content from its own forwarder, which may be the Content Acquirer. All receiver

SEs store the content on disk after they get the content. Each receiver SE selects a forwarder SE.

The store-and-forward process causes content to flow through a distribution tree constructed specifically for this Delivery Service and with all receiver SEs in the Delivery Service as nodes on the tree. If an SE does not belong to the Delivery Service, it does not appear on the tree.

Both the metadata about the content and content itself flow through the distribution tree. This tree is constructed by using the dynamic routing of the Delivery Service and is often a subtree of the overall

VDS-IS topology.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-5

Delivery Service

Chapter 2 Network Design

Although the tree is global, the Delivery Service routing process is actually a per-SE local function that answers the question “who is my forwarder for this Delivery Service?”

The following criteria is used to select a forwarder:

• An SE is a forwarder for other SEs in its own location if it subscribes to the Delivery Service and it is the location leader for the Delivery Service.

• An SE in location A can be a forwarder for SEs from location B if the following occurs:

– It subscribes to the Delivery Service, location A is “closer” to the root location of the Delivery

Service than location B

– There is no other location between location A and location B that has a receiver SE of the

Delivery Service.

When selecting a forwarder from other locations, a receiver SE uses a hash algorithm seeded with its own unique SE ID (assigned by the CDSM), to spread the load of multiple receivers equally to all eligible forwarders.

Note A “location leader” is always a per-Delivery Service and per-location concept, while a “forwarder” is always a per-Delivery Service and per-SE concept.

A receiver SE finds its forwarder by examining the series of locations on the topology “toward” the root location, following the parent-child relationship as described in the

“VDS-IS Topology” section on page 2-1 .

1.

2.

First, find a forwarder within the SE's own location. The location leader should be the forwarder. If the location leader is down, use the backup location leader as the forwarder.

If none is found or if the SE thinks it is the location leader, look for a forwarder in the next location

“toward” the root location. If still none are found (for example, there is no SE at that location assigned to the Delivery Service or the potential ones are unreachable), then look further “toward” the root location, and so on. The recursion ends if a forwarder is found or the Content Acquirer's location is reached.

3.

4.

Multicast Forwarder: If the Delivery Service is marked “multicast enabled,” the Delivery Service searches for a multicast forwarder. If it fails to find any reachable multicast forwarder, it searches again, this time, looking for unicast forwarders.

Content Acquirer failover: If the SE is unable to find a live forwarder (for example, there is a network or machine outage), the SE has to retry later, unless it is in the root location for the Delivery

Service and is allowed to failover to the origin server directly and act as a backup Content Acquirer.

Note This process follows the search path provided by the overall topology that was configured for the

VDS-IS. Using the combination of the overall topology configuration and the assignment of SEs to delivery services, the VDS-IS gives the administrator a lot of control over the form of the distribution tree, and yet still automates most of the selection and failover process.

2-6

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 2 Network Design

Delivery Service

Persistent HTTP Connections

HTTP connections are maintained among the SEs in a Delivery Service and the origin server as long as the connection idle period does not exceed the keepalive timeout period of 30 seconds or the idle period does not exceed the timeout period set on the origin server, whichever is the shorter period.

Persistent HTTP connections in a Delivery Service work in the following way:

1.

Open new HTTP connection . The first time a request for cache-miss content is sent to an upstream device (SE or origin server), which is identified by the IP address of the device, a new HTTP connection is formed.

The Web Engine has 8 working threads, which are computing units. Each thread can have as many connections to as many upstream devices as required.

2.

3.

4.

5.

There are a maximum of 10 connections per upstream device (SE or origin server) that are persisted in the idle queue for reuse for each of the 8 working threads, which gives a total of 80 persistent connections.

Connection moved to idle queue . Once the content download is complete, the connection is moved to the idle queue.

Closing connections in idle queue . A 30-second keepalive timeout period is applied to each connection moved to the idle queue and if the idle time of a connection reaches the keepalive timeout period, it is closed. If a new request needs to be sent and there is a connection for the same server

(IP address) in the idle queue, the connection is moved to the main connection list and used for that request.

A working thread uses an existing connection if the connection is idle; otherwise, a new connection is opened.

Open and close non-persistent connection . If a request for cache-miss content needs to be sent and there are no idle connections for that upstream device, a new connection is created. If, after the request is served, there already exists 10 connections for the upstream device in the idle queue, the connection is terminated.

Close 50 percent of connections in idle queue.

If the origin server has a timeout period for HTTP connections, that is taken into consideration. The 30-second keepalive timeout is used for closing old HTTP connections. If the upstream SE or origin server has a shorter keepalive timeout period, that takes precedence over the downstream SEs 30-second keepalive timeout. If there are no keepalive timeout values set on the upstream devices (SEs or origin server), then every 30 seconds

50 percent of the persistent connections (maximum of 80 per origin server) are closed.

Network Partition

In the case of network partitions, there can be multiple Content Acquirers for a single Delivery Service, or multiple location leaders. There can be as many Content Acquirers as there are network partitions

(that have backup Content Acquirers) in the root location. Once the partition incident is over in the root location, the system recovers and there is only one Content Acquirer again. There can be as many location leaders as there are partitions (that have subscriber SEs) in any location. Once the partition incident is over, the system recovers from it and there is one location leader again.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-7

Chapter 2 Network Design

Delivery Service

Delivery Service Distribution Tree

Delivery Services form logical routes for content to travel from an origin server through the Content

Acquirer to all of the Service Engines in the Delivery Service. Logical routes for content distribution are based on the device location hierarchy or Location Tree.

The content distribution route follows the general tree structure of the Location Tree, where content is distributed from the root of the tree (Content Acquirer) to the branches (Service Engines associated with the Delivery Service). A Delivery Service distribution tree is constructed for each Delivery Service.

By excluding it from the Coverage Zone file, a Service Engine in a Delivery Service can be configured only to forward content and metadata, and not deliver the content to client devices.

Figure 2-2

shows an example of a Delivery Service distribution tree. The Service Engines participating in the Delivery Service are marked in red. Possible content and metadata routes are indicated by red lines. The actual route may differ among the participating Service Engines as determined by the Service

Router routing method.

Figure 2-2 Delivery Service Distribution Tree Example

Origin s erver

Sa n Fr a nci s co - Fin a nci a l

Content A qu irer

Concord

Tier 1

S o u th Sa n Fr a nci s co Sa n Fr a nci s co - Mi ss ion Ple asa nt Hill W a ln u t Creek

Tier 2

D a ly City Sa n M a teo

Sa n Fr a nci s co -

B a y View Di s trict

Sa n R a mon

Tier 3

H a lf Moon B a y

Tier 4

Types of Delivery Services

The Cisco VDS-IS supports two types of Delivery Services:

• Prefetch/caching Delivery Services

For prefetch Delivery Services, called content Delivery Services in the CDSM, content is forwarded from Service Engine to Service Engine through the Delivery Service distribution tree until all

Service Engines in the Delivery Service have received it. The Delivery Service distribution architecture provides unicast content replication using a hop-by-hop, store-and-forward methodology with the forwarder Service Engines systematically selected on the basis of the manually configured location hierarchy. For caching Delivery Services, the content need not be fully stored before forwarding.

2-8

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 2 Network Design

Delivery Service

• Live Delivery Service

The live Delivery Services are used to manage live stream splitting. The prefetch/caching Delivery

Services are used for prefetch ingest, dynamic ingest, and hybrid ingest.

Methods for Ingesting Content

There are two methods that can be used to configure a Delivery Service:

Specifying the content by using an externally hosted Manifest file.

Specifying the content by using the Internet Streaming CDSM.

The Internet Streaming CDSM provides a user-friendly interface for adding content and configuring crawl tasks. All entries are validated and a Manifest file is generated. The Internet Streaming CDSM offers the most frequently used parameters, a subset of the Manifest parameters. For a complete set of parameters, use a Manifest file.

The following sections describe the main building blocks of a Delivery Service:

Origin Servers, page 2-9

Manifest File, page 2-10

Content Acquirer, page 2-11

Internet Streamer, page 2-11

Origin Servers

Content is stored on origin servers. Each Delivery Service is configured with one content origin. The same origin server can be used by multiple live delivery services. However, only one prefetch/caching

Delivery Service is allowed per content origin. Each content origin is defined in the Internet Streaming

CDSM by the following:

• Origin server

• Service routing domain name

The origin server is defined by the domain name that points to the actual origin server. The origin server domain name is used to fetch content that resides outside the Delivery Service, and to request redirection in case of a failure. The origin server must support at least one of the following protocols for the VDS-IS to be able to ingest content:

HTTP

HTTPS

FTP

CIFS

• SMB

Content can also originate from a local file on the VDS-IS.

The service routing domain name is an FQDN and is used for content redirection. Each content that is ingested by the Manifest file is published using the service routing domain name. The service routing domain name configured for the content origin must also be configured in the DNS servers, so that all the client requests can be redirected to a Service Router for request mediation and redirection.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-9

Chapter 2 Network Design

Delivery Service

Proxy Server

When the Content Acquirer cannot directly access the origin server because the origin server is set up to allow access only by a specified proxy server, a proxy server can be configured. The proxy server is configured through the Internet Streaming CDSM for fetching the Manifest file, and through the

Manifest file for fetching the content. Proxy configurations made in the Manifest file take precedence over proxy configurations in the CLI.

Origin Server Failover

The Content Acquirer can failover to an alternate Origin server if the primary Origin server fails. The alternate Origin server is configured in the Services > Service Definition > Content Origins > Failover

Settings page in the CDSM GUI. The Content Acquirer detects Origin Server failure using timeout or other mechanisms. When an Origin Server failure is detected, an alarm is generated to CDSM. The alarm is cleared automatically after a configurable period of time. Meanwhile, the Content Acquirer switches to the secondary Origin Server seamlessly. When all of the Origin Server fails, a 504 response will be generated and sent to client. The operator then manually switches working server among primary OS and any alternate OS. Transaction logs are generated to log these events.

Manifest File

The Manifest file contains XML tags, subtags, and attributes used to define how content is ingested and delivered. Each Delivery Service has one Manifest file. The Manifest file can specify attributes for content playback and control. Attributes for specifying metadata only, without fetching the content, are supported. If special attributes are set, only the metadata and control information are propagated to the

Service Engines. The control data is used to control the playback of the content when it gets cached by dynamic ingest. The Manifest file format and details are described in

Appendix B, “Creating Manifest

Files.”

Crawling

For HTTP, HTTPS, FTP, SMB, or CIFS, a single item can be fetched by specifying a single URL in the

CDSM or Manifest file, or content can be fetched by using the crawler feature. The crawler feature methodically and automatically searches acceptable websites and makes a copy of the visited pages for later processing. The crawler starts with a list of URLs to visit, identifies every web link in the page, and adds every link to the list of URLs to visit. The process ends after one or more of the following conditions are met:

• Links have been followed to a specified depth.

3.

Maximum number of objects has been acquired.

Maximum content size has been acquired.

The crawler works as follows:

1.

The Content Acquirer requests the starting URL that was configured for the Delivery Service.

2.

The crawler parses the HTML at that URL for links to other files.

If links to other files are found, the files are requested.

4.

If those files are HTML files, they are also parsed for links to additional files.

In this manner, the Content Acquirer “crawls” through the origin server.

Note The crawler cannot parse JavaScript or VBScript to get the links, nor does it work with HTTP cookies.

2-10

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 2 Network Design

Delivery Service

A website that has indexing enabled and the default document feature disabled generates HTML that contains a directory listing whenever a directory URL is given. That HTML contains links to the files in that directory. This indexing feature makes it very easy for the crawler to get a full listing of all the content in that directory. The crawler searches the folders rather than parsing the HTML file; therefore, directory indexing must be enabled and the directory cannot contain index.html, default.html, or home.html files.

In FTP acquisition, the crawler crawls the folder hierarchy rather than parsing the HTML file. Content ingest from an SMB server for crawl jobs is similar to FTP ingest; that is, the crawler crawls the folder hierarchy rather than parsing the HTML file.

Content Acquirer

The Content Acquirer parses the Manifest file configured for the Delivery Service and generates the metadata. If the hybrid ingest attributes are not specified, the Content Acquirer ingests the content after generating the metadata. The Content Acquirer can be shared among many Delivery Services; in other words, the same Service Engine can perform the Content Acquirer role for another Delivery Service.

SMB Servers

The VDS-IS supports file acquisition from Windows file servers with shared folders and UNIX servers running the SMB protocol. The Content Acquirer first mounts the share folder. This mount point then acts as the origin server from which the content is fetched. The Content Acquirer fetches the content and stores it locally.

Note With SMB, files greater than two gigabytes cannot be ingested.

HTTP Servers

The no-cache directive in an HTTP server response header tells the client that the content requested is not cacheable. When an HTTP server responds with a no-cache directive, the Content Acquirer behaves as follows:

• If the content to be ingested is specified in an <item> tag in the Manifest file, the Content Acquirer ignores the no-cache directive and fetches the content anyway.

• If the content to be acquired is specified in a <crawler> tag in the Manifest file, the Content Acquirer honors the directive and does not fetch the content.

Internet Streamer

The Internet Streamer application on the Service Engine participates in the Delivery Service by distributing content within the VDS-IS and delivering content to the clients. The Service Engines can be shared among other delivery services.

HTTP Download—Disabling

In some instances, for example when there are contractual obligations to prevent clients from downloading content, it may be necessary to disable HTTP downloads on a Delivery Service. When

HTTP download is disabled, the Web Engine returns a 403 forbidden message. For configuration information, see the

“Creating Delivery Service” section on page 5-1 .

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-11

Chapter 2 Network Design

Content Replication Using a Multicast Cloud

Content Replication Using a Multicast Cloud

The Multicast Cloud feature is a group of multicast-enabled SEs configured to communicate multicast session information with one another. The Multicast Cloud feature is described in the following sections:

Introduction to Multicast Cloud, page 2-12

Distributing Content Through Replication, page 2-13

Configuring Multicast Distribution, page 2-14

Multicast Forward Error Correction and Proactive Forward Error Correction, page 2-15

APIs for Multicast Cloud, page 2-18

Note The Multicast Cloud feature is supported in all releases starting with Release 3.1.1.

Introduction to Multicast Cloud

Content is forwarded (or replicated) either by unicast pull (transmission initiated by a client request for the content) or, if it is enabled, by multicast push (transmission initiated in accordance with a preconfigured program or schedule). Unicast content forwarding involves communication between a single sender and single receiver, whereas multicast replication involves communication between a single sender and a selected group of receivers.

Multicasting allows efficient distribution of content to multiple SEs and is useful when many end users are interested in the same content. VDS-IS software supports Pragmatic General Multicast (PGM)-based multicast replication, using either satellite or multicast-enabled terrestrial infrastructures. (PGM is a reliable multicast protocol that enables PGM receivers to report loss of data and request retransmission by the PGM sender.)

In VDS-IS software, the administrator configures the VDS-IS network for multicasting by configuring a Multicast Cloud in the CDSM GUI. The Multicast Cloud consists of one sender SE, an optional backup sender for multicast-to-multicast failover, and at least one receiver SE. All the SEs in one cloud share a unique advertising address, allowing them to communicate multicast session information. SEs that are assigned to the Multicast Cloud must be enabled for multicasting. The Multicast Cloud is then associated with one or more multicast-enabled delivery services. The multicast-enabled SEs assigned to the

Multicast Cloud are also assigned to the multicast-enabled Delivery Service.

The SEs that are receivers get their content from the multicast addresses associated with the cloud. The

Multicast Cloud is an overlay topology on the location-based distribution tree structure. The clouds can be chained by making a receiver of one cloud the sender of another cloud. For best performance, the SEs in a Multicast Cloud should all be able to receive data at about the same rate. The slowest receiver determines the rate at which the sender pushes the files.

When configuring the Multicast Cloud, the administrator specifies a range of addresses by entering a start IP address and an end IP address. Once a Multicast Cloud is configured, the multicast address range is used to provide each Delivery Service associated with it a unique data Delivery Service multicast address. When a Multicast Cloud is assigned to a Delivery Service, an unused IP address is automatically selected from this range to ensure that the address is used by only one Delivery Service and by only one

Multicast Cloud. Because different multicast clouds may be associated with the same Delivery Service, the multicast address used for each Delivery Service needs to be different in each Multicast Cloud.

2-12

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 2 Network Design

Content Replication Using a Multicast Cloud

Distributing Content Through Replication

After content is acquired from the Origin server by the Content Acquirer of a Delivery Service, it can be replicated through the Delivery Service either by unicast or multicast transmission.

The Delivery Service configuration offers content replication options:

Multicast and unicast (multicast with failover to unicast)

Multicast-only

Unicast-only

Unicast Replication

The basic Delivery Service distribution architecture provides for unicast content replication using a hop-by-hop, store-and-forward methodology with the forwarder SEs systematically selected on the basis of the manually configured location hierarchy.

To distribute content through unicast, the VDS-IS network automatically creates a unidirectional distribution tree for each Delivery Service. The root node of the tree is the Content Acquirer of the

Delivery Service, and each SE subscribed to the Delivery Service is a node on the tree.

For each node, its parent node is also called its forwarder SE. The algorithm for automatically designating the forwarder SE is called the channel routing algorithm.

Three general rules in the current channel routing algorithm are as follows:

1.

In each location for each Delivery Service, only one SE fetches content from another location for that Delivery Service. We call this SE the location leader of the Delivery Service. All other SEs in this location use the location leader as the forwarder for this Delivery Service. There can be only one location leader per Delivery Service per location. Note that within one location, different delivery services may have different location leaders.

The location leader is computed automatically by the channel routing algorithm.

Use the show distribution delivery-service command to see which SE is the current forwarder for a Delivery Service. The reason/status field in the command output shows why an SE is unable to find a forwarder. Use the show distribution forwarder-list command to see the forwarder selection order of an SE for a Delivery Service.

2.

3.

The location leader finds a subscribed SE from the closest location on the path toward the Content

Acquirer as its forwarder. If all of the potential forwarders in a parent location are down (or unreachable) the location leader skips to the next location level in the hierarchy (towards the Content

Acquirer location) to find a forwarder.

If the location leader SE fails for some time, another SE in the location takes over as the location leader. If the Content Acquirer fails, another SE in the location takes over as the temporary Content

Acquirer.

Multicast Replication

In multicast content distribution, the sender SE in a Multicast Cloud proactively pushes content into the cloud according to a preconfigured schedule.

The receiver SEs listen on the advertisement IP address for information on content to be replicated from the sender, and then the receiver SEs decide whether or not to accept an advertisement and receive the corresponding content.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-13

Chapter 2 Network Design

Content Replication Using a Multicast Cloud

Multicast and Unicast

Content metadata must be distributed to a receiver first before the content itself can be replicated.

Content metadata helps to define what content to retrieve, how content will be retrieved, how recently content has been updated, how content is to be pre-positioned (for example, expiration time), and so on.

Metadata is always distributed using unicast. Content, however, can be replicated using either multicast or unicast. A multicast receiver rejects the multicast sender’s advertisement of a file if the proper content metadata has not yet arrived.

Note When a Delivery Service is configured for multicast and unicast, the receiver SE uses unicast to download content only after all carousel passes have been exhausted and after the preconfigured multicast transmission fails. In a Multicast Cloud configuration that uses a backup sender, when the

Delivery Service is enabled for multicast and unicast, the failover to unicast occurs when the current active multicast sender has exhausted all of the carousel passes for the file. When there is multicast transmission error or if the receiver edge streamer fails to get the intended content via multicast then the edge streamer will fall back to unicast distribution only after all carousel passes have been exhausted.

If the administrator wants the SEs to fall back to unicast (for example, with a multi-tier unicast deployment using a terrestrial multicast medium), the Multicast Cloud should be configured for a low number of carousel passes (such as 1, 2, or 3).

Multicast Only

If only multicast replication is desired (for example, with a hub and spoke or star topology deployment using a satellite multicast medium), the Delivery Services should be configured as multicast-only, with a high number of carousel passes configured in the Multicast Cloud (such as 10 or more).

When a Delivery Service is configured to be multicast only (that is, when the delivery services are associated with a Multicast Cloud and the subscribing receiver SE has multicast service enabled), content replication takes place only through multicasting. No retransmission takes place in unicast at all.

This prevents background unicast polls from happening and taking up bandwidth. However, if an SE in the multicast-only Delivery Service is not enabled for multicasting, it can continue to request all of the content from a multicast-only Delivery Service through unicasting.

Note When the Delivery service is configured as Multicast Only, unicast distribution will not happen if either the multicast network connectivity fails in network or if the sender process fails in sender.

The unicast distribution happens only if the multicast receiver process has failed or the receiver process is explicitly disabled by the administrator.

Configuring Multicast Distribution

To configure the VDS-IS for multicast replication of content, the following tasks need to be performed:

1.

2.

3.

Enabling SEs for Multicasting, page 4-21

Creating Multicast Clouds, page 5-41

Assigning SEs to a Multicast Cloud, page 5-45

4.

Assigning Multicast Clouds to Delivery Services, page 5-47

2-14

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 2 Network Design

Content Replication Using a Multicast Cloud

5.

Assigning SE members of the Multicast Cloud to the Delivery Service ( Services > Service

Definition > Delivery Services > Assign Service Engines )

Multicast Logging Enhancements

The VDS-IS includes enhanced multicast logging to identify the receiver SE that is sending the retransmission requests (NACKs) and to identify why a file is scheduled for multicasting. These logging enhancements provide the following details:

Any NACKs that are received by the multicast sender SE are logged at the trace level in the dist-meta-sender error log on the multicast sender SE.

Any NACKs that are related to preparing a file for scheduling are logged in the transaction log.

• Any file that is scheduled for multicasting has the details about why it was scheduled for multicasting. You can obtain the details from the time-based queue or the priority-based queue.

Multicast Forward Error Correction and Proactive Forward Error Correction

Forward error correction (FEC) is a type of data encoding that protects transmissions against errors, without requiring retransmission. The FEC number denotes the number of packets that is encoded into one FEC transmission group. When the FEC number goes up, the transmission group becomes larger, so the multicast may be more error-resistant. However, there is more computational and bandwidth overhead on the multicast sender and receivers.

Starting with Release 3.2.3, VDS-IS supports assigning FEC value at Delivery Service level via Services

> Service Definition > Delivery Services > Assign Multicast Cloud page in CDSM GUI.

The FEC default value is 16. If the multicast sender device is a high-end SE model such as a CDE250, you can set this number higher to improve multicast reliability, especially when your network connectivity has a high uniform loss rate. However, we do not recommend that you set this number beyond 64 because it may place too much of a load on all of the receiver SEs.

Starting with Release 3.3.1, VDS-IS supports to configure the FEC proactive parity size, and the FEC proactive delay in the Multicast Cloud configuration and when assigning a Delivery Service to a

Multicast Cloud. See the “Creating Multicast Clouds” section on page 5-41 for more information.

Proactive FEC is the number of extra packets that the multicast sender proactively sends out for every

FEC number of data packets. The proactive FEC default value is 0. You can set it higher for better multicast reliability; for example, 2 proactive packets for every 16 FEC packets, at the expense of 12.5 percent traffic overhead (2 divided by 16).

Proactive FEC is an additional reliability measure above and beyond that of normal FEC. Although normal FEC does not incur bandwidth overhead, proactive FEC does. Proactive FEC primarily protects the multicast from uniform losses. For example, if the network has a uniform loss rate of 15 percent, then a proactive FEC of 2 extra packets for every 16 FEC packets (a 12.5 percent bandwidth overhead) cuts the effective loss rate down to 2.5 percent. Most network losses are not completely uniform. Still, during bursts, proactive FEC similarly undercuts the effective burst loss rate. For example, if the burst loss rate is 20 percent while the average loss rate is 2 percent, with proactive FEC at 12.5 percent, the receiver

SEs experience a burst loss rate of 7.5 percent and an average loss rate near 0 percent.

Configuring PGM and File Transmission Parameters Using Multicast Expert Mode

PGM is a reliable multicast protocol defined in IETF RFC 3208. It is designed for applications that require ordered or unordered, duplicate-free, multicast data delivery from multiple sources to multiple receivers. Support for reliable multicasting and file transmission is provided by the

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-15

Chapter 2 Network Design

Content Replication Using a Multicast Cloud

TIBCOSmartPGM FX tool set, which is integrated with the Cisco VDS-IS software. You can configure some PGM and file transmission (FX) parameters through the CDSM GUI, such as the advertisement IP address, multicast-out bandwidth, TTL, FEC transmission group, and so forth.

In some cases, expert users might want to change other PGM and FX parameters to make the multicast file transfer more robust and efficient for their multicast environment. The VDS-IS allows you to change the configuration parameters of the TIBCOSmartPGM FX configuration file manually by using multicast expert mode on the SE.

Caution We do not recommend that you change the TIBCOSmartPGM FX configuration file unless you are an expert in PGM multicasting and know how to adjust the configuration parameters.

The VDS-IS software contains default TIBCOSmartPGM FX configuration files for multicast sender and receiver SEs. The multicast sender and receiver SEs determine the medium (terrestrial or satellite) being used for the multicast by checking the configuration of the Multicast Cloud, then they read the configuration parameter values from the PGM configuration file that corresponds to the medium.

The VDS-IS software uses the following default TIBCOSmartPGM FX configuration files:

• fxd.conf.src

• fxd.conf.rcv

The SE stores sample versions of the default TIBCOSmartPGM FX configuration files in the

/local/local1/multicast-expert-config/ directory for reference. You can modify one of these sample configuration files, and save it with the default filename. The modified configuration file becomes effective after the SE is restarted.

SEs contain the following sample configuration files:

• fxdSatellite.conf.src.sample—Use for a sender SE in a satellite network

• fxdSatellite.conf.rcv.sample—Use for a receiver SE in a satellite network fxdTerra.conf.src.sample—Use for a sender SE in a terrestrial network

• fxdTerra.conf.rcv.sample—Use for a receiver SE in a terrestrial network

To change the configuration parameters of a default TIBCOSmartPGM FX configuration file, follow these steps:

Step 1

Step 2

Step 3

Log in to the multicast sender SE using FTP. a.

b.

c.

d.

From a PC running Windows, choose Start > Run .

In the Open field, enter ftp ipaddress , using the IP address of the multicast sender or receiver SE.

At the User prompt, enter your administrator-level username.

At the password prompt, enter your password. The FTP prompt (ftp>) appears.

At the FTP prompt, open the multicast-expert-config directory: ftp> cd multicast-expert-config

250 CWD command is successful.

ftp>

List the sample configuration files in the directory: ftp> ls

200 PORT command successful.

150 Opening ASCII mode data connection for file list.

fxdSatellite.conf.rcv.sample

2-16

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 2 Network Design

Content Replication Using a Multicast Cloud

Step 4

Step 5 fxdSatellite.conf.src.sample

fxdTerra.conf.rcv.sample

fxdTerra.conf.src.sample

226 Transfer complete.

ftp: 297 bytes received in 0.01Seconds 29.70Kbytes/sec.

Determine which sample file you want to retrieve, based on whether you are configuring the multicast sender or the receiver and whether your network is using terrestrial or satellite media transmission.

Return to binary mode from ASCII mode: ftp> bin

200 Type set to I.

Copy the configuration file to your desktop: ftp> get fxdSatellite.conf.rcv.sample

200 PORT command successful.

Opening BINARY mode data connection for fxdSatellite.conf.rcv.sample (5607 bytes).

226 Transfer complete.

ftp: 5607 bytes received in 0.00Seconds 5607000.00Kbytes/sec.

ftp>

Step 6 End the FTP session: ftp> quit

Step 7

Step 8

Step 9

Step 10

Locate the configuration file on your PC and open it using any text editor.

Edit the sample configuration file.

Save the file using Save As , and give it the same name as the default configuration file that you want to replace. For example, save the file named fxdSatellite.conf.rcv.sample as fxd.conf.rcv.

Transfer the file back to the multicast sender or receiver SE multicast-expert-config directory. a.

Log in to the SE using FTP.

b.

c.

d.

Open the multicast-expert-config directory.

Enter binary mode.

Transfer the file into the directory. For example:

C:\> ftp 128.19.220.79

Connected to 128.19.220.79.

220 SERVICEENGING FTP server (Version wu-2.7.0(2) Tue Sep 7 17:20:20 P

DT 2004) ready.

User (128.19.220.79:(none)): admin

331 Password required for admin.

Password:

230 User admin logged in. Access restrictions apply.

ftp> cd multicast-expert-config

250 CWD command successful.

ftp> bin

200 Type set to I.

ftp> put fxd.conf.rcv

200 PORT command successful.

150 Opening BINARY mode data connection for fxd.conf.src.

226 Transfer complete.

ftp:5607 bytes sent in 0.01Seconds 560.70Kbytes/sec.

ftp> quit

Step 11 Restart the multicast sender or receiver SE for the new configuration to take effect.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-17

Chapter 2 Network Design

Service Workflow

APIs for Multicast Cloud

The following APIs have been modified or added to support the configuration and monitoring of the

Multicast Cloud feature:

• Multicast Cloud—MCastApiServlet API has been added with create, modify, and delete actions, as well as assign and unassign receiver SEs, and assign and unassign the Multicast Cloud to a Delivery

Service

Delivery Service—ChannelApiServlet API createDeliveryService and modifyDeliveryService actions have been modified with the ability to enable multicast for the Delivery Service

Service Engine— CeApiServlet API seMulticast action has been added to enable an SE as a multicast sender and multicast receiver.

For more information, see the Cisco Videoscape Distribution Suite, Internet Streamer 4.2.1 API Guide .

Service Workflow

What follows is a description of the workflow of a Delivery Service.

Table 2-1

shows sample values for the Delivery Service workflow described in

Figure 2-3

. The Delivery Service workflow is described in

detail following Figure 2-3

.

Table 2-1 Delivery Service Parameters Example

Parameter

Type

Value

Caching/Prefetch

Origin Server www.ivs-internal.com

Service Routing Domain Name cr-ivs.videonet.com

Delivery Service Contents http://www.ivs-internal.com/video/wmv-152 http://www.ivs-internal.com/video/wmv-92 http://www.ivs-internal.com/video/wmv-212 http://ww.ivs-internal.com/video/wmv-59 type=“cache” http://www.ivs.internal.com/video/wmv-6 type=”cache”

2-18

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 2 Network Design

Figure 2-3 Delivery Service Workflow Diagram

Service Workflow

1.

2.

3.

4.

The topology is propagated to all of the devices registered and activated in the Internet Streaming

CDSM. The Delivery Service configuration is propagated to all of the Service Engines subscribed to the Delivery Service. The Manifest file information is sent to the Content Acquirer for the

Delivery Service.

The Content Acquirer parses the Manifest file and generates the metadata. All content listed in the

Manifest file, except for non-cache content types, is fetched.

The Content Acquirer propagates the metadata to all other Service Engines.

The Service Engines receive the metadata and associated prefetched content. The Service Engines do not prefetch content that is “wmt-live” or “cache” types. The “wmt-live” type corresponds to the

Windows Media live streaming and the “cache” type corresponds to the hybrid ingest content.

5.

The client request for a URL first performs a DNS resolution. The Service Router is configured as the authoritative DNS server for the hosted, or service routing, domain. The URLs that are published to the users have the service routing domain names as the prefix.

The Service Router resolves the service routing domain name to its own IP address.

6.

7.

The client sends the request to the Service Router and the Service Router uses its routing method to determine the best Service Engine to stream the requested content.

The Service Router redirects the client to the best Service Engine.

8.

9.

The client sends the request to the Service Engine.

The following are the possible scenarios after the request reaches the Service Engine:

• Prefetched/Pinned Content

Flow 10, “Pre-ingested response.”

The content is prefetched using the URL: http://www.ivs-internal.com/video/wmv-152

The actual user request is: http://cr-video.videonet.com/video/wmv-152

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-19

Programs

Chapter 2 Network Design

The Service Engine processes the user request, and based on the metadata, determines the content was prefetched and pinned in its local storage. The Service Engine looks up the policies for the content and streams the content to the user.

Dynamic Ingest/Cached Content

Flows 10, 11, 12, “Non-ingested contents—Hierarchical cache resolution,” “Native Protocol

Response,” and “Dynamic ingest response.”

If the request for content is not specified in the Manifest file, dynamic ingest is used.

The user request is: http://cr-video.videonet.com/video/wmv-cached.wmv

The Service Engines in the Delivery Service form a hierarchy, pull the content into the VDS-IS, and cache it. The Service Engine streams the content to the user.

Hybrid Ingest/Metadata Only Content

(no content flow)

The request for content is specified in the Manifest file as “cache.”

The user request is: http://cr-video.videonet.com/video/wmv-59

The Service Engine fetches the content, similar to the dynamic ingest method, but the metadata attributes (for example, serveStartTime, serveStopTime) are honored by the Service Engines and the content is served only if the request falls within the defined time interval.

Programs

A program in the VDS-IS is defined as a scheduled live or rebroadcast event that streams content to client devices. The VDS-IS streams live or rebroadcast content by using the Movie Streamer, Windows Media

Streaming, or Flash Media Streaming engine.

Movie Streamer live and rebroadcast programs can have multiple tracks (1–3 tracks).

Live Programs

Live events are streamed from third-party encoders (such as Windows Media Encoder Version 9 or the

QuickTime encoder) or from streaming servers (such as Windows Media Server). The live stream is ingested by the Content Acquirer and transmitted to all Service Engines using either unicast or multicast.

The live stream is transmitted to end users by using either multicast or multicast/unicast live splitting.

The live stream is only available to end users during its scheduled times.

With live stream splitting, administrators do not have to create scheduled multicast events, because the

Service Engines automatically split the stream.

Unicast to multicast streaming is a solution similar to live stream splitting, except that in the final delivery segment the stream is converted to multicast to minimize the bandwidth demand on the VDS-IS network and to minimize the load on the Service Engines.

Each live program can have up to ten different playtimes scheduled. The program is broadcast from all

Service Engines simultaneously.

2-20

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 2 Network Design

IPv6 Support for Client Interfaces

Rebroadcasts

In a scheduled rebroadcast, prefetched content is scheduled to be streamed from the Service Engines using multicast. Content can only be selected from one Delivery Service. The Service Engines and device groups assigned to the Delivery Service are automatically selected when the content files are chosen for the program.

API Program File

Programs can be defined through the Internet Streaming CDSM or through an API. Programs created through APIs are based on a program file. A program file is an XML file that resides on an external server and contains the elements that define the schedule, content, and presentation parameters. The Internet

Streaming CDSM gets the program file, parses it, and saves the program file to the database. The program is automatically updated at intervals by refetching the program file and reparsing it. RTSP is the only protocol supported in the program file.

Programs created using an API can be viewed in the Internet Streaming CDSM as read-only, and modifications to the API programs can be accomplished through the API. The API program can also be edited using the Internet Streaming CDSM; however, the information about the API program file is deleted and the program can no longer be modified through the API. A third option is to copy the API program using the Copy Program feature.

For more information, see Appendix A, “Program Files in the VDS-IS Software,” in the Cisco

Videoscape Distribution Suite, Internet Streamer 4.2.1 API Guide .

IPv6 Support for Client Interfaces

IPv6 is implemented on the client interfaces for the Web Engine, the Windows Media Streaming Engine, the Authorization Server, and the Service Router. Movie Streamer does not support IPv6.

Note Starting with Release 3.3, Geo-Location Servers, DNS, Origin Servers, and NTP support both IPv6 and

IPv4 addresses.

Communication among the VDS-IS Internet Streamer devices, between the VDS-IS and the Origin server, and with the CDSM GUI still uses IPv4; these communications includes CMS, Service Router keepalive, live routing, cache routing, and acquisition and distribution of content.

Because the VDS-IS supports dual stack (IPv4 and IPv6) for client interfaces, both IPv4 clients, IPv6 clients, and dual-stack clients can interact with the Internet Streamer.

The following rules apply to configuring IP addresses:

For VDS-IS IPv6 support, manually configured IPv6 addresses are only used to communicate with the clients. Unique local IPv6 address and global IPv6 address can be configured for each interface.

Unique local IPv6 address and global IPv6 address can be configured for each interface.

• Multiple IPv6 and IPv4 addresses can be assigned to each network interface.

An interface on a VDS-IS device (SE or SR) can learn auto-configured IPv6 addresses by way of stateless address autoconfiguration (SLAAC) from the default gateway interface.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-21

Chapter 2 Network Design

IPv6 Support for Client Interfaces

Note When the default gateway interface IPv6 address is changed or removed, the associated interface on the

VDS-IS device must be manually shut down and then brought back up, which is done by the shutdown command followed by the no shutdown command. This process removes the stale auto-configured IPv6 address and is required when the IPv6 addresses are changed or removed on the default gateway interfaces that connect to VDS-IS devices.

We recommend restarting the device if IPv6 is enabled or disabled as the safest method. Restarting

(reloading) the device ensures that all of the processes are restarted and the kernel is functioning appropriately.

Note If the streaming interface configuration is changed (addition, deletion, modification), the Web Engine is restarted; therefore, we recommend offloading the SE before changing the streaming interface configuration.

Note The following are not supported for IPv6 addresses:

IP Security (IPSec) implementation

DHCP configuration

Flash Media Streaming

Movie Streamer

Proximity-based routing

Last-resort redirection

Logical Interfaces

For the Service Engine, the logical interface configured as a primary interface must have an IPv4 address, because the intra VDS-IS device communication is only through IPv4. If the logical interface is configured as both a primary and a streaming interface, it must have both IPv4 and IPv6 addresses assigned, to serve IPv4 and IPv6, or dual stack clients.

Note Whenever the IP address of the primary interface is changed, the DNS server needs to be restarted.

For the Service Router, the primary interface must be configured with IPv4 and IPv6 address to server

IPv4 and IPv6 dual-stack clients.

ICMP6, MLD, and Neighbor Discovery Messages

The following Internet Control Message Protocol version 6 (ICMPv6) messages are supported:

• ICMPv6 error messages

Destination unreachable message

Packet too big message

Time exceeded message

Parameter problem message

2-22

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 2 Network Design

IPv6 Support for Client Interfaces

• Echo request message

• Echo reply message

The following Neighbor Discovery for IPv6 are supported:

Router solicitation

Router advertisement

Neighbor solicitation

Neighbor advertisement

Redirect message

DNS Configuration

The IPv6 address name server must be configured by using the IPv6 name-server ip-address command.

Note The Service Router acts as the authoritative DNS server, and supports IPv6 DNS extensions.

If an IPv6 address is configured on the Service Router for DNS, the communication between the Service

Router and the DNS server is over the IPv6 transport. The IPv4 address of the Service Router must be configured in the DNS server, so that the Service Router can respond to both A and AAAA queries. In this case, the communication between the DNS Server and the Service Router is over IPv4 transport.

QoS

VDS-IS supports DSCP marking for QoS of outbound IPv4 or IPv6 traffic. The IPv4 header field is the

Type of Service (ToS) or differentiated services code point (DCSP) value. The IPv6 header field is the

Traffic Class (TCLASS).

ACL Setting

Access control lists (ACLs) for IPv6 are separate from IPv4, and use the Devices > Devices > General

Settings > Network > IPv6 ACL page. An ACL permit or deny policy for IPv6 traffic is based on source and destination IPv6 address, plus other IPv6 protocol factors, such as TCP, UDP, ICMPv6, and GRE, or a specific port number. There are two groups for IPv6 ACLs: Standard ACL and Extended ACL.

Service Router

Communication between the Service Engine and Service Router is through the IPv4 stack, including the keepalive message. If IPv6 is enabled, then the keepalive message includes the IPv6 address of the SE in the keepalive message payload. This enables the Service Router to resolve the SE’s IPv6 address correctly.

The Service Router operates as a DNS Server for the requests that belong to the Delivery Service to which the SR is associated. The Service Router is provisioned to respond to A or AAAA queries for the configured Service Routing Domain Name (RFQDN). The query can be on either an IPv4 or IPv6 transport.

The Service Router accepts the HTTP, RTSP, and RTMP requests and sends back the response by way of the IPv6 transport. The Service Router also supports the IP-based redirection, and includes the IPv6 address of the SE in the redirect URL. If the redirect URL has the SE host name, the client sends a DNS query to the Service Router, and the Service Router responds with the SE’s IPv4 address for the A query and the SE’s IPv6 address for the AAAA query.

The Coverage Zone file supports IPv6 and IPv4 addresses. The network and subnetwork addresses in the

Coverage Zone file support CIDR format (IP address with a prefix).

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-23

Chapter 2 Network Design

IPv6 Support for Client Interfaces

Note Starting with Release 3.3, Geo-Location Servers, DNS, Origin Servers, and NTP support both IPv6 and

IPv4 addresses.

Authorization Server

The Authorization Server supports the following policies:

• IP address-based

Geographic location-based

Service rules-based

The Geo/IP file contains information on the allowed client IP addresses and geographic locations, and denied client IP addresses and geographic locations. The Authorization Server blocks client requests based on the Geo/Ip file uploaded for the Delivery Service. For IP address-based authorization, the

Geo/Ip file supports both IPv4 and IPv6 addresses.

For geographic location-based authorization, the SE communicates with the Geo-Location server, which maps IP addresses to geographic locations. The Geo-Location server, which is the same Geo-Location sever used for location-based routing on the Service Router, identifies the geographic location of a client request by the country, state, and city of the client.

Note Starting with Release 3.3, Geo-Location Servers, DNS, Origin Servers, and NTP support both IPv6 and

IPv4 addresses.

Service Rules

For the Web Engine and Flash Media Streaming, Service Rules are configured by creating a Service Rule

XML file and uploading it for the Delivery Service. The SrcIp pattern type supports both IPv4 and IPv6 addresses.

For Windows Media Streaming and Movie Streamer, Service Rules are configured on a per-device basis, either through the CDSM GUI or through the CLI. The src-IPv6 pattern-list is used to configure IPv6 source patterns for Windows Media Streaming, and src-ip pattern-list is used to configure IPv4 source patterns for Windows Media Streaming and Movie Streamer.

Note Movie Streamer does not support IPv6 addresses.

Windows Media Streaming Multicast

Windows Media Streaming multicast support provides a multicast service to distribute media efficiently to multiple clients using IP multicast. Before a client can tune into a channel and listen to or watch a stream, a multicast station has to be set up first. For IPv6 clients, the Windows Media Streaming multicast station should also multicast on an IPv6 multicast IP address. This requires that an IPv6 multicast IP address be configured for the live or rebroadcast program in the Services > Live Video >

Live Programs > Live Streaming page for live programs and the Services > Live Video > Live

Programs > Streaming page for rebroadcast programs.

The client fetches an NSC file to get the multicast IP address and port information. For IPv4 and IPv6 clients, Windows Media Streaming must generate two different NSC files. When Windows Media

Streaming receives the request, the client type (IPv4 or IPv6) is detected and the corresponding NSC file is sent in the response.

2-24

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 2 Network Design

HTTPS Settings

HTTPS Settings

The HTTPS Settings feature provides Delivery Service based HTTPS support for incoming requests to the SE and outgoing requests to the Origin server. The CDSM GUI offers the ability to enable HTTPS or HTTP for streaming to clients as well as ingesting from the Origin server for each Delivery Service.

When the HTTPS feature is enabled, the inter-SE communication continues to use HTTP.

Note HTTPS support for user equipment (UE) sessions is not supported by the Service Router, so the Service

Router cannot be used to load-balance HTTPS sessions. DNS-based redirection must be used to redirect client requests.

DNS-based redirection means that service-aware routing and content-based routing cannot be used. For more information about DNS-based redirection, see the

“DNS-Based Redirection” section on page 1-36 .

The HTTPS feature supports SSL 3.0 and TLS 1.0 protocols to tunnel HTTP.

Note Starting with Release 3.3, the HTTPS performance. The openssl library is upgraded to use crypto hardware acceleration.The performance for a CDE250 box with single unique cache-hit test is improved.

For the CDE machine only the CDE250 has AES-NI and the information to enable it in BIOS by hand or automatically by script.

For UCS bare metal and Virtual Machine (VM) has AES-NI support.

Starting with Release 3.3, the Generic Session Tracking and Logging supports HTTPS.

Certificates

A certificate is installed if the SE is associated with a Delivery Service and the HTTPS settings is enabled.

Starting with Release 3.3, the SEs validate certificate of client. The client sends a certificate only when the Mutual Authentication is enabled. By default Mutual Authentication is disabled.

Also, starting with Release 3.3, the Certificate Revocation List (CRL) is supported. For more information about configuring the CRL certificates, see the

“Uploading a CRL File” section on page 6-21

.

Certificate Authority’s (CA’s) root certificates are expected to be available to all clients initiating HTTPS communication; most browsers are installed with well-known CA root certificates. Trusted CA certificates are expected to be provided for the purpose of Origin server certification validation.

VDS-IS does not support certificate enrollment (SCEP) nor certificate status verification (OCSP). The

Internet service provider or third-party service provides enrolled certificates and installs them through the CDSM.

Note A single subject alternative name (SAN) certificate is installed for all delivery services in the VDS-IS.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-25

HTTPS Settings

Chapter 2 Network Design

RSA Key Pair

An RSA key pair (public, private) is generated and used for certificate signing requests (CSRs). The private key cannot be encrypted.

Certificate and Key Pair Uploads to CDSM

The System > Configuration > HTTPS Settings pages are used for uploading certificate files and key files.

Updating Certificates

When a new HTTPS Delivery Service is added or the Service Router domain name is changed on an existing HTTPS Delivery Service, the certificate and key file must be updated. This requires that new certificate and key files are uploaded to the CDSM and a schedule is created to notify the Web Engines associated with the affected HTTPS Delivery Service.

Note When the client sends a HTTPS connection to the Web Engine, and if the Service Router domain name is not matching the certificate's common name or ALT name, the connection will fail.

Traffic Separation for HTTPS

Prior to Release 3.0, port 443 was used for Acquisition and Distribution (A&D), all intra VDS-IS control, and management. With the introduction of the HTTPS feature, port 443 also needs to be used for streaming. It therefore becomes mandatory to have separate interfaces, one for the primary and one for streaming is mandatory. The management interface, if configured separately, must not share the same interface with the streaming interface.

Note The HTTPS feature supports the Multiple Logical IP addresses feature for multiple IP addresses for the streaming interface and one IP address for the primary interface. However, combining the streaming interface and the primary interface on one physical interface is not supported in the HTTPS feature.

Primary Interface

The primary interface is mandatory on all VDS-IS devices and consists of one or more physical interfaces, out of which one is always designated as the primary interface. The primary interface on the

VDS-IS devices (SE, SR, and CDSM) is used for the following communication over port 443:

Communication among SEs

All intra VDS-IS control and data traffic

All prefetched traffic from the Origin server to the SEs by way of the location tree

All dynamic ingest and all cache miss traffic to the SEs by way of the location tree

Finding routes to an Origin server for the cache router module and live stream module

Keepalive information from the SEs to the SR

All management communication between the SEs and the CDSM, by default

Alternatively, a management IP address and port can be configured manually on the SEs and SRs that are used for all management communication to the CDSM. For redundancy, a port channel can be configured. Streaming traffic uses the primary interface, and management traffic between the SE or SR and CDSM use the manually configured IP address and port, and if configured, the port channel and static route created for it.

2-26

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 2 Network Design

HTTPS Settings

Note The Management Communication Port on the Device Activation page for an SE is hard-coded to port 443. The SR is not affected because the HTTPS feature does not support the SR. DNS-based redirection is the only routing redirection supported.

Note To make sure that the SE or SR is binding to the primary interface (or management IP address, if configured) as the source IP address when sending management traffic to the CDSM, create a static route from the SE or SR to the CDSM. To configure a static IPv4 route from the SE or SR, see the

“Configuring

Static Routes” section on page 4-85 . To configure a static IPv6 route from the SE or SR, see the

“Configuring Static IPv6 Routes” section on page 4-86 . Alternatively, you can use the

ip route command and IPv6 route command on the VDS-IS device.

On higher-end CDEs, the primary interface can be configured as one-Gigabit Ethernet interface bonded as a port channel. The primary interface configuration is read-only from the CDSM, but it can be modified via the CLI to other interfaces.

Note Whenever the IP address of the primary interface is changed, the DNS server needs to be restarted.

Management IP and Port

After a primary interface has been selected, all CDSM-SE communication is via that interface.

Optionally, a management IP address and port can also be specified for CDSM-SE communication and the primary interface would then be no longer be used. This interface can be disabled any time, in which case the primary interface is enabled for communication.

Streaming Interface

After a primary interface has been configured and the device is online, the SE is ready to serve streaming traffic. By default, the traffic is served by the primary interface. Optionally, one or more streaming interfaces can be configured on an SE, which designates that all client-facing traffic goes through the streaming interface. Effective client throughput can be measured as a sum of traffic on all streaming interfaces.

The SE streaming interfaces have the following properties:

• If the HTTPS feature is not enabled, the streaming interface is optional, and can have the same IP address as the primary interface.

The number of physical interfaces configured as streaming interfaces is not limited.

They can be configured as a port channel.

Multiple IP addresses in the same subnet can be configured for a streaming interface.

The same IP address can be used for both a primary interface and a streaming interface.

No intra CDN traffic goes through the streaming interface.

Streaming interfaces can also be a single interface or a port channel.

The CDSM, SR, and other SEs do not know the IP addresses of the streaming interfaces on the SE; they only know the primary interface IP address. When the SE sends the SR keepalive messages, it sends the streaming interface IP addresses as well, which the SR uses to redirect requests to.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-27

HTTPS Settings

Chapter 2 Network Design

HTTPS Enabled

To enable the HTTPS feature for a Delivery Service, the following configuration must exist:

• All SEs must have at least one streaming interface configured

Streaming interface must be a different IP address than the primary interface (or management interface if configured)

If a configured streaming interface needs to be reconfigured as a primary interface, the following command sequence must be followed to avoid a port 443 conflict and a failure to start the rpc_httpd process:

SE(config)# no streaming-interface GigabitEthernet 1/0

This box is configured to support HTTPS traffic delivery.

Deleting the only streaming interface configured will disable this functionality.

Do you want to continue? (Yes/No): yes

SE(config)# primary-interface GigabitEthernet 1/0

Note Before making configuration changes to the primary interface or management IP address on an SE, make sure that the CDSM is not performing updates to the SE, and there are no prefetching activities going on for the SE.

Note When the HTTPS feature is enabled, and configuration changes (addition, deletion, modification) are made to the streaming interfaces, the Web Engine is restarted; therefore, we recommend offloading the

SE before changing the streaming interface configuration.

Web Engine

By default, the Web Engine uses port 80 of the primary interface on the SE for serving HTTP clients and communicating with the Origin server.

If a streaming interface is configured on the SE, the Web Engine uses port 80 of the streaming interface for serving HTTP clients and communicating with the Origin server.

If HTTPS is enabled on an SE, the Web Engine uses port 443 of the streaming interface for serving

HTTPS clients.

Internally, the Web Engine on the SEs continue to use HTTP to communicate with each other.

Note If the HTTPS feature is disabled for a Delivery Service, the Web Engine on the SEs associated with that

Delivery Service continue to use port 443.

Configuring HTTPS

Configuring the HTTPS feature consists of the following procedures:

Uploading the Certificate and Key Files

Separating the HTTPS Traffic

Enabling HTTPS for a Delivery Service

Uploading the Certificate and Key Files

Uploading certificate and key files consists of the following pages:

2-28

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 2 Network Design

HTTPS Settings

Root CA File Registration —Upload or import the certificates for the Origin servers participating in HTTPS

CRL File Registration —Upload the Schedule the CRL for the Service Engine participating in

HTTPS

CRL File Scheduling —Schedule CRL file notification to the Web Engine on each SE that is participating in an HTTPS Delivery Service

HTTPS Certification Files Registration —Upload client certificate and key file for all SEs

HTTPS Certification File Scheduling —Schedule client certificate and key file notification to the

Web Engine on each SE that is participating in an HTTPS Delivery Service

The procedures involved in uploading certificate and key files consist of the following:

• Uploading or Importing a Root CA File

Uploading Client Certificate and Key Files

Scheduling Web Engine Notification of Client Certificate and Key Files

For more information, see the

“HTTPS Settings” section on page 6-18 .

Separating the HTTPS Traffic

To enable the HTTPS feature for a Delivery Service, all participating SEs must have at least one streaming interface configured and the streaming interface must be a different IP address than the primary interface (or management interface if configured).

Note Before making configuration changes to the primary interface or management IP address on an SE, make sure that the CDSM is not performing updates to the SE, and there are no prefetching activities going on for the SE.

When using the CLI to make configuration changes to the SE, it takes up to one data feed poll, which has a default of five minutes, for the CLI change to synchronize with the CDSM. Do not make any changes to the HTTPS setting, or SE assignment or device group assignment to the Delivery Service until the CDSM has been synchronized with the configuration change.

Note When the HTTPS feature is enabled, and configuration changes (addition, deletion, modification) are made to the streaming interfaces, the Web Engine is restarted automatically; therefore, we recommend offloading the SE before changing the streaming interface configuration.

To add a streaming interface to an SE, use the streaming-interface command. For more information, see the Cisco Videoscape Distribution Suite, Internet Streamer 4.2.1 Command Reference . For more information about separating traffic, see the

“Traffic Separation for HTTPS” section on page 2-26

.

Enabling HTTPS for a Delivery Service

To enable the HTTPS feature for a Delivery Service, all participating SEs must be configured with at least one streaming interface that has a different IP address than the primary interface (or management notifies if configured). For more information, see

Separating the HTTPS Traffic

.

To enable HTTPS for a Delivery Service, see the

“Creating Delivery Service” section on page 5-1 .

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-29

Chapter 2 Network Design

Wholesale CDN

API Support for HTTPS

API support is provided for the HTTPS feature through the following APIs:

• ChannelApiServlet—Add the OsProtocol and StreamingProtocol parameters

FileMgmtApiServlet—Add fileType setting of 26 for root certificate files

CertKeyFileMgmtApiServlet—New Certificate Key File Management API

Note All parameters, except actions, are case sensitive.

If the action parameter is missing or cannot be recognized, an error code and the API usage syntax is returned.

For more information, see the Cisco Vidoescape Distribution Suite, Internet Streamer 4.2.1 API Guide .

Wholesale CDN

The Wholesale CDN feature offers the ability to configure delivery services with quotas and send real-time information to the Content Delivery Network Manager (CDNM) for managing wholesale

(business-to-business) accounts.

The Wholesale CDN feature provides the following functions:

Session and Bandwidth Quotas per Delivery Service, page 2-30

Session and Bandwidth Quotas per Delivery Service Group, page 2-32

Cache Storage Priority per Delivery Service, page 2-33

Snapshot Counters, page 2-33

Real-Time Exporting of Transaction Logs for Billing and Analytic Reports, page 2-33

APIs for Wholesale CDN, page 2-34

Session and Bandwidth Quotas per Delivery Service

Setting session and bandwidth quotas per Delivery Service in the VDS-IS, and associating a Delivery

Service with a content provider (tenant) in the CDNM, provides the ability to manage multiple tenants with different session and bandwidth requirements in the CDNM.

The per-Delivery Service session quota limits the maximum number of concurrent sessions for that

Delivery Service. The per-Delivery Service bandwidth quota limits the maximum bandwidth used to deliver content to clients.

The Service Router (SR) enforces the maximum limits (session quota and bandwidth quota) and tracks usage on each Service Engine (SE). The usage data is aggregated across the Delivery Service. The SR makes session enforcement decisions upon receiving requests to load balance. If the request for content does not exceed the maximum limit (quota threshold), it is routed to the best SE in the Delivery Service.

If the request for content exceeds the maximum limit, the client receives an appropriate error response.

Note The session and bandwidth quotas do not reserve resources, nor do they guarantee service. The quotas only limit the maximum usage of a Delivery Service.

2-30

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 2 Network Design

Wholesale CDN

Release 3.1.0 only supports session and bandwidth quotas for Web Engine progressive download, Web

Engine adaptive bit rate (ABR), and Windows Media Streaming. Session and bandwidth quotas are not supported for Flash Media Streaming and Movie Streamer. The session and bandwidth quotas from Web

Engine and Windows Media Streaming are aggregated in SR that makes the enforcement decision and the decision enforces all of the requests including Flash Media Streaming and Movie Streamer.

Monitoring Session and Bandwidth Quotas

Information on quota allocation, usage, and denied sessions for each Delivery Service is sent to the

CDNM. The CDN operator can monitor changes to the used quotas based on threshold crossing and session management metrics.

The SR transaction log has new status codes for session and bandwidth quotas being exceeded. The show statistics service-router summary command has new counters under “Requests Not Redirected” for

“Session limit exceeded” and “Bandwidth limit exceeded.”

Alarms and SNMP Traps

Each SE in the Delivery Service maintains a session counter and a bandwidth counter. The counters are sent to the SR over the keepalive messages.

The SR aggregates per-Delivery Service session and bandwidth counters and generates alarms and

SNMP traps when session or bandwidth quotas are reached, and when augmented session or bandwidth quotas are reached. Clear alarms and corresponding SNMP traps are also sent when the quotas and augmented quotas return to normal. New incoming requests are still accepted if the quota threshold has been reached. New incoming requests are rejected if the augmented threshold has been reached. Both the quota thresholds and augmented quota thresholds are configurable per Delivery Service.

For both ABR and non-ABR sessions, the concurrent sessions counter is incremented when an end user request is received and a session is created on the SE, and decremented when the session is torn down.

For ABR sessions, the concurrent sessions counter increments on receiving a manifest file request or a segment (fragment) request and decrements on finishing serving a manifest response or fragment response.

The following major alarms are generated by the SR if the quota thresholds are exceeded:

DsSession—Session quota exceeded

DsAugmentedSession—Augmented session quota exceeded

DsBandwidth—Bandwidth quota exceeded

DsAugmentedBandwidth—Augmented bandwidth quota exceeded

The quota threshold alarms include the Delivery Service ID that triggered the alarm. Whenever one of these alarms is raised or cleared the associated SNMP trap is sent (cdsAlarmMajorRaised and cdsAlarmMajorCleared respectively).

The following new OIDs have been added to the CISCO_CDS_SERVICE-ROUTING-MIB:

• cdssrRequestsSessionExceeded—Counter of the number of 499 events (not enough sessions) cdssrRequestsBandwidthExceeded—Counter of the number of 453 events (not enough bandwidth)

Quota Reporting

Quota usage reporting is automatically sent whenever a session quota or a bandwidth quota is configured for a Delivery Service with a setting other than zero (zero means no limits are configured).

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-31

Wholesale CDN

Chapter 2 Network Design

To monitor the session counter and bandwidth counter when session quota and bandwidth quota are not configured, check the Force Quota Usage Reporting check box in the General Settings page for the

Delivery Service.

Configuring Session and Bandwidth Quotas

Configure session and bandwidth quotas on the Definition page for the Delivery Service.

Session and Bandwidth Quotas per Delivery Service Group

Starting with Release 4.1, the CDN provides the ability to set the session and bandwidth quotas per

Delivery Service Group in the VDS-IS. Associating a Delivery Service Group with a content provider

(tenant) in the CDNM, provides the ability to manage multiple tenants with different session and bandwidth requirements in the CDNM.

The per-Delivery Service Group session quota ensures that only one Delivery Service is assigned to one

Delivery Service Group. The per-Delivery Service Group bandwidth quota limits the maximum bandwidth used to deliver content to clients.

The Service Router (SR) enforces the maximum limits (session quota and bandwidth quota) and tracks usage on each Service Engine (SE). The usage data is aggregated across the Delivery Service Group. The

SR makes session enforcement decisions upon receiving requests to load balance. If the request for content does not exceed the maximum limit (quota threshold), it is routed to the best SE in the Delivery

Service. If the request for content exceeds the maximum limit, the client receives an appropriate error response.

Monitoring Session and Bandwidth Quotas

Information on quota allocation, usage, and denied sessions for each Delivery Service is sent to the

CDNM. The CDN operator can monitor changes to the used quotas based on threshold crossing and session management metrics.

The SR transaction log has new status codes for session and bandwidth quotas being exceeded. The show statistics service-router summary command has new counters under “Requests Not Redirected” for

“Session limit exceeded” and “Bandwidth limit exceeded.”

Alarms and SNMP Traps

Each SE in the Delivery Service Group maintains a session counter and a bandwidth counter. The counters are sent to the SR over the keepalive messages.

The SR aggregates per-Delivery Service Group session and bandwidth counters and generates alarms and SNMP traps when session or bandwidth quotas are reached, and when augmented session or bandwidth quotas are reached. Clear alarms and corresponding SNMP traps are also sent when the quotas and augmented quotas return to normal. New incoming requests are still accepted if the quota threshold has been reached. New incoming requests are rejected if the augmented threshold has been reached. Both the quota thresholds and augmented quota thresholds are configurable per Delivery

Service Group.

For both ABR and non-ABR sessions, the concurrent sessions counter is incremented when an end user request is received and a session is created on the SE, and decremented when the session is torn down.

For ABR sessions, the concurrent sessions counter increments on receiving a manifest file request or a segment (fragment) request and decrements on finishing serving a manifest response or fragment response.

2-32

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 2 Network Design

Wholesale CDN

The following major alarms are generated by the SR if the quota thresholds are exceeded:

DsgSession—Session Quota Exceeded Alarm

DsgAugSession —Augmented Session Quota Exceeded Alarm

DsgBandwidth—Bandwidth Quota Exceeded Alarm

DsgAugBandwidth—Augmented Bandwidth Quota Exceeded Alarm

The quota threshold alarms include the Delivery Service Group ID that triggered the alarm. Whenever one of these alarms is raised or cleared the associated SNMP trap is sent (cdsAlarmMajorRaised and cdsAlarmMajorCleared respectively).

The following new OIDs have been added to the CISCO_CDS_SERVICE-ROUTING-MIB:

• cdssrRequestsSessionExceeded—Counter of the number of 499 events (not enough sessions) cdssrRequestsBandwidthExceeded—Counter of the number of 453 events (not enough bandwidth)

Quota Reporting

Quota usage reporting is automatically sent whenever a session quota or a bandwidth quota is configured for a Delivery Service Group with a setting other than zero (zero means no limits are configured).

To monitor the session counter and bandwidth counter when session quota and bandwidth quota are not configured, check the Force Quota Usage Reporting check box in the General Settings page for the

Delivery Service.

Configuring Session and Bandwidth Quotas

Configure session and bandwidth quotas on the Definition page for the Delivery Service Group.

Cache Storage Priority per Delivery Service

Assigning a cache storage priority to a Delivery Service enables the CDN operator with multiple tenants to provide preference settings for keeping cached content for a Delivery Service. By default, the Content

Manager deletes cached content based on popularity (an algorithm involving the number of cache hits, the size of the content object, and the decay of the content object). The cache storage priority setting assigned to a Delivery Service influences the content popularity and thereby the content that is evicted.

To create cache storage prioirties and assign them to Delivery Services, see the “Creating Storage

Priority Classes” section on page 5-48 .

Snapshot Counters

The Snapshot Counter transaction logs for the SR and the SE record usage information per Delivery

Service and can be sent to the CDNM for analytic reporting and billing purposes. For more information,

see the “Snapshot Counter Transaction Logs” section on page 8-103

.

Real-Time Exporting of Transaction Logs for Billing and Analytic Reports

Transaction logs can be sent real-time from the SE and SR to the CDNM or other export server for use in analytic reports, summary billing records, and detailed transaction records on a per-Delivery Service basis. The SE and SR use the Splunk Universal Forwarder (UF) to push the transaction logs to the Splunk

Lightweight Forwarder (LWF) on the CDNM.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

2-33

Wholesale CDN

Chapter 2 Network Design

For more information, see the

“Real-Time Exporting of Transaction Logs for Billing and Analytic

Reports” section on page 8-105

.

APIs for Wholesale CDN

The following APIs have been modified or added to support the configuration and monitoring of the

Wholesale feature:

• Storage Priority Class—StoragePrioClassApiServlet API has been added with create, modify, and delete actions, and getStoragePrioClass action has been added to the ListApiServlet

• Quota Usage Reporting—New parameters have been added to the following actions of the

ChannelApiServlet:

– createDeliveryService

– modifyDeliveryService createDeliveryServiceGenSettings

– modifyDeliveryServiceGenSettings

For more information on the new added APIs for Delivery Service Group, see the Cisco Videoscape

Distribution Suite, Internet Streamer 4.2.1 API Guide .

2-34

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

C H A P T E R

3

Getting Started

This chapter discusses initial device configuration, logging into and navigating the Internet Streaming

Content Delivery System Manager (CDSM), and a typical Cisco Videoscape Distribution Suite, Internet

Streamer (VDS-IS) configuration workflow.

Initially Configuring the Devices, page 3-1

Logging In to the Internet Streaming CDSM, page 3-1

Activating and Synchronizing the Devices, page 3-3

Navigating the Internet Streaming CDSM, page 3-7

Configuring Primary and Standby CDSMs, page 3-11

Typical Configuration Workflow, page 3-13

Initially Configuring the Devices

You must initially configure the Content Delivery Engines (CDEs) before they can participate in the

VDS-IS network. The CDE that runs the Internet Streaming CDSM must be initialized first so that the

CDEs running the Service Engine (SE) and Service Router (SR) can register with it. For more information about initially configuring the CDEs, see the Cisco Content Delivery Engine

205/220/250/420 Hardware Installation Guide .

After you have initially configured your CDEs, you must activate the SEs and SRs and configure the

internal clocks by using the Internet Streaming CDSM. See the “Activating and Synchronizing the

Devices” section on page 3-3 for more information.

Logging In to the Internet Streaming CDSM

To log in to the Internet Streaming CDSM, follow these steps:

Step 1 Using your web browser, enter the IP address of your CDSM and port 8443.

Note VDS-IS supports Internet Explorer Version 6 or later, and Mozilla Firefox Version 3.6 or later.

For example, if the IP address of your CDSM is 192.168.0.236, enter: https://192.168.0.236:8443

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

3-1

Chapter 3 Getting Started

Logging In to the Internet Streaming CDSM

The Security Alert message is displayed.

Note If you are using Mozilla Firefox Version 3.6 or later as your web browser, you need to add the

CDSM IP address to the exception list. After entering the CDSM IP address with port 8443,

Firefox displays a Secure Connection Failed message with a link stating “Or you can add an exception.” Click this link, then click Add Exception . The Add Security Exception dialog box is displayed. Click Get Certificate , and then click Confirm Security Exception . The CDSM IP address is added to the exception list and you no longer receive the Secure Connection Failed message.

Note Sometimes the CDSM is not initially accessible from a web browser. If this occurs, you must disable and re-enable the Centralized Management System (CMS). log in to the CLI for the

CDSM, and enter the no cms enable command in global configuration mode followed by the cms enable command.

Step 2 Click Yes to accept the security certificate. The Login page is displayed (

Figure 3-1 ).

Figure 3-1 Internet Streaming CDSM Login Page

Step 3 Enter the username and password and click Login . The Internet Streaming CDSM home page is displayed.

The built-in username is admin and the initial password is default .

Caution You have only three attempts to log in successfully. The CDSM will be locked, if you fail to log in within three attempts.

Note The CDSM is locked for 30 minutes for a user, and is locked completely for an administrator.

3-2

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 3 Getting Started

Activating and Synchronizing the Devices

Note •

We strongly recommend that you change the built-in admin password as soon as possible. To do so, log in to the CLI of the CDSM device, and use the username admin password < password > global configuration command.

If the default username and password have been changed by another CDSM administrator, you need to get the new username and password.

If you log in as an administrator, you can see the last log in details along with the failed log in details (if any).

Starting with release 4.1, VDS-IS allows the administrator user can view the list of locked user accounts, and unlock a user. via the System > AAA > Locked Users page in the CDSM GUI. For more information on how to unlock a user, see

“Viewing Locked Users” section on page 6-7

.

Activating and Synchronizing the Devices

The VDS-IS administrator approves a device by making it active. This security feature prevents unauthorized devices from joining the VDS-IS.

Caution All devices must be synchronized with each other for the VDS-IS to function properly.

Synchronization ensures accurate timestamps in all of the logs and accuracy in caching decisions determined by If Modified Since (IMS) lookups. Using Network Time Protocol (NTP) to synchronize the devices in the VDS-IS is the best practice.

Note If the network is not configured with NTP, then every device in the VDS-IS must be configured with exactly the same time and time zone. We recommend that you use an NTP server for network synchronization.

Activating and Setting NTP for Each Device

Tip To navigate within the Internet Streaming CDSM, click one of the tabs (for example, Devices) and then one of the tab options (for example Locations).

Note From the Devices Table, you can activate all inactive devices by clicking the Activate All Inactive SEs icon. See the

“Activating All Inactive Service Engines” section on page 3-5 .

To activate and synchronize a Service Engine (SE) or Service Router (SR), follow these steps:

Step 1 From the Internet Streaming CDSM home page, choose Devices > Devices . The Devices page with the table is displayed (

Figure 3-2 ) listing all of the registered SEs and SRs.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

3-3

Activating and Synchronizing the Devices

Figure 3-2 Devices Table Page–Edit Device

Chapter 3 Getting Started

Step 2 Click the Edit icon next to the device name. The Devices home page is displayed.

Note If the device that you want to activate is not listed in the Devices Table, restart the CMS for that device by telneting to it and entering the no cms enable command followed by the cms enable command in global configuration mode.

Step 3 Click Activate in the Devices home page. The Location dialog box is displayed (

Figure 3-3

).

Figure 3-3 Devices Home Page—Location Dialog Box

Step 4 Create or choose a location. To activate an SE, you need to assign it to a location.

Because the standby CDSM is global to the VDS-IS network, it does not need to be assigned to a location.

You have the following options in creating or choosing a location: a.

If you have already created locations, you can choose a location from the Location drop-down list.

3-4

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 3 Getting Started

Activating and Synchronizing the Devices

Step 5

Step 6

Step 7

Step 8

Step 9 b.

To create a default location, which can be edited later, check the Create a New location check box.

A default location is created with the following name: <SE-name>-location . From the Parent of the

New Location drop-down list, choose a parent for this location.

For information about creating locations, see the

“Configuring Locations” section on page 4-1

.

Click Apply and Activate .

The Status of the device shows “pending” until the device is fully activated. This may take a few minutes.

To display the top-level Table of Contents, click Show All above the Contents pane.

From the left-panel menu, choose General Settings > Network > NTP . The NTP Settings page is displayed.

Check the Enable check box and enter the IP address or hostname of each NTP server. Use a space to separate each server.

Click Submit to save your settings.

The activation and NTP server settings must be completed for each SE, SR, and standby CDSM.

Tip For a quick way to get to other SEs, click the Display All Devices icon located to the left of the Expand

All button. This icon toggles between the Display All Devices and Menu icons.

For more detailed information about configuring locations, activating devices, and configuring NTP servers, see the following sections:

Configuring Locations, page 4-1

Activating a Service Engine, page 4-10

Configuring NTP, page 4-70

Activating All Inactive Service Engines

To activate all inactive SEs, follow these steps:

Step 1 From the CDSM home page, choose Device > Devices and click the Activate All Inactive SEs icon. See

Figure 3-4 .

Figure 3-4 Devices Table Page—Activate All Inactive Service Engines

The Location Choice page is displayed (

Figure 3-5 ).

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

3-5

Activating and Synchronizing the Devices

Figure 3-5 Location Choice Page

Chapter 3 Getting Started

Step 2

Step 3

In the Location Choice page, click either Select an Existing Location for All Inactive SEs or Create a New Location for Each Inactive SE .

If you are creating a new location, you can select a parent location, or leave the default of “none.”

Click Submit to save the settings.

The Status in the Devices Table for all of the inactive SEs shows “pending” until the devices have been fully activated.

Note All devices activated in this way need to have the NTP settings configured. See

Step 6 through

Step 9

in the

“Activating and Setting NTP for Each Device” section on page 3-3 .

3-6

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 3 Getting Started

Navigating the Internet Streaming CDSM

Navigating the Internet Streaming CDSM

Figure 3-6 shows the different elements of the Internet Streaming CDSM.

Figure 3-6 Internet Streaming CDSM User Interface

1 Left panel menu

2 Tab options

3 Tabs

4 Task bar

5 System Status bar

6 Page

7 Submit and Cancel buttons

8 Tools (Home, Help, and Logout)

The System Status bar, tabs, tab options, and tools are accessible from any page in the CDSM. The left panel menu changes depending on which tab and tab option you choose.

Devices, Services, and Other Tables

The Devices Table page shows all the devices registered in the CDSM. Figure 3-7

shows an example of the Devices Table page. A table is displayed for each of the following tab options:

• Devices (from Devices tab)

Device Groups (from Devices tab)

Locations (from Devices tab)

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

3-7

Navigating the Internet Streaming CDSM

Delivery Services (from Services tab)

Live Video (from Services tab)

Figure 3-7 Devices Table Page

Chapter 3 Getting Started

You can sort the information in the table by clicking any column title. The table can be sorted in ascending or descending order for each column. The task bar options provide other table manipulations, including filtering, refreshing the table, viewing all items, and printing.

The bottom of the table lists the page number and the total number of pages, as well as how many items are showing out of the total number of items.

The table defaults to listing ten rows. You can change the number of rows shown by clicking the Rows drop-down list.

To get more information on an item or to configure an item, click the Edit icon to the left of the item name. To create a new item, click the Create New icon in the task bar.

Devices Home Page

The Devices home page provides information about the device, as well as the ability to perform the following tasks:

• Activate the device

Update the device software

Assign the device to baseline groups

From the Devices home page you can access the delivery services and device groups the device is assigned to, by clicking the appropriate link. All delivery services, or device groups (depending on which link you clicked), configured in your VDS-IS are displayed. Through this page, you can assign the device to additional delivery services or device groups by clicking the icon next to the applicable delivery services or device groups and submitting your selection.

The Devices home page offers detailed bandwidth and bytes-served graphs with detailed reports for each.

3-8

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 3 Getting Started

Navigating the Internet Streaming CDSM

The left panel menu has two toggle buttons: Show Basic/Show All and Expand All/Collapse All.

• Show All Shows all of the menu items in the menu.

• Show Basic Shows only the Device home menu item.

• Expand All Shows every menu and submenu.

• Collapse All Shows only the top-level menu items.

Task Bar

The task bar displays information about the page that you are on and provides associated tasks. All task bar icons, as well as other icons, have labels that are displayed when hover your mouse cursor over the icon.

Any icon used in a procedure is referenced by the hover label; for example, Create New is the hover label for the following icon:

Table 3-1

describes the icons available in the CDSM.

Table 3-1 CDSM Icons

Icon Function

Activates all inactive Service Engines.

Displays the devices.

Displays the left-panel menu.

Deactivates the device.

Updates application statistics.

Forces the refresh of replication information or process content changes.

Goes back to the Replication Status page.

Forces full database update.

Forces settings on SEs in the group.

Forces the group settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

3-9

Navigating the Internet Streaming CDSM

Table 3-1

Icon

Chapter 3 Getting Started

CDSM Icons (continued)

Function

Views read-only items.

Creates a new item.

Edits an item.

Deletes an item.

Adds a content item for acquisition.

Deletes a selected item.

Manages between host and proxy servers for content acquisition.

Saves to disk.

Views complete URL (+) or view (-) partial URL that is used to acquire content.

Exports a table to a comma-separated value (CSV) file.

Creates a filtered table. Filter the table based on the field values.

Displays a graph.

Applies the default settings to the device.

Overrides the group settings on the device.

Views all table entries. Click this icon to view all entries after you have created a filtered table.

Refreshes the table.

Reboots the device.

Prints the current page.

Copies a program.

3-10

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 3 Getting Started

Table 3-1

Icon

Configuring Primary and Standby CDSMs

CDSM Icons (continued)

Function

Previews a program.

Assigns all items to the entity.

Removes all items from the entity.

Indicates that the current transaction was successfully completed.

Indicates that user input is invalid and that the transaction did not finish.

Configuring Primary and Standby CDSMs

The Internet Streaming CDSM can operate in two different roles: primary and standby. The primary role is the default. You can have only one primary CDSM active in your network; however, you can have any number of CDSMs operating in a standby role to provide redundancy and failover capacity. You must configure the primary CDSM first. See the Cisco Content Delivery Engine 205/220/250/420 Hardware

Installation Guide for information on configuring the primary CDSM.

Note The primary and standby CDSMs must be running the same version of software. You must upgrade your standby CDSM first, and then upgrade your primary CDSM.

If the primary CDSM is down, the devices (SE and SR) cannot send regular reports and events to it, so the data is sent to the standby CDSM. After the primary CDSM is online, the database on the standby

CDSM is synchronized with the database on the primary CDSM.

To configure a standby CDSM, follow these steps using the CLI:

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Follow the instructions for configuring a CDSM using the setup utility, except do not enter the IP address of the CDSM. The instructions can be found in the Cisco Content Delivery Engine 205/220/250/420

Hardware Installation Guide .

Configure the standby CDSM:

CDE(config)# cdsm role standby

Identify the IP address of the primary CDSM:

CDE(config)# cdsm ip 10.1.1.90

Start the Centralized Management System (CMS):

CDE(config)# cms enable

Save the configuration:

CDE# copy running-config startup-config

Activate the standby CDSM by using the web interface of the primary CDSM.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

3-11

Chapter 3 Getting Started

Configuring Primary and Standby CDSMs

The primary CDSM notifies all registered devices that a standby CDSM exists and sends each device the information it needs to contact the standby should the primary fail or become inactive.

Note You cannot log in to the web interface of the standby CDSM. Its function is to maintain an up-to-date copy of the primary’s database.

Changing a Standby CDSM to a Primary CDSM

Note If your primary CDSM is still operating, you must change its role to standby by executing the cdsm role standby command before following these steps. You can only have one primary CDSM operating at any given time.

To change the standby CDSM to become the primary, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

If your primary CDSM has failed, enter the following command:

CDE(config)# cdsm role primary

Save the configuration:

CDE# copy running-config startup-config

Restore the old primary CDSM, if possible:

When the old primary CDSM is restored, change its role to standby: cdsm role standby

Reconnect the old primary CDSM (now the standby CDSM) into the VDS-IS network.

Wait at least one polling interval to allow the data from the primary CDSM to be copied to the standby

CDSM.

Note During this period, do not make any configuration changes.

Step 7 When the new primary CDSM and the new standby CDSM have synchronized, you can change the roles of the CDSMs back to their original roles.

Note There can only be one primary CDSM in a VDS-IS at one time. If there are two primary CDSMs, both CDSMs are halted.

To do this, follow these steps: a.

Change the role of the primary CDSM to standby: cdsm role standby b.

Change the role of the standby CDSM to primary: cdsm role primary

3-12

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 3 Getting Started

Typical Configuration Workflow

Note If you have recently made configuration changes to the primary CDSM, wait at least the polling interval before changing roles to ensure that the standby has a record of the most recent configuration changes.

Recovering from two Primary CDSMs

If you did not change the primary CDSM to standby before you changed the standby CDSM to primary, you will have two primary CDSMs in your VDS-IS and both will be halted. To restore both CDSMs, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Make sure that the CDSM that is to be designated as the standby is in fact the standby by entering the cdsm role standby command.

Initiate the CMS on the standby CDSM by entering the cms enable command.

Make sure the CDSM that is to be designated as the primary is in fact the primary by entering the cdsm role primary command.

Initiate the CMS on the primary CDSM by entering the cms enable command.

Make sure that the standby CDSM is activated by using the web interface of the primary CDSM.

Typical Configuration Workflow

Once you have completed activating and configuring the NTP servers for all of the devices in the CDSM, you are ready to configure the VDS-IS for content delivery. For information about activating and configuring the NTP servers for a device, see the

“Activating and Setting NTP for Each Device” section on page 3-3

.

Table 3-2

lists the basic tasks for configuring the VDS-IS for content delivery, with references to the associated sections in each chapter.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

3-13

Chapter 3 Getting Started

Typical Configuration Workflow

Table 3-2 Configuration Workflow

Task

Change admin password

Description

Change the administrator password on each device, including the CDSM, and change the administrator password for the system

Where to Find More Information

Log in to the CLI for the device and use the username admin password

< password > global configuration command.

The password strength must be a combination of alphabetic characters, at least one number, at least one special character, and at least one uppercase character.

Configure

Dedicated

Management with

Redundant Port

Create Device

Groups

Configure RCP

Configure FTP

Configure Web

Engine

Configure

Windows Media

Engine

Configure Movie

Streamer

Configure Flash

Media Streaming

Create Coverage

Zone File

Import or Upload

Coverage Zone

File

Separate management traffic from application traffic, and configure a redundant port for management

Group like devices to speed up configuration

Configure Remote Copy Protocol

(RCP) to listen for requests on TCP port 514

Enable FTP services to listen for connection requests

For all SEs participating in delivering content

For all SEs participating in delivering

Windows Media content

For all SEs participating in delivering

MPEG or MOV content

For all SEs participating in delivering

Flash Media Streaming content

Map SEs to client service areas by IP address or geographic location

Apply Coverage Zone mappings to

VDS

To change the password for the CDSM

GUI and CLI, go to

“Creating, Editing, and Deleting Users,” page 6-2

“Configuring Port Channel,” page K-6

“Configuring Device Groups,” page 4-4

“Enabling RCP,” page 4-70

“Enabling FTP Services,” page 4-69

“Configuring Default and Maximum

Bandwidth,” page 4-39

Begins with “Configuring Windows

Media Streaming—General Settings,” page 4-43

“Configuring Movie Streamer—General

Settings,” page 4-46

“Configuring Flash Media

Streaming—General Settings,” page 4-48

Appendix C, “Creating Coverage Zone

Files,”

“Coverage Zone File Registration,” page 6-13

Configure Global

Routing Method

Configure Routing

Method

Configure Content

Origins

Set the Coverage Zone file

Configure the routing method used by

SRs

Define all origin servers that are used in delivery services

“Configuring Global Routing,” page 6-14

“Configuring the Service Router,” page 4-106

“Content Origins,” page 5-34

3-14

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 3 Getting Started

Typical Configuration Workflow

Table 3-2

Task

Create Delivery

Service

Definitions

Create Live

Programs

Configuration Workflow (continued)

Description

Create delivery services for both prefetched or cached content and live programs

Where to Find More Information

“Creating Delivery Service,” page 5-1

Create live programs, or rebroadcasts and schedules

“Configuring Programs,” page 5-51

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

3-15

Typical Configuration Workflow

Chapter 3 Getting Started

3-16

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

C H A P T E R

4

Configuring Devices

This chapter discusses configuring locations and device groups for devices, and detailed instructions on configuring the different types of devices–CDSMs, SEs, and SRs.

Configuring Locations, page 4-1

Configuring Device Groups, page 4-4

Configuring the Service Engine, page 4-10

Configuring the Service Router, page 4-106

Configuring the CDSM, page 4-141

Configuring Locations

Locations are set up in the Internet Streaming CDSM to organize and group SEs into virtual networks for distribution of content through delivery services. For more information about locations, see the

“VDS-IS Topology” section on page 2-1

.

Locations need to be configured before you can activate SEs and SRs and bring them online in the Cisco

Videoscape Distribution Suite, Internet Streamer (VDS-IS) network.

Table 4-1

describes the icons for the Locations Table page.

Table 4-1 Location Icons

Icon Function

Creates a new location.

Creates a filtered table.

Views all locations.

Refreshes the table.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-1

Chapter 4 Configuring Devices

Configuring Locations

Table 4-1 Location Icons (continued)

Icon Function

Prints the current window.

Edits a location.

To create a new location or edit an existing one, follow these steps:

Step 1 Choose Devices > Locations . The Locations Table page is displayed (

Figure 4-1 ).

The table is sortable by clicking the column headings.

Figure 4-1 Locations Table Page

4-2

Step 2 In the task bar, click the Create New Location icon. The Creating New Location page is displayed

(

Figure 4-2 ).

To edit a location, click the Edit icon next to the location name.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 4 Configuring Devices

Figure 4-2 Creating New Location Page

Configuring Locations

Step 3 Enter the settings as appropriate. See

Table 4-2

for a description of the fields.

Table 4-2 Location Fields

Field

Name

Parent Location

Comments

Description

Name of the location.

Choose a location from the drop-down list. A location with no parent, None, is level 1. The location level is displayed after you choose a parent location.

Enter any information about the location.

Step 4 Click Submit to save the settings.

To delete a location, in the Locations Table page, click the Edit icon next to the location that you want to delete, and click the Delete icon in the task bar.

To view the location tree, click the Location Trees icon in the task bar. The location tree represents the network topology that you configured when you assigned a parent to each location.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-3

Chapter 4 Configuring Devices

Configuring Device Groups

Configuring Device Groups

The Internet Streaming CDSM allows you to configure SEs into device groups so that the entire group of SEs is configured at one time. Device groups and SEs share the same configuration features and options.

Table 4-3 describes the icons for the Device Groups Table page.

Table 4-3 Device Group Table Icons

Icon Function

Creates a new device group.

Creates a filtered table.

Views all device groups.

Refreshes the table.

Prints the current page.

Edits a device group.

This section covers creating, editing, and deleting device groups. All other configuration pages for a

device group are covered in the “Configuring the Service Engine” section on page 4-10 .

To create or edit a device group, follow these steps:

Step 1 Choose Devices > Device Groups . The Device Groups Table page is displayed (

Figure 4-3 ).

The table is sortable by clicking the column headings.

Figure 4-3 Device Groups Table Page

4-4

Step 2 In the task bar, click the Create New Device Group icon. The Creating New Device Group page is displayed (

Figure 4-4 ).

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 4 Configuring Devices

To edit a device group, click the Edit icon next to the device group name.

Figure 4-4 Creating New Device Group Page

Configuring Device Groups

Step 3

Step 4

Step 5

Step 6

Step 7

Step 8

Step 9

In the Name field, enter the name of the device group. The name must be unique and should be a name that is useful in distinguishing the device group from the others in the VDS-IS.

Check the Automatically assign all newly activated devices to this group check box if applicable.

Choose Regular Group to indicate that this group is not used as a baseline for all SEs or choose

Baseline Group and select the baseline type to define this group as a baseline for all SEs.

For information about baseline groups, see the

“Baseline Groups” section on page 2-3 .

To customize the left panel menu for this device group, click the Select pages to hide from the Menu for this device group arrow, and check the pages that you want to hide. To collapse these settings, click the arrow again.

Use this feature to remove from view any configuration pages that you do not need for the device group.

In the Comments field, enter any information about the device group.

Click Submit to save the settings.

If you are editing this device group, you can view a list of all settings configured for this device group by clicking the Pages configured for this device group arrow. To collapse this information list, click the arrow again.

To delete a device group, click the Delete icon in the task bar.

To assign SEs to the device group, choose Assignments > Devices . The Assignment table is displayed listing all SEs in the VDS-IS.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-5

Chapter 4 Configuring Devices

Configuring Device Groups

Note From this point forward, the steps that you use to access a configuration page are combined into one step using menu options similar to the following: Device Group > Assignments > Devices .

Step 10

Step 11

Click the Assign icon (blue cross mark) next to each SE name that you want to assign to this group.

To assign all SEs, click Assign all Service Engines in the task bar.

Click Submit to add the selected SEs to the device group.

To remove an SE from the device group, click the Unassign icon (green check mark) next to the name of the SE, and click Submit .

To remove all SEs from the device group, click the Unassign all Service Engines icon in the task bar, and click Submit .

Working with Device Groups

When you first create a device group, all settings that you configure for the device group are automatically propagated to all of the SEs assigned to that group.

Note All SE settings in the

“Configuring the Service Engine” section on page 4-10

, except those listed below, can also be configured for a device group. The following pages are not available for device group configuration:

Devices > Application Control > Windows Media Streaming > Bypass List

. See the “Configuring

Windows Media Streaming—Bypass List” section on page 4-45 for more information.

Devices > General Settings > Network > Network Interfaces . See the

“Viewing Network

Interfaces” section on page 4-74 for more information.

Devices > General Settings > Network > External IP . See the

“Configuring External IP

Addresses” section on page 4-74

for more information.

Devices > General Settings > Network > IP ACL . See the

“Configuring IP ACL for IPv4 and IPv6” section on page 4-76 for more information.

Devices > General Settings > Network > External IP Mapping . See the

“Configuring External IP

Address Mappings” section on page 4-87 for more information.

After configuring the device group settings, the task bar for the corresponding configuration page for an individual SE that is part of that device group displays the Override Group Settings icon and the Device

Group drop-down list with the device group name displayed.

When an SE is associated with one or many device groups, the name of the device group whose settings were applied last are displayed.

To configure individual settings for an SE in a device group, click the Override Group Settings icon in the task bar. You can then edit the fields in the page and click Submit . The Device Group drop-down list displays “Select a Device Group.”

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-6

Chapter 4 Configuring Devices

Configuring Device Groups

To reapply the settings for the device group, choose the device group from the Device Group drop-down list and click Submit . Alternatively, in the corresponding device group configuration page, click the

Force Settings on SEs in Group . The Force Settings on SEs in Group only appears in a device group configuration page when an SE’s individual settings override the group settings.

Note The individual SE configuration page does not display the Override Group Settings icon and Device

Group drop-down list in the task bar if the settings have not been configured for the corresponding device group configuration page.

Note When adding an SE to an existing device group, the new SE does not automatically inherit the device group settings. Use the Force Group Settings option for the device group to force the group settings to all SEs in the group.

Alternatively, in each device group configuration page, click the Force Settings on SEs in Group . A dialog box appears listing all of the SEs that have different configuration settings than the device group settings. The Force Settings on SEs in Group only appears for a device group configuration page when an SE’s individual settings override the group settings.

To force all device group settings to all assigned SEs, go to the Device Group home page and click the

Force Group Settings icon in the task bar.

Note The last configuration submitted for the device, whether it is the device group configuration or the individual device configuration, is the configuration the device uses.

Table 4-4

describes the icons for the Device Groups configuration pages.

Table 4-4 Device Group Configuration Icons

Icon Function

Deletes a device group.

Updates application statistics.

Forces full database update.

Reboots all devices in device group.

Forces the group settings. Forces the complete set of configurations made for a device group to all devices associated with that group.

Forces settings on SEs in a device group. Forces the configuration of the displayed page to all SEs in the device group.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-7

Chapter 4 Configuring Devices

Configuring Device Groups

Table 4-4 Device Group Configuration Icons

Icon Function

Overrides the group settings on the device.

Prints the current page.

Aggregate Settings

The following device and device group configuration pages have aggregate settings:

• Replication > Scheduled Bandwidth . See the

“Scheduled Bandwidth” section on page 4-19 for

more information.

Service Control > Service Rules . See the

“Configuring Service Rules” section on page 4-22

for more information.

Service Control > URL Signing

. See the “Configuring URL Signing Key” section on page 4-28 for

more information.

Application Control > Bandwidth Schedules

. See the “Configuring Bandwidth Schedules” section on page 4-40

for more information.

General Settings > Login Access Control > Users > Usernames . See the

“Creating, Editing, and

Deleting Users—Usernames” section on page 4-61

for more information.

To access these pages, first choose Devices > Devices or Devices > Device Groups , followed by the Edit icon next to the device or device group that you want to configure.

Aggregate Settings is set to Yes by default. When Aggregate Settings is set to Yes , the settings for the device group are aggregated with the settings for the SE. This means that you can configure settings for all SEs in a device group, then configure individual settings for each SE, and the combined settings for the device group and individual SE are apply to the SE. Any settings for the device group are listed with the View icon and any settings for the individual SE are listed with the Edit icon on the individual SE configuration page.

If Aggregate Settings is set to No , only the individual SE settings are applied to the SE and the device group settings do not apply to the SE.

To edit the device group settings, or configure new settings for the device group, you must go to the corresponding device group configuration page.

If you remove all device group settings, all device settings displayed with Aggregate Settings enabled are removed as well.

Note The last configuration submitted for the device, whether it is the device group configuration or the individual device configuration, is the configuration that the device uses.

Table 4-5 describes the icons for the configuration pages that have aggregate settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-8

Chapter 4 Configuring Devices

Configuring Device Groups

Table 4-5 Aggregate Settings Icons

Icon Function

Creates a new entry.

Edits an entry.

Deletes an entry.

Views read-only entry.

Creates a filtered table. Filter the table based on the field values.

Views all table entries. Click this icon to view all entries after you have created a filtered table.

Refreshes the table.

Prints the current page.

Device Group Overlap

If you want the ability to assign a device to more than one device group, you must enable device group overlap. Device group overlap is enabled by default.

To enable or disable device group overlap, follow these steps:

Step 1

Step 2

Step 3

Step 4

Choose System > Configuration . The Config Properties page is displayed.

Click the Edit icon next to the DeviceGroup.overlap property. The Modifying Config Property page is displayed.

To enable device group overlap, choose true from the Value drop-down list.

To disable device group overlap, choose false from the Value drop-down list.

Click Submit to save the settings.

You cannot disable device group overlap after you have assigned devices to multiple device groups.

Tip To force the complete configuration set of a device group to all devices in that group, click the Force

Group Settings icon in the task bar.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-9

Chapter 4 Configuring Devices

Configuring the Service Engine

Configuring the Service Engine

This section describes the different configuration pages available for a Service Engine. The main configuration groups are described as follows:

Replication —Settings for bandwidth usage for replication and scheduling bandwidth usage.

Additionally, distribution settings for negative acknowledgment NACK) interval and multicast settings for designating an SE as a multicast receiver and sender.

Service Control

—Settings for access control by way of client request filtering, URL signing, and

Authorization Server settings; additionally, transaction logs are configured to monitor traffic.

Application Control

—Settings for bandwidth management of delivery services and protocol engines

(Web, Windows Media, Movie Streamer, Flash Media Streaming, and RTSP advanced settings).

General Settings —Settings for access control of the device, maintenance, network connectivity, and

monitoring.

The Device Activation page and the Assignments page, describes the activation of an SE in the Internet

Streaming CDSM and assigning it to a location, and assigning device groups to the SE.

Activating a Service Engine

Activating a device (Service Engine, Service Router, or standby CDSM) can be done through the Devices home page initially, or through the Device Activation page.

To activate a device from the Device Activation page, follow these steps:

Step 1 Choose Devices > Devices . The Devices Table page is displayed (

Figure 4-5 ).

Figure 4-5 Devices Table Page

4-10

Step 2

Step 3

Click the Edit icon next to the device that you want to configure. The Devices home page is displayed.

Click Show All to display the top-level menu options, and click Device Activation . The Device

Activation page is displayed (

Figure 4-6 ).

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 4 Configuring Devices

Figure 4-6 Device Activation Page

Configuring the Service Engine

Step 4 Enter the settings as appropriate. See

Table 4-6

for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-11

Configuring the Service Engine

Table 4-6

Field

Name

Activate

Chapter 4 Configuring Devices

Device Activation Fields

Description

Name of the device.

To activate or deactivate the device, check or uncheck the Activate check box.

Alternatively, you can click the Deactivate Device icon in the task bar.

When you uncheck the Activate check box and click Submit , the Replaceable check box is displayed. Check the Replaceable check box when you need to replace the device or recover lost registration information. For more information, see the

“Recovering VDS-IS Network Device Registration Information” section on page 9-25

.

When you uncheck the Activate check box and click Submit , you have the following options in creating or choosing a location:

• If you have already created locations, you can choose a location from the

Location drop-down list.

To create a default location, which can be edited later, check the Create a New location check box.

A default location is created with the following name: <SE-name>-location.

From the Parent of the New Location drop-down list, choose a parent for this location.

For information about creating locations, see the

Configuring Locations, page 4-1

.

4-12

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-6

Field

Server Offload

Content Cache

Device Activation Fields (continued)

Description

To offload this device for maintenance or a software upgrade, check the Server

Offload check box. When checked, the Service Router stops sending requests to this device.

Note If a client paused a program at that moment Server Offload is enabled, most likely resuming the program will fail.

To monitor the current streams on an SE during the Server Offload state, use the show interface command. If the packets received or packets sent is increasing then the SE is streaming. The number of packets received is high if there is an incoming stream.

Note We recommend separating the management traffic from the streaming

traffic by using the port channel configuration, see the “Configuring Port

Channel” section on page K-6

for more information.

• If management and streaming traffic are separated, the show interface command for the streaming port channel displays information on active sessions.

• If management and streaming traffic are not separated, the show interface command shows very low traffic; the packets received and packets sent are lower than a client streaming session.

Once the SE has finished streaming, you can perform maintenance or upgrade the software on the device. For information about upgrading the software, see the

“Upgrading the Software” section on page 9-6 .

The Status field in the Device Activation page and the Devices Table page displays

“offloading” when Server Offload is checked.

Once the software upgrade or maintenance is complete, you need to uncheck the

Server Offload check box so that the device can again participate in the system.

Note If the Server Offload option is set on an SE that is acting as the Content

Acquirer for a Delivery Service for dynamic ingest or live stream splitting, a new SE is chosen as the Location Leader for the Delivery Service.

However, if the Content Acquirer is up and communicating with the

CDSM, it continues to perform content ingest and content distribution.

Informational only. The content cache size is the total disk space on the VDS-IS network file system (CDNFS) on the SE that is designated for cache. The Content

Cache represents the unused cache space. The used cache space is the disk space allotted for all of the delivery services to which the SE is assigned. To view the used cache space, choose Services > Service Definition > Delivery Services >

Assign Service Engines .

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-13

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-6 Device Activation Fields (continued)

Field

Set Default

Coverage Zone

File

Location

Use SE’s primary

IP address

Description

When checked, which is the default setting, a default Coverage Zone file is generated with the SE serving the local subnet it resides on. The coverage zone is a VDS-IS network-wide mapping of client IP addresses to SE IP addresses that should respond to client requests. For more information, see the

“Coverage Zone

File Registration,” page 6-13 .

The default coverage zone can be disabled and you can create and assign custom coverage zones using the Coverage Zone file import or upload.

Uncheck the Set Default Coverage Zone File check box to use a user-defined

Coverage Zone file that was imported or uploaded.

Lists all of the locations configured for the VDS-IS.

Enables the CDSM to use the IP address on the primary interface of the SE for management communications.

Note If the Use SE’s primary IP address for Management Communication check box is checked and the Management Communication Address and

Port are configured, the CDSM uses the SE’s primary IP address for communication.

Management

Communication

Address

Note Do not check the Use SE’s primary IP address for Management

Communication check box if you want to separate management and streaming traffic. Instead, use the Management Communication Address and Port fields to specify where management traffic should be sent.

Manually configures a management IP address for the CDSM to communicate with the SE.

Manual configuration of the management IP address and port are used when using port channel configuration to separate management and streaming traffic. For more information about port channel configuration see the

“Configuring Port Channel and Load Balancing Settings” section on page 4-75

and the “Configuring Port

Channel” section on page K-6

.

Port number to enable communication between the CDSM and the SE.

Management

Communication

Port

Billing Cookie

Comments

Enables the administrator to enter the Billing Cookie string used in customer billing transactions occurring in a given streamer. The range is from 1 to 256 characters and the default value is “-”. Space is not allowed in Billing Cookie string. CDSM reports error if these conditions are violated.

Note This field is logged in all web-engine & acquistion and distribution transaction logs.

Information about the settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-14

Chapter 4 Configuring Devices

Configuring the Service Engine

Step 5

Note To make sure that the SE is binding to the primary interface (or management IP address if configured) as the source IP address when sending management traffic to the CDSM, create a static route from the SE to the CDSM. To configure a static IPv4 route from the SE, see the

“Configuring Static Routes” section on page 4-85 . To configure a static IPv6 route from the SE,

see the

“Configuring Static IPv6 Routes” section on page 4-86

. Alternatively, you can use the ip route command and IPv6 route command on the VDS-IS device.

Click Submit to save the settings.

Assigning Devices to Device Groups

You can assign devices to device groups in three ways:

Through the Device Group Assignment page

Through the device Assignment page

• Through the Devices home page, if the device group is a baseline group

To assign devices to device groups through the Assignment page, follow these steps:

Step 1

Step 2

Choose Devices > Devices , and click the Edit icon next to the device that you want to assign.

Click Show All , and then choose Assignments > Device Groups . The Device Group Table page is displayed with all of the configured device groups listed (

Figure 4-7 ).

Note From this point forward, the beginning steps in the procedures are combined into one step using notation similar to the following: Devices > Devices Assignments > Device Groups .

Figure 4-7 Assignment Page

Step 3 Click the Assign icon (blue cross mark) next to the device group that you want to assign to this SE.

Alternatively, click the Assign All Device Groups icon in the task bar.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-15

Chapter 4 Configuring Devices

Configuring the Service Engine

A green arrow wrapped around the blue X that indicates an SE assignment is ready to be submitted. To unassign an SE, click this icon. The SE assignment states are described in

Figure 4-8 .

Figure 4-8 SE Assignment State

Step 4 Click Submit to save the settings.

A green circle with a check mark indicates a device group is assigned to this SE. To unassign the device group, click this icon, or click the Remove All Device Groups icon in the task bar. Click Submit to save the changes.

Additionally, the Filter Table icon and View All Device Groups icon allow you to first filter a table and then view all device groups again.

Replication

The bandwidth used for replication and ingest is determined by the settings in the Default Bandwidth and the Scheduled Bandwidth pages. The replication configuration pages consist of the following:

Default Bandwidth, page 4-17

Scheduled Bandwidth, page 4-19

Configuring the NACK Interval Multiplier, page 4-21

Enabling SEs for Multicasting, page 4-21

Table 4-7 describes the icons on the replication bandwidth configuration pages.

Table 4-7 Replication Bandwidth Configuration Icons

Icon Function

Refreshes the table or page.

Displays a graph.

Applies the default settings to the device.

Creates a new item.

Creates a filtered table. Filter the scheduled bandwidth by start time, end time, days of the week, and bandwidth type.

Views all scheduled bandwidth. Click this icon to view all schedule bandwidths after you have created a filtered table.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-16

Chapter 4 Configuring Devices

Table 4-7 Replication Bandwidth Configuration Icons

Icon Function

Prints the current page.

Configuring the Service Engine

Edits a scheduled bandwidth. Click this icon next to one of the scheduled bandwidths to edit the settings.

Deletes a scheduled bandwidth. To delete a scheduled bandwidth, click the Edit icon and then click this icon.

Default Bandwidth

The default bandwidth settings can be configured for acquisition (ingest) and distribution (replication) of content. The default settings are used unless a scheduled bandwidth is configured for a specified time period.

To set the default bandwidth for replication, follow these steps:

Step 1 Choose Devices > Devices > Replication > Default Bandwidth . The Replication Default Bandwidth page is displayed (

Figure 4-9 ).

Figure 4-9 Replication Default Bandwidth Page

Step 2 Enter the settings as appropriate. See

Table 4-8

for a description of the fields.

Table 4-8 Replication Default Bandwidth Fields

Field

Acquisition-in

Bandwidth

Description

Bandwidth used for ingesting content when this SE is acting as the Content

Acquirer.

The default is 1,000,000 kbps (kilobits per second).

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-17

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-8

Field

Distribution-in

Bandwidth

Distribution-out

Bandwidth

Replication Default Bandwidth Fields

Description

Bandwidth used for incoming content that is sent by a forwarding SE as part of the distribution process.

The default is 500,000 kbps.

Bandwidth used for outgoing content that is sent to a downstream SE as part of the distribution process.

The default is 100,000 kbps.

Step 3 Click Submit to save the settings.

For information on the task bar icons, see

Table 4-7

.

Bandwidth Graph

To view a graphical representation of the bandwidth settings, click the Display Graph icon in the task bar. The Acquisition and Distribution Bandwidth graph is displayed in a new page.

The vertical axis of the graph represents the amount of bandwidth in Kbps (kilobits per second) and the horizontal axis represents the days of the week. The scale shown on the vertical axis is determined dynamically based on the bandwidth rate for a particular type of bandwidth and is incremented appropriately. The scale shown on the horizontal axis for each day is incremented for each hour. Each type of bandwidth is represented by a unique color. A legend at the bottom of the graph maps the colors to the corresponding bandwidths.

You can change the graph view by choosing the different options, as described in

Table 4-9

.

Table 4-9 Acquisition and Distribution Bandwidth Graph—Viewing Options

Option Description

Distribution In Bandwidth settings for incoming content distribution traffic. The default is

1,000,000.

Distribution Out

Acquisition In

Bandwidth settings for outgoing content distribution traffic. The default is

500,000.

Bandwidth settings for incoming content acquisition traffic. The default is

1,000,000.

All Servers

Show Detailed

Bandwidth/Show

Effective Bandwidth

A consolidated view of all configured bandwidth types. This is the default.

Toggles between the two options:

Show Detailed Bandwidth—Displays detailed bandwidth settings for the

SE and its associated device groups. The bandwidth settings of the device and device groups are shown in different colors for easy identification.

Show Effective Bandwidth—Displays the composite (aggregate) bandwidth settings for the SE and its associated device groups.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-18

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-9 Acquisition and Distribution Bandwidth Graph—Viewing Options (continued)

Option Description

Show Aggregate

View/Show

Non-Aggregate View

Toggles between the two options:

Show Aggregate View—Displays the bandwidth settings configured for the corresponding device groups.

Show Non-Aggregate View—Displays the bandwidth settings configured for the SE.

Displays the bandwidth settings for the corresponding day of the week.

Sun, Mon, Tues,

Wed, Thurs, Fri, Sat

Full Week Displays the bandwidth settings for the entire week This is the default view and is combined with the All Servers view.

Scheduled Bandwidth

Scheduled Bandwidth settings take precedence over Default Bandwidth settings.

To configure a bandwidth schedule, follow these steps:

Step 1 Choose Devices > Devices > Replication > Scheduled Bandwidth . The Replication Scheduled

Bandwidth Table page is displayed (

Figure 4-10

).

The table is sortable by clicking the column headings.

Figure 4-10 Replication Scheduled Bandwidth Table Page

For information about Aggregate Settings, see the

“Aggregate Settings” section on page 4-8

Note Configuring Replication Bandwidth Scheduling is only supported on a per SE-basis; Device

Group configuration of Replication Bandwidth Scheduling is not supported.

Step 2 Click the Create New icon in the task bar. The Replication Scheduled Bandwidth page is displayed

(

Figure 4-11 ).

To edit a scheduled bandwidth, click the Edit icon next to the scheduled bandwidth that you want to edit.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-19

Configuring the Service Engine

Figure 4-11 Replication Scheduled Bandwidth Page

Chapter 4 Configuring Devices

4-20

Step 3

Enter the settings as appropriate. See Table 4-10 for a description of the fields.

Table 4-10 Replication Scheduled Bandwidth Fields

Field Description

Bandwidth Type Distribution-in—For incoming content distribution traffic from SEs.

Distribution-out—For outgoing content distribution traffic to SEs.

Acquisition-in—For incoming content acquisition traffic from origin servers.

Note The maximum bandwidth for Distribution-in, Distribution-out, and

Acquisition-in bandwidth is 1 Gbps.

Multicast-out—For outgoing multicast content traffic to SEs.

Note The Multicast Cloud feature is for early field trials (EFTs) and is not supported in Release 3.1.0.

Bandwidth Rate Maximum amount of bandwidth that you want to allow (in kbps).

Start Time Time of day for the bandwidth setting to begin, using a 24-hour clock in local time

(hh:mm).

End Time

Day Selection

Time of day for the bandwidth setting to end (hh:mm).

Days on which bandwidth settings apply.

• Full Week—Specifies that the allowable bandwidth settings are applied for an entire week.

• Sun, Mon, Tue, Wed, Thu, Fri, and Sat—Specifies individual days of the week on which the allowable bandwidth settings take effect.

Step 4 Click Submit to save the settings.

For information on the task bar icons, see

Table 4-7

.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 4 Configuring Devices

Configuring the Service Engine

Configuring the NACK Interval Multiplier

To identify missing content and trigger a resend of a file, the receiver SEs send a negative acknowledgment (NACK) message to the sender SE. NACK messages generated by many receiver SEs could generate more traffic than the sender can handle. The NACK interval multiplier allows you to adjust the average interval between NACKs for an individual receiver SE. This value (a percentage from

10 to 100 percent of normal, to a multiple of normal from 2 times to 10 times) adjusts the default average

NACK interval. The default or normal setting is 20 minutes. As an example, if the NACK interval multiplier is set to 3, the interval between NACKs becomes 20 minutes x 3, or 60 minutes.

Note The Multicast Cloud feature is supported in all releases starting with Release 3.1.1.

To send an immediate NACK request rather than wait for the scheduled interval, enter the distribution multicast send-nack-now command on a multicast receiver SE.

To configure the NACK interval multiplier, follow these steps:

Step 1

Step 2

Step 3

In the CDSM GUI, choose Devices > Devices > Replication > Distribution . The Distribution page is displayed.

Click and drag the Content NACK Interval Multiplier slider control across the calibrated ruler to adjust the interval between NACK messages. The scale ranges from 10 percent of normal to 10 times normal. The center of the scale corresponding to “normal” denotes the default of 20 minutes. The value corresponding to the slider position is displayed to the right of the slider.

Click Submit to save the settings.

Enabling SEs for Multicasting

Before you can create a Multicast Cloud, the SEs must be enabled for multicasting. These multicast-enabled SEs can then be assigned as sender and receiver SEs of a Multicast Cloud.

Note The Multicast Cloud feature is supported in all releases starting with Release 3.1.1.

To enable SEs for multicasting, follow these steps:

Step 1

Step 2

Step 3

From the CDSM GUI, choose Devices > Devices > Replication > Multicast Distribution . The

Multicast Distribution page is displayed.

Check the Enable multicast receiver check box if this SE is to act as a multicast receiver.

Check the Enable multicast sender check box if this SE is to act as a multicast sender.

Click Submit to save the settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-21

Chapter 4 Configuring Devices

Configuring the Service Engine

Service Control

The Service Control pages provide settings for client request filtering, URL signing, and Authorization

Server settings. Additionally, transaction logs that monitor traffic are configured under the Service

Control. Configuring service control consists of the following procedures:

Configuring Service Rules, page 4-22

Configuring URL Signing Key, page 4-28

Configuring the Authorization Service, page 4-29

Configuring Transaction Logs, page 4-32

Table 4-11 describes the icons for the Service Control pages.

Table 4-11 Service Control Icons

Icon Function

Refreshes the table or page.

Applies the default settings to the device.

Creates a new item.

Creates a filtered table.

Views all data. Click this icon to view all data after you have created a filtered table.

Prints the current page.

Edits an item.

Deletes an item. To delete an item, click the Edit icon and then click this icon.

Configuring Service Rules

Note This is a licensed feature. Please ensure that you have purchased a Service Rule license for this advanced feature.

The Rules Template licensed feature provides a flexible mechanism to specify configurable caching requests by allowing these requests to be matched against an arbitrary number of parameters, with an arbitrary number of policies applied against the matches. You can specify a set of rules, each clearly identified by an action and a pattern. Subsequently, for every incoming request, if a pattern for a rule matches the given request, the corresponding action for that rule is taken.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-22

Chapter 4 Configuring Devices

Configuring the Service Engine

Note The processing time on the SE is directly related to the number of Service Rules configured. Processing times increase with an increase in the total number of rules configured. If the SE processing time is greater than twice the data feed poll rate, then the device goes offline until the processing is completed.

You can avoid this by configuring a higher data feed poll rate. The recommended data feed poll rate for

750 Service Rules is 300 seconds. To configure the data feed poll rate, see the

“Configuring System

Settings” section on page 6-8

.

Configuring a Service Rule consists of the following tasks:

Enabling the Service Rules. (Only needs to be performed once.)

Configuring a pattern list and adding a pattern to it.

Associating an action with an existing pattern list.

There are three cases for Service Rules:

1.

If allow rules are configured, then it is an implicit deny.

2.

If deny rules are configured, then it is an implicit allow.

3.

If both allow and deny rules are configured, then it is an implicit allow.

For example, if all URL requests that match HTML are blocked implicitly, all requests that match other

URL requests are allowed.

If all URL requests that match WMV are allowed implicitly, all request that match other URL requests are blocked.

If both of the above rules are configured, then HTML URL requests are blocked, and all other URL requests are allowed.

To configure or edit Service Rule settings, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Choose Devices > Devices > Service Control > Enable Rules . The Enable Service Rules page is displayed.

Check the Enable check box to enable the use of rule settings.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

Choose Devices > Devices > Service Control > Service Rules . The Service Rules Table page is displayed.

The table is sortable by clicking the column headings.

For information about Aggregate Settings, see the

“Aggregate Settings” section on page 4-8

Click the Create New icon in the task bar. The Service Rules page is displayed (

Figure 4-12

).

To edit a Service Rule, click the Edit icon next to the Service Rule that you want to edit.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-23

Configuring the Service Engine

Figure 4-12 Service Rules Page

Chapter 4 Configuring Devices

Table 4-12

Step 6 Create a pattern list and add a pattern to it.

a.

b.

From the Rule Type drop-down list, choose pattern-list .

In the Rule Parameters field, configure the pattern list number and the pattern type, following the rules usage guidelines shown in the Service Rule page. See

Table 4-12

for a description of pattern types. The rule patterns are not case-sensitive.

For example, to create pattern list number 72 with the pattern type domain and the example.com domain as the domain to be acted on, enter 72 domain example.com

in the Rule Parameters field.

Service Rules Pattern Types

Pattern Type domain group-type

Description

Matches the domain name in the URL or the host header against a regular expression. For example, “.*ibm.*” matches any domain name that contains the “ibm” substring. “\.foo\.com$” matches any domain name that ends with the “.foo.com” substring.

In regular expression syntax, the dollar sign ($) metacharacter directs that a match is made only when the pattern is found at the end of a line.

Syntax rule pattern-list list_num domain dn_regexp

Patterns can be combined by using the AND or OR function with the group-type pattern (for example, rule pattern-list 1group-type and ).

The default is OR.

rule pattern-list list-num group-type { and | or }

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-24

Chapter 4 Configuring Devices

Table 4-12

Pattern Type header-field scr-ip url-regex url-regsub

Configuring the Service Engine

Service Rules Pattern Types (continued)

Description Syntax

Request header field pattern.

Request header field patterns referer , request-line, and user-agent are supported for the allow, block, and redirect actions. The referer pattern is matched against the Referer header in the request, the request-line pattern is matched against the first line of the request, and the user-agent pattern is matched against the User-Agent header in the request. The user-agent pattern is not case sensitive.

rule pattern-list list_num header-field { referer ref_regexp

| request-line req_regexp | user-agent ua_regexp }

Note Flash Media Streaming supports the referer header field pattern for the allow and block actions.

Matches the source IP address and netmask of the request.

Matches the URL against a regular expression. The match is not case sensitive. rule pattern-list list_num src-ip s_ipaddress s_subnet rule pattern-list list_num url-regex url_regexp

For the rewrite and redirect actions, matches the URL against a regular expression to form a new URL in accordance with the pattern substitution specification. The match is not case sensitive. The valid substitution index range is from 1 to 9.

rule pattern-list list_num url-regsub url_regexp url_sub

Note For HTTP client requests for Windows Media Streaming live programs, an ASX file is created automatically; therefore, if you use the url-regsub pattern list to rewrite the filename from an .asf file extension to an .asx file extension, the SE is not able to find the file and returns a 404 error message.

Note Only one url-regsub pattern list is supported. Multiple substitutions for the same pattern list are not supported.

Note A domain pattern list matching an SE IP address is not supported when IP-based redirection is enabled on the Service Router. See the

“Configuring the Service Router” section on page 4-106

for more information about IP-based redirection. Flash Media Streaming bypasses the rules configuration if the request is from another SE.

Step 7

Step 8

Click Submit to save the settings.

The maximum number of pattern lists allowed is 128.

Associate an action with an existing pattern list.

a.

b.

Choose an action type from the Rule Type drop-down list. See

Table 4-13 for a description of rule

actions.

In the Rule Parameters field, enter the list number of the pattern list that you want to associate with this action.

For example, if you want to block access by any protocol to example.com, then choose block from the Rule Type drop-down list, and enter pattern-list 72 protocol all in the Rule Parameters field.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-25

Chapter 4 Configuring Devices

Configuring the Service Engine

Note For the Web Engine and Flash Media Streaming, the Service Rule file must be used if Service

Rules are to be configured.

Note All Windows Media Streaming per-device Service Rules configured for URL signature and validation must be converted to the per-Delivery Service Rule XML file. This change only applies to the generate-url-signature and validate-url-signature Service Rule actions for

Windows Media Streaming. The other Service Rule actions (allow, block, no-cache, redirect, refresh, replace, and rewrite) still use the per-device Service Rule configuration for Windows

Media Streaming. For more information, see the

“Converting Old Windows Media Streaming

Service Rules for URL Signing and Validation” section on page E-27 .

Note Windows Media Streaming supports all Service Rule actions listed in

Table 4-13 , except

validate-url-signature. Movie Streamer supports the following Service Rule actions: allow, block, redirect, rewrite, and validate-url-signature.

Table 4-13

Action Type allow block no-cache redirect refresh replace

Service Rule Actions

Description

Allows incoming requests that match the pattern list.

This rule action can be used in combination with block actions to allow selective types of requests. The allow action does not carry any meaning as a standalone action.

Blocks this request and allows all others.

Syntax rule action allow pattern-list list_num [ protocol { all | http | rtmp | rtsp }]

Does not cache this object.

rule action block pattern-list list_num [ protocol { all | http | rtmp | rtsp }] rule action no-cache pattern-list list_num [ protocol { all | http | rtmp | rtsp }]

Redirects the original request to a specified URL. Redirect is relevant to the RADIUS server only if the RADIUS server has been configured for redirect.

rule action redirect url pattern-list list_num [ protocol { all | http | rtmp | rtsp }]

For a cache hit, forces an object freshness check with the server.

rule action refresh pattern-list list_num [ protocol { all | http }]

Replace the text string in the object.

rule action replace string_to_find string_to_replace pattern-list list_num [ protocol { all | http | rtmp | rtsp }]

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-26

Chapter 4 Configuring Devices

Table 4-13

Action Type rewrite validate-urlsignature

Configuring the Service Engine

Service Rule Actions (continued)

Description

Rewrites the original request as a specified URL.

Validates the URL signature for a request using the configuration on your SE for the URL signature and allows the request processing to proceed for this request.

The error-redirect-url keyword redirects requests that failed validation to a specified URL. The error-redirect-url keyword is only supported for HTTP URLs.

The exclude keyword excludes the client IP address, the content expiry time, domain, or both the client IP address and expiry time from the URL signature validation, and redirects requests that failed validation to a specified URL.

Syntax rule action rewrite pattern-list list_num [ protocol { all | http | rtmp | rtsp }] rule action validate-url-signature

{ error-redirect-url url | exclude { all error-redirect-url url | client-ip error-redirect-url url | expiry-time error-redirect-url url | domain-name error-redirect-url url } pattern-list list_num [ protocol

{ all | http | rtmp | rtsp }]}

The exclude client-ip keywords instruct the SE to ignore the client’s IP address when processing the validation of the signed

URL. The command could be configured as rule action validate-url-signature exclude client-ip error-redirect-url aa pattern-list 1 protocol all .

The exclude expiry-time keywords instruct the SE to ignore the expiry time that normally limits access to the content when the expiry time has occurred. The command could be configured as rule action validate-url-signature exclude expiry-time error-redirect-url pattern-list 1 protocol all .

The exclude domain-name keyword instructs the SEs to ignore the domain in the URL when processing the validation of the signed URL. The command could be configured as rule action validate-url-signature exclude domain-name error-redirect-url pattern-list 1 protocol all .

The exclude all keywords instruct the SE to ignore both the client

IP address and the content expiration time when processing the validation of the signed URL. The command could be configured as rule action validate-url-signature exclude all error-redirect-url aa pattern-list 1 protocol all .

Step 9 Click Submit to save the settings.

Note When configuring Service Rules, you must configure the same Service Rules on all SEs participating in a Delivery Service for the Service Rules to be fully implemented. The rule action must be common for all client requests because the SR may redirect a client request to any SE in a Delivery Service depending on threshold conditions.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-27

Chapter 4 Configuring Devices

Configuring the Service Engine

Execution Order of Rule Actions

The order in which the rule actions are implemented for Windows Media Streaming and Movie Streamer is the order in which they were configured, except for the validate-url-signature action. If the rule pattern associated with the validate-url-signature action is matched, regardless of the configuration order of the rules, the validate-url-signature action is performed before any other action.

1.

2.

validate-url-signature block or allow

Note The allow and block actions carry the same precedence. The order of implementation depends on the order of configuration between allow and block actions. Other actions always take precedence over allow.

3.

4.

redirect (before cache lookup) rewrite (before cache lookup)

Note For the Web Engine and Flash Media Streaming, the Service Rule file must be used if Service Rules are to be configured. See the

Appendix E, “Creating Service Rule Files.” for more information.

Configuring URL Signing Key

URL signature keys are word values that ensure URL-level security. The URL signature key is a shared secret between the device that assigns the key and the device that decrypts the key. Based on your network settings, either the SE itself or some other external device can assign the signature key to the

URL, but the SE decrypts the URL signature key.

The VDS-IS uses a combination of key owners, key ID numbers, and a word value to generate URL signature keys. You can have a maximum of 32 key owners. Each key owner can have up to 16 key ID numbers.

To create request-specific URL signature keys, you can choose to append the IP address of the client that has made the request to the URL signature key.

To create a URL signature key, follow these steps:

Step 1

Step 2

Step 3

Choose Devices > Devices > Service Control > URL Signing. The URL Signing Table page is displayed.

The table is sortable by clicking the column headings.

For information about Aggregate Settings, see the

“Aggregate Settings” section on page 4-8

Click the Create New icon in the task bar. The URL Signing page is displayed.

To edit the URL signature, click the Edit icon next to the URL Signature Key ID owner that you want to edit.

Enter the settings as appropriate. See Table 4-14 for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-28

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-14

Field

Cryptographic

Algorithm

Key ID Owner

Key ID Number

Key

Public Key URL

Symmetric Key

URL Signature Key Settings

Private Key URL

Description

Choose either Symmetric Key or Asymmetric Key . For more information, see the

“URL Signing and Validating” section on page J-6 .

Specify the ID number for the owner of this encryption key. Valid entries are from 1 to 32.

Specify the encryption key ID number. Valid entries are from 1 to 16.

Field for Symmetric Key only. Enter a unique URL signature key with up to 16 characters (excluding double quotes at the beginning and end of the string). This field accepts only 7-bit printable ASCII characters (alphabetic, numerics, and others) and does not support a space or the following special characters: pipe (|), question mark (?), double quotes ("), and apostrophe (’). The following special characters are allowed: {}!#$%&()*+,-./;:<=>@\~^[]_

Quoted and unquoted strings are allowed. Double quotes (") are allowed at the beginning and end of the string only. If you do not surround the key string with double quotes, quotes are added when you click Submit .

Field for Asymmetric Key only. The location of the public key file. Only HTTP,

HTTPS, or FTP addresses are supported. The public/private key pair is stored in

Privacy Enhanced Mail (PEM) format.

Note While Validation, the public key file is checked if the file size exceeds

2000 bytes and if the file starts with "-----BEGIN PUBLIC KEY-----" and contains "-----END PUBLIC KEY-----" line

Field for Asymmetric Key only. The location of the private key file. Only HTTP,

HTTPS, or FTP addresses are supported. The public/private key pair is stored in

Privacy Enhanced Mail (PEM) format.

Note While Validation, the private key file is checked if the file size exceeds

2000 bytes and if the file starts with "-----BEGIN EC PRIVATE

KEY-----" and contains "-----END EC PRIVATE KEY-----" line

Field for Asymmetric Key only. A 16-byte American Encryption Standard

(AES) key used for AES encryption of the signed URL.

Step 4 Click Submit to save the settings.

For information on the URL signing mechanism, see

Appendix J, “URL Signing and Validation.”

Configuring the Authorization Service

When Authorization Service is enabled, client requests are blocked if the request is for an unknown server or if the client’s IP address or geographic location is not allowed to request content. The

Authorization Service is enabled by default and includes both types of blocking.

The Authorization Service verifies that all client requests have a service routing fully qualified domain name (RFQDN) or origin server FQDN (OFQDN) that is recognized as part of a Delivery Service. For

more information about RFQDNs and origin server, see the “Content Origins” section on page 5-34

. If you want to allow client requests for unknown hosts, check the Enable Unknown-Server Requests check box.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-29

Chapter 4 Configuring Devices

Configuring the Service Engine

Note The string “.se.” cannot be used in the RFQDN and OFQDN.

To block client requests based on geographical location, the SE communicates with a Geo-Location server, which maps IP addresses to a geographic locations. The Geo-Location server, which is the same

Geo-Location server used for location-based routing on the SR, identifies the geographic location of a client request by the country, state, cit, netspeed, connection type, linespeed, asn, and carrier of the

client. See the “Configuring Request Routing Settings” section on page 4-110 . For more information

about the Geo-Location servers, see the

“Geo-Location Servers” section on page 4-113

.

Each Delivery Service participating in the Authorization Service has a Geo/IP file that contains information on the allowed client IP addresses and geographic locations, and denied client IP addresses and geographic locations. The Authorization Service blocks client requests based on the Geo/IP file uploaded for the Delivery Service.

The SE that receives the client request compares the client’s information, as well as the URL string pattern, with the information configured for the Delivery Service and allows or denies the request. If the

Authorization Service denies the request and a redirect URL has been specified in the Geo/IP file, the client is redirected to the URL specified by the redirect URL parameter. If the Authorization Service denies the request and a redirect URL has not been specified in the Geo/IP file, the protocol engine receives the denied message and sends a request denied message to the client. For more information, see the

“Authorization Plugins” section on page 5-26

To enable the Authorization Service, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Choose Devices > Devices > Service Control > Authorization Service . The Authorization Service page is displayed.

To enable the Authorization Service, check the Enable Authorization check box.

The Authorization Service is enabled by default.

To disable the Geo Plugin on this SE, uncheck the Enable Geo Plugin check box. The Geo Plugin is enabled by default.

The Geo/Ip Plugin is configured for each Delivery Service that has a Geo/Ip file associated. Every SE in the Delivery Service contacts the Geo-Location server to look up the client IP address for the allowed geographical locations. However, not every SE needs to contact the Geo-Location server (for example, upstream SEs). Disabling the Geo Plugin on upstream SEs reduces the number of times the

Geo-Location server is contacted.

In the Cache Timeout field, enter the timeout interval (in seconds) that a response from the

Geo-Location server is stored in the SE cache.The SE caches information from the Geo-Location server during the first request so that further requests can be served from cache instead of contacting the

Geo-Location server.

The default is 691200. The range is 1 to 864000.

From the Type drop-down list, choose one of the following server types:

• Quova—If quova is selected from the Type drop-down list:

In the Primary Address and associated Port fields, enter the IPv4 address and port number of the primary Geo-Location Server.

In the Secondary Address and associated Port fields, enter the IPv4 address and port number of the secondary Geo-Location Server.

• Quova GDS (Version 7.1.5)—If quova-restful-gds is selected form the Type drop-down list:

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-30

Chapter 4 Configuring Devices

Configuring the Service Engine

– In the Secondary Address and associated Port, Service Name, Retry and Timeout fields, enter the IPv6 or IPv4 address, port number, Service Name, Retry, and Timeout of the secondary

Geo-Location Server.

Quova Hosted—If quova-restful-hosted is selected from the Type drop-down list:

In the Primary Address and associated Port, Service Name, Retry and Timeout fields, enter the IPv6 or IPv4 address, port number, Service name, Retry, and Timeout of the primary

Geo-Location Server.

In the API Key field, enter the API key of the Geo-Location Server.

In the Shared Secret Key field, enter the shared secret key of the Geo-Location Server.

In the Primary Address and associated Port, Service Name, Retry and Timeout fields, enter the IPv6 or IPv4 address, port number, Service Name, Retry, and Timeout of the primary

Geo-Location Server.

In the Secondary Address and associated Port, Service Name, Retry and Timeout fields, enter the IPv6 or IPv4 address, port number, Service Name, Retry, and Timeout of the secondary

Geo-Location Server.

Note You need not add “/v1/ipinfo/” content manually in the Server Name.

• MaxMind Hosted—If the maxmind-restful-hosted is selected from the Type drop-down list:

– From the Protocol drop-down list, choose Http or Https .

In the Service field, enter the service name. The service name can be a, b, f, or e.

In the License Key field, enter the key that is used by the Geo-Location server to verify a request.

In the Primary Address and associated Port, Retry and Timeout fields, enter the IPv6 or IPv4 address, port number, Retry, and Timeout of the primary Geo-Location Server.

– In the Secondary Address and associated Port, Retry and Timeout fields, enter the IPv6 or

IPv4 address, port number, Retry, and Timeout of the secondary Geo-Location Server.

Note The Maxmind server service supported is GeoIP Legacy web services http://dev.maxmind.com/geoip/legacy/web-services/ .

Step 6

Step 7

To allow client requests for unknown hosts, while at the same time keeping the Authorization Service enabled, check the Enable Unknown-Server Requests check box.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-31

Chapter 4 Configuring Devices

Configuring the Service Engine

Note If the primary Geo-Location server is shut down and a secondary Geo-location server is configured and is up, requests are sent to the secondary Geo-Location server in a failover-type scenario. If the primary Geo-Location server is brought back up and is online, requests are still routed to the secondary Geo-Location server as long as the secondary Geo-Location server is up.

Only if the secondary Geo-Location server goes down and the primary Geo-Location server is up will a fallback occur and requests once again will be routed to the primary Geo-Location server.

Configuring Transaction Logs

Transaction logs allow administrators to view the traffic that has passed through the SE. Typical fields in the transaction log are the date and time when a request was made, the URL that was requested, whether it was a cache hit or a cache miss, the type of request, the number of bytes transferred, and the

source IP address. For more information about transaction logs and their formats, see the “Transaction

Logs” section on page 8-54

.

To enable transaction logging, follow these steps:

Table 4-15

Step 1

Step 2

Choose Devices > Devices > Service Control > Transaction Logging . The Transaction Log Settings page is displayed.

Enter the settings as appropriate. See Table 4-15 for a description of the fields.

Transaction Log Settings Fields

Field

General Settings

Transaction Log Enable

Snapshot Counter Log

Enable

Log Windows Domain

Compress Files before

Export

Log File Format

Log Format Custom

Description

Enables transaction logging.

Enables the Snapshot Counter transaction log. For more information, see the

“Snapshot Counter Transaction Logs” section on page 8-103 .

If NTLM authentication is configured, you can record the Windows domain name and username in the “authenticated username ” field of the transaction log by checking this check box. For more information, see the

“Transaction Logging and NTLM Authentication” section on page 8-69

.

When this check box is checked, archived log files are compressed into gzip format before being exported to external FTP servers.

Log file format choices are extended-squid or apache . The default is apache . For more information, see the

“Transaction Log Formats for Web

Engine” section on page 8-58

.

Or, choose Log Format Custom and enter a custom format string. For more information, see the

“Custom Format” section on page 8-61 .

Archive Settings

Max size of Archive File Maximum size (in kilobytes) of the archive file to be maintained on the local disk. The range is from 1000 to 2000000. The default is 500000.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-32

Chapter 4 Configuring Devices

Table 4-15

Configuring the Service Engine

Transaction Log Settings Fields (continued)

Field

Max number of files to be archived

Archive occurs

Description

Maximum number of files to be maintained on the local disk. The range is from 1 to 10000. The default is 10.

How often the working log is archived and the data is cleared from the working log. Choose one of the following:

Choose every to archive every so many seconds, and enter the number of seconds for the interval. The range is from 120 to 604800.

Choose every hour to archive using intervals of one hour or less, and choose one of the following:

– at —Specifies the minute in which each hourly archive occurs every —Specifies the number of minutes for the interval (2, 5, 10,

15, 20, or 30)

Choose every day to archive using intervals of one day or less, and choose one of the following:

– at —Specifies the hour in which each daily archive occurs

– every —Specifies the number of hours for the interval (1, 2, 3, 4,

6, 8, 12, 24)

Choose every week on to archive at intervals of one or more times a week, choose the days of the week, and choose what time each day.

Export Settings

Enable Export

Skip Log Types

Export occurs

FTP Export Server

Name

Enables exporting of the transaction log to an FTP server.

Enables to skip exporting of specific transaction logs. By default, no log type chosen to skip export.

How often the working log is sent to the FTP server and the data is cleared from the working log. Choose one of the following:

• Choose every to export every so many minutes, and enter the number of minutes for the interval. The range is from 1 to 10080.

Choose every hour to export using intervals of one hour or less, and choose one of the following:

– at —Specifies the minute in which each hourly export occurs

– every —Specifies the number of minutes for the interval (2, 5, 10,

15, 20, or 30)

Choose every day to export using intervals of one day or less, and choose one of the following:

– at —Specifies the hour in which each daily export occurs every —Specifies the number of hours for the interval (1, 2, 3, 4,

6, 8, 12, 24)

• Choose every week on to export using intervals of one or more times a week, choose the days of the week, and what time each day.

IP address or hostname of the FTP or SFTP server.

Name of the user.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-33

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-15 Transaction Log Settings Fields (continued)

Field

Password

Description

Password for the user.

Confirm Password

Directory

SFTP

Key Based

Note If you check the SFTP and the Key Based check boxes to use key-based authentication with SFTP, you cannot edit the

Password field.

Confirms the password for the user.

Note If you check the SFTP and the Key Based check boxes to use key-based authentication with SFTP, you cannot edit the Confirm

Password field

Name of the directory used to store the transaction logs on the FTP or

SFTP server.

Check the SFTP check box if you are using an SFTP server.

Check the Key Based check box to use key-based authentication instead of password authentication with the SFTP server.

FTP Export IPv6 Server

Windows Media Settings

Enable Windows Media

Settings

Note To use this option, you must also upload the Public and Private keys files using CDSM. For more information on uploading these keys, see the

“Configuring SFTP Key File Registration” section on page 4-37 .

IPv6 address or hostname of the FTP server or SFTP server.

Enables Windows Media transaction logging.

4-34

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 4 Configuring Devices

Table 4-15

Configuring the Service Engine

Transaction Log Settings Fields (continued)

Field

Log File Format

Description

Sets Windows Media Streaming Engine to generate transaction logs in the following formats:

• extended wms-41 extended wms-90

Uses the standard Windows Media Services 4.1 format to generate the transaction log and includes the following three additional fields in the transaction log:

SE_action (cache hit or cache miss)

SE-bytes (number of bytes sent from the SE for a cache hit)

• username (username of the Windows Media request when NTLM, Negotiate, Digest, or basic authentication is used)

Uses the standard Windows Media Services 9 format to generate the transaction log and includes the following three additional fields in the transaction log:

SE_action (cache hit or cache miss)

SE-bytes (number of bytes sent from the SE for a cache hit)

• username (username of the Windows Media request when NTLM, Negotiate, Digest, or basic authentication is used)

• wms-41 wms-90

Standard Windows Media Services 4.1 format

Standard Windows Media Services 9 format

The default is wms-41 . For more information, see the

“Windows Media

Transaction Logging” section on page 8-72

.

Web Engine Settings

Session Log The Session Log drop-down list has the following options:

• enable—Enables Session Log for this device, which consists of per-session transaction logging (Per Session logs) and per-fragment transaction logging (Web Engine custom format transaction logs).

enable exclusive—Enables Session Log only for per-session transaction logging.

• disable—Disables Session Log.

For more information, see the

“Web Engine User Level Session

Transaction Logs” section on page 8-99

.

Enables Delivery service Monitoring.

Enable Delivery Service

Monitoring

Export Server and Port IP address and port number of the CDNM, CDN, or other export server that is to receive the transaction log files. A maximum of three export servers can be specified. The default port number is 9998.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-35

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-15 Transaction Log Settings Fields (continued)

Description Field

Splunk UF Export Settings

Export Enable

Throttling

Max Queue Size

Group Type of Export

Servers

SSL Encryption Enable

Enables the automatic export of the selected transaction logs to the designated export server. For more information, see the

“Real-Time

Exporting of Transaction Logs for Billing and Analytic Reports” section on page 8-105

.

If throttling is configured to a value other than zero, the following actions is performed:

Limits the speed to the specified rate in kilobytes per second through the throughput processor.

Controls the CPU load to the specified rate in kilobytes per second while indexing.

If throttling is set to zero (0), the speed of the throughput processor is not limited.

Sets the maximum size of the forwarder's output queue. The size is limited based on the number of entries, or on the total memory used by the items in the queue.

• If the maximum queue size specified is a lone integer (for example, maxQueueSize=100), the maxQueueSize indicates the maximum count of queued items.

If the maximum queue size specified is an integer followed by KB,

MB, or GB (for example, maxQueueSize=100MB), the maxQueueSize indicates the maximum RAM size of all the items in the queue.

• If the maximum queue size is set to zero (0), the size of the queue is not limited.

The Group Type of Export Servers drop-down list has the following options:

Load-balancing—The forwarder will load balance amongst the receivers listed. If one receiver goes down, the forwarder automatically switches to the next one available.

• Data Cloning—The forwarder sends copies of all its events to the receivers in two or more target groups.

Enables the use of SSL encryption for the export of transaction logs to the designated export servers.

Export Server and Port

Note Before you enable this option, upload the required certificates using CDSM. For more information on uploading the certificates, see the

“Configuring Splunk Certificate File Registration” section on page 4-38

.

IP address and port number of the CDNM, CDN, or other export server that is to receive the transaction log files. A maximum of three export servers can be specified. The default port number is 9998.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-36

Chapter 4 Configuring Devices

Table 4-15

Configuring the Service Engine

Transaction Log Settings Fields (continued)

Field

Common Name and SSL

Passphrase

Description

If SSL Encryption is enabled:

In the Common Name field, enter the Common Name that is used during the server certificate (export server) generation.

In the SSL Passphrase field, enter the client specific private key passphrase.

Splunk UF Monitor Settings

Monitors Check the Enable check boxes of the type of transaction logs to export.

Click the Edit icon next to the type of transaction log, to edit the values of Ignore Older Than, Index and Source Type of each monitor log type.

• Ignore Older Than—The monitored input stops checking files for updates if the modtime passes the threshold value. This improves the speed of file tracking operations when monitoring directory hierarchies with large numbers of historical files. The default value is zero (0).

Index—Sets the index key's initial value. The key is used when selecting an index to store the events.

Source Type—Sets the sourcetype key's initial value. The key is used during parsing/indexing, in particular to set the source type field during indexing. It is also the source type field used at search time.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

Configuring SFTP Key File Registration

SFTP key-based authentication allows administrators to use key-based authentication with SFTP to more securely export transaction logs from the SEs and SRs to external SFTP servers. This option is more secure than using just passwords with SFTP.

SFTP key-based authentication uses a Public/Private key pair. To use SFTP key-based authentication you must first generate a Public and Private key pair for your SE. To generate this Public/Private key pair you can use tools such as the ssh-keygen command from the operating system command prompt or

PuTTYgen from a Windows environment. Make sure to save the Public/Private keys to a location that is accessible from the computer that is running CDSM. You will use CDSM to upload these keys to the SEs.

After the Public/Private key pair are generated, follow these steps to upload the key pair in CDSM. After you have uploaded the key pair, CDSM will securely copy the certificates to the SEs:

Step 1

Step 2

Step 3

Step 4

Choose Devices > Devices > Service Control > SFTP Key File Registration . The Creating SFTP Key

Files Settings page is displayed.

Click the Browse button to locate the Public Key file.

Click the Browse button to locate the Private Key file.

Click Submit to save the settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-37

Chapter 4 Configuring Devices

Configuring the Service Engine

Note After you upload the Public and Private keys for SFTP, you need to configure the SFTP server

information in CDSM. To configure the SFTP server settings in CDSM, see the “Configuring

Transaction Logs” section on page 4-32 . You must also manually copy the Public key for the SE to the

SFTP server. On the SFTP server, copy the public key to the authorized key set folder, based on the SFTP software that you are using.

Configuring Splunk Certificate File Registration

Configuring the Splunk process to use SSL encryption enables the transaction logs to be securely transfered from the SEs and SRs to the VDS-SM. This SSL encryption will use Root certificates, Client certificates, and Server certificates. When generating the certificates, it is important to follow these guidelines:

When generating the Root certificate, do not specify a common name or challenge password.

When generating the Server certificate, do not specify a challenge password.

When generating the Server certificate, make note of the common name. You will need to reference this common name while configuring SSL on the forwarder.

When generating the Client certificate, do not specify a common name or challenge password.

For an example of how to use the VDS-SM to generate the Root, Server, and Client certificates, refer to

Appendix N, “Generating Self-Signed Certificates with VDS-SM” . For additional information on

configuring VDS-SM for secure log transfer with VDS-IS, please refer to Videoscape Distribution Suite

Service Manager User Guide: Securing log transfer between VDS-IS and VDS-SM .

After the certificates are generated, the Root and Client certificates are uploaded to the SEs and the SRs and the Root and Server certificates are uploaded to the VDS-SM. Both the Client and Server certificates will be signed by the same Root certificate. Refer to

Appendix N, “Generating Self-Signed Certificates with VDS-SM” for information on uploading the Root and Server certificates to the VDS-SM.

Perform the following steps to upload the Root and Client certificates to the SEs. After you have uploaded the certificates, CDSM will securely copy the certificates to the SEs:

Step 1

Step 2

Step 3

Step 4

Choose Devices > Devices > Service Control > Splunk Certification File Registration . The Creating

Splunk Certification Files Settings page is displayed.

Click the Browse button to locate the Root Certification file.

Click the Browse button to locate the Client Certification file.

Click Submit to save the settings.

Note After you upload the Root and Client certificates for the Splunk process, you need to enable SSL

Encryption and configure the SSL settings for the export servers in CDSM. To configure theses settings in CDSM, see the

“Configuring Transaction Logs” section on page 4-32

.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-38

Chapter 4 Configuring Devices

Configuring the Service Engine

Application Control

The Application Control pages provide settings for bandwidth management of delivery services and protocol engines. Configuring application control consists of the following procedures:

Configuring Default and Maximum Bandwidth, page 4-39

Configuring Bandwidth Schedules, page 4-40

Configuring Windows Media Streaming—General Settings, page 4-43

Configuring Windows Media Streaming—Bypass List, page 4-45

Configuring Movie Streamer—General Settings, page 4-46

Configuring RTSP Advanced Settings, page 4-48

Configuring Flash Media Streaming—General Settings, page 4-48

Configuring Flash Media Streaming—FMS Administrator, page 4-49

Configuring Flash Media Streaming—Service Monitoring, page 4-49

Configuring Flash Media Streaming—Service Monitoring, page 4-49

Configuring Web Engine HTTP Cache Freshness, page 4-50

Configuring Tmpfs Size Settings, page 4-51

Configuring TCP Timeout, page 4-51

Configuring HTTP Options, page 4-52

Configuring Default and Maximum Bandwidth

The bandwidth used for delivering content is determined by the settings in the Default and Maximum

Bandwidth page, and the Scheduled Bandwidth page. The default settings are used unless a scheduled bandwidth is configured for a specified time period. For Flash Media Streaming bandwidth limits, see

the “Configuring Flash Media Streaming—General Settings” section on page 4-48

and the

“Configuring

Flash Media Streaming—Service Monitoring” section on page 4-49

.

Note The bandwidth used for delivering content is always the minimum bandwidth configured of the following configurations: default bandwidth, maximum bandwidth, and scheduled bandwidth. When the bandwidth limit is reached, new client requests are dropped and a syslog entry is written. The client receives an error message “453: Not enough bandwidth.”

To configure the default and maximum bandwidth settings, follow these steps:

Step 1

Step 2

Choose Devices > Devices > Application Control > Default and Maximum Bandwidth . The Default and Maximum Bandwidth page is displayed.

Enter the settings as appropriate. See

Table 4-16

for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-39

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-16 Application Control Default and Maximum Bandwidth Fields

Field

Windows Media

Incoming

Windows Media

Outgoing

Movie Streamer

Incoming

Movie Streamer

Outgoing

Default

Bandwidth

Maximum

Bandwidth

Default

Bandwidth

Maximum

Bandwidth

Default

Bandwidth

Maximum

Bandwidth

Default

Bandwidth

Maximum

Bandwidth

Description

Default bandwidth allowed for incoming Windows Media traffic from client devices.

Maximum bandwidth permitted by system license. The maximum bandwidth for concurrent Windows Media streams enforces the aggregate bandwidth of all concurrent Windows Media streaming sessions, which includes RTSP-using-UDP, RTSP-using-TCP,

MMS-over-HTTP, and live stream splitting.

The default is 200 Mbps.

1

Default bandwidth allowed for outgoing Windows Media traffic from the SE.

Maximum bandwidth permitted by system license. The maximum bandwidth for concurrent Windows Media streams enforces the aggregate bandwidth of all concurrent Windows Media streaming sessions, which includes RTSP-using-UDP, RTSP-using-TCP,

MMS-over-HTTP, and live stream splitting.

The default is 200 Mbps.

1

Default bandwidth allowed for incoming Movie Streamer traffic from client devices.

Maximum bandwidth permitted by system license. The maximum bandwidth for concurrent Movie Streamer streams enforces the aggregate bandwidth of all concurrent Movie Streamer sessions.

The default is 200 Mbps.

1

Default bandwidth allowed for outgoing Movie Streamer traffic from the SE.

Maximum bandwidth permitted by system license. The maximum bandwidth for concurrent Movie Streamer streams enforces the aggregate bandwidth of all concurrent Movie Streamer sessions.

The default is 200 Mbps.

1

1.

The maximum bandwidth allowed is 8 Gbps on a CDE220-2G2, 12 Gbps on a, and 44 Gbps on a CDE250.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring Bandwidth Schedules

Bandwidth Schedule settings take precedence over Default Bandwidth settings.

To configure a Bandwidth Schedule, follow these steps:

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-40

Chapter 4 Configuring Devices

Configuring the Service Engine

Step 1

Step 2

Step 3

Choose Devices > Devices > Application Control > Bandwidth Schedules . The Application Control

Bandwidth Schedule Table page is displayed.

The table is sortable by clicking the column headings.

For information about Aggregate Settings, see the

“Aggregate Settings” section on page 4-8

Click Create New in the task bar. The Scheduled Bandwidth page is displayed.

To edit a bandwidth schedule, click the Edit icon next to the scheduled bandwidth that you want to edit.

Enter the settings as appropriate. See

Table 4-17

for a description of the fields.

Table 4-17 Application Control Bandwidth Schedule Fields

Field

Bandwidth Type

Description

Windows Media Incoming—Incoming Windows Media streaming content requests from end users.

Windows Media Outgoing—Outgoing Windows Media content from SEs.

Movie Streamer Incoming—Incoming Movie Streamer content requests from

SEs or origin servers.

Bandwidth Rate

Start Time

Movie Streamer Outgoing—Outgoing Movie Streamer content in response to

RTSP requests from end users.

Maximum amount of bandwidth you want to allow (in kilobits per second).

Time of day for the bandwidth rate setting to start, using a 24-hour clock in local time (hh:mm).

End Time Time of day for the bandwidth rate setting to end (hh:mm).

Use Specific Days Days of the week on which configured bandwidth settings apply.

• Full Week—Bandwidth settings are applied to the entire week.

• Sun, Mon, Tue, Wed, Thu, Fri, and Sat—Specific days of the week on which configured bandwidth settings apply.

Specific Day Range Range of days of the week on which configured bandwidth settings apply.

Start day—Day of the week to start for allowable bandwidth.

End day—Day of the week to end for allowable bandwidth.

Step 4 Click Submit to save the settings.

To delete a bandwidth schedule, click the Edit icon for the group, then click the Delete icon in the task bar.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-41

Chapter 4 Configuring Devices

Configuring the Service Engine

Bandwidth Graph

To view a graphical representation of the bandwidth settings, click the Display Graph icon in the task bar. The Application Bandwidth graph is displayed in a new page.

The vertical axis of the graph represents the amount of bandwidth in kilobits per second (kb/s) , and the horizontal axis represents the days of the week. The units shown on the vertical axis are determined dynamically based on the bandwidth rate for a particular bandwidth type. The units shown on the horizontal axis represent 24 hours per each day of the week. Each type of bandwidth is represented by a different color. A legend at the bottom of the graph maps colors to the corresponding bandwidth type.

To view the graph by bandwidth type, detailed or composite view, or days of the week, click a view

option in the text at the top of the page. Table 4-18 describes the view options.

Table 4-18 Viewing Options for Content Services Bandwidth Graph

Option

Windows Media In

Windows Media Out

Movie Streamer In

Movie Streamer Out

All Servers

Show Detailed

Bandwidth/Show

Effective Bandwidth

Show Aggregate

View/Show

Non-Aggregate View

Description

Displays the bandwidth settings for incoming Windows Media traffic.

Displays the bandwidth settings for outgoing Windows Media traffic.

Displays the bandwidth settings for incoming Movie Streamer traffic.

Displays the bandwidth settings for outgoing Movie Streamer traffic.

Displays a consolidated view of all configured bandwidth types. This is the default view and is combined with the Full Week view.

Toggles between the two options:

Show Detailed Bandwidth—Displays detailed bandwidth settings for the SE and its associated device groups. The bandwidth settings of the device and device groups are shown in different colors for easy identification.

Show Effective Bandwidth—Displays the composite (aggregate) bandwidth settings for the SE and its associated device groups.

Toggles between the two options:

Show Aggregate View—Displays the bandwidth settings configured for the corresponding device groups.

Show Non-Aggregate View—Displays the bandwidth settings configured for the SE.

Displays the bandwidth settings for the corresponding day of the week.

Sun, Mon, Tues, Wed,

Thurs, Fri, Sat

Full Week Displays the bandwidth settings for the entire week. This is the default view and is combined with the All Servers view.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-42

Chapter 4 Configuring Devices

Configuring the Service Engine

Configuring Windows Media Streaming—General Settings

To configure the General Settings for Windows Media Streaming, follow these steps:

Step 1

Step 2

Choose Devices > Devices > Application Control > Windows Media Streaming > General Settings .

The Windows Media Streaming General Settings page is displayed.

Enter the settings as appropriate. See

Table 4-19

for a description of the fields.

Table 4-19 Windows Media Streaming General Settings Fields

Field Description

Enable Windows Media Services When checked, Windows Media Services is enabled. To disable services, uncheck the check box.

Windows Media Proxy Settings

Enable Outgoing HTTP Proxy

Outgoing HTTP Proxy Host

Name and Port

Enable Outgoing RTSP Proxy

When enabled, allows an outgoing HTTP proxy server for streaming media in MMS format (MMS-over-HTTP). The

Outgoing Proxy feature only works on the Content Acquirer in a

Delivery Service.

Hostname, or IP address, and port of the outgoing HTTP proxy.

Valid port numbers range from 1 to 65535.

When enabled, allows an outgoing RTSP proxy server for streaming media using RTSP. The Outgoing Proxy feature only works on the

Content Acquirer in a Delivery Service.

Outgoing RTSP Proxy Host

Name and Port

Enable Accelerate Proxy Cache

Performance

Windows Media General Settings

Hostname, or IP address, and port of the outgoing RTSP proxy.

Valid port numbers range from 1 to 65535.

When enabled, caching performance improvements are applied to the Windows Media proxy.

Disable HTTP Windows Media

Traffic

Disable RTSPT WMT Traffic

To disallow streaming over HTTP, check the check box.

Disable RTSPU WMT Traffic

Maximum Concurrent

Connections: Override Default and Custom Value

Enforce Maximum Outgoing

Bitrate

Maximum Outgoing Bitrate

Enforce Maximum Incoming

Bitrate

To disallow streaming over RTSPT (RTSP using TCP), check the check box.

To disallow streaming over RTSPU (RTSP using UDP), check the check box.

To override the default maximum number of concurrent sessions, check the check box and enter a value in the Custom Value field.

The default is 200 sessions. The range is from 1 to 40000.

Enforces the maximum stream bit rate for serving content when checked.

The maximum streaming bit rate that can be served in kilobits per second (kbps). The range is from 1 to 2,147,483,647. The default is

0, which means no bitrate limit.

Enforces the maximum incoming bit rate for receiving content when checked.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-43

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-19 Windows Media Streaming General Settings Fields (continued)

Field

Maximum Incoming Bitrate

Enable Accelerate Live-Split

Performance

Enable Accelerate VOD

Performance

Restrict HTTP Allowed

Extensions

HTTP Allowed Extensions

Description

The maximum streaming bit rate (kbps) that can be received. The range is from 1 to 2,147,483,647. The default is 0, which means no bitrate limit.

Enables performance improvements in live splitting for the

Windows Media proxy.

Enables performance improvements in Video On Demand for the

Windows Media proxy.

Allows you to add or remove permitted extensions.

List of allowable extensions for HTTP.

You can add or delete filename extensions from this list with the following restrictions:

• Each extension must be alphanumeric, with the first character in the extension being an alphabetic character.

You cannot have more than 10 characters in a filename extension.

You cannot add more than 6filename extensions to the allowed list.

Enables Fast Start for MMS-over-HTTP or RTSP. Enable Fast Start Feature

Fast Start Max Bandwidth Maximum bandwidth (kbps) allowed per Windows Media Player when Fast Start is used to serve packets to this player. The default is 3500. The range is from 1 to 65535.

Enable Fast Cache Enables Fast Cache for MMS-over-HTTP or RTSP.

Fast Cache Max Delivery Rate Maximum delivery rate (kbps) allowed per Windows Media Player when Fast Cache is used to deliver packets to this player. The default is 5. The range is from 1 to 65535.

Windows Media Multicast Settings

Number of hops to live Number of hops to live for multicast Windows Media packets. The default is 5. The range is from 0 to 255.

Windows Media Advanced Client Settings

Idle Timeout Number of seconds to timeout when the client connection is idle.

The default is 60 The range is from 30 to 300.

Maximum Data Packet Size Maximum packet size (in bytes) allowed. The default is 1500. The range is from 576 to 16,000.

Windows Media Advanced Server Settings

Enable Log Forwarding

Inactive Timeout

Enables log forwarding to an upstream SE or Windows Media server.

Number of seconds to timeout when the upstream SE or Windows

Media server connection is idle. The default is 65535. The range is from 60 to 65535.

Windows Media Cache Settings

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-44

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-19

Field

Enable

Max Object Size

Age Multiplier

Maximum TTL

Minimum TTL

Windows Media Streaming General Settings Fields (continued)

Enable Re-evaluate Request

Description

When checked, Windows Media cache settings are enabled.

The maximum content object size (in megabytes) the SE can cache.

The default is 25600. The range is from 1 to 1000000.

The age multiplier value (as a percentage) enables the SE to estimate the life of an object by multiplying the time since the object was last modified by a percentage to obtain an approximate expiration date. After this date, the object is considered stale, and subsequent results cause a fresh retrieval by the SE. The default value is 30. The range is from 0 to 100.

The maximum Time to Live for objects in the cache. The value ranges are the following:

1 to 157680000 seconds

1 to 2628000 minutes

1 to 43800 hours

1 to 1825 days

The default is 1 day.

The minimum Time to Live (in minutes) for objects in the cache.

The default is 60. The range is from 0 to 86400.

When checked, the cache is validated with the origin server instead of validating the cache using heuristics. When Enable Re-evaluate

Request is checked, the cached content freshness is revalidated every time the content is requested, which limits the effectiveness of the other cache settings and increases the time to start streaming the content.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring Windows Media Streaming—Bypass List

Incoming bandwidth refers to the bandwidth between a local SE and the origin server. When the SE is configured for Windows Media proxy services, incoming bandwidth usage for Video On Demand (VOD) content is unpredictable. This unpredictability is because the consumption of incoming bandwidth for

VOD content can be triggered arbitrarily by an end user requesting the content. If the VOD content is not found in the SE cache, a cache miss occurs, and the Windows Media proxy must fetch the content from the origin server. The SE administrator cannot predict the incoming bandwidth usage for such events, so a large number of cache-miss VOD requests can consume all of the incoming bandwidth.

The Windows Media incoming bandwidth bypass configuration allows the administrator to configure a list of hosts that bypasses the incoming bandwidth limitation.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-45

Chapter 4 Configuring Devices

Configuring the Service Engine

To configure the list of hosts for bypassing incoming bandwidth limits, follow these steps:

Step 1

Step 2

Step 3

Choose Devices > Devices > Application Control > Windows Media Streaming > Bypass List . The

Bypass List page is displayed.

In the Windows Media BW Incoming Bypass List field, enter up to four IP addresses or hostnames of hosts that you want to bypass the incoming bandwidth check. Separate each entry with a space.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring Movie Streamer—General Settings

The Movie Streamer is an open-source, standards-based, streaming server that delivers hinted MPEG-4, hinted 3GPP, and hinted MOV files to clients over the Internet and mobile networks using the industry-standard RTP and RTSP.

To configure the general settings for Movie Streamer, follow these steps:

Step 1

Step 2

Choose Devices > Devices > Application Control > Movie Streamer > General Settings . The Movie

Streamer General Settings page is displayed.

Enter the settings as appropriate. See Table 4-20 for a description of the fields.

Table 4-20 Movie Streamer General Settings Fields

Field Description

Enable Movie Streamer Services When checked, Movie Streamer Services is enabled. To disable services, uncheck the check box.

Movie Streamer Proxy Settings

Host Name

Port

Hostname or IP address of the proxy server for Movie Streamer.

Port of the proxy server for Movie Streamer. Valid port numbers range from 1 to 65535. The default is 554.

Movie Streamer General Settings

Maximum Concurrent

Connections: Override Default and Custom Value

Enforce Maximum Outgoing

Bitrate

Maximum Outgoing Bitrate

Enforce Maximum Incoming

Bitrate

Maximum Incoming Bitrate

To override the default maximum number of concurrent sessions, check the check box and enter a value in the Custom Value field.

The default is 200 sessions. The range is from 1 to 40,000.

Enforces the maximum stream bit rate for serving content when checked.

The maximum streaming bit rate that can be served in kilobytes per second (Kbps). The range is from 1 to 2147483647, depending on the hardware model.

Enforces the maximum incoming bit rate for receiving content when checked.

The maximum streaming bit rate (Kbps) that can be received. The range is from 1 to 2147483647, depending on the hardware model.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-46

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-20 Movie Streamer General Settings Fields (continued)

Field

Enable Accelerate VOD

Performance

Description

Enables performance improvements in Video On Demand for the

Movie Streamer proxy.

Movie Streamer Advanced Client Settings

Idle Timeout

RTP Timeout

The Idle Timeout field and the RTP Timeout field, are only intended for performance testing when using certain testing tools that do not have full support of the RTCP receiver report. Setting these timeouts to high values causes inefficient tear down of client connections when the streaming sessions have ended.

The Idle Timeout field has a range from 0 to 300, whereas the RTP

Timeout field has a range from 30-180. This is by design.

For typical deployments, it is preferable to leave these parameters set to their defaults. The default is 300 for the Idle Timeout field and 180 for the RTP Timeout field.

Movie Streamer Cache Settings

Enable

Age Multiplier

Maximum TTL

Enable Re-evaluate Request

When checked, Movie Streamer caches content on the SE and the cache settings are enabled.

The age multiplier value (as a percentage) enables the SE to estimate the life of an object by multiplying the time since the object was last modified by a percentage to obtain an approximate expiration date. After this date, the object is considered stale, and subsequent results cause a fresh retrieval by the SE. The default value is 30. The range is from 0 to 100.

The maximum Time to Live for objects in the cache. The value ranges are the following:

1 to 157680000 seconds

1 to 2628000 minutes

1 to 43800 hours

1 to 1825 days

The default is 1 day.

When checked, the cache is validated with the origin server instead of validating the cache using heuristics.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-47

Chapter 4 Configuring Devices

Configuring the Service Engine

Configuring RTSP Advanced Settings

To configure RTSP advanced settings for Movie Streamer and Windows Media Streaming, follow these steps:

Step 1

Step 2

Choose Devices > Devices > Application Control > RTSP Advanced Settings . The RTSP Advanced

Settings page is displayed.

Enter the settings as appropriate. See Table 4-21 for a description of the fields.

Table 4-21 RTSP Advanced Settings Fields

Field

Maximum Initial

Setup Delay

Maximum Request

Rate

Description

Maximum delay allowed (in seconds) between TCP accept and the first RTSP message from the client. The default is 10 seconds.

Maximum number of incoming requests per second that the RTSP gateway allows. The default is 40 requests per second.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring Flash Media Streaming—General Settings

The Flash Media Streaming engine delivers Adobe Flash applications and video files, as well as MP3 audio files using HTTP and an Adobe proprietary protocol, RTMP. For more information, see the

“Flash

Media Streaming Engine” section on page 1-28

.

Note Flash Media Streaming uses port 1935 for RTMP and RTMPE streaming. Flash Media Streaming also supports RTMPT and RTMPTE over port 80.

To enable Flash Media Streaming, follow these steps:

Step 1

Step 2

Step 3

Choose Devices > Devices > Application Control > Flash Media Streaming > General Settings . The

Flash Media Streaming General Settings page is displayed.

Check the Enable Flash Media Streaming check box.

Enter the settings as appropriate. See Table 4-22 for a description of the fields.

Table 4-22 Flash Media Streaming Fields

Field

Restricted Maximum

Bandwidth

Description

Maximum bandwidth allowed for Flash Media Streaming. The range is from

1000 to 8000000 Kbps. The default is 200000.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-48

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-22 Flash Media Streaming Fields (continued)

Field

Restricted Maximum

Sessions

Restricted Rollover

Sessions Threshold

Description

Maximum concurrent sessions the Flash Media Streaming engine supports.

The range is from 1 to 15000. The default is 200.

Rollover threshold the Flash Media Streaming engine supports. The range is from 0 to 10000. A value of zero (0) means the rollover is turned off. The default is 1000.

Step 4 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring Flash Media Streaming—FMS Administrator

To enable servers to send Flash Media Server (FMS) Administration API calls to this device, follow these steps:

Step 1

Step 2

Step 3

Step 4

Choose Devices > Devices > Application Control > Flash Media Streaming > FMS Admin Allow

Hosts . The FMS Admin Allow Hosts page is displayed.

Check the Enable check box.

In the FMS Admin Allow Hosts field, enter the IP addresses (space delimited) of the servers that are allowed to send Flash Media Server Administration API calls to this device.

The Adobe Flash Media Server Administration APIs and the Administration Console that was built using the Administration APIs are supported. These APIs can be used to monitor and manage the Adobe Flash

Media Server running on a VDS-IS Service Engine.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring Flash Media Streaming—Service Monitoring

To enable Flash Media Streaming Service Monitoring, follow these steps:

Step 1

Step 2

Choose Devices > Devices > Application Control > Flash Media Streaming > Service Monitoring .

The Service Monitoring page is displayed.

Check the Enable Service Monitoring check box.

Service Monitoring monitors the Flash Media Streaming engine memory usage. If the memory usage reaches the configured limitation for either the Flash Media Streaming core process or the Flash Media

Streaming edge process, an alarm is raised and the Service Router does not redirect any new Flash Media

Streaming requests to this SE. For more information on memory limitation, see the “Configuring

Memory Limitation Settings” section on page 4-105

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-49

Chapter 4 Configuring Devices

Configuring the Service Engine

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring Web Engine HTTP Cache Freshness

To configure the Web Engine HTTP cache freshness, follow these steps:

Step 1 Choose Devices > Devices > Application Control > Web > HTTP > HTTP Cache Freshness . The

HTTP Cache Freshness page is displayed (

Figure 4-13

).

Figure 4-13 HTTP Cache Freshness Page

4-50

Step 2

Enter the settings as appropriate. See Table 4-23 for a description of the fields.

Table 4-23 HTTP Cache Freshness Fields

Field Description

Enable When checked, HTTP cache freshness is enabled.

Object Age Multiplier The age multiplier value (as a percentage) enables the SE to guess the life of an object by multiplying the time since the object was last modified by a percentage to obtain an approximate expiration date. After this date, the object is considered stale, and subsequent results cause a fresh retrieval by the SE. The range is from 0 to 100. The default value is 30.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-23

Field

Max TTL Scale

Minimum TTL

HTTP Cache Freshness Fields (continued)

Max Object TTL

Description

The scale (seconds, hours, minutes, or days) to use for the Max Object TTL.

The Time to Live (TTL) sets a ceiling on estimated expiration dates. If an object has an explicit expiration date, this takes precedence over the configured TTL. The default is days.

The maximum Time to Live (TTL) for objects in cache. The ranges are as follows:

1 to 1825 days

1 to 43800 hours

1 to 2628000 minutes

1 to 157680000 seconds

The default is 61 day.

The minimum Time to Live (in minutes) for objects in the cache. The range is from 0 to 86400. The default value is 60.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring Tmpfs Size Settings

To configure the Tmpfs size settings, follow these steps:

Step 1

Step 2

Step 3

Choose Devices > Devices > Application Control > Web > HTTP > Tmpfs Size . The Tmpfs size settings page is displayed.

In the tmpfs-size field, enter the percentage of physical memory. The default is 25 percent. The range is from 10 to 90 percent.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring TCP Timeout

To configure the TCP Timeout value, follow these steps:

Step 1

Step 2

Step 3

Choose Devices > Devices > Application Control > Web > HTTP > TCP Timeout . The TCP Timeout

Settings page is displayed.

In the tcp-timeout field, enter the value for the TCP timeout in seconds. The default is 15 seconds. The range is from 15 to 60 seconds.

Click Submit to save the settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-51

Chapter 4 Configuring Devices

Configuring the Service Engine

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

Configuring HTTP Options

To configure the HTTP Options settings, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Choose Devices > Devices > Application Control > Web > HTTP > HTTP Options . The HTTP

Options settings page is displayed.

In the Access-Control-Allow-Headers field, enter the value. The default is Origin, Range.

In the Access-Control-Allow-Methods field, enter the value. The default is GET, HEAD, OPTIONS.

In the Access-Control-Allow-Origin field, enter the value. The value can be either the valid

IP/Domain-name of the request origin or *. The default is *.

In the Access-Control-Expose-Headers field, enter the value. The default is Cache-Control, Date,

Expires, Server.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Note Starting with Release 4.3.2-b28, VDS-IS supports HTTP Options.

General Settings

The General Settings pages provide settings for access control of the device, maintenance, network connectivity, and monitoring. The configuring of general settings consists of the following procedures:

Configuring Content Management

To configure the maximum number of entries for cache content, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Content Management . The Content Management page is displayed.

Enter the settings as appropriate. See Table 4-24 for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-52

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-24 Content Management Fields

Field

Max Cache Content

Entries

Description

Enter the value for the maximum entries of cached content allowed.

• The maximum cached file entries is 20 million for a platform with physical memory size less than 32 GB(33,554,432 KB). The default is 16 million.

If you enter the value more than 20 million for maximum cached files entries, and click Submit , only the maximum value that is 20 million is applied on the SE.

For more information, see the Cisco Videoscape Distribution Suite,

Internet Streamer 4.2.1 Command Reference Guide.

Max Cache Content

Directories

• The maximum cached file entries is 50 million for a platform with physical memory size more than 32 GB(33,554,432 KB). The default is 40 million.

Enter the value for the maximum directories of cached content allowed.

• The maximum cached file directories is 1 million for a platform with physical memory size less than 32 GB(33,554,432 KB). The default is

800,000.

If you enter the value more then 1 million for the maximum cached file directories and click Submit , only the maximum value that is 1 million is applied on the SE.

For more information, see the Cisco Videoscape Distribution Suite,

Internet Streamer 4.2.1 Command Reference Guide.

Cache content eviction preferred size

• The maximum cached file directories is 10 million for a platform with physical memory size more than 32 GB(33,554,432 KB). The default is 8 million.

By default, Content Manager prefers to keep small content objects over large content objects, because the overhead of fetching a small object is higher than larger objects.

Enable Small Content

Eviction Protection

The Cache content eviction preferred size default is large, which means the large size files are evicted before small files.

Check the Enable Small Content Eviction Protection check box, to enable small content eviction protection.

For more information, see the

“Eviction Protection” section on page 1-11

.

Maximum small cache entry size to protect

From the Maximum small cache entry size to protect drop-down list, choose the maximum cache entry size (500 KB, 1 MB, 2 MB, 4 MB, 10 MB, and 20

MB) to protect from deletion.

Minimum duration to protect the small content from eviction

Enable Large Content

Eviction Protection

From the Minimum duration to protect the small content from eviction drop-down list, choose the age (5-30 mins) of the content object to be protected from deletion.

Check the Enable Large Content Eviction Protection check box to enable eviction protection.

For more information, see the

“Eviction Protection” section on page 1-11

.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-53

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-24 Content Management Fields (continued)

Field

Minimum large cache entry size to protect

Threshold of Disk

Failures Per Bucket

Description

From the Minimum large cache entry size to protect drop-down list, choose the minimum cache entry size (100 MB, 500 MB, 1 GB, and 4 GB) to protect from deletion.

Minimum duration to protect the large content from eviction

From the Minimum duration to protect the large content from eviction drop-down list, choose the age (1-4 hours for 100 MB size, 1, 4, 8, or 24 hours for all other sizes) of the content object to be protected from deletion.

Hit Count Decay Half

Life

Enter the half-life decay period (in days) at which to decay hit-count by half.

The range is 1 to 30. The default is 14 days.

The decay mechanism reduces the hit count by half and is applied for the content object every two weeks by default.

Enter the threshold, as a percentage, for disk failures in a bucket. The disks in each bucket are monitored, and if the threshold is exceeded, a minor alarm is raised. The default is 30. The range is 1 to 100.

For more information, see the “Bucket Allocation” section on page 1-7

.

The slowscan runs at this time every day. In default, it is "00:00".

Primary start-time of slowscan

Secondary start-time of slowscan

The slowscan runs at this time either. With such configuration, slowscan runs twice every day. By default, it is not set.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

4-54

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 4 Configuring Devices

Configuring the Service Engine

Login Access Control

Login authentication and authorization are used to control user access and configuration rights to

CDSMs, SEs, and SRs. Login authentication is the process by which the devices verify whether the person who is attempting to log in to the device has a valid username and password. The person logging in must have a user account registered with the device. User account information serves to authorize the user for log in and configuration privileges. The user account information is stored in an authentication, authorization, and accounting (AAA) database, and the devices must be configured to access the particular authentication server (or servers) where the AAA database is kept.

In a VDS-IS network, user accounts can be created for access to the CDSM, and independently, for access to the SEs and SRs that are registered to the CDSM. For user accounts that access the CDSM, see the

“Configuring AAA” section on page 6-1 .

Login Authentication

Login authentication provides the configuration for independent logins; in other words, log in access to the device only.

Login authentication can also be used to log in to the CDSM GUI. When logging in to the CDSM GUI with an external user account (RADIUS or TACACS+), the user is authenticated by the external database. After the external user is authenticated, its role depends on the privilege configured in the external database (zero [0] means a normal user and 15 means a super user). The privilege level of 0 or

15 is mapped to the read-only or admin user role in the CDSM GUI. No CDSM local user is created in the CDSM database for the external user that logs in, so the external user cannot be managed by the

CDSM GUI.

Note If you plan to use a RADIUS server or a TACACS+ server for authentication, you must configure the server settings before you configure and submit these settings. See the

“Configuring RADlUS Server

Settings” section on page 4-62

and the

“Configuring TACACS+ Server Settings” section on page 4-63

for more information.

When the primary login server and the primary enable server are set to local, usernames and passwords are local to each device. Local authentication and authorization uses locally configured log in and passwords to authenticate log in attempts.

Note If the Enable Failover Server Unreachable option is enabled, it applies to both the login authorization methods and the exec authentication methods.

If you are going to use different servers for login authentication and enable authentication (for example, local for login authentication and RADIUS for the enable authentication), then the username and password must be the same for both servers.

By default, local login authentication is enabled. You can disable local login authentication only after enabling one or more of the other login authentication servers. However, when local login authentication is disabled, if you disable all other login authentication methods, a warning message is displayed stating

“At least one authentication method is required to select for login.”

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-55

Chapter 4 Configuring Devices

Configuring the Service Engine

4-56

Caution Make sure that RADIUS or TACACS+ authentication is configured and operating correctly before disabling local authentication and authorization. If you disable local authentication and RADIUS or

TACACS+ is not configured correctly, or if the RADIUS or TACACS+ server is not online, you may be unable to log in to the device.

To configure the login authentication and enable authentication schemes for the device, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Login Access Control > Login Authentication . The

Login Authentication page is displayed.

Enter the settings as appropriate. See Table 4-25 for a description of the fields.

Table 4-25 Login Authentication Fields

Field Description

Login Authentication Settings

Enable Failover Server

Unreachable

If Enable Failover Server Unreachable is enabled, the following applies:

• Only two login authentication schemes (a primary and secondary scheme) are allowed on the device.

• Device fails over from the primary authentication scheme to the secondary authentication scheme only if all specified authentication servers of the primary authentication scheme are unreachable.

Authentication Login

Servers

Conversely, if the Enable Failover Server Unreachable option is disabled, the device contacts the secondary authentication database, regardless of the reason the authentication failed with the primary authentication database.

Note To use this option, you must set TACACS+ or RADIUS as the primary authentication method and local as the secondary authentication method.

When enabled, login authentication servers are used to authenticate user logins and whether the user has access permissions to the device.

Check this option and set one or more Login servers for login authentication.

By unchecking this option, local authentication is used by default. Three servers can be configured.

Note If local is selected for any of the Login servers, the password in the username is used to authenticate the user. See the

“Creating, Editing, and Deleting Users—Usernames” section on page 4-61

.

Primary Login Server Choose local, RADIUS, or TACACS+.

Secondary Login

Server

Choose local, RADIUS, or TACACS+.

Tertiary Login Server Choose local, RADIUS, or TACACS+.

Enable Authentication Settings

Primary Enable Server The enable server is used to allow normal users to enter the privileged EXEC mode. Choose local, RADIUS, or TACACS+.

Secondary Enable

Server

Choose local, RADIUS, or TACACS+.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-25 Login Authentication Fields (continued)

Field Description

Tertiary Enable Server Choose local, RADIUS, or TACACS+.

Local Enable

Password

Set the local enable password for normal users to log in to the Enable server and have privileged EXEC mode.

If multiple authorization methods are configured, the SE tries to authenticate the enable password by way of each configured method until one of them is successful.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Exec Authorization

Exec authorization provides the configuration for determining the services allowed for each user that logs in to the device.

Exec authorization can also be used to determine the services the user has for the CDSM GUI. When logging in to the CDSM GUI with an external user account (RADIUS or TACACS+), the user is authenticated by the external database. After the external user is authenticated, its role depends on the privilege configured in the external database (zero [0] means a normal user and 15 means a super user).

The privilege level of 0 or 15 is mapped to the read-only or admin user role in the CDSM GUI. No CDSM local user is created in the CDSM database for the external user that logs in, so the external user cannot be managed by the CDSM GUI.

Note If you plan to use a TACACS+ server for authorization, you must configure the server settings before you configure and submit these settings. See the

“Configuring RADlUS Server Settings” section on page 4-62

and the

“Configuring TACACS+ Server Settings” section on page 4-63

for more information.

When the primary authorization server is set to local, usernames and passwords are local to each device.

Local authorization uses locally configured login and passwords to authorize services for the user.

Note If the Enable Failover Server Unreachable option is enabled, it applies to both the login authorization methods and the exec authentication methods.

If you are going to use different servers for login authentication and enable authentication (for example, local for login authentication and RADIUS for the enable authentication), then the username and password must be the same for both servers.

Caution Make sure that RADIUS or TACACS+ authentication is configured and operating correctly before disabling local authentication and authorization. If you disable local authentication and RADIUS or

TACACS+ is not configured correctly, or if the RADIUS or TACACS+ server is not online, you may be unable to log in to the device.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-57

Chapter 4 Configuring Devices

Configuring the Service Engine

To configure the exec authorization schemes for the device, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Login Access Control > Exec Authorization . The

Exec Authorization page is displayed.

Enter the settings as appropriate. See Table 4-26 for a description of the fields.

Table 4-26 Exec Authorization Fields

Field

Authorization Exec

Servers

Description

When enabled, authorization exec servers are used to authorize services for logged in users.

Check this option and set one or more servers for exec authorization. By unchecking this option, local authentication is used by default. Three servers can be configured.

Note If a user encounters failure during EXEC shell) startup authorization, the user fails to log in to the SE even if the user passed the login authentication.

Primary Exec Server Choose local, RADIUS, or TACACS+.

Secondary Exec Server Choose local, RADIUS, or TACACS+.

Tertiary Exec Server

Normal User

Commands

Choose local, RADIUS, or TACACS+.

Primary Enable Server The enable server determines if the normal user can enter the privileged

EXEC mode. Choose local, RADIUS, or TACACS+.

Choose Enable or Enable if Authenticated .

The Enable if Authenticated option turns off authorization on the

TACACS+ server and authorization is granted to any Normal user who is authenticated.

Super User Commands Choose Enable or Enable if Authenticated .

Enable Config

Commands

The Enable if Authenticated option turns off authorization on the

TACACS+ server and authorization is granted to any Super user who is authenticated.

Check the Enable Config Commands check box to enable authorization of the configuration mode commands.

By default, this option is disabled, which means all configuration commands issued are allowed.

Enable Console Config Check the Enable Console Commands check box to enable authorization of all commands issued on a console TTY connection.

By default, this option is disabled, which means commands issued through a console TTY connection always succeed.

4-58

Note The following commands bypass authorization and accounting: CTRL+C, CTRL+Z, exit , end , and all of configuration commands for entering submode (for example, interface

GigabitEthernet 1/0 ).

Step 3 Click Submit to save the settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 4 Configuring Devices

Configuring the Service Engine

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring SSH

Secure Shell (SSH) consists of a server and a client program. Like Telnet, you can use the client program to remotely log in to a machine that is running the SSH server. However, unlike Telnet, messages transported between the client and the server are encrypted. The functionality of SSH includes user authentication, message encryption, and message authentication.

The SSH page allows you to specify the key length and login grace time.

To enable the SSH daemon, follow these steps:

Step 1

Step 2

Step 3

Step 4

Choose Devices > Devices > General Settings > Login Access Control > SSH . The SSH page is displayed.

Check Enable to enable the SSH feature. SSH enables login access to the device through a secure and encrypted channel.

In the Length of Key field, specify the number of bits needed to create an SSH key. The default is 2048.

In the Login Grace Time field, specify the number of seconds that the server waits for the user to successfully log in before it ends the connection. The authentication procedure must be completed within this time limit. The default is 300 seconds.

Note When changing the Login Grace Time , you need to first uncheck the Enable check box and click Submit . Enter the new Login Grace Time , check Enable , and click Submit .

Step 5 Select the SSH version.

a.

b.

To allow clients to connect using SSH protocol version 1, check the Enable SSHv1 check box.

To allow clients to connect using SSH protocol version 2, check the Enable SSHv2 check box.

Note You can enable both SSHv1 and SSHv2, or you can enable one version and not the other. You cannot disable both versions of SSH unless you disable the SSH feature by unchecking the

Enable check box.

Step 6 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Enabling Telnet

To enable the Telnet service, follow these steps:

Step 1 Choose Devices > Devices > General Settings > Login Access Control > Telnet . The Telnet page is displayed.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-59

Chapter 4 Configuring Devices

Configuring the Service Engine

Step 2

Step 3

Check Telnet Enable to enable the terminal emulation protocol for remote terminal connections.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Setting the Message of the Day

The Message of the Day (MOTD) feature enables you to provide information bits to the users when they log in to a device. There are three types of messages that you can set up:

• MOTD banner

EXEC process creation banner

Login banner

To configure the Message of the Day settings, follow these steps:

Step 1

Step 2

Step 3

Choose Devices > Devices > General Settings > Login Access Control > Message of the Day . The

MOTD page is displayed.

Check Enable to enable the MOTD settings. The Message of the Day (MOTD) banner, EXEC process creation banner, and Login banner fields become enabled.

In the Message of the Day (MOTD) Banner field, enter a string that you want to display as the MOTD banner when a user attempts to log in to the device.

Note In the Message of the Day (MOTD) Banner, EXEC Process Creation Banner, and Login Banner fields, you can enter a maximum of 980 characters. A new line character (or Enter ) is counted as two characters, as it is interpreted as \n by the system. You cannot use special characters such as `, % , ^ , and " in the MOTD text.

Step 4

Step 5

Step 6

Step 7

In the EXEC Process Creation Banner field, enter a string to be displayed as the EXEC process creation banner when a user enters into the EXEC shell of the device.

In the Login Banner field, enter a string to be displayed after the MOTD banner when a user attempts to log in to the device.

Check the Device Mode Display Enable check box to enable device mode display.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Changing the CLI Session Time

To change the CLI session time, follow these steps:

Step 1 Choose Devices > Devices > General Settings > Login Access Control > CLI Session Time . The CLI

Session Time page is displayed.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-60

Chapter 4 Configuring Devices

Configuring the Service Engine

Step 2

Step 3

In the CLI Session Time field, enter the time (in minutes) that the device waits for a response before ending the session.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Changing Users—Admin Password

Every device (CDSM, SE, and SR) has a built-in user account. The username is admin and the default password is default . This account allows access to all services and entities in the VDS-IS. Any user that can access the Admin Password page in the CDSM can configure a new password for the administrator user account on individual SEs and SRs.

To change the Admin password, follow these steps:

Step 1

Step 2

Step 3

Step 4

Choose Devices > Devices > General Settings > Login Access Control > Users > Admin Password .

The Admin Password page is displayed.

In the Password field, enter a new password.

The following characters are not allowed: ?./;[]{}"@=|

In the Confirm Password field, re-enter the password.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Creating, Editing, and Deleting Users—Usernames

You can create, edit, and delete user accounts for login access to individual devices or device groups. A privilege profile must be assigned to each new user account. The Usernames page uses privilege profiles to determine which tasks a user can perform and the level of access provided. Users with administrative privileges can add, delete, or modify user accounts through the CDSM or the device CLI.

To create, edit, or delete a user account, follow these steps:

Step 1

Step 2

Step 3

Choose Devices > Devices > General Settings > Login Access Control > Users > Usernames . The

User Table page is displayed.

The table is sortable by clicking the column headings.

For information about Aggregate Settings, see the

“Aggregate Settings” section on page 4-8

Click the Create New icon in the task bar. The Local User page is displayed.

To edit a local user, click the Edit icon next to the name that you want to edit.

Enter the settings as appropriate. See

Table 4-27

for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-61

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-27 Local User Fields

Field

Username

Password

Confirm Password

Privilege

Description

Name of user.

User password.

Re-enter user password.

There are two types of predefined privilege profiles:

Normal user—User has read access and can see some of the SE, SR, or

CDSM settings.

Superuser—User has administrative privileges such as creating new users and modifying the SE, SR, or CDSM settings.

Step 4 Click Submit to save the settings.

To delete a user, click the Edit icon for the user, then click the Delete icon in the task bar.

Authentication

User authentication and authorization (configuration rights) data can be maintained in any combination of these three databases:

Local database (located on the device)

RADIUS server (external database)

• TACACS+ server (external database)

The Login Authentication page allows you to choose an external access server or the internal (local) device-based authentication, authorization, and accounting (AAA) system for user access management.

You can choose one method or a combination of the three methods. The default is to use the local database for authentication.

Configuring RADlUS Server Settings

Note The CDSM does not cache user authentication information. Therefore, the user is reauthenticated against the Remote Authentication Dial In User Service (RADIUS) server for every request. To prevent performance degradation caused by many authentication requests, install the CDSM in the same location as the RADIUS server, or as close as possible to it, to ensure that authentication requests can occur as quickly as possible.

To configure the RADIUS server settings, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Authentication > RADIUS Server . The RADIUS

Server Settings page is displayed.

Enter the settings as appropriate. See Table 4-28 for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-62

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-28 RADIUS Server Settings Fields

Field

Enable Radius

Authentication

Time to wait

Description

Enables RADIUS authentication.

Number of seconds to wait for a response before timing out on a connection to a RADIUS server. The range is from 1 to 20. The default is 5.

Number of attempts allowed to connect to a RADIUS server. The default is 2.

Number of retransmits

Enable redirect

Redirect Message

[1-3]

Redirects an authentication response to a different authentication server if an authentication request using the RADIUS server fails.

Message sent to the user if redirection occurs.

Note If the redirect message has a space, it must be in quotes (" ").

Location [1-3]

Shared Encryption

Key

Sets an HTML page location. This is the URL destination of the redirect message that is sent when authentication fails.

Encryption key shared with the RADIUS server. The maximum number of characters allowed is 15.

Server Name [1-5] IP address or hostname of the RADIUS server.

Server Port [1-5] Port number on which the RADIUS server is listening. The default is 1645.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

To use RADIUS for login authentication and authorization, see the

“Login Authentication” section on page 4-55

.

Configuring TACACS+ Server Settings

Note The CDSM does not cache user authentication information. Therefore, the user is reauthenticated against the Terminal Access Controller Access Control System Plus (TACACS+) server for every request. To prevent performance degradation caused by many authentication requests, install the CDSM in the same location as the TACACS+ server, or as close as possible to it, to ensure that authentication requests can occur as quickly as possible.

To configure the TACACS+ server settings, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Authentication > TACACS+ Server . The TACACS+

Server Settings page is displayed.

Enter the settings as appropriate. See

Table 4-29

for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-63

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-29 TACACS+ Server Settings Fields

Field

Enable TACACS+

Servers

Use ASCII

Password

Authentication

Time to wait

Description

Enables TACACS+ authentication.

Changes the default password type from Password Authentication Protocol

(PAP) to ASCII clear text format.

Number of seconds to wait for a response before timing out on a connection to a TACACS+ server. The range is from 1 to 20. The default is 5.

Number of attempts allowed to connect to a TACACS+ server. The default is 2.

Number of retransmits

Security Word

Primary Server

Secondary Server

Tertiary Server

Encryption key shared with the TACACS+ server. The range is from 1 to 99. An empty string is the default.

IP address or hostname of the primary TACACS+ server.

IP address or hostname of the backup TACACS+ server. Up to two backup servers are allowed.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

To use TACACS+ for login authentication and authorization, see the

“Login Authentication” section on page 4-55 .

Configuring AAA Accounting

Accounting tracks all user actions and when the action occurred. It can be used for an audit trail or for billing for connection time or resources used (bytes transferred).

The VDS-IS accounting feature uses TACACS+ server logging. Accounting information is sent to the

TACACS+ server only, not to the console or any other device. The syslog file on the SE logs accounting events locally. The format of events stored in the syslog is different from the format of accounting messages.

The TACACS+ protocol allows effective communication of AAA information between SEs and a central

TACACS+ server. It uses TCP for reliable connections between clients and servers. SEs send authentication and authorization requests, as well as accounting information to the TACACS+ server.

Note Before you can configure the AAA accounting settings for a device, you must first configure a

TACACS+ server for the device. See the

“Configuring TACACS+ Server Settings” section on page 4-63

.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-64

Chapter 4 Configuring Devices

Configuring the Service Engine

Note The CDSM does not cache user authentication information. Therefore, the user is reauthenticated against the Terminal Access Controller Access Control System Plus (TACACS+) server for every request. To prevent performance degradation caused by many authentication requests, install the CDSM in the same location as the TACACS+ server, or as close as possible to it, to ensure that authentication requests can occur as quickly as possible.

To configure the AAA accounting settings, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Authentication > AAA Accounting . The AAA

Accounting Settings page is displayed.

Enter the settings as appropriate. See

Table 4-29

for a description of the fields.

Table 4-30 AAA Accounting Settings Fields

Field

System Events

Description

Enables accounting records on the TACACS+ server about system events; such as system reboot, interface up or down states, and accounting configuration enabled or disabled.

From the System Events drop-down list, choose start-stop or stop-only .

The start-stop option records events when they start and when they stop. The stop-only option records events when they stop.

Exec Shell Events Enables accounting records on the TACACS+ server about user EXEC terminal sessions, including username, date, and start and stop times.

Normal User

Commands

Super User

Commands

From the Exec Shell Events drop-down list, choose start-stop or stop-only .

The start-stop option records events when they start and when they stop. The stop-only option records events when they stop.

Enables accounting records on the TACACS+ server for Normal users using commands in the EXEC mode.

From the Normal User Commands drop-down list, choose start-stop or stop-only .

The start-stop option records events when they start and when they stop. The stop-only option records events when they stop.

Enables accounting records on the TACACS+ server for Super users using commands in the EXEC mode.

From the Super User Commands drop-down list, choose start-stop or stop-only .

The start-stop option records events when they start and when they stop. The stop-only option records events when they stop.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-65

Chapter 4 Configuring Devices

Configuring the Service Engine

Configuring an Access Control List

To configure an access control list (ACL) for group authorization, follow these steps:

Step 1

Step 2

Step 3

Choose Devices > Devices > General Settings > Authentication > Access Control List > Configure

Access Control List . The Access Control List Table page is displayed.

The table is sortable by clicking the column headings.

Click the Create New icon in the task bar. The Configure Access Control List page is displayed.

To edit a group, click the Edit icon next to the name that you want to edit.

Enter the settings as appropriate. See Table 4-31 for a description of the fields.

Table 4-31

Field

Action

Group Name

Change Position

Access Control List Fields

Description

Whether to permit or deny access for this group.

If this action is for all groups, choose Any Group Name .

If this action is for a specific group, choose Enter Group Name and enter the group name in the field.

To change the order of this group in the access control list, which is displayed in the Access Control List Table page, click Change Position .

Step 4

Step 5

Step 6

Click Submit to save the settings.

To delete a group, click the Edit icon for the group, then click the Delete icon in the task bar.

From the left-panel menu, choose Enable Access Control List . The Enable Access Control List page is displayed.

Check the Enable Access Control List check box and click Submit .

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

To move a group up or down in the Access Control List table, click the Up arrow or Down arrow in the

Move column.

The ACL can be applied from the device or from a device group. The source of the currently applied settings is shown in the Access Control List Table page.

Scheduling Database Maintenance

The database maintenance runs at the scheduled time only when the following three conditions are satisfied:

The last vacuum process happened more than 30 minutes in the past.

The percent increase in disk space usage is greater than 10 percent.

• The available free disk space is greater than 10 percent of the total disk space.

If any of these conditions are not satisfied, the database maintenance does not run at the scheduled time.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-66

Chapter 4 Configuring Devices

Configuring the Service Engine

To schedule a database cleaning or re-indexing, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Database Maintenance . The Database Maintenance

Settings page is displayed.

Enter the settings as appropriate. See

Table 4-32

for a description of the fields.

Table 4-32 Database Maintenance Settings Fields

Field Description

Full Database Maintenance Settings

Enable

Every Day

When enabled, a full database maintenance routine is performed on the device.

The days of the week when the maintenance is performed

Sun-Sat When Every Day is enabled, all days of the week are also enabled.

At (time) Time of day the maintenance is performed. Time is entered in 24-hour format as hh:mm. The default is 04:00.

Regular Database Maintenance Settings

Enable

Every Day

Sun-Sat

At (time)

When enabled, a re-indexing routine is performed on the device.

The days of the week when the maintenance is performed.

When Every Day is enabled, all days of the week are also enabled.

Time of day the maintenance is performed. Time is entered in 24-hour format as hh:mm. The default is 02:00.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Setting Storage Handling

The Storage option offers disk error-handling settings.

Enabling Disk Error Handling

The Disk Error Handling page allows you to configure how disk errors are handled, and to define disk error-handling thresholds for bad sectors and disk errors (I/O errors).

The Threshold for Bad Sectors and the Threshold for Disk Errors counts only apply to bad sectors and disk errors detected since the last reboot of the device. These counts do not persist across a device reboot (reload).

If the Enable Disk Error Handling Reload option is enabled and a SYSTEM disk drive is marked bad because the disk error-handling threshold (bad sectors or disk errors) was reached, the device is automatically reloaded. Following the device reload, the bad sector and disk error threshold counts are reset, and a syslog message and an SNMP trap are generated.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-67

Chapter 4 Configuring Devices

Configuring the Service Engine

If a critical disk drive is marked bad, the redundancy of the system disks for this device is affected.

Critical disks are disks with SYSTEM partitions. However, drives with SYSTEM partitions use RAID1.

With the RAID system, if the critical primary disk fails, the other mirrored disk (mirroring only occurs for SYSTEM partitions) seamlessly continues operation. There is a separate alarm for bad RAID. The

SMART statistics that are returned by the show disks SMART-info detail command include sector errors directly reported by the drive itself.

For more information about the SMART sector errors, latent sector handling, and the disk repair command, see the

“Disk Maintenance” section on page 9-27 .

Note We do not recommend enabling the Enable Disk Error Handling Reload option, because the software state may be lost when the device is reloaded.

To configure a disk error-handling method, follow these steps:

Step 1

Step 2

Step 3

Step 4

Choose Devices > Devices > General Settings > Storage > Disk Error Handling . The Disk Error

Handling Settings page is displayed.

Check the Enable check box.

Check the Enable Disk Error Handling Reload check box if you want the device to reload when a critical disk (SYSTEM) has problems.

Check the Enable Disk Error Handling Threshold check box if you want to set the number of disk errors allowed before the disk is marked bad, and enter the following: a.

In the Threshold for Bad Sectors field, enter the number of allowed bad sectors before marking the disk bad. This threshold only applies to bad sectors detected since the last reboot of the device. The range is 0 to 100. The default threshold is 30.

b.

In the Threshold for Disk Errors field, enter the number of allowed disk errors (I/O errors) before marking the disk bad. This threshold only applies to disk and sector errors detected since the last reboot of the device. The range is from 0 to 100,000. The default is 500.

Note When both Threshold for Bad Sectors and Threshold for Disk Errors are set to 0, it means never mark the disk bad when it detects bad sectors or disk errors, and the disk_failure alarm is not raised. A disk with SYSTEM partitions uses RAID1. There is a separate alarm for bad

RAID.

Step 5 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

When a sector I/O error is detected, a “badsector” alarm is raised against the corresponding disk, which occurs during the lifetime of a disk. A “badsector” alarm is raised when the number of bad sectors for a specific disk exceeds the “badsector” alarm threshold. The default threshold for bad sector alarms is set to 15 errored sectors. See the Cisco Videoscape Distribution Suite, Internet Streamer 4.2.1 Command

Reference for information on setting the threshold for bad sector alarms and remapped sector alarms, by using the following commands:

(config)# disk error-handling threshold alarm-bad-sectors < threshValue >

(config)# disk error-handling threshold alarm-remapped-sectors < threshValue >

(config)# disk error-handling bad-sectors-mon-period < minutes >

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-68

Chapter 4 Configuring Devices

Configuring the Service Engine

The Disk Failure Percentage Threshold field in the Service Monitor page sets the overall percentage of CDNFS disk failures. When the percentage of failed disks (default is 75) exceeds this threshold, no further requests are sent to this device. The Disk Failure Threshold setting is only for the CDNFS disks.

For more information, see the

“Setting Service Monitor Thresholds” section on page 4-89

.

Network Settings

The Network pages provide settings for network connectivity. Configuring network settings consist of the following procedures:

Enabling FTP Services, page 4-69

Enabling DNS, page 4-69

Enabling RCP, page 4-70

Configuring NTP, page 4-70

Configuring TCP, page 4-71

Setting the Time Zone, page 4-71

Viewing Network Interfaces, page 4-74

Configuring External IP Addresses, page 4-74

Configuring Port Channel and Load Balancing Settings, page 4-75

Configuring IP General Settings, page 4-76

Configuring IP ACL for IPv4 and IPv6, page 4-76

Configuring Static Routes, page 4-85

Configuring Static IPv6 Routes, page 4-86

Configuring DSR VIP, page 4-86

Configuring External IP Address Mappings, page 4-87

Enabling FTP Services

To enable FTP services to listen for connection requests, follow these steps:

Step 1

Step 2

Step 3

Choose Devices > Devices > General Settings > Network > FTP . The FTP Settings page is displayed.

Check the Enable FTP Services check box.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Enabling DNS

DNS Settings are required on all SEs, SRs, and CDSMs. The SEs need to be able to resolve the content origin server host name, the SRs need to be able to communicate with the DNS servers, and the CDSMs need to resolve host names.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-69

Chapter 4 Configuring Devices

Configuring the Service Engine

To configure Domain Name System (DNS) servers, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Network > DNS . The DNS Settings page is displayed.

Enter the settings as appropriate. See Table 4-33 for a description of the fields.

Table 4-33 DNS Settings Fields

Field

Enable

List of DNS Servers

Domain Names

Description

Enables Domain Name System (DNS) on the device.

Space-delimited list of IPv6 or IPv4 addresses for up to eight name servers for name and address resolution.

A space-delimited list of up to three default domain names. A default domain name allows the system to resolve any unqualified hostnames. Any IP hostname that does not contain a domain name will have the configured domain name appended to it. This appended name is resolved by the DNS server and then added to the host table. A DNS server must be configured on the system for hostname resolution to work correctly. To do this, use the List of

DNS Servers field.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Enabling RCP

Remote Copy Protocol (RCP) lets you download, upload, and copy configuration files between remote hosts and a switch. Unlike TFTP, which uses User Datagram Protocol (UDP), a connectionless protocol,

RCP uses TCP, which is connection oriented. This service listens for requests on TCP port 514.

To enable RCP services, follow these steps:

Step 1

Step 2

Step 3

Choose Devices > Devices > General Settings > Network > RCP . The RCP page is displayed.

Check the RCP Enable check box to have the RCP services listen for RCP requests.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring NTP

To configure the device to synchronize its clock with an NTP server, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Network > NTP . The NTP page is displayed.

Check Enable to enable NTP.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-70

Chapter 4 Configuring Devices

Configuring the Service Engine

Step 3

Step 4

In the NTP Server field, enter the IPv6 or IPv4 address or hostname of up to four NTP servers. Use a space to separate the entries.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring TCP

To configure the TCP settings for service engine, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Choose Devices > Devices > General Settings > Network > TCP . The TCP page is displayed.

Check Enable TCP Timestamps to enable TCP timestamps. By default, it is enabled.

Check Enable fast recycling of TIME-WAIT sockets to set tcp_tw_recycle parameter. By default, it is enabled.

Check Enable safe reusing of TIME-WAIT sockets to set tcp_tw_reuse parameter By default, it is enabled.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Setting the Time Zone

If you have an outside source on your network that provides time services, such as an NTP server, you do not need to set the system clock manually. When manually setting the clock, enter the local time. The device calculates Coordinated Universal Time (UTC) based on the time zone set.

Note Two clocks exist in the system: the software clock and the hardware clock. The software uses the software clock. The hardware clock is used only at startup to initialize the software clock.

Caution We highly recommend that you use NTP servers to synchronize the devices in your VDS-IS network. If you change the local time on the device, you must change the BIOS clock time as well; otherwise, the timestamps on the error logs are not synchronized. Changing the BIOS clock is required because the kernel does not handle time zones.

To manually configure the time zone, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Network > Time Zone . The Time Zone page is displayed with the default settings of UTC (offset = 0) and no daylight savings time configured.

To configure a standard time zone, follow these steps: a.

Click the Standard Time Zone radio button.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-71

Chapter 4 Configuring Devices

Configuring the Service Engine b.

c.

The standard convention for time zones uses a Location/Area format in which Location is a continent or a geographic region of the world and Area is a time zone region within that location.

For a list of standard time zones that can be configured and their UTC offsets, see

Table 4-34 on page 4-73 .

From the Standard Time Zone drop-down list, choose a location for the time zone. The page refreshes, displaying all area time zones for the chosen location in the second drop-down list.

Choose an area for the time zone.

The UTC offset (hours and minutes ahead or behind UTC) for the corresponding time zone is displayed. During summer time savings, the offset may differ and is displayed accordingly.

Note Some of the standard time zones (mostly time zones within the United States) have daylight savings time zones configured automatically.

Step 3

Step 4

To configure a customized time zone, follow these steps: a.

Click the Customized Time Zone radio button. b.

In the Customized Time Zone field, enter a name to for the time zone. The time zone entry is case sensitive and can contain up to 40 characters. Spaces are not allowed. If you specify any of the standard time zone names, an error message is displayed when you click Submit . c.

For UTC offset, choose + or – from the UTC Offset drop-down list to indicate whether the configured time zone is ahead or behind UTC. Also, choose the number of hours (0 to 23) and minutes (0 to 59) offset from UTC for the customized time zone. The range for the UTC offset is from –23:59 to 23:59, and the default is 0:0.

To configure customized summer time savings, follow these steps:

Note Customized summer time can be specified for both standard and customized time zones.

Step 5

Step 6

The start and end dates for summer time can be configured in two ways: absolute dates or recurring dates.

Absolute dates apply once and must be reset every year. Recurring dates apply every year.

a.

b.

Click the Absolute Dates radio button to configure summer settings once.

In the Start Date and End Date fields, specify the month, day, and year that the summer time savings starts and ends in mm/dd/yyyy format. c.

d.

e.

Alternatively, click the Calendar icon and select a date. The chosen date is highlighted in blue.

Click Apply .

Click the Recurring Dates radio button to configure a recurring summer setting.

Using the drop-down lists, choose the start day, week, and month when the summer time savings starts. For example, if the summer time savings begins the first Sunday in March, you would choose

Sunday, 1st, March from the drop-down lists.

Using the drop-down lists, choose the start day, week, and month when the summer time savings ends.

Using the Start Time drop-down lists and the End Time drop-down lists, choose the hour (0 to 23) and minute (0 to 59) at which daylight savings time starts and ends.

Start Time and End Time fields for summer time are the times of the day when the clock is changed to reflect summer time. By default, both start and end times are set at 00:00.

In the Offset field, specify the minutes offset from UTC (0 to 1439). (See

Table 4-34 on page 4-73 .)

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-72

Chapter 4 Configuring Devices

Configuring the Service Engine

Step 7

Step 8

The summer time offset specifies the number of minutes that the system clock moves forward at the specified start time and backward at the end time.

To not specify a summer or daylight savings time for the corresponding time zone, click the No

Customized Summer Time Configured radio button.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Table 4-34

lists the UTC offsets for the different locations around the world.

Table 4-34 Time Zone—Offset from UTC

Time Zone

Africa/Algiers

Africa/Cairo

Africa/Casablanca

Africa/Harare

Africa/Johannesburg

Africa/Nairobi

America/Buenos_Aires

America/Caracas

America/Mexico_City

Offset from UTC

(in hours)

+1

+2

0

+2

+2

+3

–3

–4

–6

Time Zone

Asia/Vladivostok

Asia/Yekaterinburg

Asia/Yakutsk

Australia/Adelaide

Australia/Brisbane

Australia/Darwin

Australia/Hobart

Australia/Perth

Australia/Sydney

+9.30

+10

+8

+10

Canada/Atlantic –4

Canada/Newfoundland –3.30

Canada/Saskatchewan –6

Europe/Athens +2

Offset from UTC

(in hours)

+10

+5

+9

+9.30

+10

America/Lima

America/Santiago

Atlantic/Azores

Atlantic/Cape_Verde

Asia/Almaty

Asia/Baghdad

Asia/Baku

Asia/Bangkok

Asia/Colombo

Asia/Dacca

Asia/Hong_Kong

Asia/Irkutsk

–5

–4

–1

–1

+3 Europe/Bucharest

+4 Europe/Helsinki

+7 Europe/London

+6 Europe/Moscow

+6 Europe/Paris

+8

+8

Europe/Prague

Europe/Warsaw

Asia/Jerusalem

Asia/Kabul

+2

+4.30

Japan

Pacific/Auckland

Asia/Karachi +5

Asia/Katmandu +5.45

Asia/Krasnoyarsk

Pacific/Fiji

Pacific/Guam

+7 Pacific/Kwajalein

+2

+2

0

+3

+1

+1

+1

+9

+12

+12

+10

–12

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-73

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-34

Time Zone

Asia/Magadan

Asia/Muscat

Asia/New Delhi

Asia/Rangoon

Asia/Riyadh

Asia/Seoul

Asia/Singapore

Asia/Taipei

Asia/Tehran

Time Zone—Offset from UTC (continued)

Offset from UTC

(in hours)

+11

+4

Time Zone

Offset from UTC

(in hours)

Pacific/Samoa –11

US/Alaska –9

+5.30

+6.30

+3

US/Central –6

US/Eastern –5

US/East–Indiana –5

+9

+8

+8

+3.30

US/Hawaii –10

US/Mountain –7

US/Pacific –8

The offset time (number of hours ahead or behind UTC) as displayed in the table is in effect during winter time. During summer time or daylight savings time, the offset may be different from the values in the table and is calculated and displayed accordingly by the system clock.

Viewing Network Interfaces

The Network Interfaces page is informational only. To view this information, choose Devices >

Devices > General Settings > Network > Network Interfaces . Information about the network interfaces configured for the device is displayed.

Starting with Release 3.3, VDS-IS supports assigning multiple IP address in different subnets on a port channel.

Note The loopback address configuration feature is supported starting with Release 3.3.

The loopback address is a single usable IP address in a network. In some CDN deployment, it is required to configure a loopback address for traffic and management interfaces to hide the interconnection addresses of the CDN to the client. There are 2 addresses per interface:

• port-channel or single link

• loopback

The 32-bit subnet mask is used to configure a loopback address. Because the 32-bit subnet mask is not allowed in the current release.To apply a loopback address from the CLI, use the following interface configuration command:

(config)# interface GigabitEthernet 1/0 ip address 1.1.1.1 255.255.255.255 secondary

After the loopback ip address is assigned, the interface can be configured as a streaming interface to serve the streaming, or as the management interface for internal communication.

Configuring External IP Addresses

The External IP page allows you to configure up to eight Network Address Translation (NAT) IP address.

This allows a router to translate up to eight internal addresses to registered unique addresses and translate external registered addresses to addresses that are unique to the private network.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-74

Chapter 4 Configuring Devices

Configuring the Service Engine

To configure NAT IP addresses, follow these steps:

Step 1

Step 2

Step 3

Step 4

Choose Devices > Devices > General Settings > Network > External IP . The External IP Settings page is displayed.

Check the Enable check box.

In the External IP address fields (1–8), enter up to eight IP addresses.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring Port Channel and Load Balancing Settings

For information about configuring port channels using the CLI, see the

“Redundant Dedicated

Management Ports” section on page K-6 .

To configure load balancing on port channels, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Network > Port Channel Settings . The Port Channel

Settings page is displayed.

From the Load Balancing Method drop-down list, choose one of the following load balancing methods:

• dst-ip —Destination IP address

• dst-mac —Destination MAC address dst-mixed-ip-port —Destination IP address and TCP/UDP port

• dst-port —Destination port round robin —Each interface in the channel group src-dst-ip —Source and destination IP address src-dst-mac —Source and destination MAC address •

• src-dst-mixed-ip-port —Source destination IP address and source destination port src-dst-port —Source and destination port src-mixed-ip-port src-port

—Source IP address and source destination port

—Source port

Round robin allows traffic to be distributed evenly among all interfaces in the channel group. The other balancing options give you the flexibility to choose specific interfaces (by IP address, MAC address, port) when sending an Ethernet frame.

The source and destination options mean that while calculating the outgoing interface, take into account both the source and destination (MAC address or port).

Note Round-robin load-balancing mode is not supported when Link Aggregation Control Protocol

(LACP) is enabled on the port channel.

Step 3 Click Submit to save the settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-75

Chapter 4 Configuring Devices

Configuring the Service Engine

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring IP General Settings

The Path maximum transmission unit (MTU) Discovery discovers the largest IP packet size allowable between the various links along the forwarding path and automatically sets the correct value for the packet size. By using the largest MTU the links can support, the sending device can minimize the number of packets it must send.

Note The Path MTU Discovery is a process initiated by the sending device. If a server does not support IP

Path MTU Discovery, the receiving device has no mechanism available to avoid fragmenting datagrams generated by the server.

To enable Path MTU Discovery, follow these steps:

Step 1

Step 2

Step 3

Choose Devices > Devices > General Settings > Network > IP General Settings . The IP General

Settings page is displayed.

Check Enable Path MTU Discovery .

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring IP ACL for IPv4 and IPv6

Access control lists (ACLs) provide a means to filter packets by allowing a user to permit or deny IP packets from crossing specified interfaces. Packet filtering helps to control packet movement through the network. Such control can help limit network traffic and restrict network use by certain users or devices.

Note ACLs for IPv6 are separate from IPv4. To create IP ACLs for IPv4, choose Devices > Devices > General

Settings > Network > IP ACL . To create IP ACLs for IPv6, choose Devices > Devices > General

Settings > Network > IPv6 ACL .

You can also apply ACLs to management services such as SNMP, SSH, HTTPS, Telnet, and FTP. ACLs can be used to control the traffic that these applications provide by restricting the type of traffic that the applications handle.

In a managed VDS-IS network environment, administrators need to be able to prevent unauthorized access to various devices and services. VDS-IS supports standard and extended ACLs that allow administrators to restrict access to or through a VDS-IS network device, such as the SE. Administrators can use ACLs to reduce the infiltration of hackers, worms, and viruses that can harm the network.

ACLs provide controls that allow various services to be tied to a particular interface. For example, the administrator can use IP ACLs to define a public interface on the Service Engine for content serving and a private interface for management services (for example, Telnet, SSH, SNMP, HTTPS, and software

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-76

Chapter 4 Configuring Devices

Configuring the Service Engine upgrades). A device attempting to access one of the services must be on a list of trusted devices before it is allowed access. The implementation of ACLs for incoming traffic on certain ports for a particular protocol type is similar to the ACL support for the Cisco Global Site Selector and Cisco routers.

To use ACLs, the system administrator must first configure ACLs and then apply them to specific services. The following are some examples of how IP ACLs can be used in various enterprise deployments:

• Application layer proxy firewall with a hardened outside interface has no ports exposed. ( Hardened means that the interface carefully restricts which ports are available for access primarily for security reasons. Because the interface is outside, many types of attacks are possible.) The device’s outside address is globally accessible from the Internet, while its inside address is private. The inside interface has an ACL to limit Telnet, SSH, and VDSM traffic.

Device is deployed anywhere within the enterprise. Like routers and switches, the administrator wants to limit Telnet, SSH, and CDSM access to the IT source subnets.

Device is deployed as a reverse proxy in an untrusted environment, and the administrator wishes to allow only port 80 inbound traffic on the outside interface and outbound connections on the back-end interface.

Note IP ACLs are defined for individual devices only. IP ACLs cannot be managed through device groups.

When you create an IP ACL, you should note the following constraints:

• IP ACL names must be unique within the device.

IP ACL names must be limited to 30 characters and contain no spaces or special characters.

CDSM can manage up to 50 IP ACLs and a total of 500 conditions per device.

When the IP ACL name is numeric, numbers 1 through 99 denote standard IP ACLs and numbers

100 through 199 denote extended IP ACLs. IP ACL names that begin with a number cannot contain non-numeric characters.

• Extended IP ACLs cannot be used with SNMP applications.

Creating a New IP ACL

To create a new IP ACL, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Choose Devices > Devices > General Settings > Network > IP ACL for IPv4 addressing. Choose

Devices > Devices > General Settings > Network > IPv6 ACL for IPv6 addressing. The IP ACL Table page is displayed.

The table is sortable by clicking the column headings.

Click the Create New icon in the task bar. The IP ACL page is displayed.

To edit an ACL, click the Edit icon next to the name that you want to edit.

In the Name field, enter a name, observing the naming rules for IP ACLs.

From the ACL Type drop-down list, choose an IP ACL type ( Standard or Extended) . The default is

Standard .

Click Submit . The page refreshes and the Modifying IP ACL page for a newly created IP ACL is displayed.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-77

Chapter 4 Configuring Devices

Configuring the Service Engine

Note Clicking Submit at this point merely saves the IP ACL; IP ACLs without any conditions defined do not appear on the individual devices.

Adding Conditions to an IP ACL

To add conditions to an IP ACL, follow these steps:

Step 1

Step 2

Step 3

Choose Devices > Devices > General Settings > Network > IP ACL for IPv4 addressing. Choose

Devices > Devices > General Settings > Network > IPv6 ACL for IPv6 addressing. The IP ACL Table page is displayed.

Click the Edit icon next to the name of the IP ACL you want to add a condition to. The Modifying IP

ACL page is displayed.

Click the Create New icon in the task bar. The Condition page is displayed.

To edit a condition, click the Edit icon next to the name that you want to edit.

Note The number of available fields for creating IP ACL conditions depends on the whether the IP

ACL type is standard or extended.

Step 4

Step 5

Enter values for the properties that are enabled for the type of IP ACL that you are creating.

• To create a standard IP ACL, go to

Step 5

.

• To create an extended IP ACL, go to

Step 6

.

To set up conditions for a standard IP ACL, follow these steps: a.

b.

c.

From the Purpose drop-down list, choose a purpose (

In the Source IP field, enter the source IP address.

Permit or Deny ). d.

In the Source IP Wildcard field, enter a source IP wildcard address.

Click Submit . The Modifying IP ACL page is displayed showing the new condition and its configuration.

e.

f.

To add another condition to the IP ACL, repeat the steps.

To reorder your list of conditions in the Modifying IP ACL page, use the Up arrow or Down arrow in the Order column, or click a column heading to sort by any configured parameter.

Note The order of the conditions listed becomes the order in which IP ACLs are applied to the device. g.

When you have finished adding conditions to the IP ACL, and you are satisfied with all your entries and the order in which the conditions are listed, click Submit in the Modifying IP ACL page to commit the IP ACL to the device database.

A green “Change submitted” indicator appears in the lower right corner of the Modifying IP ACL page to indicate that the IP ACL is being submitted to the device database.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-78

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-35

describes the fields in a standard IP ACL.

Table 4-35 Standard IP ACL Conditions

Field

Purpose

1

Source IP

1

Source IPv6

Source IP

1

Wildcard

Source Prefix

Default Value

Permit

0.0.0.0

0::0

255.255.255.255

0

Description

Specifies whether a packet is to be passed ( Permit ) or dropped

( Deny ).

IP address of the network or host from which the packet is being sent, specified as a 32-bit quantity in 4-part dotted decimal format. for IPv4.

Wildcard bits to be applied to the source, specified as a 32-bit quantity in 4-part dotted decimal format for IPv4. Place a 1 in the bit positions that you want to ignore and identify bits of interest with a 0.

1.

Required field.

Step 6 To set up conditions for an extended IP ACL, follow these steps: a.

b.

From the Purpose drop-down list, choose a purpose ( Permit or Deny ).

From the Extended Type drop-down list, choose Generic , TCP , UDP , or ICMP .

c.

d.

e.

f.

After you choose a type of extended IP ACL, various options become available depending on what type you choose.

Enter the settings as appropriate. See

Table 4-36

for descriptions of the extended IP ACL fields.

Click Submit . The Modifying IP ACL page is displayed showing the new condition and its configuration.

To add another condition to the IP ACL, repeat the steps.

To reorder your list of conditions from the Modifying IP ACL page, use the Up arrow or Down arrow in the Order column, or click a column heading to sort by any configured parameter.

Note The order of the conditions listed becomes the order in which IP ACLs are applied to the device. g.

When you have finished adding conditions to the IP ACL, and you are satisfied with all your entries and the order in which the conditions are listed, click Submit in the Modifying IP ACL page to commit the IP ACL to the device database.

A green “Change submitted” indicator appears in the lower-left corner of the Modifying IP ACL page to indicate that the IP ACL is being submitted to the device database.

Table 4-36

Field

Purpose

1

Protocol

Extended IP ACL Conditions

Default Value

Permit ip

Description

Specifies whether a packet is to be passed ( Permit ) or dropped

( Deny ).

Internet protocol ( gre , icmp , ip , tcp , or udp) . To match any

Internet protocol, use the ip keyword.

Extended Type

Generic, TCP,

UDP, ICMP

Generic

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-79

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-36 Extended IP ACL Conditions (continued)

Field

Established

Source IP

1

SourceIPv6

Source IP Wildcard

1

Source Prefix

Source Port 1

Source Operator

Source Port 2

Destination IP

Destination IPv6

Destination IP

Wildcard

Destination Prefix

Default Value

Unchecked (false) When checked, a match with the ACL condition occurs if the

TCP datagram has the ACK or RST bits set, indicating an established connection. Initial TCP datagrams used to form a connection are not matched.

0.0.0.0

Description

0::0

IP address of the network or host from which the packet is being sent, specified as a 32-bit quantity in 4-part dotted decimal format for IPv4.

255.255.255.255

0

Extended Type

TCP

Generic, TCP,

UDP, ICMP

0

Wildcard bits to be applied to the source, specified as a 32-bit quantity in 4-part dotted decimal format for IPv4. Place a 1 in the bit positions that you want to ignore and identify bits of interest with a 0.

Decimal number or name of a port. Valid port numbers are 0 to

65535. See

Table 4-37 and Table 4-38 for port name

descriptions and associated port numbers.

Valid TCP port names are as follows:

Valid UDP port names are as follows:

Generic, TCP,

UDP, ICMP

TCP, UDP range

65535

0.0.0.0

0::0

255.255.255.255

0

• domain exec ftp ftp-data https nfs rtsp ssh

• bootpc bootps domain netbios-dgm netbios-ns netbios-ss nfs ntp

• telnet www

• snmp snmptrap

Specifies how to compare the source ports against incoming packets. Choices are < , > , == , != , or range .

Decimal number or name of a port. See Source Port 1.

IP address of the network or host to which the packet is being sent, specified as a 32-bit quantity in 4-part dotted decimal format for IPv4.

Wildcard bits to be applied to the source, specified as a 32-bit quantity in 4-part dotted decimal format for IPv4. Place a 1 in the bit positions that you want to ignore and identify bits of interest with a 0.

TCP, UDP

TCP, UDP

Generic, TCP,

UDP, ICMP

Generic, TCP,

UDP, ICMP

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-80

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-36

ICMP Message

ICMP Type

1

ICMPv6 Type

1

Use ICMP Code

1

Extended IP ACL Conditions (continued)

Field

Destination Port 1

Destination Port 2

ICMP Param Type

1

ICMPv6 Param Type

ICMPv6 Message

Use ICMPv6 Code

ICMP Code

1

ICMPv6 Code

Default Value

0

Destination Operator range

65535

None administrativelyprohibited

0

Unchecked

0

Description

Decimal number or name of a port. Valid port numbers are 0 to

65535. See Table 4-37 and Table 4-38

for port name descriptions and associated port numbers.

TCP, UDP

Valid TCP port names are as follows:

Valid UDP port names are as follows:

• domain exec ftp ftp-data

• bootpc bootps domain netbios-dgm

• https nfs rtsp ssh

• netbios-ns netbios-ss nfs ntp •

• telnet www

• snmp snmptrap

Specifies how to compare the destination ports against incoming packets. Choices are < , > , == , != , or range .

TCP, UDP

Decimal number or name of a port. See Destination Port 1.

Choices are None , Type/Code , or Msg .

TCP, UDP

ICMP

• None —Disables the ICMP Type, Code, and Message fields.

Type/Code —Allows ICMP messages to be filtered by

ICMP message type and code. Also enables the ability to set an ICMP message code number.

• Msg —Allows a combination of type and code to be specified using a keyword. Activates the ICMP Message drop-down list. Disables the ICMP Type field.

Allows a combination of ICMP type and code to be specified using a keyword chosen from the drop-down list.

See Table 4-39

for descriptions of the ICMP messages.

Number from 0 to 255. This field is enabled when you choose

Type/Code .

When checked, enables the ICMP Code field.

Number from 0 to 255. Message code option that allows ICMP messages of a particular type to be further filtered by an ICMP message code.

Extended Type

ICMP

ICMP

ICMP

ICMP

1.

Required field.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-81

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-37 lists the UDP keywords that you can use with extended access control lists.

Table 4-37 UDP Keywords and Port Numbers

Port Name bootpc bootps domain netbios-dgm netbios-ns netbios-ss nfs ntp snmp snmptrap

Description

Bootstrap Protocol (BOOTP) client service

Bootstrap Protocol (BOOTP) server service

Domain Name System (DNS) service

NetBIOS datagram service

NetBIOS name resolution service

NetBIOS session service

Network File System service

Network Time Protocol settings

Simple Network Management Protocol service

SNMP traps

139

2049

123

161

162

UDP Port Number

68

67

53

138

137

Table 4-38 lists the TCP keywords that you can use with extended access control lists.

Table 4-38 TCP Keywords and Port Numbers

Port Name domain exec ftp ftp-data https nfs rtsp ssh telnet www

Description

Domain Name System service

Remote process execution

File Transfer Protocol service

FTP data connections (used infrequently)

Secure HTTP service

Network File System service applications

Real-Time Streaming Protocol applications

Secure Shell login

Remote login using Telnet

World Wide Web (HTTP) service

443

2049

554

22

23

80

TCP Port Number

53

512

21

20

Table 4-39 lists the keywords that you can use to match specific ICMP message types and codes.

Table 4-39 Keywords for ICMP Message Type and Code

Message Description administratively-prohibited Messages that are administratively prohibited from being allowed access.

alternate-address conversion-error dod-host-prohibited

Messages that specify alternate IP addresses.

Messages that denote a datagram conversion error.

Messages that signify a Department of Defense (DoD) protocol

Internet host denial.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-82

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-39 Keywords for ICMP Message Type and Code (continued)

Message Description dod-net-prohibited echo

Messages that specify a DoD protocol network denial.

Messages that are used to send echo packets to test basic network connectivity.

echo-reply general-parameter-problem host-isolated host-precedence-unreachable host-redirect host-tos-redirect

Messages that are used to send echo reply packets.

Messages that report general parameter problems.

Messages that indicate that the host is isolated.

Messages that have been received with the protocol field of the IP header set to 1 (ICMP) and the type field in the ICMP header set to

3 (Host Unreachable). This is the most common response. Large numbers of this datagram type on the network are indicative of network difficulties or may be indicative of hostile actions.

Messages that specify redirection to a host.

host-tos-unreachable host-unknown host-unreachable information-reply information-request

Messages that specify redirection to a host for type of service-based (ToS) routing.

Messages that denote that the host is unreachable for ToS-based routing.

Messages that specify that the host or source is unknown.

Messages that specify that the host is unreachable.

Messages that contain domain name replies.

Messages that contain domain name requests.

mask-reply mask-request mobile-redirect net-redirect net-tos-redirect net-tos-unreachable net-unreachable network-unknown no-room-for-option

Messages that contain subnet mask replies.

Messages that contain subnet mask requests.

Messages that specify redirection to a mobile host.

Messages that are used for redirection to a different network.

Messages that are used for redirection to a different network for

ToS-based routing.

Messages that specify that the network is unreachable for the

ToS-based routing.

Messages that specify that the network is unreachable.

Messages that denote that the network is unknown.

option-missing packet-too-big parameter-problem port-unreachable precedence-unreachable

Messages that specify the requirement of a parameter, but that no room is available for it.

Messages that specify the requirement of a parameter, but that parameter is not available.

Messages that specify that the ICMP packet requires fragmentation but the Do Not Fragment (DF) bit is set.

Messages that signify parameter-related problems.

Messages that specify that the port is unreachable.

Messages that specify that host precedence is not available.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-83

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-39 Keywords for ICMP Message Type and Code (continued)

Message Description protocol-unreachable reassembly-timeout redirect

Messages that specify that the protocol is unreachable.

Messages that specify a timeout during reassembling of packets.

router-advertisement router-solicitation

Messages that have been received with the protocol field of the IP header set to 1 (ICMP) and the type field in the ICMP header set to

5 (Redirect). ICMP redirect messages are used by routers to notify the hosts on the data link that a better route is available for a particular destination.

Messages that contain ICMP router discovery messages called router advertisements.

Messages that are multicast to ask for immediate updates on neighboring router interface states.

source-quench source-route-failed time-exceeded

Messages that have been received with the protocol field of the IP header set to 1 (ICMP) and the type field in the ICMP header set to

4 (Source Quench). This datagram may be used in network management to provide congestion control. A source quench packet is issued when a router is beginning to lose packets due to the transmission rate of a source. The source quench is a request to the source to reduce the rate of a datagram transmission.

Messages that specify the failure of a source route.

timestamp-reply timestamp-request traceroute ttl-exceeded unreachable

Messages that specify information about all instances when specified times were exceeded.

Messages that contain timestamp replies.

Messages that contain timestamp requests.

Messages that specify the entire route to a network host from the source.

Messages that specify that ICMP packets have exceeded the Time to Live configuration.

Messages that are sent when packets are denied by an access control list; these packets are not dropped in the hardware but generate the ICMP-unreachable message.

Applying an IP ACL to an Interface

The IP ACLs can be applied to a particular interface (such as management services to a private IP address) so that the device can have one interface in a public IP address space that serves content and another interface in a private IP address space that the administrator uses for management purposes. This feature ensures that clients can access the Service Engine only in the public IP address space for serving content and not access it for management purposes. A device attempting to access one of these applications that is associated with an IP ACL must be on the list of trusted devices to be allowed access.

To apply an IP ACL to an interface from the CLI, use the following interface configuration command: interface { GigabitEthernet | Portchannel | Standby | TenGigabitEthernet } slot/port [ ip | IPv6] access-group { accesslistnumber | accesslistname } { in | out }

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-84

Chapter 4 Configuring Devices

Configuring the Service Engine

Deleting an IP ACL

You can delete an IP ACL, including all conditions and associations with network interfaces, or you can delete only the IP ACL conditions. Deleting all conditions allows you to change the IP ACL type if you choose to do so. The IP ACL entry continues to appear in the IP ACL listing; however, it is in effect nonexistent.

To delete an IP ACL, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Choose Devices > Devices . > General Settings > Network > IP ACL for IPv4 addressing. Choose

Devices > Devices . > General Settings > Network > IPv6 ACL for IPv6 addressing.The IP ACL Table page is displayed.

Click the Edit icon next to the name of the IP ACL that you want to delete. The Modifying IP ACL page is displayed. If you created conditions for the IP ACL, you have three options for deletion:

• Delete ACL —This option removes the IP ACL, including all conditions and associations with network interfaces and applications.

Delete All Conditions —This option removes all of the conditions, while preserving the IP ACL name.

Delete IP ACL Condition —This option removes one condition from the ACL.

To delete the entire IP ACL, click Delete ACL in the task bar. You are prompted to confirm your action.

Click OK . The record is deleted.

To delete only the conditions, click Delete All Conditions in the task bar. You are prompted to confirm your action. Click OK . The page refreshes, conditions are deleted, and the ACL Type field becomes available.

To delete one condition, follow these steps: a.

Click the Edit icon next to the condition. The condition settings are displayed.

b.

c.

Click the Delete IP ACL Condition icon in the task bar. The IP ACL table is displayed.

Click Submit to save the IP ACL table to the database.

Configuring Static Routes

The Static IP Routes page allows you to configure a static IPv4 route for a network or host. Any IP packet designated for the specified destination uses the configured route.

To configure a static IP route, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Choose Devices > Devices > General Settings > Network > Static IP Routes . The IP Route Table page is displayed.

The table is sortable by clicking the column headings.

Click the Create New icon in the task bar. The IP Route page is displayed.

To edit a static route, click the Edit icon next to the name that you want to edit.

In the Destination Network Address field, enter the destination network IP address.

In the Netmask field, enter the destination host netmask.

In the Gateway’s IP address field, enter the IP address of the gateway interface.

Click Submit to save the settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-85

Chapter 4 Configuring Devices

Configuring the Service Engine

To delete a route, click the Edit icon for the route, then click the Delete icon in the task bar.

Configuring Static IPv6 Routes

The Static IPv6 Routes page allows you to configure a static IPv6 route for a network or host. Any IP packet designated for the specified destination uses the configured route.

To configure a static IPv6 route, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Choose Devices > Devices > General Settings > Network > Static IPv6 Routes . The IPv6 Route Table page is displayed.

The table is sortable by clicking the column headings.

Click the Create New icon in the task bar. The IPv6 Route page is displayed.

To edit a static route, click the Edit icon next to the name that you want to edit.

In the Destination Network Address field, enter the destination network IPv6 address.

In the Prefix field, enter the prefix length of the route, subnet, or address range. For example, for

2001:DB8::/32, the prefix length is 32.

In the Gateway’s IPv6 Address field, enter the IPv6 address of the gateway interface.

Click Submit to save the settings.

To delete a route, click the Edit icon for the route, then click the Delete icon in the task bar.

Configuring DSR VIP

The VDS-IS supports Virtual IP (VIP) configuration for Direct Server Return (DSR) when working with networks that use load balancers. DSR bypasses the load balancer for all server responses to client requests by using MAC Address Translation (MAT).

The VDS-IS allows for the configuration of up to four VIPs (on loopback interfaces).

Client requests are sent to the load balancer and the load balancer sends the requests on to the Service

Router. If DSR VIP is configured on the VDS-IS (and supported on the load balancer), all VDS-IS responses to the client are sent directly to the client, bypassing the load balancer.

Note If DSR VIP is configured on an SE, the DSR VIP IP address cannot be the same as the Origin Server

FQDN (OFQDN).

To configure a DSR VIP, follow these steps:

Step 1

Step 2

Step 3

Step 4

Choose Devices > Devices > General Settings > Network > DSR VIP . The DSR VIP page is displayed.

In the Direct Server Return VIP 1 field, enter the IPv4 address of the Direct Server Return VIP. In the

Direct Server Return IPv6 VIP1 field, enter the IPv6 address of the Direct Server Return VIP.

Enter any additional DSR VIPs in the remaining fields (Direct Server Return [IPv6] VIP 2 to 4).

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-86

Chapter 4 Configuring Devices

Configuring the Service Engine

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring External IP Address Mappings

Starting with VDS-IS 4.2.1, VDS-IS supports configuring external IP address mappings. These mappings work like static NAT entries. It enables an administrator to map a specific internal “original”

IP address to a specific external IP address for any situation that may require NAT.

To configure an external IP address mapping, follow these steps:

Step 1

Step 2

Step 3

Choose Devices > Devices > General Settings > Network > External IP Mapping. The External IP

Mapping page is displayed.

For any interface that requires NAT, enter the external IP address to which it should be translated.

Click Submit to save the settings.

Configuring Notification and Tracking

The Notification and Tracking pages provide settings for alarms, thresholds, SNMP connectivity, and device monitoring. Configuring notification and tracking consists of the following procedures:

Enabling Alarm Overload Detection, page 4-87

Setting Service Monitor Thresholds, page 4-89

Enabling System Monitor Settings, page 4-93

Configuring SNMP, page 4-94

Enabling System Logs, page 4-102

Alarm Settings

The Alarm Settings page covers the following configuration settings:

Enabling Alarm Overload Detection, page 4-87

Alarms for Admin Shutdown Interface, page 4-88

Enabling Alarm Overload Detection

The device tracks the rate of incoming alarms from the Node Health Manager. If the rate of incoming alarms exceeds the high-water mark (HWM) threshold, the device enters an alarm overload state. This condition occurs when multiple applications raise alarms at the same time. When a device is in an alarm overload state, the following events occur:

• Traps for the raise alarm-overload alarm and clear alarm-overload alarm are sent. SNMP traps for subsequent alarm raise-and-clear operations are suspended.

Traps for alarm operations that occur between the raise-alarm-overload alarm and the clear-alarm-overload alarm operations are suspended, but individual device alarm information is still collected and available using the CLI.

Device remains in an alarm overload state until the rate of incoming alarms decreases to less than the low-water mark (LWM).

If the incoming alarm rate falls below the LWM, the device comes out of the alarm overload state and begins to report the alarm counts to the SNMP servers and the CDSM.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-87

Chapter 4 Configuring Devices

Configuring the Service Engine

Alarms that have been raised on a device can be listed by using the CLI commands shown in

Table 4-40

.

These CLI commands allow you to systematically drill down to the source of an alarm.

Table 4-40 Viewing Device Alarms

Command Syntax show alarms

Description

Displays a list of all currently raised alarms (critical, major, and minor alarms) on the device. show alarms critical Displays a list of only currently raised critical alarms on the device. show alarms major Displays a list of only currently raised major alarms on the device. show alarms minor Displays a list of only currently raised minor alarms on the device.

show alarms detail Displays detailed information about the currently raised alarms. show alarms history Displays a history of alarms that have been raised and cleared on the device. The CLI retains the last 100 alarm raise and clear events only. show alarms status Displays the counts for the currently raised alarms on the device.

Also lists the alarm-overload state and the alarm-overload settings.

To configure the alarm overload detection, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Choose Devices > Devices > General Settings > Notification and Tracking > Alarm Settings . The

Alarm Settings page is displayed.

Uncheck the Enable Alarm Overload Detection check box if you do not want to configure the device to suspend alarm raise and clear operations when multiple applications report error conditions. Alarm overload detection is enabled by default.

In the Alarm Overload Low Water Mark field, enter the number of alarms per second for the clear alarm overload threshold. The low water mark is the level to which the number of alarms must drop below before alarm traps can be sent. The default value is 1.

In the Alarm Overload High Water Mark field, enter the number of alarms per second for the raise alarm-overload threshold. The high-water mark is the level the number of alarms must exceed before alarms are suspended. The default value is 10.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Alarms for Admin Shutdown Interface

When the Alarms for Admin Shutdown Interface check box is checked, the interface alarm is shutdown. If there is already an alarm raised when the setting is submitted, unchecking the option and submitting the change does not clear the outstanding alarm. There are two ways to avoid this situation:

1.

Clear the outstanding alarm first before disabling this option.

2.

Disable this option and reboot. The alarm is cleared during reboot.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-88

Chapter 4 Configuring Devices

Configuring the Service Engine

Note The Alarms for Admin Shutdown Interface option should be enabled before any of the above for the alarm to take affect.

To enable the Alarms for Admin Shutdown Interface option, follow these steps:

Step 1

Step 2

Step 3

Choose Devices > Devices > General Settings > Notification and Tracking > Alarm Settings . The

Alarm Settings page is displayed.

Check the Alarms for Admin Shutdown Interface check box to enable this option.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Setting Service Monitor Thresholds

The Service Monitor page is where you configure workload thresholds for the device. In load-based routing, these thresholds are used to determine the best device to serve requested content. For more information about load-based routing, see the

“Configuring the Service Router” section on page 4-106

.

Note Threshold monitoring is performed on each device in the VDS-IS. The protocol engine and NIC bandwidth thresholds are only monitored on the SE. They are not monitored on the SR and CDSM.

Note The base license limit is set to 200 sessions and 200 Mbps bandwidth.

The burst count, which indicates the number of days after which a major alarm is raised, is configurable. On the Service Engine, use the service-router service-monitor threshold burstcnt command to configure the burst count. The default setting is one (1), which means all of the minor alarms that occur in a single day (24-hour interval) are counted as one single alarm. If the service-router service-monitor threshold burstcnt command is set to two, all minor alarms that occur in two days (48-hour interval) are counted as a single alarm.

A universal license is similar to a regular license, except it has a higher bandwidth and applies to all protocol engines (except Web Engine). When a universal license is purchased and configured, the alarm data for all protocol engines are cleared. Thereafter, the monitoring of the protocol engines continues as usual for any future alarms.

• On the Service Engine, use the service-router service-monitor license-universal enable command to enable the universal license. The service-router service-monitor license-universal command is disabled by default.

To configure workload thresholds, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Notification and Tracking > Service Monitor . The

Service Monitor page is displayed.

Enter the settings as appropriate. See

Table 4-41

for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-89

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-41 Service Monitor Fields

Field

CPU Settings

Enable

Threshold

Description

Allows the SR to collect CPU load information from the device.

Value (as a percentage) that determines when the device is overloaded. The threshold determines the extent of CPU usage allowed. The range is from 1 to 100. The default is 80.

Sample Period Time interval (in seconds) between two consecutive samples. The sample period is the time during which the device and the SR exchange keepalive messages that contain the device load information. The range is from 1 to 60. The default is 1.

Number of

Samples

Number of most recently sampled values used when calculating the average. The range is from 1 to 120. The default is 2.

Disk Settings

Enable

Threshold

Allows the SR to collect disk transaction information from the device.

The threshold, as a percentage, determines the extent of disk I/O load allowed. The disk threshold is a disk I/O load threshold setting. It is not used to monitor disk usage, it is calculated using the kernel’s diskstats status. This represents how much disk I/O capacity the device is using. It is calcuated across all disks on the device.

The range is from 1 to 100. The default is 80.

Sample Period Time interval (in seconds) between two consecutive samples. The range is from 1 to

60. The default is 1.

Number of

Samples

Memory Settings

Number of most recently sampled values used when calculating the average. The range is from 1 to 120. The default is 2.

Enable

Threshold

Allows the SR to collect memory usage information from the device.

The threshold (in percent) determines the extent of memory usage allowed. The range is from 1 to 100. The default is 80.

Sample Period Time interval (in seconds) between two consecutive samples. The range is from 1 to

60. The default is 1.

Number of

Samples

KMemory Settings

Number of most recently sampled values used when calculating the average. The range is from 1 to 120. The default is 2.

Enable Allows the SR to collect kernel memory usage information from the device.

Threshold The threshold (in percent) determines the extent of kernel memory usage allowed.

The range is from 1 to 100. The default is 50.

Sample Period Time interval (in seconds) between two consecutive samples. The range is from 1 to

60. The default is 1.

Number of

Samples

Number of most recently sampled values used when calculating the average. The range is from 1 to 120. The default is 2.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-90

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-41 Service Monitor Fields (continued)

Field

WMT Settings

1

Enable

Description

Threshold

Allows the SR to collect Windows Media Streaming stream count information from the SE.

Percentage of streams for which the SE has been either configured or licensed. The range is from 1 to 100. The default is 90.

Sample Period Time interval (in seconds) between two consecutive samples. The range is from 1 to

60. The default is 1.

Number of

Samples

FMS Settings 1

Number of most recently sampled values used when calculating the average. The range is from 1 to 120. The default is 2.

Enable Allows the SR to collect Flash Media Streaming stream count information from the

SE.

Threshold Percentage of streams for which the SE has been either configured or licensed. The range is from 1 to 100. The default is 90.

Sample Period Time interval (in seconds) between two consecutive samples. The range is from 1 to

60. The default is 1.

Number of

Samples

Number of most recently sampled values used when calculating the average. The range is from 1 to 120. The default is 2.

Movie Streamer Settings

1, 2

Enable Allows the SR to collect stream count information from the SE.

Threshold Percentage of streams for which the SE has been either configured or licensed. The range is from 1 to 100. The default is 90.

NIC Bandwidth Settings

1

Enable Allows the SR to collect NIC bandwidth information from the SE.

Threshold The threshold, as a percentage, determines the extent of NIC bandwidth usage allowed. The range is from 1 to 100. The default is 90.

Sample Period Time interval (in seconds) between two consecutive samples. The range is from 1 to

60. The default is 3.

Number of

Samples

Number of most recently sampled values used when calculating the average. The range is from 1 to 120. The default is 2.

Disk Failure Percentage

Threshold Overall percentage of CDNFS disk failures. The range is from 1 to 100. The default is 75.

When the percentage failed disks exceeds this threshold, no further requests are sent to this device. The Disk Failure Threshold is only for the CDNFS disks.

Note When an alarm is received for a SYSTEM disk, it is immediately marked as a failed disk. It is not checked against the Disk Failure Threshold. The SR continues redirecting to the SE, unless all SYSTEM disks on the SE are marked as failed disks. If disks have both SYSTEM and CDNFS partitions, they are treated as only system disks, which means they are not included in the accounting of the CDNFS disk calculation.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-91

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-41 Service Monitor Fields (continued)

Field Description

Augmentation Alarms

Enable

Threshold

Enables augmentation alarms. For more information, see the “Augmentation

Alarms” section on page 4-92 .

The augmentation alarms threshold is a percentage, that applies to the CPU, memory, kernel memory, disk, disk fail count, NIC, and protocol engine usages. By default it is set to 80 percent. The threshold value range is 1–100.

As an example of an augmentation alarm, if the threshold configured for CPU usage is 80 percent, and the augmentation threshold is set to 80 percent, then the augmentation alarm for CPU usage is raised when the CPU usage crosses 64 percent.

If “A” represents the Service Monitor threshold configured, and “B” represents the augmentation threshold configured, then the threshold for raising an augmentation alarm = (A * B) / 100 percent. For more information, see the

“Augmentation Alarm

Example” section on page 4-93

.

Transaction Logging

Enable Enables Service Monitoring transaction logging. For more information, see the

“Service Monitor Transaction Logs” section on page 8-93

.

1.

Protocol engines and NIC bandwidth are only monitored on the SE. They are not monitored on the CDSM and SR.

2.

Sample period and number of samples are not required for Movie Streamer and Web Engine because these protocol engines do not support bandwidth-based threshold monitoring.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Augmentation Alarms

Augmentation alarms are soft alarms that send alerts before the threshold is reached. These alarms are applicable to all devices—Service Engines, Service Routers and CDSMs. Augmentation thresholds apply to device and protocol engine parameters.

A different augmentation alarm is supported for each of the device-level thresholds. Based on the device parameters monitored by Service Monitor, the following minor alarms could be raised for device-level thresholds:

• CpuAugThreshold—Service Monitor CPU augmentation alarm.

MemAugThreshold—Service Monitor memory augmentation alarm.

KmemAugThreshold—Service Monitor kernel memory augmentation alarm.

DiskAugThreshold—Service Monitor disk augmentation alarm.

DiskFailCntAugThreshold—Service Monitor disk failure count augmentation alarm.

• NicAugThreshold—Service Monitor NIC augmentation alarm.

Check the augmentation threshold, device-level threshold, and average load for the above alarm instance. Add more devices if necessary. A useful command is the show service-router service-monitor command. The augmentation alarms raised are displayed in the show alarms detail command. The alarms are cleared when the load goes below the augmentation threshold.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-92

Chapter 4 Configuring Devices

Configuring the Service Engine

Note For system disks (disks that contain SYSTEM partitions), only when all system disks are bad is the diskfailure augmentation and threshold alarms raised. The diskfailcnt threshold does not apply to system disks. The threshold only applies to CDNFS disks, which is also the case for the augmentation thresholds. This is because the system disks use RAID1. There is a separate alarm for bad RAID. With the RAID system, if the critical primary disk fails, the other mirrored disk (mirroring only occurs for

SYSTEM partitions) seamlessly continues operation. However, if the disk drive that is marked bad is a critical disk drive, the redundancy of the system disks for this device is affected. For more information

on disk error handling and threshold recommendations, see the “Enabling Disk Error Handling” section on page 4-67 .

As the show disk details command output reports, if disks have both SYSTEM and CDNFS partitions, they are treated as only system disks, which means they are not included in the accounting of the CDNFS disk calculation.

Note The NIC augmentation alarm is only applicable if the device is an SE.

Different augmentation alarms are supported for each of the protocol engines, which only apply if the device is an SE. The following minor alarms could be raised for protocol-engine thresholds:

• rtspgaugmentexceeded— RTSP gateway TPS has reached augmentation threshold limits

• aug_memory_exceeded—Web Engine augmentation memory threshold exceeded aug_session_exceeded—Web Engine has reached augmentation threshold for concurrent session wmtaugmentexceeded—Windows Media Streaming has reached augmentation threshold limits msaugmentexceeded—Movie Streamer has reached augmentation threshold limits

FmsAugThreshold—Flash Media Streaming has reached augmentation threshold limits

WebCalLookupAugThreshold—Web Engine has reached augmentation threshold for storage lookup

WebCalDiskWriteAugThreshold—Web Engine has reached augmentation threshold for storage disk write

Augmentation Alarm Example

Maximum concurrent connections have a default value of 200 and maximum bandwidth has a default value of 200 Mbps. The augmentation alarm is enabled through the Service Monitor and the augmentation threshold is configured at 80 percent (default). The default service threshold for Flash

Media Streaming is 90 percent.

In this case, the augmentation alarm is raised for Flash Media Streaming when 0.8 * 0.9 * 200 = 144 connections or 144 Mbps of bandwidth is exceeded. The Service Router still redirects requests to this

Service Engine. The alarm is cleared when the traffic falls below either of the thresholds; that is, 144 connections or 144 Mbps in this example.

Enabling System Monitor Settings

The System Monitor page is where you configure the uninterruptible sleep process check for the device.

To configure system monitor settings, follow these steps:

Step 1 Choose Devices > Devices > General Settings > Notification and Tracking > System Monitor . The

System Monitor Settings for Service Engine page is displayed.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-93

Chapter 4 Configuring Devices

Configuring the Service Engine

Step 2 To enable uninterruptible sleep process check, check the Enable check box in the Uninterruptible Sleep

Process Check pane.

Configuring SNMP

The Cisco VDS-IS supports the following versions of SNMP:

Version 1 (SNMPv1)—A network management protocol that provides a means to monitor and control network devices, and to manage configurations, statistics collection, performance, and security.

Version 2 (SNMPv2c)—The second version of SNMP, it supports centralized and distributed network management strategies, and includes improvements in the Structure of Management

Information (SMI), protocol operations, management architecture, and security.

• Version 3 (SNMPv3)—An inter-operable standards-based protocol for network management.

SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network. The security features provided in SNMPv3 are as follows:

– Message integrity—Ensuring that a packet has not been tampered with in-transit.

Authentication—Determining the message is from a valid source.

Encryption—Scrambling the contents of a packet prevent it from being seen by an unauthorized source.

SNMPv3 provides for both security models and security levels. A security model is an authentication strategy that is set up for a user and the group in which the user resides. A security level is the permitted level of security within a security model. A combination of a security model and a security level determines which security mechanism is employed when handling an SNMP packet. Three security models are available: SNMPv1, SNMPv2c, and SNMPv3.

Table 4-42 identifies what the combinations of security models and levels mean.

Table 4-42 SNMP Security Models and Levels

Model Level v1 v2c v3 v3 v3 noAuthNoPriv noAuthNoPriv noAuthNoPriv authNoPriv authPriv

Authentication

Community String

Community String

Username

MD5 or SHA

MD5 or SHA

Encryption

No

No

No

No

DES

Process

Uses a community string match for authentication.

Uses a community string match for authentication.

Uses a username match for authentication.

Provides authentication based on the

HMAC-MD5 or HMAC-SHA algorithms.

Provides authentication based on the

HMAC-MD5 or HMAC-SHA algorithms.

Provides DES 56-bit encryption in addition to authentication based on the

CBC-DES (DES-56) standard.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-94

Chapter 4 Configuring Devices

Configuring the Service Engine

The SNMPv3 agent can be used in the following modes:

• noAuthNoPriv mode (that is, no security mechanisms turned on for packets)

AuthNoPriv mode (for packets that do not need to be encrypted using the privacy algorithm [DES

56])

• AuthPriv mode (for packets that must be encrypted; privacy requires that authentication be performed on the packet)

Using SNMPv3, users can securely collect management information from their SNMP agents without worrying that the data has been tampered with. Also, confidential information, such as SNMP set packets that change a Content Engine’s configuration, can be encrypted to prevent their contents from being exposed on the wire. Also, the group-based administrative model allows different users to access the same SNMP agent with varying access privileges.

Note the following about SNMPv3 objects:

• Each user belongs to a group.

Group defines the access policy for a set of users.

Access policy is what SNMP objects can be accessed for reading, writing, and creating.

Group determines the list of notifications its users can receive.

Group also defines the security model and security level for its users.

To configure the SNMP settings, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Notification and Tracking > SNMP > General

Settings . The SNMP General Settings page is displayed.

Enable the settings as appropriate. See Table 4-43 for a description of the fields.

Table 4-43

Field

Traps

Enable SNMP

Settings

Service Engine

SNMP

SNMP General Settings Fields

Description

Enables the SNMP agent to transmit traps to the SNMP server.

SE Alarm

Entity

Enables the Disk Fail trap, which is the disk failure error trap.

Enables SNMP-specific traps:

• Authentication—Enables authentication trap.

• Cold Start—Enables cold start trap.

Enables alarm traps:

Raise Critical—Enables raise-critical alarm trap.

Clear Critical—Enables clear-critical alarm trap.

Raise Major—Enables raise-major alarm trap.

Clear Major—Enables clear-major alarm trap.

Raise Minor—Enables raise-minor alarm trap.

Clear Minor—Enables clear-minor alarm trap.

Enables SNMP entity traps.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-95

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-43 SNMP General Settings Fields (continued)

Field Description

Config Enables CiscoConfigManEvent error traps.

Miscellaneous Settings

Notify Inform Enables the SNMP notify inform request.

Step 3

Step 4

Step 5

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

From the left-panel menu, choose Community . The SNMP Community Table page is displayed.

The table is sortable by clicking the column headings. The maximum number of community strings that can be created is ten.

Click the Create New icon in the task bar. The SNMP Community page is displayed.

Click the Edit icon next to the community name to edit a community setting.

Step 6

Note Each community is associated with a group. Each group has a view and users are assigned to a group. If the group does not have a view associated with it, then users associated that group cannot access any MIB entry.

Enter the settings as appropriate. See Table 4-44 for a description of the fields.

Table 4-44 SNMP Community Fields

Field

Community

Group name/rw

Group Name

Description

Community string used as a password for authentication when you access the

SNMP agent of the device using SNMPv1 or SNMPv2. The “Community Name” field of any SNMP message sent to the device must match the community string defined here to be authenticated. You can enter a maximum of 64 characters in this field.

Group to which the community string belongs. The Read/Write option allows a read or write group to be associated with this community string. The Read/Write option permits access to only a portion of the MIB subtree. Choose one of the following three options from the drop-down list:

• None —Choose this option if you do not want to specify a group name to be associated with the community string.

• Read/Write —Choose this option if you want to allow read-write access to the group associated with this community string.

Group —Choose this option if you want to specify a group name.

Name of the group to which the community string belongs. You can enter a maximum of 64 characters in this field. This field is available only if you have chosen the Group option in the Group name/rw field.

Step 7 Click Submit to save the settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-96

Chapter 4 Configuring Devices

Configuring the Service Engine

Step 8

Step 9

Step 10

To delete an SNMP community, click the Edit icon for the community, then click the Delete icon in the task bar.

From the left-panel menu, choose Group . The SNMP Group Table page is displayed.

The table is sortable by clicking the column headings. The maximum number of groups that can be created is ten.

Click the Create New icon in the task bar. The SNMP Group page is displayed.

Click the Edit icon next to the Group Name to edit a group.

Enter the settings as appropriate. See

Table 4-45

for a description of the fields.

Table 4-45 SNMP Group Fields

Field

Name

Sec Model

Read View

Description

Name of the SNMP group. You can enter a maximum of 256 characters.

A group defines a set of users belonging to a particular security model. A group defines the access rights for all of the users belonging to it. Access rights define what SNMP objects can be read, written to, or created. In addition, the group defines what notifications a user is allowed to receive.

An SNMP group is a collection of SNMP users that belong to a common SNMP list that defines an access policy, in which object identification numbers (OIDs) are both read-accessible and write-accessible. Users belonging to a particular SNMP group inherit all of the attributes defined by the group.

Security model for the group. Choose one of the following options from the drop-down list:

• v1 —Version 1 security model (SNMP Version 1 [noAuthNoPriv]).

• v2c —Version 2c security model (SNMP Version 2 [noAuthNoPriv]). v3-auth —User security level SNMP Version 3 (AuthNoPriv). v3-noauth —User security level SNMP Version 3 (noAuthNoPriv).

v3-priv — User security level SNMP Version 3 (AuthPriv).

The Sec Model you choose determines which of the following three security algorithms is used on each SNMP packet:

• noAuthNoPriv—Authenticates a packet by a string match of the username.

AuthNoPriv—Authenticates a packet by using either the HMAC MD5 or SHA algorithms.

AuthPriv—Authenticates a packet by using either the HMAC MD5 or SHA algorithms and encrypts the packet using the CBC-DES (DES-56) algorithm.

Name of the view (a maximum of 64 characters) that enables you only to view the contents of the agent. By default, no view is defined. To provide read access to users of the group, a view must be specified.

A read view defines the list of object identifiers (OIDs) that are accessible for reading by users belonging to the group.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-97

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-45

Field

Write View

Notify View

SNMP Group Fields (continued)

Description

Name of the view (a maximum of 64 characters) that enables you to enter data and configure the contents of the agent. By default, no view is defined.

A write view defines the list of object identifiers (OIDs) that are able to be created or modified by users of the group.

Name of the view (a maximum of 64 characters) that enables you to specify a notify, inform, or trap. By default, no view is defined.

A notify view defines the list of notifications that can be sent to each user in the group.

Step 11

Step 12

Step 13

Step 14

Click Submit to save the settings.

To delete an SNMP group, click the Edit icon for the group, then click the Delete icon in the task bar.

From the left-panel menu, choose User . The SNMP User Table page is displayed.

The table is sortable by clicking the column headings. The maximum number of users that can be created is ten.

Click the Create New icon in the task bar. The SNMP User page is displayed.

Click the Edit icon next to the username to edit a user.

Enter the settings as appropriate. See Table 4-46 for a description of the fields.

Table 4-46 SNMP User Fields

Field

Name

Description

String representing the name of the user (256 characters maximum) who can access the device.

Group

Authentication

Algorithm

An SNMP user is a person for which an SNMP management operation is performed.

Name of the group (256 characters maximum) to which the user belongs.

Remote SNMP ID Globally unique identifier for a remote SNMP entity. To send an SNMPv3 message to the device, at least one user with a remote SNMP ID must be configured on the device. The SNMP ID must be entered in octet string format. For example, if the

IP address of a remote SNMP entity is 192.147.142.129, then the octet string would be 00:00:63:00:00:00:a1:c0:93:8e:81.

Authentication algorithm that ensures the integrity of SNMP packets during transmission. Choose one of the following three options from the drop-down list:

• No-auth —Requires no security mechanism to be turned on for SNMP packets.

MD5 —Provides authentication based on the hash-based Message

Authentication Code Message Digest 5 (HMAC-MD5) algorithm.

SHA —Provides authentication based on the hash-based Message

Authentication Code Secure Hash (HMAC-SHA) algorithm.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-98

Chapter 4 Configuring Devices

Configuring the Service Engine

Table 4-46 SNMP User Fields (continued)

Field

Authentication

Password

Description

String (256 characters maximum) that configures the user authentication

(HMAC-MD5 or HMAC-SHA) password. The number of characters is adjusted to fit the display area if it exceeds the limit for display.

This field is optional if the no-auth option is chosen for the authentication algorithm. Otherwise, this field must contain a value.

Confirmation

Password

Authentication password for confirmation. The re-entered password must be the same as the one entered in the Authentication Password field.

Private Password String (256 characters maximum) that configures the authentication (HMAC-MD5 or HMAC-SHA) parameters to enable the SNMP agent to receive packets from the

SNMP host. The number of characters is adjusted to fit the display area if it exceeds the limit for display.

Confirmation

Password

Private password for confirmation. The re-entered password must be the same as the one entered in the Private Password field.

Step 15

Step 16

Step 17

Step 18

Click Submit to save the settings.

To delete an SNMP user, click the Edit icon for the user, then click the Delete icon in the task bar.

To define a SNMPv2 MIB view, click View from the left-panel menu. The SNMP View Table page is displayed.

The table is sortable by clicking the column headings. The maximum number of SNMPv2 views that can be created is ten.

SNMP view—A mapping between SNMP objects and the access rights available for those objects. An object can have different access rights in each view. Access rights indicate whether the object is accessible by either a community string or a user.

Click the Create New icon in the task bar. The SNMP View page is displayed.

Click the Edit icon next to the username to edit a view.

Enter the settings as appropriate. See

Table 4-47

for a description of the fields.

Table 4-47

Field

Name

Family

View Type

SNMP View Fields

Description

String representing the name of this family of view subtrees (256 characters maximum). The family name must be a valid MIB name such as ENTITY-MIB.

Object identifier (256 characters maximum) that identifies a subtree of the MIB.

View option that determines the inclusion or exclusion of the MIB family from the view. Choose one of the following two options from the drop-down list:

Note

Included —The MIB family is included in the view.

Excluded —The MIB family is excluded from the view.

When configuring an SNMP View with Excluded, the specified MIB that is excluded is not accessible for the community associated with the group that has that view.

Step 19 Click Submit to save the settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-99

Chapter 4 Configuring Devices

Configuring the Service Engine

Step 20

Step 21

Step 22

To delete an SNMP view, click the Edit icon for the view, then click the Delete icon in the task bar.

From the left-panel menu, choose Host . The SNMP Host Table page is displayed.

The table is sortable by clicking the column headings. The maximum number of hosts that can be created is four.

Click the Create New icon in the task bar. The SNMP Host page is displayed.

Click the Edit icon next to the hostname to edit a host.

Enter the settings as appropriate. See Table 4-48 for a description of the fields.

Table 4-48 SNMP Host Fields

Field

Trap Host

Description

Hostname or IP address an SNMP entity to which notifications (traps and informs) are to be sent.

Community/User Name of the SNMP community or user (256 characters maximum) that is sent in

SNMP trap messages from the device.

Authentication Security model to use for sending notification to the recipient of an SNMP trap operation. Choose one of the following options from the drop-down list:

No-auth —Sends notification without any security mechanism.

v2c —Sends notification using Version 2c security.

Model v3-auth —Sends notification using SNMP Version 3 (AuthNoPriv).

Security Level v3-noauth —Sends notification using SNMP Version 3

(NoAuthNoPriv security).

Retry

Timeout

• Level v3-priv —Sends notification using SNMP Version 3 (AuthPriv security).

Number of retries (1 to 10) allowed for the inform request. The default is 2.

Timeout for the inform request in seconds (1 to 1000). The default is 15.

Step 23

Step 24

Step 25

Step 26

Step 27

Step 28

Step 29

Click Submit to save the settings.

To delete an SNMP host, click the Edit icon for the host, then click the Delete icon in the task bar.

From the left-panel menu, choose Asset Tag . The SNMP Asset Tag page is displayed.

In the Asset Tag Name field, enter a name for the asset tag and click Submit .

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

From the left-panel menu, choose Contact . The SNMP Contact page is displayed.

In the Contact field, enter a name of the contact person for this device.

In the Location field, enter a location of the contact person for this device.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-100

Chapter 4 Configuring Devices

Configuring the Service Engine

Supported MIBs

The SNMP agent supports the following MIBs:

• ENTITY-MIB (RFC 2037 Revision 199610310000Z))

MIB-II (RFC 1213)

HOST-RESOURCES-MIB (RFC 2790, hrSWInstalled and hrPrinterTable subgroups are not supported)

BGP-4-MIB (RFC-4274)

UCD-SNMP-MIB

CISCO-ENTITY-ASSET-MIB

CISCO-CONFIG-MAN-MIB (Revision 9511280000Z)

• CISCO-SERVICE-ENGINE-MIB (supports streaming media-related MIB objects)

ENTITY-MIB, MIB-II, HOST-RESOURCES-MIB, BGP-4-MIB, and UCD-SNMP-MIB are public-available MIBs.

To download a copy of the CISCO-SERVICE-ENGINE-MIB, follow these steps:

Step 1

Step 2

Step 3

Choose System > CDS-IS Files > SNMP MIB.

The CISCO_SERVICE-ENGINE-MIB.my is listed.

Click one of the following links:

CISCO_SERVICE-ENGINE-MIB.my

CISCO_CDS_SERVICE_ROUTING_MIB.my

Your browser program displays a dialog box asking if you want to open or save the file.

Choose the appropriate option; either open or save the file.

The CISCO-SERVICE-ENGINE-MIB is extended to incorporate MIB objects related to streaming. The

WMT and Movie Streamer groups incorporate statistics about the WMT server or proxy, and Movie

Streamer. The Flash Media Streaming group incorporates statistics about the Flash Media Streaming protocol engine. For each 64-bit counter MIB object, a 32-bit counter MIB object is implemented so that

SNMP clients using SNMPv1 can retrieve data associated with 64-bit counter MIB objects. The MIB objects of each of these groups are read-only.

WMT MIB group provides statistics about WMT proxy and server performance. Twenty-eight MIB objects are implemented in this group. Six of these MIB objects are implemented as 64-bit counters.

Movie Streamer MIB group provides statistics about RTSP streaming engine performance. Seven

MIB objects are implemented in this group. Two of these MIB objects are implemented as 64-bit counters.

• Flash Media Streaming MIB group provides statistics about HTTP and RTMP streaming engine performance.

The CISCO_CDS_SERVICE_ROUTING_MIB.my provides some object identifiers (OIDs) for Service

Router statistics. All the OIDs in the MIB are only for querying purposes; no traps have been added to this MIB. The Service Router MIB provides two groups, cdssrStatsGroup and cdssrServiceMonitorGroup, which contain OIDs for the statistics from the s how statistics service-router summary/dns/history/se/content-origin command and the show service-router service-monitor command.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-101

Configuring the Service Engine

Use the following link to access the CISCO-ENTITY-ASSET-MIB and the

CISCO-CONFIG-MAN-MIB: ftp://ftp.cisco.com/pub/mibs/v2/

Chapter 4 Configuring Devices

Note If your browser is located behind a firewall or you are connecting to the Internet with a DSL modem and you are unable to access this file folder, you must change your web browser compatibility settings. In the Internet Explorer (IE) web browser, choose Tools > Internet Options > Advanced , and check the

Use Passive FTP check box.

Enabling System Logs

Use the System Logs page to set specific parameters for the system log file (syslog). This file contains authentication entries, privilege level settings, and administrative details. System logging is always enabled. By default, the system log file is stored as /local/local1/syslog.txt.

To enable system logging, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Notification and Tracking > System Logs . The

System Log Settings page is displayed.

Enter the settings as appropriate. See Table 4-49 for a description of the fields.

Table 4-49 System Logs Settings Fields

Field

System Logs

Enable

Facility

Console Settings

Enable

Priority

Description

Enables system logs.

Facility where the system log is sent.

Enable sending the system log to the console.

Severity level of the message that should be sent to the specified remote syslog host. The default priority is warning. The priorities are:

Emergency—System is unusable.

Alert—Immediate action needed.

Critical—Critical condition.

Error—Error conditions.

Warning—Warning conditions.

Notice—Normal but significant conditions.

Information—Informational messages.

Debug—Debugging messages.

Disk Settings

Enable

File Name

Enables saving the system logs to disk.

Path and filename where the system log file is stored on the disk. The default is

/local/local1/syslog.txt.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-102

Chapter 4 Configuring Devices

Table 4-49

Field

Priority

Recycle

Host Settings

Enable

Hostname

Priority

Port

Rate Limit

Configuring the Service Engine

System Logs Settings Fields (continued)

Description

Severity level of the message that should be sent to the specified remote syslog host.

The maximum size of the system log file before it is recycled. The default is

10000000 bytes.

Enables sending the system log file to a host. You can configure up to four hosts.

A hostname or IP address of a remote syslog host.

Severity level of the message that should be sent to the specified remote syslog host.

The destination port on the remote host. The default is 514.

The message rate per second. To limit bandwidth and other resource consumption, messages can be rate limited. If this limit is exceeded, the remote host drops the messages. There is no default rate limit, and by default all system log messages are sent to all syslog hosts.

Step 3 Click Submit to save the settings.

Multiple Hosts for System Logging

Each syslog host can receive different priority levels of syslog messages. Therefore, you can configure different syslog hosts with a different syslog message priority code to enable the device to send varying levels of syslog messages to the four external syslog hosts.

However, if you want to achieve syslog host redundancy or failover to a different syslog host, you must configure multiple syslog hosts on the device and assign the same priority code to each configured syslog host.

Configuring Troubleshooting

The Kernel Debugger troubleshooting page allows you to enable or disable access to the kernel debugger.

Once enabled, the kernel debugger is automatically activated when kernel problems occur.

Note The “hardware watchdog” is enabled by default and automatically reboots a device that has stopped responding for over ten minutes. Enabling the kernel debugger disables the “hardware watchdog.”

If the device runs out of memory and kernel debugger (KDB) is enabled, the KDB is activated and dump information. If the KDB is disabled and the device runs out of memory, the syslog reports only dump information and reboots the device.

Enabling the Kernel Debugger

To enable the kernel debugger, follow these steps:

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-103

Chapter 4 Configuring Devices

Configuring the Service Engine

Step 1

Step 2

Choose Devices > Devices > General Settings > Troubleshooting > Kernel Debugger . The Kernel

Debugger page appears.

To enable the kernel debugger, check the Enable check box, and click Submit .

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

For information about monitoring the SEs, see the

“Device Monitoring” section on page 8-13

.

Configuring Service Router Settings

The keepalive interval is used by the SE to send keepalive messages to the SR. If the SE is configured with more than one streaming interface (multi-port support), the keepalives are sent for each streaming interface.

To configure the keepalive interval the SE uses for messages to this SR, follow these steps:

Step 1

Step 2

Step 3

Step 4

Choose Devices > Devices > General Settings > Service Routing Settings . The Service Routing

Settings page is displayed.

In the Keepalive-Interval field, enter the number of seconds the messages from the SR should be kept alive on this SE. The range is from 1 to 120. The default is 2 seconds.

In the Snapshot Counter Report Interval field, enter the report interval for the wholesale snapshot counter report. The range is from 5 to 180. The default is 10 seconds.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring Cache Router Settings

To configure the liveness interval the SE uses for messages to this SR, follow these steps:

Step 1

Step 2

Step 3

Step 4

Choose Devices > Devices > General Settings > Cache Router . The Cache Router page is displayed.

From the Select a Device Group drop-box, choose the device group.

In the Liveness Query timeout field, enter the number of milli seconds the messages from the SR should be kept alive on this SE. The range is from 1 to 1000. The default is 200 seconds.

Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-104

Chapter 4 Configuring Devices

Configuring Memory Limitation Settings

To configure the memory limitation settings for an SE, follow these steps:

Configuring the Service Engine

Step 1

Step 2

Choose Devices > Devices > General Settings > Memory Limitation . The Memory Limitation page is displayed.

Enter the settings as appropriate. See

Table 4-50

for a description of the fields.

Table 4-50 Memory Limitation Settings Fields

Field contentmgr fms-server movie-streamer webengine

Description

Memory size for Content Manager.

If the physical memory size is greater or equal to 32 GB, the default value is 16 GB, otherwise the default value is 6 GB.

Memory size for Flash Media Server.

If the physical memory size is greater or equal to 48 GB, the default value is 8 GB. If the physical memory size is between 48 GB and 32

GB, the default value is 6 GB, otherwise the default value is 4 GB.

Memory size for Movie Streamer. The default value is 4 GB.

Memory size for Web Engine.

If the physical memory size is greater or equal to 32 GB, the default value is 12 GB. If the physical memory size is between 32 GB and 16

GB, the default value is 8 GB, otherwise the default value is 4 GB.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring ABR Latency

To configure the ABR Latency settings for SE, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > ABR Latency Configuration . The ABR Latency

Configuration page is displayed.

Enter the settings as appropriate. See

Table 4-51

for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-105

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-51

Field

Enable

Cpu-Threshold

Time-Duration

ABR Latency Configuration Fields

Tolerable-Requests

Description

Enables the ABR Latency configurations settings for Service Engine.

By default, it is unchecked.

Note On enabling this feature, webengine and service monitor processes restart within two mins. Hence, you need to enable in offload time.

The range is from 1 - 80. The default value is 20.

The range is from 1 - 100000(number of requests). The default value is

50.

Note If the device is repeatedly serving many requests with latency for three times, an alarm is triggered. The three iteration is to check the consistency.

The range is from 1 - 100000 (seconds). The default value is 60 seconds.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

For more information, see Appendix G

“ABR Latency” section on page G-1 .

Configuring the Service Router

Configuring a Service Router (SR) consists of the following procedures:

Configuring Transaction Logs for the Service Router, page 4-135

For information on configuring the general settings, except last-resort routing and transaction logging, see the

“General Settings” section on page 4-52 .

Activating a Service Router

Activating an SR can be done through the Devices home page initially, or through the Device Activation page.

To activate an SR from the Device Activation page, follow these steps:

Step 1

Step 2

Step 3

Step 4

Choose Devices > Devices . The Devices Table page is displayed.

Click the Edit icon next to the SR that you want to configure. The Devices home page is displayed.

Click Show All to display the top-level menu options, and choose Device Activation . The Device

Activation page is displayed.

Enter the settings as appropriate. See Table 4-52 for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-106

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-52

Field

Name

Location

Activate

Server Offload

Service Router Activation Fields

Description

Name of the device.

The Location drop-down list lists all of the location configured for the

VDS-IS.

To activate or deactivate the device, check or uncheck the Activate check box. Alternatively, you can click the Deactivate Device icon in the task bar.

When you uncheck the Activate check box and click Submit , the

Replaceable check box is displayed. Check the Replaceable check box when you need to replace the device or recover lost registration information. For more information, see the

“Recovering VDS-IS Network

Device Registration Information” section on page 9-25

To offload this device for maintenance or a software upgrade, check the

Server Offload check box. When checked, the Service Router stops processing client requests.

When the SR is marked as inactive or is marked with server offload on the

CDSM it stops responding to DNS queries. Instead, the SR sends a

SERVFAIL error as the DNS response, and for RTSP/HTTP requests, the

SR sends a 503 Service Unavailable message.

To monitor the current activity on an SR during the Server Offload state, use the show interface command. If the packets received or packets sent is increasing then the SR is processing client requests.

Note We recommend separating the management traffic from the client request traffic by using the port channel configuration, see the

“Configuring Port Channel” section on page K-6

for more information.

• If management and client request traffic are separated, the show interface command for the client request port channel displays information on active sessions.

• If management and streaming traffic are not separated, the show interface command shows very low traffic; the packets received and packets sent are lower than a client request session.

Once the SR has finished processing client requests, you can perform maintenance or upgrade the software on the device. For information about upgrading the software, see the

“Upgrading the Software” section on page 9-6 .

The Status field on the Device Activation page and the Devices Table page displays “offloading” when Server Offload is checked.

Once the software upgrade or maintenance is complete, you need to uncheck the Server Offload check box so that the device can again participate in the system.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-107

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-52 Service Router Activation Fields (continued)

Field

Work Type

Coverage Zone File

Use SR’s primary IP address

Description

From the Work Type drop-down list, choose SR & Proximity Engine if you want to enable the Proximity Engine; otherwise, choose Service

Router only

. For more information, see the “Configuring the Proximity

Server Settings” section on page 4-117

.

To have a local Coverage Zone file overwrite the VDS-IS network-wide

Coverage Zone file, choose a file from the Coverage Zone drop-down list.

See the “Coverage Zone File Registration,” page 6-13

for information about creating and registering a Coverage Zone file. Otherwise, choose

None .

Enables the CDSM to use the IP address on the primary interface of the

SR for management communications.

Note If the Use SR’s primary IP address for Management

Communication check box is checked and the Management

Communication Address and Port are configured, the CDSM uses the SR’s primary IP address for communication.

Management

Communication Address

Note Do not check the Use SR’s primary IP address for Management

Communication check box if you want to separate management and streaming traffic. Instead, use the Management

Communication Address and Port fields to specify where management traffic should be sent.

Manually configures a management IP address for the CDSM to communicate with the SR.

Manual configuration of the management IP address and port are used when using port channel configuration to separate management and streaming traffic. For more information about port channel configuration

see the “Configuring Port Channel and Load Balancing Settings” section on page 4-75

and the

“Configuring Port Channel” section on page K-6

.

Port number to enable communication between the CDSM and the SR.

Management

Communication Port

Monitor SE Keepalive

Message on

Comments

From the Monitor SE Keepalive Message on drop-down list, choose the

IP address for the device.

This feature allows an SR to listen to private IP adresses on which it receives KAL/SCR from SEs. The private IP addresses can be accessed by the devices within the VDS-IS network.Therefore prevents attacks from the Internet for this UDP port 2323.

For more information to enable or disable this feature, see the

Configuring the Monitor SE Keepalive Messages, page 4-109

Information about the settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-108

Chapter 4 Configuring Devices

Configuring the Service Router

Note To make sure that the SR is binding to the primary interface (or management IP address if configured) as the source IP address when sending management traffic to the CDSM, create a static route from the SR to the CDSM. To configure a static IPv4 route from the SR, see the

“Configuring Static Routes” section on page 4-85

. To configure a static IPv6 route from the SR, see the

“Configuring Static IPv6 Routes” section on page 4-86

. Alternatively, you can use the ip route command and IPv6 route command on the VDS-IS device.

Configuring the Monitor SE Keepalive Messages

To enable or disable the Monitor SE Keepalive Message on feature, follow these steps:

Note While enabling or disabling this option, you must offload the SR to make sure that the KAL/SCR messages are not lost.

The procedure must be followed when you want to downgrade a CDN from a version with the feature enabled, to an old version that does not support this feature.

Prequisites

To enable this feature, the following conditions should be satisfied:

• The administrator must have already setup the VDS-IS network with private IPs for all devices.

The administrator must make sure that SEs and SRs are able to communicate with each other through the private IP addresses.

The administrator must make sure that the UDP port 2323 is not accessible by unauthorized entities outside the VDS-IS network.

The administrator must make sure that the software versions for all the devices including SEs, SRs, and CDSMs are supporting this feature.

Note There may be KAL/SCR message losses if a device is not on a version that supports this feature.

• While enabling or disabling Monitor SE Keepalive Message on feature, the feature is enabled or disabled for each SR one by one.

To offload the SR, follow these steps:

Step 1

Step 2

Wait for 120 seconds, then from the Devices > Device Activation > Monitor SE Keepalive Message on drop-down list:

Select the right IP, to enable the feature.

Select All , to disable the feature.

Wait for 60 seconds, then check to see if there is an SeKeepalive alarm for any SE on this SR; if there

is no SeKeepalive alarm, go to the Step 3

.

• If there is any SeKeepalive alarm on the SR, wait for another System.datafeed.pollRate

seconds

(300 seconds by default)

If any SeKeepalive alarm persists for an SE, there is a configuration issue with the SE, try to resolve it.

Repeat the previous steps until no SeKeepalive alarm exists on the SR.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-109

Chapter 4 Configuring Devices

Configuring the Service Router

Step 3

• Un-offload the SR to bring it back online

Click Submit to save the settings.

Configuring Routing Settings

The Routing Settings pages provide settings for the Request Routing Engine and the Proximity Engine.

Configuring the Service Router engines consists of the following procedures:

Configuring Request Routing Settings, page 4-110

Configuring IP-based Redirection, page 4-115

Configuring DNS-based Redirection, page 4-115

Configuring Redirect Burst Control, page 4-116

Configuring Cross-Domain Policy, page 4-116

Configuring the Proximity Server Settings, page 4-117

The Service Router has two engines, the Request Routing Engine and the Proximity Engine.

The Proximity Engine contains the functionality of the Proximity Servers used for proximity-based routing. For more information, see the

“Service Router” section on page 1-34

.

Configuring Request Routing Settings

To configure the Request Routing Settings, follow these steps:

Step 1

Step 2

Choose Devices > Devices > Routing Settings > Request Routing Settings > General Settings . The

Request Routing Settings page is displayed.

Enter the settings as appropriate. See Table 4-53 for a description of the fields.

Table 4-53 Request Routing Settings—General Settings Fields

Field

Enable Location

Based Routing

Location Cache

Timeout

Description

When location-based routing is enabled, the Service Router first looks up the client’s IP address in the Coverage Zone file. If there is no subnet in the Coverage

Zone file that matches the client’s IP address, the client’s geographical location is compared to the geographical location of the Service Engines listed in the

Coverage Zone file, and the closest and least-loaded Service Engine is selected.

Geographically locating a client is used when users roam outside of their home networks.

Enter the timeout interval (in seconds) that a response from the Geo-Location server is stored in the SR cache.

The SR caches information from the Geo-Location server during the first request so that further requests can be served from cache instead of contacting the

Geo-Location server.

The default is 691200. The range is 1 to 864000.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-110

Chapter 4 Configuring Devices

Table 4-53

Field

Configuring the Service Router

Request Routing Settings—General Settings Fields (continued)

Description

Quova—If quova is selected from the Type drop-down list:

– In the Primary Address and associated Port fields, enter the IPv4 address and port number of the primary Geo-Location Server.

– In the Secondary Address and associated Port fields, enter the IPv4 address and port number of the secondary Geo-Location Server.

Quova GDS (Version 7.1.5)—If quova-restful-gds is selected form the Type drop-down list:

In the Primary Address and associated Port, Service Name, Retry and

Timeout fields, enter the IPv6 or IPv4 address, port number, Service name, Retry and Timeout of the primary Geo-Location Server.

In the Secondary Address and associated Port, Service Name, Retry and Timeout fields, enter the IPv6 or IPv4 address, port number, Service name, Retry and Timeout of the secondary Geo-Location Server.

Quova Hosted—If quova-restful-hosted is selected from the Type drop-down list:

– In the API Key field, enter the API key of the Geo-Location Server.

In the Shared Secret Key field, enter the shared secret key of the

Geo-Location Server.

In the Primary Address and associated Port, Service Name, Retry and

Timeout fields, enter the IPv6 or IPv4 address, port number, Service name, Retry and Timeout of the primary Geo-Location Server.

– In the Secondary Address and associated Port, Service Name, Retry and Timeout fields, enter the IPv6 or IPv4 address, port number, Service name, Retry and Timeout of the secondary Geo-Location Server.

MaxMind Hosted— If the maxmind-restful-hosted is selected from the Type drop-down list:

From the Protocol drop-down list, choose Http or Https .

In the Service field, enter the service name. The service name can be a, b, f, or e.

In the License Key field, enter the key that is used by the Geo-Location server to verify a request.

In the Primary Address and associated Port, Retry and Timeout fields, enter the IPv6 or IPv4 address, port number, Retry and Timeout of the primary Geo-Location Server.

In the Secondary Address and associated Port, Retry and Timeout fields, enter the IPv6 or IPv4 address, port number, Retry and Timeout of the secondary Geo-Location Server.

Note The Maxmind server service supported is GeoIP Legacy web services http://dev.maxmind.com/geoip/legacy/web-services/.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-111

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-53 Request Routing Settings—General Settings Fields (continued)

Field

Primary

Geo-Location

Server IP address and Port

Secondary

Geo-Location

Server IP address and Port

Enable Content

Based Routing

Description

The IP address and port number of the primary Geo-Location Server for

location-based routing. For more information, see the “Geo-Location Servers” section on page 4-113

.

The IP address and port number of the secondary Geo-Location Server.

Number of

Redundant Copies

Enable Proximity

Based Routing

When enabled, the SR redirects requests based on the URI. Requests for the same

URI are redirected to the same SE, provided the SE’s thresholds have not been exceeded. This optimizes disk usage in the VDS-IS by storing only one copy of the content on one SE, instead of multiple copies on several SEs. For more information about content-based routing, see the

“Content-Based Routing” section on page 1-45

.

Note Content-based routing does not work with clients sending signed URL requests. The hashing algorithm for content-based routing considers the whole signed Url, so a signed URL request for the same content may be redirected to a different SE.

Number of copies of a content to keep among SEs in a Delivery Service. The range is from 1 to 4. The default is 1. If redundancy is configured with more than one copy, multiple Service Engines are picked for a request with the same URI hash.

When enabled, the SR contacts the Proximity Server with the client IP address and a list of SEs. The Proximity Server returns a list of SEs ordered by distance or metric, and provides a client subnet mask. The SR caches this information for this client. The SR redirects the client request to the SE selected, which is based on load, availability, and Delivery Service subscription.

To configure a standalone Proximity Engine, see the Cisco Videoscape

Distribution Suite, Internet Streamer 4.2.1 Command Reference .

Proximity Cache

Timeout

To configure a collocated Proximity Engine, see the

“Configuring the Proximity

Server Settings” section on page 4-117 .

For more information, see the

“Proximity-Based Routing” section on page 1-41

.

The maximum number of seconds the proximity response from the Proximity

Server is valid for a client subnet. After the Proximity Cache Timeout period has elapsed, any new request from the same client subnet causes the SR to query the

Proximity server for a new proximity response. The proximity range is from 1 to

86400. The default is 1800.

Proximity ratings for overlapping subnets are not cached.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-112

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-53 Request Routing Settings—General Settings Fields (continued)

Field

Proximity Server

Host [1-8]

Password

Description

The IP address of the Proximity Server. If you are using the collocated Proximity

Engine as one of the Proximity Servers, enter 127.0.0.1 as the IP address.

The selection of the Proximity Server is based on the lowest IP address. If there is only one Proximity Server, the SR uses that server. If another Proximity Server is configured with an IP address lower than the first one, the SR sends a request to the newly configured Proximity Server, and if it responds, the SR uses the new

Proximity Server with the lower IP address.

Password of the Proximity Server.

For more information on configuring the Proximity Engine, see the

“Configuring the Proximity Server Settings” section on page 4-117

.

Last Resort Routing for Exceeded Bandwidth

Enable Last

Resort Routing

For Exceeded

Bandwidth

When you enable the Enable Last Resort Routing For Exceeded Bandwidth check box, if the bandwidth quota exceeds, then the request is routed to the last resort domain based on the last resort routing configuration.

If you uncheck the Enable Last Resort Routing For Exceeded Bandwidth check box, and the bandwidth quota exceeds, then the SR will respond to service unavailable 503 error message.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Geo-Location Servers

The Geo-Location servers work with the following VDS-IS features:

• Location-based routing

• Authorization Service

For location-based routing, the Geo-Location servers identifies the latitude and longitude of a client based on the IP address of the client. The Request Routing Engine compares the latitude and longitude of each Service Engine, which is defined in the Coverage Zone file, with the latitude and longitude of the client to assign a Service Engine that is geographically closest to the client. For more information on location-based routing, see the

“Location-Based Routing” section on page 1-41 and

Appendix C,

“Creating Coverage Zone Files.”

For Authorization Service, the Geo-Location servers identify the city, state, country, Netspeed, connection_type, line_speed, asn, carrier, and anonymizer_status of the client based on the IP address of the client. The Authorization Service on the Service Engine compares the city, state, and country of the client with city, state, and country defined in the Authorization Service file. If a match is found, the client is either allowed or denied based on what is specified in the Authorization Service file. For more information about configuring the Authorization Service, see the

“Configuring the Authorization

Service” section on page 4-29 .

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-113

Chapter 4 Configuring Devices

Configuring the Service Router

Note Starting with Release 3.3, in addition to the city, state, and country, the Geo-Location servers will also identify Netspeed, connection_type, line_speed, asn, carrier, and anonymizer_status of the client based on the IP address of the client.

Caching Geo-Location Server Information

The SR or SE caches the Geo-Location information returned from the Geo-Location servers and the device (SE or SR) queries their own cache first before contacting the Geo-Location servers. If the IP address of the client is found in the cache on the device, the lookup is performed using that information and the Geo-Location servers are not contacted.

For location-based routing, the SR caches up to 10,000 IP addresses. The IP addresses are discrete, which means that they do not describe subnets. By default, the cached information expires after 8 days

(691,200 seconds). The time interval that the cache expires is configurable by setting the Location

Cache Timeout field. If the cache is full, the entries are replaced according to the least recently used

(LRU) mechanism.

For Authorization Service, the SE caches information on the country of 10,000 clients. The cached information expires after 8 days. If the cache is full, the entries are replaced according to the LRU mechanism.

Note Currently, there is no command to clear the Geo-location cache on the device.

Starting with Release 3.3, if the Geo Server type is changed, for example, Quova GDS to Quova Hosted,

MaxMind Hosted service b to MaxMind Hosted service e, the cache will be cleared.

Redundant Geo-Location Servers

The VDS-IS offers the ability to configure primary and secondary Geo-Location servers. In the event that the primary server is unreachable, the secondary Geo-Location server is contacted. The secondary

Geo-Location server is then used unless it becomes unreachable, in which case the primary

Geo-Location server is contacted. The Geo-Location server configuration determines the time to wait before failing over to the other server. The default is 245 milliseconds.

For the location-based routing feature, and the Authorization Service feature, the cached client information on the VDS-IS device is checked first before querying the Geo-Location servers.

For location-based routing, if both primary and secondary Geo-Location servers are down, the VDS-IS uses the default route configured through the zero-IP based configuration in the Coverage Zone file. For more information, see the

“Zero-IP Based Configuration” section on page C-2 .

For Authorization Service, if both the primary and secondary Geo-Location servers are down, a request denied message is returned to the client. The type of message that is returned depends on the protocol engine (for example, the Flash Media Streaming engine sends “Denied by auth server”). However, the client receives the same denied message from the protocol engine whether the client is denied based on the Authorization Service configuration, or based on the Geo-Location servers being down and the client information not being available in the SE cache.

Communicating with Geo-Location Servers

VDS-IS supports the following Geo servers:

• quova quova-restful-gds

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-114

Chapter 4 Configuring Devices

Configuring the Service Router

• quova-restful-hosted

• maxmind-restful-hosted

The Geo-location information of a client IP address is obtained from an external server. The VDS-IS communicates with the quova servers by using a proprietary version of TCP. RESTful API is used to communicate with quova-restful-gds servers, quova-restful-hosted servers, and maxmind-restful-hosted servers.

Configuring IP-based Redirection

IP-based redirection uses IP addresses to route client requests to the SR and on to the SE. For more information, see the

“IP-Based Redirection” section on page 1-37 .

Note The Web Engine does not support IP-based redirection.

To enable IP-based redirection, follow these steps:

Step 1

Step 2

Choose Devices > Devices > Routing Settings > Request Routing Settings > IP-Based Redirection .

The IP-Based Redirection page is displayed.

Check the Enable IP-based Redirection check box and click Submit .

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring DNS-based Redirection

DNS-based redirection uses the status of the Web Engine to route the client requests to the SR.

To enable DNS-based redirection, follow these steps:

Step 1

Step 2

Choose Devices > Devices > Routing Settings > Request Routing Settings > DNS Based Redirection .

The DNS Based Redirection page is displayed.

Enter the settings as appropriate. See

Table 4-54

for a description of the fields.

Table 4-54 DNS Based Redirection Fields

Enable Redirect

Based on WE

Status

Enable for All

Domains

Check the Enable Redirect Based on WE Status check box to enable

Redirection based on the Web Engine status. The Enable Redirect Based on

WE Status is disabled by default.

Check the Enable for All Domains check box to enable Redirection for all domains. The Enable for All Domains is disabled by default.

Note A domain list will be maintained if Enable for All Domains is not selected.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-115

Chapter 4 Configuring Devices

Configuring the Service Router

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring Redirect Burst Control

The SR learns about the state of the SEs through the keepalive messages between the SEs and the SR.

The keepalive messages occur every two seconds. If a burst of client requests occurs between two keepalive messages, the SR may not know about the current state of the SE, and might route a request to an already overloaded SE. This scenario can happen during mixed traffic, because each protocol engine has different memory and CPU requirements.

The Redirect Burst Control page allows you to configure how many requests (transactions per second

[TPS]) the SR should redirect to an SE during a burst.

To configure the redirect burst control, follow these steps:

Step 1

Step 2

Step 3

Step 4

Choose Devices > Devices > Routing Settings > Request Routing Settings > Redirect Burst Control .

The Redirect Burst Control page is displayed.

Check the Enable Redirect Burst Control check box. The Redirect Burst Control is disabled by default.

In the Rate field, enter the maximum TPS the SR can send to an SE. The default is 100000. The range is from 1 to 100000.

Click Submit .

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring Cross-Domain Policy

The Access Policy page allows you to enable the Cross-Domain Policy feature on the SR. For more information, see the

“Cross-Domain Policy” section on page 1-46

.

To enable the cross-domain policy, follow these steps:

Step 1

Step 2

Choose Devices > Devices > Routing Settings > Request Routing Settings > Access Policy . The

Access Policy page is displayed.

Check the Enable Access Policy check box and click Submit .

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-116

Chapter 4 Configuring Devices

Configuring the Service Router

Configuring the Proximity Server Settings

The Proximity Server Settings are available when you choose the SR & Proximity Engine as the Work

Type in the Device Activation page for the SR. See the

“Activating a Service Router” section on page 4-106

for more information. The Proximity Server Settings pages are only for a Proximity Engine that is collocated with the SR. To configure a standalone Proximity Engine, see the Cisco Videoscape

Distribution Suite, Internet Streamer 4.2.1 Command Reference .

To include the Proximity Engine on the SR as one of the Proximity Servers, you must enable proximity-based routing and add 127.0.0.1 as one of the Proximity Servers. See the

“Configuring

Request Routing Settings” section on page 4-110 for more information.

Note The Proximity Engine is only supported on the CDE205 platform.

For more information on the Proximity Engine, see the

“Proximity Engine” section on page 1-48 .

The Proximity Server Settings for the Proximity Engine consists of the following pages:

• General Settings—Enables the BGP proximity algorithms

IS-IS—Configures IS-IS adjacencies

OSPF—Configures the OSPF adjacencies

BGP—Configures the location community for the BGP community-based proximity

SRP—Configures Service Routing Protocol (SRP)

IGP and BGP protocol peering with the network routers are the basic building blocks for the proximity calculation. The peering with the routers is to learn the network topology and compute the best path for each prefix. Prefixes are deposited to the routing information base (RIB).

Note Although the Proximity Engine participates in both IGP and BGP with the routers, the routes that the

Proximity Engine learns are purely for proximity computation only. Proximity Engine is not a router.

For the proximity function to work, at least one of the following is required:

• Enabled link-state protocol, such as OSPF or IS-IS for IGP proximity, which is required if the

Proximity Engine is going to peer with IGP routers.

• Enabled policy routing protocol, such as BGP for best-path proximity and location-community proximity, which is required if the Proximity Engine is going to peer with BGP routers.

Note All BGP routes must resolve to IGP next hops or directly connected routes.

Note Only one IGP (IS-IS or OSPF) is supported for the Proximity Engine.

Enabling the BGP Proximity Algorithms

See the

“BGP Proximity Algorithms” section on page 1-50

for more information.

To enable the BGP community-based proximity, follow these steps:

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-117

Chapter 4 Configuring Devices

Configuring the Service Router

Step 1

Step 2

Choose Devices > Devices > Routing Settings > Proximity Server Settings > General Settings . The

Proximity Routing General Settings page is displayed.

To enable the BGP best-path proximity, check the Enable proximity algorithm BGP best-path check box.

Step 3

Step 4

Note The BGP best-path proximity algorithm requires the configuration of the BGP proximity settings. See the

“Configuring the BGP Community-based Proximity Settings” section on page 4-124 .

To enable the BGP community-based proximity, check the Enable proximity algorithm BGP location-community check box, and from the Match mode drop-down list, choose either Normal or

Strict .

The Strict option instructs the Proximity Engine to return UINT-MAX as the proximity rating for PTAs that are not associated with the PSA by way of any location-community attribute. This setting is global and applies to all proximity requests. If PSA is BGP and has no community attributes, then all PTAs get

UINT_MAX rating. If the PSA is IGP, then this setting does not apply and other proximity algorithms,

BGP best-path and IGP metric, are used to rate the PTAs in the proximity request.

The Normal option retains the normal functioning of the BGP proximity algorithm.

To enable the BGP redirect proximity, check the Enable proximity algorithm BGP redirect check box.

Note The redirect proximity algorithm requires the configuration of the BGP and the SRP proximity settings. See the

“Configuring the BGP Community-based Proximity Settings” section on page 4-124 and the

“Configuring SRP” section on page 4-127 for more information.

Step 5 Click Submit .

To remove the settings, click the Delete icon.

To restore the default settings, click the default settings icon.

Configuring the IS-IS Adjacencies

The Proximity IS-IS page allows the Proximity Engine to establish an adjacency with its directly connected neighbor and to receive the whole LSDB content. Protocol parameters, such as IS-type and

IS network entity title (NET), vary according to network topology and deployment.

IS-IS is a link-state routing protocol for IGP. Its protocol stack runs directly on Layer 2. The main characteristic of the link-state protocols is that every node in the network contains an exact view of the routing topology. It has faster convergence than vector distance protocols. Each node in the network generates a link state packet (LSP) to describe its neighbors. The LSP is flooded throughout the network to every node. Reliability of the flooding is obtained by Complete Sequence Number Packet (CSNP) which is sent by the Designator Router (DR) periodically in the LAN. CSNP describes all of the LSPs that the DR contains. The receiver of the CSNP can compare what it has against what is listed in the

CSNP and requests the missing LSPs from the DR. Each node uses Dijkstra’s algorithm (shortest path first [SPF]) to compute the routes from the LSPs. Routes are then added into the routing information base (RIB).

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-118

Chapter 4 Configuring Devices

Configuring the Service Router

Note Only one IGP (IS-IS or OSPF) is supported for the Proximity Engine.

To configure the IS-IS adjacencies, follow these steps:

Step 1

Step 2

Step 3

Choose Devices > Devices > Routing Settings > Proximity Server Settings > IS-IS > General

Settings . The Proximity IS-IS page is displayed.

To enable ISIS adjacencies, check the Enable check box and click Submit . The Create new Proximity

IS-IS interface icon is displayed.

Enter the settings as appropriate. See

Table 4-55

for a description of the fields.

Table 4-55 Proximity IS-IS Fields

Field

Network Entity

Enable log-adjacency-changes

LSP MTU

Description

Enter the Network Entity (network entity title [NET]) for a Connectionless

Network Service (CLNS). Under most circumstances, one and only one NET must be configured. A NET is a network service access point (NSAP) where the last byte is always zero and the length can be 8 to 20 bytes. The last byte is always the n-selector and must be zero.

The six bytes directly in front of the n-selector are the system ID. The system

ID length is a fixed size and cannot be changed. The system ID must be unique throughout each area (Level 1) and throughout the backbone (Level 2). All bytes in front of the system ID are the area ID. The area ID must match the area ID of the IS-IS router that the Proximity Engine is peering with.

A NET must be configured to define the system ID and area ID.

Check the Enable log-adjacency-changes check box to enable logging of changes to adjacency. When enabled, syslog messages are sent whenever an

IS-IS neighbor goes up or down.

Set the maximum transmission unit (MTU) size, in bytes, for link state packets (LSPs). The LSP MTU size describes the amount of information that can be recorded in a single LSP. The LSP MTU range is from 128 to 4352. If the LSP MTU is not configured, the default is used. The default is 1492.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-119

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-55 Proximity IS-IS Fields (continued)

Field

IS-Type

Authentication Type

[Level-1 or Level-2]

Description

From the IS-Type drop-down list, choose one of the following routing algorithms:

• level-1 —Level 1 is intra-area. The Proximity Engine learns only about destinations inside its area.

level-1-2 —The Proximity Engine runs both Level 1 and Level two routing algorithms.

For Level 1, it has one link state packet database (LSDB) for destinations inside the area (Level 1) and runs a shortest path first (SPF) calculation to discover the area topology.

For Level 2, it also has another LSDB with link-state packets (LSPs) of all other backbone (Level 2) routers, and runs another SPF calculation to discover the topology of the backbone, and the existence of all other areas.

• level-2 —The Proximity Engine communicates with Level 2 (inter-area) routers only. The Proximity Engine is part of the backbone and does not communicate with Level 1-only routers in its own area.

The default is level-1-2 .

From the Authentication Type Level-1 drop-down list or the Authentication

Type Level-2 drop-down list, choose one of the following authentication types for the corresponding level:

None —Do not use MD-5 authentication cleartext —Do not encrypt the key

Enable Authentication

Check

[Level-1 or Level-2]

• md5 —Encrypt the key

To enable authentication check for Level 1, check the Enable Authentication

Check Level-1 check box. To enable authentication check for Level 2, check the Enable Authentication Check Level-2 check box.

Authentication

KeyChain

[Level 1 or Level-2]

When enabled, packets that do not have the proper authentication are discarded. When disabled, IS-IS adds authentication to the outgoing packets, but does not check authentication on incoming packets, which allows for enabling authentication without disrupting the network operation.

Specify the key chain to be used for the authentication for corresponding level. The key chain can be up to 64 alphanumeric characters.

Step 4

Step 5

Step 6

Step 7

Click Submit . The Create new Proximity IS-IS Interface icon displays.

To delete the IS-IS configuration, click the Delete icon.

To configure the proximity IS-IS interface, click the Create new Proximity IS-IS Interface icon. The

Proximity IS-IS Interface page is displayed.

From the Name drop-down list, choose an interface to configure for IS-IS. The number of available interfaces depends on the CDE.

Enter the settings as appropriate. See Table 4-56 for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-120

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-56 Proximity IS-IS Interface Fields

Field Description

Enable IP IS-IS router Check the Enable IP IS-IS router check box to enable IS-IS routing protocol on this interface.

IS-IS Priority for level-1

IS-IS Priority for level-2

IS-IS Circuit Type

Enter the priority of this interface for IS-IS Level 1(intra-area) priority. The higher the priority value, the more likely a router becomes the designated router (DR) in the Level 1 area; therefore, because the Proximity Engine is not a router, make sure the priority level is such that it will not interfere with the election of the DR. The IS-IS Priority for level-1 range is from 0 to 127. The default is 64.

Enter the priority of this interface for IS-IS Level 2 (inter-area) priority. The higher the priority value, the more likely a router becomes the designated router (DR) in the Level 2 area; therefore, because the Proximity Engine is not a router, make sure the priority level is such that it will not interfere with the election of the DR. The IS-IS Priority for level-2 range is from 0 to 127. The default is 64.

From the IS-IS Circuit Type drop-down list, choose one of the following adjacency levels:

• level-1 —For Level 1 adjacency level-1-2 —For Level 1 and Level 2 adjacency

IS-IS Authentication

Type [Level-1 or

Level-2]

• level-2 —For Level 2 adjacency

The default is level-1-2 .

From the Authentication Type Level-1 drop-down list or the Authentication

Type Level-2 drop-down list, choose one of the following authentication types for the corresponding level:

• None —Do not use MD-5 authentication

Enable IS-IS

Authentication Check

[Level-1 or Level-2]

• cleartext —Do not encrypt the key md5 —Encrypt the key

To enable authentication check for Level 1, check the Enable Authentication

Check Level-1 check box. To enable authentication check for Level 2, check the Enable Authentication Check Level-2 check box.

IS-IS Authentication

KeyChain

When enabled, packets that do not have the proper authentication are discarded. When disabled, IS-IS adds authentication to the outgoing packets, but does not check authentication on incoming packets, which allows for enabling authentication without disrupting the network operation.

Specify the key chain to be used for the authentication for corresponding level.

The key chain can be up to 64 alphanumeric characters.

[Level 1 or Level-2]

Step 8

Step 9

Click Submit .

To delete an IS-IS interface configuration, click the Edit icon for the interface, then click the Delete icon in the task bar.

Repeat Step 5

through

Step 8 for each IS-IS interface.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-121

Chapter 4 Configuring Devices

Configuring the Service Router

Step 10

Step 11

Step 12

Step 13

Step 14

Step 15

To configure the MD-5 key chains for IS-IS, choose Devices > Devices > Routing Settings > Proximity

Server Settings > IS-IS > MD5 Settings . The IS-IS Keychain page is displayed.

Click the Create new KeyChain icon. The Creating New KeyChain page is displayed.

In the Key ID field, enter the identifier for the keychain and click Submit . The page refreshes.

The Key ID is identifier for the multiple key IDs that can be configured for the key chain.

Click the Create New KeyChain Key icon. The KeyChain Key page is displayed.

In the Key ID field, enter the key ID. The range is from 0 to 65535.

In the Key String field, enter the key string to be used for authentication. The key string can be up to 64 alphanumeric characters, except a space, single (‘) and double quotes (“), and the “|” symbol.

Configuring the OSPF Adjacencies

The Proximity OSPF page allows the Proximity Engine to establish an adjacency with its directly connected neighbor (router) to receive the whole LSDB content. Other OSPF settings depend on network topology, deployment and configuration of neighbor nodes.

OSPF is a link-state routing protocol for IGP. It runs on top of the IP protocol stack. Each node describes its neighbors in the link state advertisement (LSA) packets. The LSAs are flooded throughout the OSPF nodes. Each node uses shortest path first (SPF) to compute routes from the LSAs. The routes are then deposited into the RIB.

Note Only one IGP (IS-IS or OSPF) is supported for the Proximity Engine.

To configure the OSPF adjacencies, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Choose Devices > Devices > Routing Settings > Proximity Server Settings > OSPF . The Proximity

OSPF page is displayed.

To enable OSPF adjacencies, check the Enable check box and click Submit . The Create new icons for

Proximity OSPF Network, Proximity OSPF Area, and Proximity OSPF Interface icons display.

To delete the OSPF configuration, click the Delete icon.

Check the Enable log-adjacency-changes check box to enable logging changes to the adjacency and click Submit .

To delete the OSPF configuration, click the Delete icon.

To configure the proximity OSPF network, click the Create new Proximity OSPF Network icon. The

Proximity OSPF Network page is displayed.

Enter the settings as appropriate. See Table 4-57 for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-122

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-57 Proximity OSPF Network Fields

Field

IP Prefix

Description

IP address that is used in combination with the Network Mask to produce the IP prefix. The IP prefix is used to define the OSPF area and consists of a combination of the IP address and netmask.

Wildcard Mask Network mask is used with the IP Prefix to define the area on this network. The mask contains wild card bits where 0 is a match and 1 is a “do not care” bit, for example,

0.0.255.255 indicates a match in the first two bytes of the network number.

Area ID Identifier of the area for which IP prefix defines. The identifier can be specified as either a decimal value or an IP address. Valid entries are from 0 to 4294967295 or an

IP address (A.B.C.D) can be used if you intend to associate areas with IP subnets.

Each area is interface specific. For OSPF to operate on the OSPF interface, the primary address of the interface must be covered by the network area. The Proximity

Engine sequentially evaluates the IP Prefix/ Network Mask pair for each interface as follows:

1. The Network Mask is logically ORed with the OSPF interface IP address.

2. The Network Mask is logically ORed with the IP Prefix .

3. The software compares the two resulting values. If they match, OSPF is enabled on the associated interface and the associated OSPF interface is attached to the OSPF area specified.

There is no limit to the number of network areas that can be configured.

Note An interface can only be associated to a single area. If the address ranges specified for different areas overlap, the software adopts the first area in the list and ignores the subsequent overlapping portions. In general, we recommend that you configure address ranges that do not overlap to avoid inadvertent conflicts.

When a smaller OSPF network area is removed, the OSPF interfaces belonging to that network area are retained and remain active if a larger network area that encompasses those interfaces still exists. Interfaces that are part of a larger area are removed and become part of another area only if the other area is a smaller area

(subset) of the larger area.

Step 6

Step 7

Step 8

Step 9

Click Submit .

To delete an OSPF network configuration, click the Edit icon for the network, then click the Delete icon in the task bar.

Repeat Step 4

through

Step 6 for each OSPF network.

To delete an OSPF network, click the OSPF network to display the settings and click the Delete icon.

To configure the proximity OSPF area, click the Create new Proximity OSPF Area icon. The Proximity

OSPF Area page is displayed.

Enter the settings as appropriate. See

Table 4-58

for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-123

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-58

Field

Area ID

Type

Proximity OSPF Area Fields

Description

Enter an Area ID that was defined in the Proximity OSPF Network page.

Choose one of the following area types:

• NSSA (not-so-stubby area)—For areas that include an autonomous system boundary router (ASBR) that generates type 7 LSAs and an area border router (ABR) that translates them into type 5 LSAs.

• Stub—An area with only one OSPF router that does not contain an ASBR.

Step 10

Step 11

Step 12

Step 13

Step 14

Step 15

Step 16

Click Submit .

To delete an OSPF area configuration, click the Edit icon for the area, then click the Delete icon in the task bar.

Repeat

Step 8 through

Step 10 for each OSPF area.

To delete an OSPF area, click the OSPF area to display the settings and click the Delete icon.

To configure the proximity OSPF network, click the Create new Proximity OSPF Interface icon. The

Proximity OSPF Interface page is displayed.

From the Name drop-down list, choose an interface to configure for OSPF. The number of available interfaces depends on the CDE.

In the OSPF Priority field, enter the OSPF priority. The range is 0 to 255. The default is 1.

The highest OSPF priority on a segment becomes the designated router (DR) for that segment. A priority value of zero indicates an interface which is not to be elected as DR or backup designated router (BDR).

Click Submit .

To delete an OSPF interface configuration, click the Edit icon for the interface, then click the Delete icon in the task bar.

Repeat

Step 12

through

Step 15 for each OSPF interface.

Configuring the BGP Community-based Proximity Settings

A BGP community is a group of prefixes that share some common property and can be configured with the BGP community attribute. The BGP community attribute is an optional transitive attribute of variable length. The attribute consists of a set of four octet values that specify a community. The community attribute values are encoded with an autonomous system (AS) number in the first two octets, with the remaining two octets defined by the AS. A prefix can have more than one community attribute. A BGP speaker that sees multiple community attributes in a prefix can act based on one, some, or all of the attributes.

See the

“BGP Proximity Algorithms” section on page 1-50 for more information.

To configure the BGP community-based proximity settings, follow these steps:

Step 1

Step 2

Choose Devices > Devices > Routing Settings > Proximity Server Settings > BGP . The Proximity

BGP page is displayed.

In the Local AS Number field, enter the AS number that identifies the Proximity Engine and tags the routing information that is passed along.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-124

Chapter 4 Configuring Devices

Configuring the Service Router

Step 3

Step 4

Step 5

AS numbers are globally unique numbers that are used to identify autonomous systems, and which enable an AS to exchange exterior routing information between neighboring autonomous systems. An

AS is a connected group of IP networks that adhere to a single and clearly defined routing policy.

There are a limited number of available AS numbers. Therefore, it is important to determine which sites require unique AS numbers and which do not. Sites that do not require a unique AS number should use one or more of the AS numbers reserved for private use, which are in the range from 64512 to 65535.

Check the Enable Log Neighbor Changes check box to enable logging of status changes (up, down, or resets) to BGP neighbors.

Use the show ip bgp neighbors command to view the status changes.

Click Submit . The Create new icons for Location Community for BGP and Neighbor for BGP icons display.

To delete the BGP configuration, click the Delete icon.

To configure a BGP location community, click the Create new Location Community for BGP . The

BGP Location Community page is displayed.

Note The maximum number of location communities allowed for each SE is 128. The show running-config command displays the location communities in ascending order.

Step 6

Step 7

In the Location Community field, enter the location community for the AS in one of the following formats:

<AS>:<POP>

<AS1>:<POP1>-<AS2>:<POP2>

The location community numbers are used within the network to locate prefix origination points. The configuration includes all community values that represent a location. The Location Community field entry could be in the form of a list of community numbers, for example, 100:3535, 100:4566, 100:5678,

100:5678, 100:6789. Or, the community numbers can be expressed as intervals, such as

100:3000-100:4000, 100:5000-100:6000, and so on.

In the optional Target Community field, enter the target community that you want to associate with the

Location Community.

If Target Community field is left blank, it is the same as the Location Community. So, if the target community is not specified, the PSA and PTA must have a common community for the PTA to be considered in the preference and ranking.

In certain deployments it is advantageous to include certain PTAs even though the PTAs do not share any community attributes with the PSA. A common example is an SE in a city close to the client PC; in such case, the SE might not share any community attributes with the client PC, but should be preferred over another SE in a far-away city. The Target Community field provides a way to associate PSA and PTA community attributes with each other and to assign a preference level ( Weight ) to that association.

The Target Community values have the same format and restrictions as the Location Community field, which are the following:

• Must match the pattern: <AS1>:<POP1>[-<AS2>:<POP2>]

AS1 and AS2 must be in the range 1–65535.

POP1 and POP2 must be in the range 0–65535.

AS2 should be greater than AS1, or POP2 should be greater than POP1 if AS2 equals to AS1.

New BGP community setting should make sure that target community and local community pair is unique and not existent.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-125

Chapter 4 Configuring Devices

Configuring the Service Router

Note Source community ranges are not allowed to overlap. A maximum of 240 unique specific source or range source community configurations can be entered. Each unique specific source or range source community can be associated with a maximum of 240 unique specific target or range target communities.

Step 8

Step 9

Step 10

Step 11

In the optional Weight field, enter the weight to be assigned to the location community. The default is

1. The range is from 1 to 7 with 7 being the best association (most preferred). An association weight of

0 implicitly means no association (least preferred).

The weight is considered in the proximity ranking algorithm. If PTA1 and PTA2 have at least one community in common as the PSA, then the weight assigned to the location community is considered.

The larger the number, the more weight the community has. If PTA1 has a weight of 5 and PTA2 has a weight of 2, PTA1 is preferred over PTA2.

Click Submit .

To configure a BGP neighbor, click the Create new Neighbor for BGP . The BGP Neighbor page is displayed.

Enter the settings as appropriate. See Table 4-59 for a description of the fields.

Table 4-59 BGP Neighbor Fields

Field

IP address

Remote AS Number AS number to which the neighbor belongs. The range is from 1 to 65535).

EBGP multihop TTL Time-to-live value for the external BGP (eBGP) multihop scenarios. The range is from 2 to 255. The default is 1.

Keep Alive Interval

Hold Timer

The keepalive interval, in seconds, for a BGP peer. The range is from 0 to 3600.

The default is 60.

The hold timer interval, in seconds, for a BGP peer. The range is from 0 to

3600. The default is 180.

Password

Description

IP address of the neighbor.

Enter the password to enable Message Digest 5 (MD-5) authentication on a

TCP connection between the Proximity Engine and the BGP neighbor.

The password is case sensitive and can be up to 79 characters. The first character cannot be a number. The string can contain any alphanumeric characters, including spaces. You cannot specify a password in the format number-space-anything. The space after the number can cause authentication to fail.

Step 12

Step 13

To delete an BGP neighbor configuration, click the Edit icon for the neighbor, then click the Delete icon in the task bar.

Click Submit .

Repeat

Step 10

through

Step 12 for each BGP neighbor.

To delete a BGP neighbor, click the BGP neighbor to display the settings and click the Delete icon.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-126

Chapter 4 Configuring Devices

Configuring the Service Router

Configuring SRP

The Service Routing Protocol (SRP) uses distributed hash table (DHT) technology to form a distributed network of Proximity Engines. For more information, see the

“Service Routing Protocol” section on page 1-51

.

Note SRP is required if the Redirect proximity algorithm is enabled. SRP is used to gather and store

information about all of the Proximity Engines that are available for redirection. See the “Configuring the BGP Community-based Proximity Settings” section on page 4-124

for more information.

To configure SRP, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Step 8

Step 9

Choose Devices > Devices > Routing Settings > Proximity Server Settings > SRP . The SRP page is displayed.

To enable SRP, check the Enable check box and click Submit . The Create new Bootstrap for SRP icon is displayed.

In the Domain field, enter a number that identifies the domain. The range is from 0 to 4294967295. The default is 0.

All Proximity Engines running SRP routing with the same domain ID form a single network if the nodes are found through a bootstrap node. By changing a Proximity Engine’s domain, the Proximity Engine leaves its current network.

We recommend that a domain ID value be configured for your DHT network so that all Proximity

Engines that join this network share the same domain ID.

In the Flooding Threshold field, enter the maximum number of subscribers to flood or send messages to. The range is from 0 to 65535. The default is 50.

SRP uses flooding to send multicast messages for a multicast group if the number of subscribers in the group is equal to or more than the value specified in Flooding Threshold . An effective threshold value may improve protocol message overhead. The threshold value depends on the number of nodes in your

DHT network. In general, the threshold value should be greater than half and smaller than 3/4 of the total number of DHT nodes in the network.

Click Submit .

To delete the SRP configuration, click the Delete icon.

To configure a SRP bootstrap, click the Create new Bootstrap for SRP . The Bootstrap SRP page is displayed.

In the Bootstrap IP address field, enter the IP address of the bootstrap node.

An IP address of a bootstrap node must be configured for each Proximity Engine before the Proximity

Engine can join the network with others under the same domain ID. The first Proximity Engine in the network, which acts as the bootstrap node for others, does not need to configure its self as the bootstrap node; this is the only exception to configuring a bootstrap node. All other nodes must have the bootstrap node configured before they can join a DHT network. A maximum 25 bootstrap nodes are allowed per

Proximity Engine. The port number for a bootstrap node is 9000.

Click Submit .

Repeat Step 6

through

Step 8 for each bootstrap node.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-127

Chapter 4 Configuring Devices

Configuring the Service Router

To delete a bootstrap node, click the edit icon next to the IP address of the bootstrap node to display the settings and click the Delete icon.

Configuring Application Control

The Application Control pages allow you to enable Flash Media Streaming, to enable HTTP proxy on an SR, and to enable HTTP 302 redirection for Windows Media Technology files with an .asx extension.

To configure the application control for the SR, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Choose Devices > Devices . The Devices Table page is displayed.

Click the Edit icon next to the SR that you want to configure. The Devices home page is displayed.

Click Show All to display the top-level menu options, and choose Application Control .

To enable Flash Media Streaming on the SR, choose Flash Media Streaming > General Settings . The

Flash Media Streaming Settings page is displayed.

a.

Check the Enable Flash Media Streaming check box.

b.

Click Submit .

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

To enable service monitoring for Flash Media Streaming on the SR, choose Flash Media Streaming >

Service Monitoring . The Service Monitoring Settings page is displayed.

a.

b.

Check the Enable Service Monitoring check box.

Click Submit .

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

To enable the HTTP 302 redirection for Windows Media Technology files with an .asx extension, follow these steps: a.

Choose Web > HTTP > HTTP Redirect . The HTTP Redirect Settings page is displayed.

b.

c.

Check the Enable HTTP 302 for .asx File check box.

Click Submit .

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring Load Monitoring

For information on configuring all general settings, except load monitoring and last-resort routing, see the

“General Settings” section on page 4-52

.

Load monitoring provides the following functionality:

• Monitoring and aggregates of the load information of all SEs in the VDS-IS

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-128

Chapter 4 Configuring Devices

Configuring the Service Router

• Monitoring and aggregates of all SEs assigned to a specific Delivery Service (domain)

Minor alarms are raised when the monitored load exceeds the configured average or maximum threshold for all SEs in a Delivery Service or all SEs in the VDS-IS.

To configure load monitoring, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Step 8

Choose Devices > Devices . The Devices Table page is displayed.

Click the Edit icon next to the SR that you want to configure. The Devices home page is displayed.

Click Show All to display the top-level menu options, and choose General Settings > Notification and

Tracking > CDS Monitor > General Settings . The CDS Monitor General Settings page is displayed.

In the Sample Period field, enter the number of seconds between two consecutive samples. The sample period is the time during which the SE and the SR exchange keepalive messages that contain the device information. The default is 2. The range is from 1 to 300.

Check the Enable check box to enable load monitoring. If the Enable check box is not checked, the

Streamer Settings and Domain Settings pages do not take effect.

Click Submit .

To enable the monitoring of all SEs in the CDS and configure the aggregate thresholds for the CDS, choose Devices > Devices (SR) > G eneral Settings > Notification and Tracking > CDS Monitor >

Streamer Settings . The CDS Monitor Settings page is displayed.

Enter the settings as appropriate. See

Table 4-62

for a description of the fields.

Table 4-60 CDS Load Monitoring Fields

Field

Enable

Description

Check the Enable check box to enable load monitoring of all SEs in the CDS.

Device Average

Threshold

Note If the Enable check box is not checked on the CDS Monitor General Settings page, the Streamer Settings do not take effect.

Aggregate load value (as a percentage) of the average of all SEs in the CDS. This threshold defines the average device load of all of the SEs in the CDS. If the threshold is exceeded, an alarm is raised. The default is 80. The range is from 1 to

100.

Device

Maximum

Threshold

Aggregate load value (as a percentage) of the maximum of all SEs in the CDS. This threshold defines the maximum device load of all of the SEs in the CDS. If the threshold is exceeded, an alarm is raised. The default is 80. The range is from 1 to

100.

Step 9

Step 10

Step 11

Step 12

Click Submit .

To enable monitoring of specific delivery services (domains) and configure the aggregate thresholds for each domain, choose Devices > Devices (SR) > G eneral Settings > Notification and Tracking > CDS

Monitor > Domain Settings . The Domain Monitor Table page is displayed.

The table is sortable by clicking the column headings.

Click the Create New icon.

Click the Edit icon next to the domain name to edit a table entry.

Enter the settings as appropriate. See

Table 4-61

for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-129

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-61 Domain Load Monitoring Fields

Field Description

Domain Name The service routing fully qualified domain name (RFQDN) (for example, srfqdn.cisco.com) configured for the Delivery Service.

Enable Check the Enable check box to enable load monitoring of this domain.

Device Average

Threshold

Device

Maximum

Threshold

Note If the Enable check box is not checked on the CDS Monitor General Settings page, the Domain Settings do not take effect.

Aggregate load value (as a percentage) of the average of all SEs in the CDS. This threshold defines the average device load of all of the SEs in the CDS. If the threshold is exceeded, an alarm is raised. The default is 80. The range is from 1 to

100.

Aggregate load value (as a percentage) of the maximum of all SEs in the CDS. This threshold defines the maximum device load of all of the SEs in the CDS. If the threshold is exceeded, an alarm is raised. The default is 80. The range is from 1 to

100.

Step 13 Click Submit . The entry is added to the Domain Monitor Table.

To delete a load monitoring configuration for a domain, click the Edit icon for the domain, then click the Delete icon in the task bar.

Configuring Last-Resort Routing

For information on configuring all general settings, except load monitoring and last-resort routing, see the

“General Settings” section on page 4-52

.

Note When DNS-based redirection is used, for application-level requests, last-resort redirection is supported.

However, on the DNS plane, an A record with the last-resort domain name or IP address is not returned.

Last-resort routing is useful when all Service Engines have exceeded their thresholds, all Service

Engines in the domain are offline, no Service Engines have been assigned to a particular domain, or the client is unknown. If last-resort routing is configured, the Service Router redirects requests to a configurable alternate domain or translator response domain when all Service Engines serving a client network region are unavailable, or the client is unknown. A client is considered unknown if the client’s

IP address is not part of a subnet range listed in the Coverage Zone file or part of a defined geographical area (for location-based routing) listed in the Coverage Zone file.

Last-resort routing could also be configured to redirect a client to an error domain and filename.

The URL translator provides a way to dynamically translate the client request URL to redirect the client to a different CDN. With the URL translator option, the following occurs if the SR uses last-resort routing for a client request:

1.

2.

The SR contacts the third-party URL translator through the Web Service API. The Web Service API is described in the Cisco Videoscape Distribution Suite, Internet Streamer 4.2.1 API Guide .

The third-party URL translator sends the translated URL in the response to the SR.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-130

Chapter 4 Configuring Devices

Configuring the Service Router

3.

The SR sends a 302 redirect message to the client with the translated URL it received from the third-party URL translator.

The timeout for connecting to the URL translator server is 500 milliseconds. There are no retries if the

URL translator cannot be reached.

If there is no configuration on the URL translator for the requested domain or the connection timeout threshold has been reached, the SR last-resort routing falls back to the alternate domain configuration.

For more information, see the

“Last-Resort Routing” section on page 1-42

.

Note If the last-resort domain or the translator response domain are not configured and the Service Engine thresholds are exceeded, known client requests are redirected to the Origin server (if Enable Origin

Server Redirect is enabled) and unknown clients either receive an error URL (if the Error Domain and

Error Filename fields are configured), or a 404 “not found” message.

Unknown clients are only redirected to the alternate domain (last-resort domain) or translator response domain when the Allow Redirect All Client Request check box is checked or the equivalent service-router last-resort domain < RFQDN > allow all command is entered.

To configure last-resort routing, follow these steps:

Table 4-62

Step 1

Step 2

Step 3

Step 4

Step 5

Choose Devices > Devices . The Devices Table page is displayed.

Click the Edit icon next to the SR that you want to configure. The Devices home page is displayed.

Click Show All to display the top-level menu options, and choose General Settings > Last Resort . The

Last Resort Table page is displayed.

The table is sortable by clicking the column headings.

Click the Create New icon.

Click the Edit icon next to the domain name to edit a table entry.

Enter the settings as appropriate. See

Table 4-62

for a description of the fields.

Service Router Last Resort Fields

Field

Domain Name

Description

The service routing fully qualified domain name (RFQDN) (for example, srfqdn.cisco.com).

Allow Redirect

All Client Request

Check the Allow Redirect All Client Request check box to redirect all unknown clients to the alternate domain or content origin.

If the Allow Redirect All Client Request check box is not checked, unknown clients (clients’ subnets are not included in the Coverage Zone file) receive a 404 message if the error URL is not configured. If the error URL is configured, client requests are redirected to the Error URL.

If the Allow Redirect All Client Request check box is checked, unknown client requests are redirected to the alternate domain; otherwise, they are redirected to the origin server.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-131

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-62 Service Router Last Resort Fields (continued)

Field

Alternate Domain

Name

Description

Domain (for example, www.cisco.com) used to route requests to when the SEs are unavailable, or the client is unknown. A client is considered unknown if the client’s IP address is not part of a subnet range listed in the Coverage Zone file.

Alternate Domain

Port If an Alternate Domain Name is not specified, requests for the domain entered in the Domain Name are routed to the Origin server.

The Alternate Domain Name could be a domain outside the VDS-IS. It could be a third-party CDN or external server. No DNS lookup is performed by the SR to check the liveness of this domain.

Error Domain

Name

Error Domain Port

To specify a different port than the default (80), enter the port number in the Alternate Domain Port field. Default is 80. Range is from 1 to 65535. Well-known port numbers are not allowed. For the list of well-known ports, see the

“System Port Numbers” section on page 8-10 .

To redirect the request to an error URL for any unknown clients or when all SEs in the Delivery Service are unavailable, enter the domain name of the URL.

The Error Domain Name could be a domain outside the VDS-IS. It could be a third-party CDN or external server. No DNS lookup is performed by the SR to check the liveness of this domain.

To specify a different port than the default (80), enter the port number in the Error Domain Port field.

Default is 80. The range is from 1 to 65535. Well-known port numbers are not allowed. For the list of well-known ports, see the

“System Port Numbers” section on page 8-10 .

Error File Name The filename of the error URL (for example, error.html or error/errorfile.flv).

The error URL is made using the Error Domain Name plus the Error File Name. The Error File Name could be a filename with an extension (for example, error.html or errorfile.flv), or a directory and filename (for example, error/errorfile.flv or reroute/reroute.avi), or a filename without an extension. If no extension is specified, the extension is determined by the protocol used in the request.

If a filename has a specific extension, and the request comes from a protocol that does not support the configured extension, the filename extension is automatically changed to an extension that is supported by the protocol.

Translator IP address

Translator Port

Note For Flash Media Streaming, an external FMS server must exist that hosts an application for error handling. The SR redirects Flash Media Streaming requests to an application on the external FMS server. An example of a Flash Media Streaming error URL is rtmp://errordomain.com/< application >, where the application name is any application hosted on that server. The Error File Name, in the case of Flash Media Streaming, is the name of the application.

IP address of the URL translator server. If there is no configuration on the URL translator for the requested domain or the connection timeout threshold has been reached, the SR last-resort routing falls back to the alternate domain configuration.

To specify a different port than the default (80), enter the port number in the Translator Port field.

Default is 80. The range is from 1 to 65535. Well-known port numbers are not allowed. For the list of well-known ports, see the

“System Port Numbers” section on page 8-10 .

Step 6 Click Submit to save the settings. The entry is added to the Last Resort Table.

To delete a last-resort configuration, click the Edit icon for the configuration, then click the Delete icon in the task bar.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-132

Chapter 4 Configuring Devices

Configuring the Service Router

As an example configuration for an error URL to redirect unknown clients to or to redirect clients to when all SEs in the Delivery Service are unavailable follows:

Domain Name—wmt.cdsordis.com

Error Domain Name—ssftorig.ssft.com

• Error File Name—testMessage

This configuration states that for any request where the domain name is wmt.cdsordis.com, if the client

IP address is not included in the Coverage Zone file (or the client is not part of a defined geographical area if location-based routing is enabled) or there are no available SEs assigned to the Delivery Service, redirect the request to ssforig.ssft.com/testMessage.< original_extension >.

To be more specific, if the client request was http://wmt.cdsordis.com/vod/video.wmv and the Service

Rule conditions were met, the client would receive a 302 redirect to http://ssftorig.ssft.com/testMessage.wmv.

If you want the Error File Name to reside in a different directory, you can configure that as well. If the error message file was located in the “vod” directory, then the Error File Name would be configured as vod/testMessage.

Creating ASX Error Message Files for Windows Media Live Programs

It is important to remember that when redirecting a client request for live Windows Media Streaming programs because live programs deliver an ASX file to the client, the error message must have the same format. If you try to use an HTML or JPEG instead of an ASX file, the redirect will not work because the Windows Media player is trying to parse the ASX file.

To satisfy the requirements of the Windows Media player, create an ASX file for the error message file and put the URL to the error message file inside the ASX file. For example, the following is a is a simple

ASX file:

<ASX VERSION="3.0"> <Entry>

<REF HREF="http://<IP-Address-of-Server/path/filename"/>

</Entry> </ASX>

If you want the error file to be a GIF file on server 3.1.1.1 called testMessage.gif under the directory vod, then this file would look like the following:

<ASX VERSION="3.0"> <Entry>

<REF HREF="http://3.1.1.1/vod/testMessage.gif"/>

</Entry> </ASX>

There are other ways to use an ASX file to display information. The following is an example of an approach to have the Windows Media player display an HTML web page with PARM HTMLView:

<ASX version="3.0"> <PARAM name="HTMLView" value="http://111.254.21.99/playlist/error.htm"/> <REPEAT> <ENTRY>

<REF href="http://3.1.1.1/vod/testMessage.gif"/>

</ENTRY> </REPEAT> </ASX>

There are many ways to format and structure ASX files to display whatever error message you want, in whatever format you want.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-133

Chapter 4 Configuring Devices

Configuring the Service Router

Configuring Domain Subscription

The Domain Subscription page allows you to subscribe the SR to specific domains. By default, the SR takes all of the domains specified in the CDSM. By specifying the domains in the Domain Subscription page, the SR only subscribes to the assigned content origins.

Step 1

Step 2

Choose Devices > Devices > General Settings > Domain Subscription . The Domain Subscription page displays all defined content origins of the VDS-IS.

Click the Assign icon (blue cross mark) next to the Content Origin that you want to assign to this SE.

Alternatively, click the Assign All Content Origins icon in the task bar.

Note When you create a new Content Origin, if the SR did not subscribe to any Content Origin before, the

Content Origin is automatically subscribed by the SR. However, if the SR subscribed to a specific

Content Origin, you should subscribe the Content Origin to the SR manually.

A green arrow wrapped around the blue X indicates a content origin assignment is ready to be submitted.

To unassign a Content Origin, click this icon. The Content Origin assignment states are described in

Figure 4-14

.

Figure 4-14 Content Origin Assignment State

Step 3 Click Submit to save the settings.

A green circle with a check mark indicates a Content Origin is assigned to this SR. To unassign the

Content Origin, click this icon, or click the Remove All Content Origins icon in the task bar. Click

Submit to save the changes.

Additionally, the Filter Table icon and View All Content Origins icon allow you to first filter a table and then view all content origins again.

Configuring Memory Limitation Settings

To configure the memory limitation settings for an SR, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Memory Limitation . The Memory Limitation page is displayed.

Enter the settings as appropriate. See Table 4-63 for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-134

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-63

Field service-router fms-server

Memory Limitation Settings Fields

Description

Memory size for Service Router. The default value is 4 GB.

Memory size for Flash Media Server.

If the physical memory size is greater or equal to 48 GB, the default value will be 8 GB. If the physical memory size is between 48 GB and

32 GB, the default value is 6 GB, otherwise the default value is 4 GB.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring Transaction Logs for the Service Router

Transaction logs allow administrators to view the traffic that has passed through the SR. The fields in the transaction log are the client’s IP address, the date and time when a request was made, the URL that was requested, the SE selected to serve the content, the protocol, and the status of the redirect. The SR transaction log file uses the W3C Common Log file format. For more information about transaction logs and their formats, see the

“Service Router Transaction Log Fields” section on page 8-92

.

To enable transaction logging for the SR, follow these steps:

Step 1

Step 2

Choose Devices > Devices > General Settings > Notification and Tracking > Transaction Logging .

The Transaction Log Settings page is displayed.

Enter the settings as appropriate. See

Table 4-64

for a description of the fields.

Table 4-64 Transaction Log Settings Fields

Field

General Settings

Description

Transaction Log Enable Enables transaction logging.

Snapshot Counter Log Enable Enables the Snapshot Counter transaction log. For more information, see the

“Snapshot Counter Transaction Logs” section on page 8-103 .

Compress Files before Export When this check box is checked, archived log files are compressed into gzip format before being exported to external FTP servers.

Archive Settings

Max size of Archive File

Max number of files to be archived

Maximum size (in kilobytes) of the archive file to be maintained on the local disk. The range is from 1,000 to 2,000,000. The default is

500,000.

Maximum number of files to be maintained on the local disk. The range is from 1 to 10,000. The default is 10.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-135

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-64

Field

Archive occurs

Transaction Log Settings Fields (continued)

Description

How often the working log is archived and the data is cleared from the working log. Choose one of the following:

Choose every to archive every so many seconds, and enter the number of seconds for the interval. The range is from 120 to

604800.

Choose every hour to archive using intervals of one hour or less, and choose one of the following:

– at —Specifies the minute in which each hourly archive occurs every —Specifies the number of minutes for the interval (2, 5,

10, 15, 20, or 30)

Choose every day to archive using intervals of one day or less, and choose one of the following:

– at —Specifies the hour in which each daily archive occurs

– every —Specifies the number of hours for the interval (1, 2,

3, 4, 6, 8, 12, 24)

Choose every week on to archive at intervals of one or more times a week, choose the days of the week, and choose what time each day.

Export Settings

Enable Export

Skip Log Types

Export occurs

FTP Export Server

Name

Enables exporting of the transaction log to an FTP server.

Enables to skip exporting of specific transaction logs. By default, no log type chosen to skip export.

How often the working log is sent to the FTP server and the data is cleared from the working log. Choose one of the following:

• Choose every to export every so many minutes, and enter the number of minutes for the interval. The range is from 1 to 100800.

Choose every hour to export using intervals of one hour or less, and choose one of the following:

– at —Specifies the minute in which each hourly export occurs

– every —Specifies the number of minutes for the interval (2, 5,

10, 15, 20, or 30)

Choose every day to export using intervals of one day or less, and choose one of the following:

– at —Specifies the hour in which each daily export occurs every —Specifies the number of hours for the interval (1, 2,

3, 4, 6, 8, 12, 24)

• Choose every week on to export using intervals of one or more times a week, choose the days of the week, and what time each day.

IP address or hostname of the FTP or SFTP server.

Name of the user.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-136

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-64

Field

Password

Directory

SFTP

Key Based

FTP Export IPv6 Server

Splunk UF Export Settings

Export Enable

Throttling

Transaction Log Settings Fields (continued)

Description

Password for the user.

Confirm Password

Note If you check the SFTP and the Key Based check boxes to use key-based authentication with SFTP, you cannot edit the

Password field.

Confirms the password for the user.

Note If you check the SFTP and the Key Based check boxes to use key-based authentication with SFTP, you cannot edit the

Confirm Password field.

Name of the directory used to store the transaction logs on the FTP or

SFTP server.

Check the SFTP check box if you are using an SFTP server.

Check the Key Based check box to use key-based authentication instead of password authentication with the SFTP server.

Note To use this option, you must also upload the Public and Private keys files using CDSM. For more information on uploading these keys, see the

“Configuring SFTP Key File Registration” section on page 4-139 .

IPv6 address or hostname of the FTP or SFTP server.

Enables the automatic export of the selected transaction logs to the designated export server. For more information, see the

“Real-Time

Exporting of Transaction Logs for Billing and Analytic Reports” section on page 8-105 .

If throttling is configured to a value other than zero, the following actions is performed:

• Limits the speed to the specified rate in kilobytes per second through the throughput processor. A value of zero indicates that the speed is not limited.

• Controls the CPU load to the specified rate in kilobytes per second while indexing.

If throttling is set to zero (0), the speed of the throughput processor is not limited.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-137

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-64 Transaction Log Settings Fields (continued)

Field

Max Queue Size

Description

Sets the maximum size of the forwarder's output queue. The size is limited based on the number of entries, or on the total memory used by the items in the queue.

If the maximum queue size specified is a lone integer (for example, maxQueueSize=100), the maxQueueSize indicates the maximum count of queued items.

If the maximum queue size specified is an integer followed by

KB, MB, or GB (for example, maxQueueSize=100MB), the maxQueueSize indicates the maximum RAM size of all the items in the queue.

• If the maximum queue size is set to zero (0), the size of the queue is not limited.

Group Type of Export Servers The Group Type of Export Servers drop-down list has the following options:

• Load-balancing—The forwarder will load balance amongst the receivers listed. If one receiver goes down, the forwarder automatically switches to the next one available.

SSL Encryption Enable

• Data Cloning—The forwarder sends copies of all its events to the receivers in two or more target groups.

Enables the use of SSL encryption for the export of transaction logs to the designated export servers.

Export Server and Port

Common Name and SSL

Passphrase

Note Before you enable this option, upload the required certificates using CDSM. For more information on uploading the certificates, see the

“Configuring Splunk Certificate File

Registration” section on page 4-140 .

IP address and port number of the CDNM, CDN, or other export server that is to receive the transaction log files. A maximum of three export servers can be specified. The default port number is 9998.

If SSL Encryption is enabled:

• In the Common Name field, enter the Common Name that is used for the export server in the certificate.

• In the SSL Passphrase field, enter the client specific private key passphrase.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-138

Chapter 4 Configuring Devices

Configuring the Service Router

Table 4-64 Transaction Log Settings Fields (continued)

Description Field

Splunk UF Monitor Settings

Monitors Check the check boxes of the type of transaction logs to export.

Click the Edit icon next to the type of transaction log, to edit the values of Ignore Older Than, Index and Source Type of each monitor log type.

Ignore Older Than—The monitored input stops checking files for updates if the modtime passes the threshold value. This improves the speed of file tracking operations when monitoring directory hierarchies with large numbers of historical files. The default value is zero (0).

Index—Sets the index key's initial value. The key is used when selecting an index to store the events.

• Source Type—Sets the sourcetype key's initial value. The key is used during parsing/indexing, in particular to set the source type field during indexing. It is also the source type field used at search time.

Step 3 Click Submit to save the settings.

To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.

To remove the settings from the device, click the Remove Device Settings icon in the task bar.

Configuring SFTP Key File Registration

SFTP key-based authentication allows administrators to use key-based authentication with SFTP to more securely export transaction logs from the SEs and SRs to external SFTP servers. This option is more secure than using just passwords with SFTP.

SFTP key-based authentication uses a Public/Private key pair. To use SFTP key-based authentication you must first generate a Public and Private key pair for your SR. To generate this Public/Private key pair you can use tools such as the ssh-keygen command from the operating system command prompt or

PuTTYgen from a Windows environment. Make sure to save the Public/Private keys to a directory on the CDSM server. You will use CDSM to upload these keys to the SRs.

After the Public/Private key pair are generated, follow these steps to upload the key pair in CDSM. After you have uploaded the key pair, CDSM will securely copy the certificates to the SRs:

Step 1

Step 2

Step 3

Step 4

Choose Devices > General Settings > Notification and Tracking > SFTP Key File Registration . The

Creating SFTP Key Files Settings page is displayed.

Click the Browse button to locate the Public Key file.

Click the Browse button to locate the Private Key file.

Click Submit to save the settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-139

Chapter 4 Configuring Devices

Configuring the Service Router

Note After you upload the Public and Private keys for SFTP, you need to configure the SFTP server

information in CDSM. To configure the SFTP server settings in CDSM, see the “Configuring

Transaction Logs for the Service Router” section on page 4-135 . You must also manually copy the Public

key for the SR to the SFTP server. On the SFTP server, copy the public key to the authorized key set folder, based on the SFTP software that you are using.

Configuring Splunk Certificate File Registration

Configuring the Splunk process to use SSL encryption enables the transaction logs to be securely transfered from the SEs and SRs to the VDS-SM. This SSL encryption will use Root certificates, Client certificates, and Server certificates. When generating the certificates, please follow these guidelines:

When generating the Root certificate, do not specify a common name or challenge password.

When generating the Server certificate, do not specify a challenge password.

When generating the Server certificate, make note of the common name. You will need to reference this common name while configuring SSL on the forwarder.

When generating the Client certificate, do not specify a common name or challenge password.

For an example of how to use the VDS-SM to generate the Root, Server, and Client certificates, refer to

Appendix N, “Generating Self-Signed Certificates with VDS-SM” . For additional information on

configuring VDS-SM for secure log transfer with VDS-IS, please refer to Videoscape Distribution Suite

Service Manager User Guide: Securing log transfer between VDS-IS and VDS-SM .

After the certificates are generated, the Root and Client certificates are uploaded to the SEs and the SRs and the Root and Server certificates are uploaded to the VDS-SM. Both the Client and Server certificates will be signed by the same Root certificate. Refer to

Appendix N, “Generating Self-Signed Certificates with VDS-SM” for information on uploading the Root and Server certificates to the VDS-SM.

Perform the following steps to upload the Root and Client certificates to the SEs. After you have uploaded the certificates, CDSM will securely copy the certificates to the SEs:

Step 1

Step 2

Step 3

Step 4

Choose Devices > Devices > Service Control > Splunk Certification File Registration . The Creating

Splunk Certification Files Settings page is displayed.

Click the Browse button to locate the Root Certification file.

Click the Browse button to locate the Client Certification file.

Click Submit to save the settings.

Note After you upload the Root and Client certificates for the Splunk process, you need to enable SSL

Encryption and configure the SSL settings for the export servers in CDSM. To configure theses settings in CDSM, see the

“Configuring Transaction Logs for the Service Router” section on page 4-135 .

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-140

Chapter 4 Configuring Devices

Configuring the CDSM

Configuring the CDSM

Configuring a CDSM consists of the General Settings menu items. For information on configuring general settings, see the

“General Settings” section on page 4-52 .

Device activation is accomplished during installation and initialization of the VDS-IS devices. See Cisco

Content Delivery Engine 205/220/250/420 Hardware Installation Guide for more information.

The Device Activation page for the CDSM displays information about the management IP address and the role of the CDSM. To change the name of the CDSM, enter a new name in the Name field and click

Submit .

For information about primary and standby CDSMs, see the

“Configuring Primary and Standby

CDSMs” section on page 3-11

.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

4-141

Configuring the CDSM

Chapter 4 Configuring Devices

4-142

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

C H A P T E R

5

Configuring Services

This chapter describes how to configure services for the Cisco Videoscape Distribution Suite, Internet

Streamer (VDS-IS).

Configuring Delivery Services, page 5-1

Configuring Programs, page 5-51

Viewing Programs, page 5-62

Copying a Program, page 5-64

Configuring Delivery Services

Delivery services are configured for prefetch ingest, hybrid ingest, and live programs. Dynamic ingest, the other type of ingest, is dynamically cached upon retrieving content that is not locally stored. For more information about content ingest types, see the

“Ingest and Distribution” section on page 1-3

.

Configuring a Delivery Service consists of defining the following:

Creating Delivery Service, page 5-1

Content Origins, page 5-34

Creating Multicast Clouds, page 5-41

Creating Storage Priority Classes, page 5-48

Creating Delivery Service Group, page 5-49

Creating Delivery Service

A Delivery Service is a configuration used to define how content is acquired, distributed, and stored in

advance of a client request. For more information about delivery services, see the “Delivery Service” section on page 2-3 .

Before creating delivery services, make sure that the devices that participate in the Delivery Service are configured for the type of content to be delivered.

A Delivery Service configuration consists of the following steps:

1.

2.

3.

Service Definition, page 5-2

Delivery Service Content, page 5-7

General Settings, page 5-21

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-1

Chapter 5 Configuring Services

Configuring Delivery Services

7.

8.

9.

4.

5.

6.

Authorization Plugins, page 5-26

Assign Multicast Cloud, page 5-30

SE and Content Acquirer Assignment or Device Group and Content Acquirer Assignment, page 5-30

Assign IP address, page 5-31

Location Settings, page 5-33

Service Engine Settings, page 5-34

Tip For information about verifying a Delivery Service, see

Appendix L, “Verifying the Videoscape

Distribution Suite, Internet Streamer.”

To create a Delivery Service, follow these steps:

Service Definition

Step 1

Step 2

Choose Services > Service Definition > Delivery Services . The Delivery Services Table page is displayed

Click the Create New icon in the task bar. The Delivery Services Definition page is displayed

(

Figure 5-1 ).

To edit a Delivery Service, click the Edit icon next to the Delivery Service name.

5-2

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 5 Configuring Services

Figure 5-1 Delivery Service Definition Page

Configuring Delivery Services

Step 3 Enter the settings as appropriate. See

Table 5-1

for a description of the fields.

Table 5-1 Delivery Service Definition Fields

Field Description

Delivery Service Information

Name Unique name for the Delivery Service created for each content origin.

Content Origin

Note Spaces are not allowed in the Delivery Service name. Multiple delivery services with same name can be created for different content origins.

All Content Origins that have been created are listed in the drop-down list. The

Delivery Service and the Content Origin have a one-to-one relationship. To

create a new Content Origin, see the “Content Origins” section on page 5-34 .

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-3

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-1 Delivery Service Definition Fields (continued)

Field Description

Live Delivery Service When checked, creates a live program to distribute live or scheduled programs to the SEs associated with this Delivery Service and with the live program. This

Delivery Service does not have a related Manifest file and cannot be used to distribute file-based content as regular delivery services do. The live program learns about a live stream through a program file that describes the attributes of the program.

Preposition Storage

Quota

Session Quota

Session Quota

Augment Buffer

Checking this check box disables the Delivery Service Quota field and the fields in the Acquisition and Distribution Properties area.

Maximum content disk storage size for each SE, in megabytes, for prefetched content and metadata, and hybrid metadata for this Delivery Service.

Note The Preposition Storage Quota configured does not affect cache content quota size; it only restricts prefetched content storage for each

SE. If the total prefetched content storage size is less than the configured quota, then the extra storage is used for dynamic cache files.

Maximum number of concurrent sessions allowed for this Delivery Service.

The default is zero, which means no session limits are set for this Delivery

Service.

For more information, see the

“Wholesale CDN” section on page 2-30 .

Buffer, as a percentage, of the maximum number of concurrent sessions allowed over the Session Quota. If this threshold is exceeded, no new sessions are created until the number of concurrent sessions is below this threshold. The range is from 0 to 1000. The default is 10.

Bandwidth Quota

For more information, see the

“Wholesale CDN” section on page 2-30 .

Maximum bandwidth allowed for this Delivery Service. The default is zero, which means no bandwidth limits are set for this Delivery Service.

For more information, see the

“Wholesale CDN” section on page 2-30 .

Bandwidth Quota

Augment Buffer

Buffer, as a percentage, of the maximum bandwidth allowed over the

Bandwidth Quota. If this threshold is exceeded, no new sessions are created until the bandwidth used is below this threshold. The range is from 0 to 1000.

The default is 10.For more information, see the

“Wholesale CDN” section on page 2-30 .

Storage Priority Class Select the storage priority class to assign to the Delivery Service. For more

information, see the “Creating Storage Priority Classes” section on page 5-48 .

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-4

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-1 Delivery Service Definition Fields (continued)

Field Description

Acquisition and Distribution Properties

Distribution Priority Content distribution priority setting. Options are High, Medium, and Low. The default is Medium.

Note The priority of content acquisition also depends on the origin server.

Requests from different origin servers are processed in parallel.

Requests from the same origin server are processed sequentially by their overall priority.

Note When a Delivery Service is configured for multicast distribution sometimes, a file from high priority Delivery Service may be scheduled after the files from lower priority Delivery Service are scheduled. This occurs when the files are placed in the time lane queue in the order of the time they were processed (FIFO). Only when the files are placed in priority queue, they are scheduled based on the decreasing order of the priority.(Highest priority deliver service file are scheduled first)

The scheduling of the files between the priority lane and time lane depends on the algorithm that considers the bandwidth available in the lane and the percentage weight-age calculation for the priority lane.

The files that are available for scheduling depends on when they were acquired completely and are ready for multicast sending.

When checked, disables encryption for distribution. Use null cipher for

Distribution

Content Acquirer failover/fallback grace period

Never

Use system-wide settings for QoS for unicast data

Number of minutes before a Content Acquirer failover or a temporary Content

Acquirer fallback occurs. The range is from 20 to 120 minutes. For more information, see the

“Content Acquirer Redundancy” section on page 1-53

.

When checked, SE failover or fallback never occurs.

When checked, applies the system-wide QoS settings for unicast data to the

Delivery Service. The unicast data refers to the ingest and distribution traffic among SEs.

QoS value for unicast data

To override the system-wide QoS settings with Delivery Service-specific QoS values, leave this check box unchecked, and configure the Delivery

Service-specific QoS values in the QoS value for unicast data field.

Note If an SE is configured with the ip dscp all command, this setting overrides both the system-wide QoS setting and any Delivery Service

QoS setting.

Configures a Differentiated Services Code Point (DSCP) value for the QoS.

The unicast data refers to the ingest and distribution traffic among SEs.

If you choose Other , enter a decimal value in the corresponding field.

You can set QoS settings on a per-Delivery Service basis and a system-wide global configuration basis. Delivery service settings take precedence over global settings.

Note If an SE is configured with the ip dscp all command, this setting overrides both the system-wide QoS setting and any Delivery Service

QoS setting.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-5

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-1 Delivery Service Definition Fields (continued)

Field

QoS value for multicast data

Description

Configures a Differentiated Services Code Point (DSCP) value for the QoS.

The multicast data refers to the distribution traffic among SEs and NAK messages sent by the Streamers to Content Acquirer for missed packets.

If you choose Other , enter a decimal value in the corresponding field.

You can set QoS settings on a per-Delivery Service basis and a system-wide global configuration basis. Delivery service settings take precedence over global settings.

QoS value for content ingest

Note If an SE is configured with the ip dscp all command, this setting overrides both the system-wide QoS setting and any Delivery Service

QoS setting.

Configures a Differentiated Services Code Point (DSCP) value for the QoS.

Content Ingest refers to the ingest traffic from Content Acquirer and Web

Engine to the Origin Server.

If you choose Other , enter a decimal value in the corresponding field.

QoS value for content delivery

You can set QoS settings on a per-Delivery Service basis and a system-wide global configuration basis. Delivery service settings take precedence over global settings.

Note If an SE is configured with the ip dscp all command, this setting overrides both the system-wide QoS setting and any Delivery Service

QoS setting.

Configures a Differentiated Services Code Point (DSCP) value for the QoS on a per-Delivery Service basis. Content delivery refers to the traffic the SEs serve to clients.

If you choose Other , enter a decimal value in the corresponding field.

Note This feature applies only to Windows Media Streaming and Web

Engines. You cannot have a cache hit/miss Delivery Service and a live

Delivery Service for the same Delivery Service definition when using the QoS value for content delivery setting.

Comments

Note If an SE is configured with the ip dscp all command, this setting overrides both the system-wide QoS setting and any Delivery Service

QoS setting.

Information about the Delivery Service.

Note The Flash Media Streaming DSCP marking is configured differently by Service Rule file.

Step 4 Click Submit to save the settings.

To delete a Delivery Service, from the Delivery Service Table page, click the Edit icon next to the

Delivery Service that you want to delete, and click the Delete icon in the task bar.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-6

Chapter 5 Configuring Services

Configuring Delivery Services

Delivery Service Content

Content items are identified within the Delivery Service configuration for prefetch and hybrid ingests.

Live program content is identified through the Live Program page, and therefore does not have content items listed for it in the Delivery Service. The procedures outlined in this section take you through adding content for the Delivery Service and assumes that you have already defined the Delivery Service

(see the

“Creating Delivery Service” section on page 5-1 ).

Note The recommended maximum number of prefetched content items is 200,000.

When you configure a Delivery Service for content acquisition, you must choose one of the following methods:

Identifying Content Using the CDSM

The CDSM provides a user-friendly interface that you can use to add content items and specify crawl tasks without having to create and update a Manifest file. The CDSM automatically validates all user input and generates an XML-formatted Manifest file in the background that is free of syntax errors.

Only one Manifest file is generated per Delivery Service for all content items. You can save your

CDSM-generated Manifest file to any accessible location.

Identifying Content Using a Manifest File

The externally hosted Manifest files contain the XML tags, subtags, and attributes that define the parameters for content ingest. You must be familiar with the structure of the XML-based Manifest file and be sure the XML tags are properly formatted and syntactically correct before you can create and use Manifest files effectively.

To verify that the content has been acquired, after you have configured the content acquisition method,

see the “Verifying Content Acquisition” section on page 5-20

.

Identifying Content Using the CDSM

There are several options in identifying content to be acquired using the CDSM. You can do any of the following:

Identify a single content item.

Define a crawl task that searches the origin server at the specified location (URL) and to the specified link depth, and create a list of all content that meets those specifications.

Define a crawl task with the specifications described in the bullet above, and, in addition, specify content acquisition rules that further narrow the search.

• Select individual items by performing a quick crawl, and select the items from the crawl result list to be included in the content list.

Table 5-2

describes the icons for identifying content using the CDSM.

Table 5-2 Delivery Service Content Icons

Icon Function

Refreshes the table.

Adds a content item for acquisition.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-7

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-2 Delivery Service Content Icons (continued)

Icon Function

Deletes a selected item.

Manages between host and proxy servers for content acquisition.

Saves to disk.

Processes content changes.

Views complete URL (+) or view (-) partial URL that is used to acquire content.

Edits settings for acquiring content from this URL.

Deletes content item.

For more information about the crawler feature, see the

“Crawling” section on page 2-10 .

To identify content for acquisition using the CDSM, follow these steps:

Step 1 Choose Services > Service Definition > Delivery Services > Delivery Service Content . The Content

Table page is displayed with “Use GUI to specify content acquisition” as the method (

Figure 5-2 ).

Figure 5-2 Content Table Page

Step 2 Click the Add Content icon in the task bar. The Content Manager page is displayed (

Figure 5-3

).

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-8

Chapter 5 Configuring Services

Figure 5-3 Content Manager Page

Configuring Delivery Services

Step 3

To edit a content item, click the Edit icon next to the content. For more information about manipulating the content items in the Content Table page, see the

“Configuring Proxy Server Settings” section on page 5-16

.

Choose a protocol from the Source URL drop-down list, and enter the source URL in the associated field.

The source URL is the origin server domain name or IP address, followed by a path, or path and filename, if applicable. If the Origin Server HTTP Port in the Delivery Services > General Settings page is set to a different port than the default (80), then the port number of the Origin server must be included in the URL when adding content.

Note The URL format for Server Message Block (SMB) servers is: \\SMB server:port\sharedfolder\filepath. If port is not specified in the URL, the default port, 139, is used. Maximum file size, when using SMB for acquisition, is 2 GB. Symbolic links within exported file systems (SMB or NFS) must contain a relative path to the target file, or the target file should be copied into the exported volume.

Step 4 Do one of the following:

• To identify a single content item, check the Single Item check box, and see the

“Configuring

Advanced Settings” section on page 5-13

in this procedure.

To define a crawl, uncheck the Single Item check box, and in the Link Depth field, enter the depth of the links to search. Go see the

“Defining a Crawl Task” section on page 5-10 in this procedure.

To perform a quick crawl, uncheck the Single Item check box, and in the Link Depth field, enter the depth of the links to search. Go see

“Launching Quick Crawl” section on page 5-11

in this procedure.

The crawler feature starts with the Source URL, identifies every web link in the page, and adds every link to the list of URLs to search, until the links have been followed to the specified depth.

The Link Depth field specifies how many levels of a website to crawl or how many directory levels of an FTP server to search. This is optional. The range is –1 to 2147483636.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-9

Chapter 5 Configuring Services

Configuring Delivery Services

If the depth is –1, there is no depth constraint.

If the depth is 0, content is acquired only at the starting URL.

If the depth is 1, content is acquired starting at the URL and includes content the URL references.

Defining a Crawl Task

To define a crawl task, follow these steps:

Step 1

Step 2

Step 3

Click the Define a Crawl Task radio button.

Do one of the following:

• Click Submit (or Update if you are editing an existing content) to add a crawl task to the Delivery

Service. The local Manifest file is automatically re-parsed, changes are detected, and the corresponding content items are acquired or removed.

Go to the

“Configuring Advanced Settings” section on page 5-13

, if applicable.

Continue to the next step and create acquisition rules.

Click the Show Optional Content Acquisition Rules arrow to further refine the crawl task. The fields

in the acquisition rules are displayed ( Figure 5-4

), and the arrow becomes the Hide Optional Content

Acquisition Rules arrow.

Figure 5-4 Content Manager Page—Acquisition Rules Fields

5-10

Step 4

Enter the settings as appropriate. See Table 5-3 for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-3

Field

MIME Type

Extension

Time Before

Time After

Minimum Size

Max Size

Acquisition Rule Fields

Description

A content item qualifies for acquisition only if its MIME type matches this

MIME type (for example, video/mpeg).

Note The MIME type cannot exceed 32 characters.

A content item is acquired only if its extension matches this extension.

Files that were modified before this time qualify for acquisition. Use the dd-mm-yyyy hh:mm:ss [TMZ] format, where TMZ (the time zone) is optional. UTC is the default. Alternatively, click the Calendar icon to choose a date from the calendar and enter a time, and click Apply .

Files that were modified after this time qualify for acquisition. Use the format dd-mm-yyyy hh:mm:ss [TMZ] format, where TMZ (the time zone) is optional. UTC is the default. Alternatively, click the Calendar icon to choose a date from the calendar and enter a time, and click Apply .

Content equal to or larger than this value qualifies for acquisition. Choose

MB , KB , or Bytes as the unit of measure. The range is 0 to 2147483636.

Content equal to or less than this value qualifies for acquisition. Choose

MB , KB , or Bytes as the unit of measure. The range is 0 to 2147483636.

Step 5 Click Add to add the rule to the rules list. An entry is added showing the values under each column heading.

Note A maximum of ten rules can be configured for each crawl task.

Step 6

To modify a content acquisition rule, click the Edit icon next to the rule. Once you have finished, click the small Update button in the content acquisition rules area to save the edits.

To delete a content acquisition rule, click the Edit icon next to the rule. Click Delete in the content acquisition rules area. The rule is removed from the rules listing.

When you have finished adding and modifying content acquisition rules, do one of the following: a.

If this is a new crawl task, click Submit .

b.

c.

If you are editing an existing crawl task, click Update .

Go to the

“Configuring Advanced Settings” section on page 5-13 , if applicable.

Launching Quick Crawl

Quick Crawl is a utility that automatically crawls websites starting from the specified source URL. You can use this utility when you know only the domain name and not the exact location of the content item.

Quick Crawl supports crawling only for HTTP and HTTPS acquisition protocols.

To launch a quick crawl, follow these steps:

Step 1 Click the Select Individual Items radio button and click Launch Quick Crawl . The Quick Crawl Filter window is displayed.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-11

Chapter 5 Configuring Services

Configuring Delivery Services

Step 2

Enter the settings as appropriate. See Table 5-4 for a description of the fields.

Table 5-4 Quick Crawl Filter Fields

Field

MIME Type

Extension

Modified After

Modified Before

Minimum Size

Max Size

Link Depth

Max Item Count

Domain

Username

Password

Description

A content item is listed in the results only if its MIME type matches this

MIME type (for example, video/mpeg).

A content item is listed only if its extension matches this extension.

A content item is listed only if it was modified after this date. Click the

Calendar icon to choose a date from the calendar, or enter the date in mm/dd/yyyy format.

A content item is listed only if it was modified before this date. Click the

Calendar icon to choose a date from the calendar, or enter the date in mm/dd/yyyy format.

Content equal to or larger than this value is listed in the results. Choose MB ,

KB , or Bytes as the unit of measure. The range is 0 to 2147483636.

Content equal to or less than this value is listed in the results. Choose MB ,

KB , or Bytes as the unit of measure. The range is 0 to 2147483636.

How many levels of a website to crawl or how many directory levels of an

FTP server to crawl. The range is –1 to 2147483636.

If entered, the value from the Content Manager page is brought over to this field.

The maximum number of content items that is listed in the results. The maximum value is 1000.

The host.domain

portion of the source URL. Edit this field to limit the search to a specific host on a domain.

The username to log in to host servers that require authentication.

The password for the user account.

Step 3

Step 4

Step 5

Click Start Quick Crawl to being search. The Searching for Content status displays a progress bar and shows the number of items found.

Click Show Results to display the content items before the search is complete.

Click Refresh Results to refresh the progress bar.

When finished, the search results list the MIME type, size, date modified, and URL of each content item that met the search criteria.

Check the check box next to the content items that you want to include in this Delivery Service. Use the

Row drop-down list to show all content items, or use the Page option at the bottom of the table to go to the next page.

Alternatively, click Select All to select all content items. To deselect all, click Select None .

Click Add Selected to add all selected content items to the Delivery Service. The Content Table page is displayed with all of the selected content items listed.

Click Show Filter to return to the filter and change the filter settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-12

Chapter 5 Configuring Services

Configuring Delivery Services

Step 6 To configure advanced settings for the content items listed, click All at the bottom of the Content Table page, and then click Edit Selected Items . The Content Manager page is displayed with the Advanced

Settings option.

Configuring Advanced Settings

Advanced settings offer controls on how the content is delivered to the client devices.

To configure the advanced settings, follow these steps:

Step 1 Click the Show Advanced Settings arrow. The Advanced Settings fields are displayed (

Figure 5-5 ), and

the arrow becomes the Hide Advanced Settings arrow.

Figure 5-5 Content Manager Page—Advanced Settings Fields

Step 2 Enter the settings as appropriate. See

Table 5-5

for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-13

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-5 Advanced Settings for Serving Content

Field Description

Content Serving Time

High Priority Content Specifies the importance, and therefore the processing order, of the item acquisition or crawl task.

Start Serving Time Specifies the time for the SE to start delivering content. Use the format dd-mm-yyyy hh:mm:ss [TMZ] format, where TMZ (the time zone) is optional. UTC is the default. Alternatively, click the Calendar icon to choose a date from the calendar and enter a time, and click Apply .

If you do not specify a time, content is ready for delivery as soon as it is acquired and distributed to the SEs in the Delivery Service.

Stop Serving Time Specifies the time for the SE to stop delivering content. Use the dd-mm-yyyy hh:mm:ss [TMZ] format, where TMZ (the time zone) is optional. UTC is the default. Alternatively, click the Calendar icon to choose a date from the calendar and enter a time, and click Apply .

If you do not specify a time, content continues to be available for delivery until you remove it from the Delivery Service either by changing the local

Manifest file, using the Content Removal page, or renaming the Delivery

Service. For information about the Content Removal page, see the “Delivery

Services Table” section on page 8-30 .

Authentication

Use weak SSL certificate

Disable basic authentication

Windows Media

Playback

Authentication

If checked, allows acceptance of expired or self-signed certificates during authentication.

If checked, NTLM headers are not stripped off that would allow fallback to the basic authentication method while acquiring content.

Sets the authentication for Windows Media playback to one of the following:

As acquired—Requires authentication on playback based on settings from origin server.

Require authentication—Requires authentication upon playback.

User Name

Password

User Domain Name

URL Settings

String

• No authentication—Does not require authentication upon playback.

Name of the user for authentication.

Password of the user for authentication.

NTLM user domain name for the NTLM authentication scheme.

If checked, ignores any string after the question mark (?) character in the requested URL for playback.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-14

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-5

Field

Content Settings

TTL

Advanced Settings for Serving Content (continued)

Description

Retry Interval

Time period for revalidation of content. Select unit of measure from the drop-down list.

If no TTL is entered, the content is fetched only once, and its freshness is never checked again.

Note Revalidation is enabled by default for the Web Engine.

Time period in which the Content Acquirer can attempt to acquire the content again if the acquisition fails.

Step 3 Click Submit to process the content request. When you click Submit , the local Manifest file for this

Delivery Service is automatically re-parsed, changes are detected, and the corresponding items are acquired or removed. This action, however, does not trigger a recheck of all of the content in the Delivery

Service.

Content Table

The Content Table page (

Figure 5-7

) offers the task bar functions described in

Figure 5-6 .

Figure 5-6 Content Table Task Bar Icons

The Refresh Table icon refreshes the content table.

The Add Content icon allows you to add content items by displaying the Content Manager page.

To delete a content item, check the check box next to each item that you want to delete, and click the

Delete Selected Items icon. To select all content items, click All . To deselect all content items, click

None .

Figure 5-7 Content Table Page

For information on the Manage Host and Proxy Settings icon, see the

“Configuring Proxy Server

Settings” section on page 5-16

.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-15

Chapter 5 Configuring Services

Configuring Delivery Services

After you save the CDSM-generated Manifest file by clicking Submit in the Content Manager page, you can save the Manifest file locally, and modify it. Choose the content item in the table, and click the Save

Settings Locally icon in the task bar. A web browser window with the CDSM-generated Manifest file elements is displayed. Choose the File Save As option, enter a name for the Manifest file, and click OK .

The Manifest file is saved on your PC. See

Appendix B, “Creating Manifest Files,”

for more information.

To acquire configured content items immediately, click the Process Content Changes icon in the task bar.

Note If you change the Manifest file that you saved, and you want to use that Manifest file instead of the content that you defined in the CDSM, or if you want to use the Manifest file for another Delivery

Service, then you must use the Specify external manifest file method and point to the Manifest file.

When you change the content acquisition method, any content items that you added are removed. For information about the Manifest file, see the

“Identifying Content Using a Manifest File” section on page 5-17 and

Appendix B, “Creating Manifest Files.”

To edit multiple content items, check the check box next to each item that you want to edit, and click

Edit Selected Items .

Configuring Proxy Server Settings

When the Content Acquirer cannot directly access the origin server, because the origin server is set up to allow access only by a specified proxy server, you can configure acquisition through a proxy server.

When a proxy server is configured for the Content Acquirer, the Content Acquirer contacts the proxy server instead of the origin server, and all requests to that origin server go through the proxy server.

Note Content acquisition through a proxy server is supported only for HTTP requests.

Note Before configuring a proxy server, verify that the Content Acquirer is able to ping the proxy server. If the proxy is not servicing the configured port, you receive the message: “failed: Connection refused.”

To configure a proxy server for content items identified using the CDSM, follow these steps:

Step 1

Step 2

Step 3

Step 4

From the Content Table page, click the Manage Host and Proxy Settings icon in the task bar.

The Content Hosts Table page is displayed, listing all previously created host URLs, the number of content items for each host, and a proxy server (if configured).

To return to the Content Table page, click Return to Content Listing .

Check the check box next to each host that you want to configure with a proxy server.

Click Manage Proxy for Selected Hosts . The Proxy Server page is displayed.

Under the Defining Proxy Server for the Following Hosts heading, a bulleted list of host servers is displayed for which proxy servers are being configured.

In the Proxy Server Specifications area, enter the settings as appropriate. See

Table 5-6 for a description

of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-16

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-6

Field

Proxy Host

Proxy Port

Disable Basic

Authentication

User Name

Password

Proxy Server Fields

Description

Hostname or IP address of the proxy server used by the Content Acquirer for content acquisition. When you use a domain name instead of an IP address, make sure that the domain name can be resolved by the DNS servers.

Port number of the proxy server on which the Content Acquirer fetches content.

The range is from 1 to 65535.

When checked, NTLM headers cannot be stripped off that would allow fallback to the basic authentication method.

If you leave this check box unchecked, NTLM authentication headers can be stripped to allow fallback to the basic authentication method and the username and password information can be passed to the origin server in clear text with a basic authentication header.

Name of the user to be authenticated to fetch the content.

Password of the user to pass authentication from the proxy.

Note If the specified proxy fails, the Content Acquirer, by default, contacts the origin server directly and tries to fetch the content.

Step 5

Step 6

Click Add to add the proxy server.

To edit the proxy server settings, choose the proxy server from the Select a Proxy Server list, and click

Edit . The values for the proxy server are displayed in the Proxy Server Specification section. Once you have finished modifying the settings, click Update .

To delete the proxy server settings, choose the proxy server from the Select a Proxy Server list, and click

Delete .

To assign the proxy server to the host or hosts listed on this page, choose a proxy server from the Select a Proxy Server list, and click Save Assignment . The Content Hosts Table page is displayed.

Identifying Content Using a Manifest File

The Manifest file provides information about the content to be prefetched, or fetched at a later time (as in hybrid ingest), or provides information about live content streamed through the Delivery Service.

Note Before configuring the CDSM to receive the Manifest file, you need to create one. See

Appendix B,

“Creating Manifest Files.” for details on creating a Manifest file. After you create the Manifest file, use

the Manifest Validator utility to verify the syntax. See the

“Manifest Validator Utility” section on page B-15 for more information.

Note If a Manifest file is located on an Origin server that requires custom HTTP header authentication, fetching the Manifest file by using the Specify external manifest file method fails. The Manifest file must be located on a server that does not require custom HTTP header authentication.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-17

Chapter 5 Configuring Services

Configuring Delivery Services

To configure the Manifest file settings, follow these steps:

Step 1

Step 2

Choose Services > Service Definition > Delivery Services > Delivery Service Content . The Content

Table page is displayed with Use GUI to specify content acquisition as the method.

To change to the Specify external Manifest file method, follow these steps: a.

Click Change Method .

b.

c.

d.

From the drop-down list, choose

Click Save .

Specify external manifest file

In the confirmation dialog box, click OK .

.

The Content Manager page displays the Manifest file settings ( Figure 5-8

).

Note When you change the Content acquisition method for Delivery Service from the content acquisition page to Specify external manifest file, any content items that you added using the

CDSM are removed. To save the existing settings, click the Save Settings Locally icon in the task bar.

Figure 5-8 Content Manager Page—Manifest File Settings

5-18

Step 3

Enter the settings as appropriate. See Table 5-7 for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-7 Manifest File Settings Fields

Description Field

Define Basic Manifest Settings

Manifest URL

Check Manifest Every

Weak Certificate Verification

Manifest Username

Manifest Password

Confirm Password

Define Manifest Proxy Information

Disable All Proxy

Address of the Manifest file for the Delivery Service. The Manifest

URL must be a well-formed URL. If the protocol (FTP, HTTP, or

HTTPS) for the URL is not specified, HTTP is used.

To validate the Manifest file from this page, click Validate . A new page displays the validation results. For more information, see the

“Manifest Validator Utility” section on page B-15

.

Frequency, in minutes (0 to 52560000), at which the Content

Acquirer assigned to the Delivery Service checks for updates to the

Manifest file.

To fetch the Manifest file now, click Fetch Manifest Now .

When checked, enables weak certificate verification for fetching the

Manifest file. This is applicable when the Manifest file is fetched using HTTPS.

Note To use weak certification for content ingest, you need to specify weak certification within the Manifest file.

Username of the account that is allowed to fetch the Manifest file from the server. The Manifest username must be a valid ID. If the server allows anonymous login, the user ID can be null.

Note The Manifest Username and Manifest Password fields allow you to enter any secure login information needed to access the Manifest file at its remote location.

Password for the user.

Password confirmation.

Proxy Hostname

Proxy Port

Proxy Username

Proxy Password

Confirm Password

Disables the outgoing proxy server for fetching the Manifest file.

Any outgoing proxy server configured on the Content Acquirer is bypassed, and the Content Acquirer contacts the server directly.

Hostname or IP address of the proxy server used by the Content

Acquirer to retrieve the Manifest file.

Port number of the proxy sever where the Content Acquirer fetches the Manifest file. The range is from 1 to 65535.

Name of the user to be authenticated to fetch the Manifest file.

Password of the user to pass authentication on the proxy.

Re-entry of the same password for confirmation to pass authentication on the proxy.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-19

Chapter 5 Configuring Services

Configuring Delivery Services

Step 4

Step 5

Note When you configure a proxy server in the Manifest File Settings page, the proxy configuration is valid only for acquiring the Manifest file itself and not for acquiring the Delivery Service content. Requests for the Manifest file go through the proxy server, whereas requests for content go directly to the origin server.

Click Submit to save the settings.

To fetch a new or updated Manifest file, click Fetch Manifest Now . You are prompted to confirm your decision.

When you click this button, a process initiates that checks to see if the Manifest file has been updated, and that the updated Manifest file has been downloaded and reparsed. Also, regardless of whether the

Manifest file has been updated, all content for the Delivery Service is rechecked and any new content is ingested, unless the ttl attribute in the Manifest file is set to a negative number. For more information, see the

“Refreshing and Removing Content” section on page B-13

.

Note Content that is removed from the Manifest file is made unavailable as soon as the updated

Manifest file is fetched. Obsolete content is not immediately deleted from the Delivery Service cache, but is eventually removed to make room for new content.

Step 6 To force the replication of content and refresh the information, follow these steps: a.

b.

From the left-panel menu, click Replication Status . The Replication Status page is displayed.

In the “View Detailed Replication Status for Delivery Service by Device” area, run a search for a selected device. The Replication Items are displayed.

c.

Click the Force Replication information refresh icon in the task bar. You are prompted to confirm your decision.

For more information on Delivery Service replication, see the

“Replication Status for a Delivery

Service” section on page 8-37 .

Proxy Server Settings

There are three ways to configure the proxy server when using a Manifest file to ingest content: through the CDSM, through the CLI, or through the Manifest file. If you need to configure the SE to use the proxy for both caching and prefetched content, use the CLI to configure the proxy. The CLI command is a global configuration command that configures the entire SE to use the proxy. If only the Content

Acquirer portion of the SE needs to use the proxy for acquiring prefetched content, use the Manifest file to specify the outgoing proxy. When you configure the proxy server in the Manifest file, you are configuring the Content Acquirer to use the proxy to fetch content for the Delivery Service.

Note Proxy configurations in the Manifest file take precedence over proxy configurations in the CLI.

Furthermore, a noProxy configuration in the Manifest file takes precedence over the other proxy server configurations in the Manifest file.

Verifying Content Acquisition

After you have configured the content acquisition method, you can verify that the content has been ingested by logging in to the SE acting as the Content Acquirer for the Delivery Service and using the cdnfs browse command.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-20

Chapter 5 Configuring Services

Configuring Delivery Services

The cdnfs browse command is an interactive command and has the following subcommands used to view VDS-IS network files and directories:

ContentAcquirer# cdnfs browse

------ CDNFS interactive browsing -----dir, ls: list directory contents cd,chdir: change current working directory info: display attributes of a file more: page through a file cat: display a file exit,quit: quit CDNFS browse shell

The ls command lists the websites as directories. File attributes and content can be viewed using the cdnfs browse sub-commands.

For more information about the cdnfs command, see Cisco Videoscape Distribution Suite, Internet

Streamer 4.2.1 Command Reference . For online documentation, see the

“Related Documentation” section on page xxi .

Step 7

Step 8

General Settings

From the left-panel menu, choose General Settings . The General Settings page is displayed.

Enter the settings as appropriate. See

Table 5-8

for a description of the fields.

General Settings Fields Table 5-8

Field

Maximum bitrate limit per session for HTTP

Description

Maximum rate, in Kbps, at which a client can receive content. The default is 1000. This bit rate applies to content that is stored locally, specifically, prefetched, hybrid, or cached. For a cache miss, content is delivered at the rate the origin server sends it.

Disable HTTP

Download

Enable Content

Flow Trace

Enable Filter

Trace Flow to

Client

To configure a Delivery Service for non-paced HTTP sessions, set the Maximum bitrate limit per session for HTTP field to 0. This setting provides best-effort behavior and sessions use the available bandwidth.

When the content file is smaller than the chunk size, UKSE sends the entire file immediately. In this case,

UKSE does not check pacing; therefore, the bit rate for files smaller than the chunk size is not honored.

Check the Disable HTTP Download check box to not allow clients to download HTTP content through this Delivery Service. This option disables all HTTP-based content served from this Delivery Service.

The Web Engine returns a 403 forbidden message.

Note Because the Web Engine receives all HTTP requests before either Windows Media Streaming or

Flash Media Streaming, if you disable HTTP download for a Windows Media Streaming Delivery

Service or a Flash Media Streaming Delivery Service, and a client uses an HTTP request to download the SWF file, the Web Engine returns a 403 forbidden message.

The Content Flow Trace and the Filter Trace Flow to Client are used for debugging purposes to monitor the path a request takes through the VDS-IS in case of errors. They should not be enabled during high traffic loads.

Check the Enable Content Flow Trace

Service. Check the

check box to enable the content flow trace for the Delivery

Enable Filter Trace Flow to Client information as part of the HTTP headers to the client. check box to enable sending the response

For more information, see the

“Content Flow Trace” section on page 8-64

.

Note Authorization Server and Transaction Logging must be enabled on each SE in the Delivery

Service for Content Flow Trace and Filter Trace Flow to Client to work properly.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-21

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-8 General Settings Fields (continued)

Field

Enable streaming over HTTP

HTTP Allowed

Extensions

Description

Check the Enable streaming over HTTP check box and specify the file types in the HTTP Allowed

Extensions field to configure progressive download or streaming for certain media files. This setting applies only to the following file types: .asf, none, .nsc, .wma, .wmv, and nsclog.

If you want Windows Media Streaming to serve HTTP requests, check the Enable streaming over HTTP check box.

Note The Enable streaming over HTTP check box should be checked if the content origin for this

Delivery Service is used for a live program.

Note For MP3 live streaming (which uses the Web Engine), if a Windows Media player client requests an MP3 and the request URL does not have a file extension, and if the HTTP Allowed Extensions field contains “none,” then the playback fails because the Windows Media Streaming engine attempts to play the stream instead of the Web Engine. For the Delivery Service to support MP3 live streaming, either uncheck the Enable streaming over HTTP check box or remove “none” from the HTTP Allowed Extensions field. MP3 live streaming only supports the Icecast and

Shoutcast origin servers. The supported mime-types (codecs) are “audio/mpeg” and “audio/aacp.”

Number of redirects allowed

This Delivery Service setting has priority over the Windows Media Streaming engine settings on the

Service Engines. If Windows Media Streaming is enabled on the Service Engines, and the media types are specified in the HTTP Allowed Extensions field, the Delivery Service streams the media types specified. If Windows Media Streaming is not enabled, or the media types are not specified in the HTTP

Allowed Extensions field, the Delivery Service uses HTTP download.

Check the Enable Per URL Statistics check box, to have the Delivery Service monitoring per Delivery

Service. By default, the Delivery Service monitoring is disabled.

Enable Per URL

Statistics

Outgoing Cookie Enter the cookie, if required by the origin server. Some origin servers allow or deny a request based on the cookie included in the request header. If a cookie is configured, all outgoing requests from the SE to the origin server include the configured cookie in the request header.

Enable Error

Response Caching

Check the Enable Error Response Caching that are able to be cached in the

check box and enter the error status codes (space delimited)

Cacheable Error Responses field.

By default, the error status codes that are able to be cached (400, 403, 404, 500, and 503) are listed.

Cacheable Error

Responses

Follow Origin

Server redirects

Check the Follow Origin Server redirects check box to have the Web Engine handle 302 redirects rather than forwarding the response to the client. If the Follow Origin Server redirects is not enabled, a 302 redirect sent from the Content Acquirer to the SE is sent back to the client. If the Origin server redirects the request to an external server, the client makes the connection to the external server to get the asset, which completely bypasses the VDS-IS. If the Follow Origin Server redirects is enabled, the destination server may return any other valid HTTP response, which may be sent back to the client.

Number of redirects allowed sets the number of times a redirect is followed. If the number of redirects is exceeded, an error is returned to the client. The default is 3. The range is from 1 to 3.

As an example, if the Number of redirects allowed is set to 2 and the Origin server redirects to a server

B, B redirects to C, and C redirects to D, then only redirection to C is followed. When C returns 302, the

Web Engine on the SE returns an error code 310 to the client.

Note The Follow Origin Server Redirect feature is not supported for the HEAD request; only the GET request is supported.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-22

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-8 General Settings Fields (continued)

Field

URL Hash Level for Cache Routing

Description

Enter the directory level that is used to calculate the URL hash for cache routing. The range is from 0 to

10. The default, 0, means use the entire URL to create the hash.

The URL hash is used by the Cache Router in selecting an upstream SE. The URL hash calculation is based on the directory level. By setting the URL Hash Level for Cache Routing to a directory level of a URL, all URLs that have the same directory structure take the same hierarchical path to the origin server.

For example, if the URL Hash Level for Cache Routing field is set to 5, then all content URLs that have the same directory structure up to the fifth directory level are routed the same. For this example, the portion of the URL in bold is the included directory level: http:// ofqdn/content/content_type/moviename/quality /filename

HTTP Response

Read Timeout

Disable Dynamic

Caching

Note If the upstream SE has reached a threshold causing the liveness query to fail, the request goes to the parent SE. As long as the threshold have not been exceeded, all URLs with the same directory level take the same path for the configured directory level.

If the Origin server does not respond within the HTTP Response Read Timeout , the connection is terminated and the content is not served. Similarly, if the upstream SE does not respond within the HTTP

Response Read Timeout , the connection is not terminated immediately, and this request will continue to next Upstream SE, till CA, If the CA still does not respond within timeout, this request is forwarded to Original Server. The default is 5. The range is from 1 to 60.

Note If the Follow Origin Server Redirect feature is enabled, the HTTP Response Read Timeout value is used for each redirected Origin server. Because each Origin server may have a different idle period, it may cause additional delays to the user depending on the value and frequency of the idle periods.

Check the Disable Dynamic Caching check box to disable dynamic caching. By default, dynamic caching is enabled. See the

“Dynamic Caching” section on page 1-20 for more information.

Note The cache revalidation of the content is not be done if dynamic caching is disabled. The Service

Engine will serve client requests for which it finds a prepositioned content or cached content available before the dynamic caching was disabled. Any invalid cached data is served to the client even though the content is changed in the Origin Server.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-23

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-8 General Settings Fields (continued)

Field

Disable File

Caching on Disk

Memory Cache

Duration

Description

Check the Disable File Caching on Disk check box to not cache any content on disk.

The small files are cached in tmpfs and stay in the tmpfs for an period of time that is configured in

Memory Cache Duration time . An internal Web Engine timer is triggered every 4 seconds. If the cache duration for a small file is complete and its corresponding DataSource is not serving a client, the file in tmpfs is deleted.

Caution Sometimes, the file in tmpfs may be early evicted before its cache duration is complete. For example, running out of tmpfs space, or running out of file descriptors, or there are too may active DataSources.

Memory Cache Duration field is configured with an integer value when the Disable File Caching on

Disk is checked. The range is 4 to 60 seconds. The default value is 4 seconds.

Note The Memory Cache Duration is selected carefully to prevent excess memory usage for Web

Engine. If the cache duration is large, more files are cached in tmpfs. Managing more number of files costs more memory usage for a Web Engine.

Memory Cache

Size

Origin Server

HTTP Port

Skip Location

Leader Selection for Edge SE

string

Note We recommend that you increase the Memory Cache Duration value only for ABR Live services.

Enter the maximum file size (in MB) that defines a small file. The range is from 1 to 50 MB. The default is 2 MB.

Port used by Web Engine to communicate with Origin servers. Default is 80. Range is from 1 to 65535.

Well-known port numbers are not allowed. For the list of well-known ports, see the

“System Port

Numbers” section on page 8-10

.

Note If the Origin Server HTTP Port is set to a different port than the default (80), then the port number of the Origin server must be included in the URL when adding content. See the

“Delivery Service

Content” section on page 5-7

.

When the Skip Location Leader Selection for Edge SE check box is checked (option is enabled), the location leader selection is skipped at the edge location, and the edge SE directly contacts the location leader of the upstream tier. None of the other edge SEs are contacted.

When the Skip Location Leader Selection for Edge SE check box is unchecked (option is disabled), the location leader selection takes place at the edge tier. The edge SE may or may not directly contact the location leader of the upstream tier or the SEs in the edge tier. Contact is based on the location leader selection.

This option is mainly used to improve the edge-tier caching efficiency to avoid content duplication at the edge-tier SEs.

Check the string request check box, when we send the request with query it will cache the content without query, and the next query request for the same file served as cache-hit.

Note By disabling this feature you can have cache content for both request with/without Query.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-24

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-8 General Settings Fields (continued)

Field Description

WMT User Agent Enter the user agents for Windows Media Streaming. The WMT User Agent field accept comma-separated values for identifying the user agents.

Note The ampersand (&) cannot be used when specifying a user agent.

The following user agents are supported for Windows Media Streaming: NSPlayer, WMServer,

WMPlayer, NSServer, Windows Media Player, and VLC.

Windows Media Streaming has been enhanced to support custom user agents that are configured through the CDSM GUI. The maximum number of user agents allowed is 32. Each user-agent identifier can have a maximum of 32 characters. The following example specifies Windows Media Player, NSPlayer, and

LAVF as Windows Media Streaming user agents:

NSPlayer, LAVF, Windows-Media-Player

Note The Content Origin for a Delivery Service can be used for one Delivery Service and multiple live delivery services. The WMT User Agent field applies to all of the delivery services associated with the same Content Origin.

Enables Generic session tracking.

Enable Generic

Session Tracking

Enable HSS

Session Tracking

Enables HSS session tracking.

Enable HLS

Session Tracking

Server Header of

Response

Enables HLS session tracking.

Configures the server header of HTTP/HTTPS response. The maximum length is 32 characters.

Skip Special

Header Check for

MP3 Live

Sometimes you may want the web engine to ignore "http version"(ICY/icecast), so that the web engine can serve their mp3 live streams.

Check the Skip Special Header Check for MP3 Live button, to make sure that the that http response for mp3 vod contents must have content length header filed, otherwise they will be treated as mp3 live stream by mistake.

HTTPS Settings

Delivery streaming protocol support

To enable HTTPS when streaming to clients, in the choose HTTPS only . The default is HTTP only .

Delivery streaming protocol support drop-down list,

Origin Server streaming protocol support

For more information about HTTPS Settings and how to configure it, see the

“HTTPS Settings” section on page 2-25

.

To enable HTTPS for communications with the Origin server, in the O support drop-down list, choose HTTPS only . The default is rigin Server streaming protocol

HTTP only .

For more information about HTTPS Settings and how to configure it, see the

“HTTPS Settings” section on page 2-25

.

Delivery

Streaming Mutual

Authentication

Check the Delivery Streaming Mutual Authentication check box, to enable delivery streaming mutual authentication for individual Delivery Service. The default is unchecked.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-25

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-8 General Settings Fields (continued)

Field

Delivery

Streaming

Supported Cipher

List

Description

Input the Cipher list. The default is empty.

When the Web Engine is acting as HTTPS server, the delivery streaming supported cipher list is used to negotiate and accept HTTPS connection from client player.

Note When it is empty, backend will use default string.

Origin Server

Streaming Mutual

Authentication

Origin Streaming

Supported Cipher

List

Note For more details on composing the Cipher List, see OpenSSL Documents.

Check the check box Origin Server Streaming Mutual Authentication to enable Origin Server

Streaming Mutual Authentication for individual Delivery Service. The default is checked.

Input the Cypher list. The default is empty.

When the Web Engine is acting as HTTPS server, the origin streaming supported cipher list is used to connect to the origin server.

Note When it is empty, backend will use default string.

Force Quota

Usage Reporting

Quota usage reporting is automatically sent whenever a session quota or a bandwidth quota is configured for a Delivery Service with a setting other than zero (zero means no limits are configured). To monitor the session counter and bandwidth counter when session quota and bandwidth quota are not configured, check the Force Quota Usage Reporting check box.

ABR Latency Settings

Enable ABR Latency

Check(1)

URL Unique

Keyword

Check the Enable ABR Latency check(1) check box, to enable ABR Latency for individual Delivery

Service. By default, it is unchecked. When you enable the check box you can enter URL Unique Keyword, and Fragment Duration. For more information, see

Configuring ABR Latency, page 4-105

.

Note Maximum 3 ABR Latency checks are allowed.

The keyword must be unique with respect to same delivery service.

Fragment Duration The range is from 1 – 3600 secs.

Step 9 Click Submit to save the settings.

To remove the settings from the Delivery Service, click the Remove Device Settings icon in the task bar.

Authorization Plugins

The Authorization Plugins page allows you to upload or import a Geo/IP file and assign a Service Rule file that has been registered to the VDS-IS.

A Geo/IP file is an XML file that configures the Delivery Service to allow or deny client requests based on the client’s IP address or based on the client’s geographic locations (country, state, city). Each SE participating in the Authorization Service must have Authorization Service enabled and the IP address and port of the Geo-Location server specified.

Table 5-9 mapping between the geo-location rule tag and the geo server response fields.

Table 5-9 Geo-Location Rule Tags

Geo-Location Rule Tag

Country

State

Quova Response Fields country_code, country state_code, state

Maximum Response Fields

Country code, Country name

Region code, Region name

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-26

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-9 Geo-Location Rule Tags

Geo-Location Rule Tag

City

Netspeed

Connection_type

Line_speed

Asn

Carrier

Anonymizer_status

Field

(assume name="field_ID")

Quova Response Fields city

N/A connection_type line_speed asn

Maximum Response Fields

City name

Netspeed

N/A

N/A

N/A carrier anonymizer_status

N/A

N/A

The field whose tag is field_ID The field whose ordinal number is field_ID

See the

“Configuring the Authorization Service” section on page 4-29

for more information. For more information on the XML configuration file for the Geo/IP file, see

Appendix D, “Creating Geo/IP

Files.” For more information on the Transaction Log for Geo-IP see,

“Transaction Log Formats for

Geo-IP” section on page 8-106

.

A Service Rule file is an XML configuration file that specifies Service Rules for all of the SEs in the

Delivery Service. For more information on the XML file for the Service Rule, see

Appendix E, “Creating

Service Rule Files.”

Note The Service Rule file is only supported for the Web Engine and Flash Media Streaming; for

Windows Media Streaming and Movie Streamer, use the per-device Service Rule configuration.

For more information, see the “Configuring Service Rules” section on page 4-22 . The

Authorization Service must be enabled on all SEs participating in a Delivery Service that uses the Service Rule file. The Authorization Service is enabled by default. For more information, see the

“Configuring the Authorization Service” section on page 4-29 .

Step 10

Step 11

From the left-panel menu, choose Authorization Plugins . The Authorization Plugins page is displayed.

To upload or import a Geo/IP file for the Delivery Service, follow these steps: a.

In the Geo/Ip Plugin Settings area, click the Configure icon for Geo/Ip File. The File Registration page is displayed. b.

Choose a file import method from the File Import Method drop-down list:

• Upload—Uploads a file from any location that is accessible from your PC using the browse feature.

c.

• Import—Imports a file from an external HTTP, HTTPS, or FTP server.

Enter the fields as appropriate.

Table 5-10

describes the upload method fields.

Table 5-11 describes

the import field methods.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-27

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-10 Upload Method

Property

Source File Upload

Destination Filename

Description

Local directory path to the file. To locate the file, use the Browse button. Click Validate to validate the XML file.

Name of the file. This field is filled in automatically with the filename from the local directory path.

Table 5-11

Property

File URL

Destination File Name

Update Interval

Username

Password

Import Method

Description

The URL where the file is located, including path and filename. Click

Validate to validate the XML file.

Name of the file.

Frequency with which the CDSM looks for changes to the file. The default value is 10 minutes.

Name of the user to be authenticated when fetching the file.

User password for fetching the file.

Step 12

Step 13 d.

To save the settings, click Submit .

Enable Geo-IP Plugin Schedule on the CDSM.

From the Geo-IP area, click either Immediate radio button or Schedule Redirection radio button. a.

b.

Click the Immediate radio button to push the schedule immediately to the authsvr.

To configure Schedule Redirection, click the Schedule Redirection radio button to schedule Geo files.

The Scheduling Geo Files editor appears.

You can edit an existing schedule configuration. By default, the current date will be set in the Start

Date field. You can also change the Start Date / Time .

5-28

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 5 Configuring Services

Figure 5-9 Schedule Redirection Page

Configuring Delivery Services

Step 14 Enter the settings for the Scheduling Geo Files as appropriate. See

Table 5-12 for a description of the

fields.

Table 5-12 Geo Schedule Fields

Field

Start Date / Time

SE (Local) Time

Duration

Repeat Frequency

Repeat Forever

Repeat Until

Description

Start date and time for the program.

Clocks the start time as SE local time.

Length of the program. From the drop-down list, choose minutes, hours, or days as the unit of time.

The repeat frequency has the following options:

• Do Not Repeat—Plays once.

Repeat Every—Repeats every so many days, hours, or minutes.

Repeat Weekly—Repeats at the same hour on the days you choose.

These fields display when Repeat Every or Repeat Weekly are chosen for

Repeat Frequency.

Repeat Forever repeats the program forever using the repeat frequency set in the previous fields.

Repeat Until repeats the program based on the repeat frequency set in the previous fields and until the date and time specified in this field.

Step 15

Step 16

Click Submit to save the settings.

To assign a Service Rule file, follow these steps: a.

From the Service Rule File drop-down list, choose a Service Rule configuration file.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-29

Chapter 5 Configuring Services

Configuring Delivery Services b.

The Service Rule File drop-down list is populated with the Service Rule files that are registered to the CDSM. See the

“Authorization File Registration” section on page 6-15

for information on registering a Service Rule file.

See

Appendix E, “Creating Service Rule Files.”

for information on creating a Service Rule file.

Click Submit .

Assign Multicast Cloud

See the

“Assigning Multicast Clouds to Delivery Services” section on page 5-47 for information on

assigning multicast clouds to a Delivery Service.

Note The Multicast Cloud feature is supported in all releases starting with Release 3.1.1.

SE and Content Acquirer Assignment or Device Group and Content Acquirer Assignment

Step 17 through

Step 20

use the Assign Service Engines option to describe the procedure of assigning the Service Engines to the Delivery Service and selecting one of them as the Content Acquirer. If you have device groups defined, you can use the Assign Device Groups option instead. To assign device groups, follow

Step 17

through

Step 20 and substitute Device Groups for each instance of Service

Engines or SE.

Note Use either Assign Service Engines, or Assign Device Groups to assign Service Engines and select a Content Acquirer.

Step 17 From the left-panel menu, choose Assign Service Engines . The Service Engine Assignment page is displayed (

Figure 5-10 ).

Figure 5-10 Service Engine Assignment Page

5-30

Step 18 Click the Assign icon (blue cross mark) next to the SE that you want to assign to this Delivery Service.

Alternatively, in the task bar, click Assign All Service Engines . The SE assignment states are described in

Figure 5-11

.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 5 Configuring Services

Figure 5-11 SE Assignment State

Configuring Delivery Services

Step 19

Step 20

A green arrow wrapped around the blue cross mark indicates that an SE assignment is ready to be submitted. To unassign an SE, click this icon.

From the Assign Content Acquirer drop-down list in the task bar, choose an SE to be the Content

Acquirer for this Delivery Service.

The list contains all SEs currently assigned to the Delivery Service.

The Primed check box indicates if an SE is primed with a live stream. For more information about priming, see the

“Priming a Live Delivery Service” section on page 5-56

.

Click Submit to save the SE and Content Acquirer assignments.

A green circle with a check mark indicates an SE is assigned to this Delivery Service. To unassign the

SE, click this icon, or click Unassign All Service Engines in the task bar. Click Submit to save the changes.

Note When devices are unassigned from a Delivery Service sometimes the contents are not cleaned up. cdnfs cleanup CLI command is used to remove the stale contents.

Note To view all of the Service Engines assigned to the Delivery Service, in the left-panel menu, click

Service Engine Settings .

Assign IP address

The Multiple Logical IP addresses feature allows the configuration of multiple logical IP addresses for each Gigabit Ethernet interface, port channel, or standby interface on an SE. Each logical IP address can be assigned to a Delivery Service. The same logical IP address can be used for more than one Delivery

Service as long as the delivery services use the same content origin.

These new configured secondary ip addresses should be in the show running-config output command, and the configuration should be restored after reload.

Note Starting with Release 3.3, VDS-IS supports assigning multiple IP addressing different subnets on a port channel. For more information on the new CLI commands, see the Cisco Videoscape Distribution Suite,

Internet Streamer 4.2.1 Command Reference Guide.

The Multiple Logical IP addresses feature supports up to 24 unique IP addresses within the same subnet for the same interface. The netmask is unique per interface, which means for a single interface you cannot have multiple IP addresses with different netmask values. Up to 24 unique IP addresses are supported in the SE to SR keepalive messages.

To configure multiple IP addresses on an interface use the IP address command multiple times in the config-if mode, or use the range keyword option ( IP address range ).

(config-if)# IP address < ip_addr > < subnetmask >

(config-if)# IP address range < lower_ip_addr_range > < upper_ip_addr_range > < subnetmask >

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-31

Chapter 5 Configuring Services

Configuring Delivery Services

To view configured IP address for an interface, use the show interface command or the show running-config command. The IP address assignments for each SE can also be displayed in the CDSM

GUI by viewing the Network Interfaces page ( Devices > Devices > General Settings > Network >

Network Interfaces ).

Note The SNMP trap operations are performed per interface and not per IP address. However, transaction logs include the server IP address.

If a Delivery Service is mapped to a specific IP address, the SR does not perform load balancing to any other IP address. If the Delivery Service is not mapped to an IP address, load balancing is performed.

The CLI is used to assign the multiple IP addresses to each interface on the SE. For information on the interface command, see the Cisco Videoscape Distribution Suite, Internet Streamer 4.2.1 Command

Reference .

The IP address assignments for each SE can be displayed in the CDSM GUI by viewing the Network

Interfaces page ( Devices > Devices > General Settings > Network > Network Interfaces ).

Note Removing an IP address from a Delivery Service interrupts the service. Changing an IP address for a Delivery Service causes all new requests to use the new IP address.

If you use Device Groups for delivery services, assigning IP addresses to the SE interfaces must happen before assigning the device to the device group.

Step 21

Step 22

Step 23

Step 24

Step 25

To assign an IP address of an SE to a Delivery Service, click Assign IP address from the left-panel menu. The Interface IP Entries page displays the SEs assigned to this Delivery Service.

Click the Edit icon next to the SE you that want to assign the IP address. The Modify IP Assignment page is displayed.

In the Address field, enter the IP address for the SE.

In the Ipv6 Address field, enter the IPv6 address for the SE.

If the dual-stack client intent is to use either (IPv4 or IPv6) transports, map both the IPv4 address and

IPv6 address of the Service Engine to the Delivery Service.

Click Submit .

Assign Delivery Service Group

Step 26

Step 27

From the left-panel menu, choose Assign Delivery Service . The Delivery Service Group Assignment page is displayed.

Click the Assign icon (blue cross mark) next to the Delivery Service Group that you want to assign to this Delivery Service. The Delivery Service Group assignment states are described in

Figure 5-12

.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-32

Chapter 5 Configuring Services

Figure 5-12 Delivery Service Group Assignment State

Configuring Delivery Services

Step 28

A green arrow wrapped around the blue cross mark indicates that an SE assignment is ready to be submitted. To unassign an SE, click this icon.

Click Submit to save the Delivery Service Group and Delivery Service assignments.

A green circle with a check mark indicates A Delivery Service Group is assigned to this Delivery

Service. To unassign the Delivery Service Group, click this icon. Click Submit to save the changes.

Step 29

Location Settings

To enable HSS Steaming from NAS, click Location Settings from the left-panel menu. The Location

Settings table is displayed (

Figure 5-13

).

Figure 5-13 Location Settings Table

Step 30

The Location Settings table lists the locations for the SEs associated with the Delivery Service. For more

information about locations, see the “Configuring Locations” section on page 4-1

.

To track ABR and Generic sessions using transaction logs for the custom-format Web Engine transaction logs and the Per Session log, the Generic Session Tracking, the HLS Session Tracking and HSS Session

Tracking must be enabled for the SEs in all locations of each Delivery Service. For more information about ABR Session Tracking and Generic Session Tracking, see the

“Web Engine User Level Session

Transaction Logs” section on page 8-99

.

Enter the settings as appropriate. See

Table 5-13

for a description of the fields.

Table 5-13 Location Settings Fields

Field

Enable HSS Streaming from

NAS

Description

Enables HSS from Network-attached Storage (NAS) devices.

Note Not supported.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-33

Chapter 5 Configuring Services

Configuring Delivery Services

Note The URL Resolve Rule does not work when ABR Session Tracking is enabled.

Service Engine Settings

Step 31

Step 32

Step 33

The Service Engine Settings page displays a list of all service engines, and allows you to configure the delivery setting for a specific SE. If the general settings are available for the Delivery Service, then, by default, the SE is configured with the general settings.

Click the Edit icon next to the SE that you want to change the settings. The Creating new SE Settings page is displayed.

Check the Disable File Caching on Disk check box to not cache any content.

Memory Cache Duration field is configured with an integer value when the Disable File Caching on

Disk is checked. The range is 4 to 60 seconds. The default value is 4 seconds.

Check the Disable kernel cache fill check box to disable kernel layer for caching contents.

On disabling kernel cache fill, HTTP range requests contents will not be cached.

Note The Service Engine specific settings overrides the respective Delivery Service General settings. To bring back to Delivery Service General settings, you have to do the respective changes on each SE in the

Service Engine specific settings.

Step 34 Click Submit .

Content Origins

Content is stored on origin servers. Each Delivery Service is configured with one origin server. The same origin server can be used by multiple live delivery services. However, only one prefetch/caching

Delivery Service is allowed per origin server.

Note When creating a live Delivery Service with the same content origin as a prefetch/caching Delivery

Service, the same set of SEs must be assigned to both; otherwise, the SR may redirect requests to unassigned SEs.

For more information about origin servers, see the “Origin Servers” section on page 2-9 .

Note When VOD (prefetch/caching) and live streaming share the same content origin, and the Service Rules

XML file is configured to validate the signed URL where the domain must match the Service Routing

Domain Name, make sure to create rule patterns for the URL validation to match both the Service

Routing Domain Name and the Origin Server FQDN. Additionally, when the URL is signed, exclude the domain from the signature. See the

“Running a Python URL Signing Script” section on page J-11 for

more information. The URL validation must not include the domain for validation (use the exclude-domain option for the exclude-validate attribute of the Rule_Validate element). See the

“Service Rule File Structure and Syntax” section on page E-4 for more information.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-34

Chapter 5 Configuring Services

Configuring Delivery Services

To create a Content Origin, follow these steps:

Step 1 Choose Services > Service Definition > Content Origins . The Content Origin Table page is displayed

Figure 5-14 .

Figure 5-14 Content Origin Table

Step 2

Step 3

Click the Create New

icon in the task bar. The Content Origin page is displayed ( Figure 5-14

).

To edit a Content Origin, click the Edit icon next to the Content Origin name.

Enter the settings as appropriate. See

Table 5-14

for a description of the fields.

Table 5-14

Field

Name

Origin Server

Content Origin Fields

Description

Unique name of the origin server.

Origin fully qualified domain name (OFQDN) of the origin server or IPv6 or IPv4 address. To support Origin server redirection for IPv6 clients and dual-stack clients, do not use the IP address of the Origin server when configuring the content origin for a Delivery Service; instead, use the domain name associated with the origin server.

Note The string “.se.” cannot be used in the OFQDN.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-35

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-14 Content Origin Fields (continued)

Field

Service Routing

Domain Name

Description

The FQDN used to route client requests. The SE translates the service routing

FQDN (SRFQDN) to the origin server whenever it needs to retrieve content from the origin server.

Note The string “.se.” cannot be used in the SRFQDN.

The service routing domain name configured for the content origin should also be configured in the DNS servers, so that client requests can get redirected to a

Service Router for request mediation and redirection.

The URLs that are published to the users have the service routing domain names as the prefix.

From the NAS Configuration File drop-down list, choose a NAS file. NAS

Configuration File

The NAS Configuration File drop-down list is populated with the NAS files that are registered to the CDSM. See the

“NAS File Registration” section on page 6-16

for information on registering a NAS file.

A NAS file is an XML file that specifies the parameters for the Network Attached

Storage (NAS) device. For information on creating a NAS file, see

Appendix H,

“Creating NAS Files.”

Enable Content

Based Routing

Note NAS is only supported in lab integrations as proof of concept.

Check the Enable Content Based Routing check box to enable content-based routing for this content origin. Content-based routing is enabled by default.

Enable Origin

Server Redirect

Windows Media

Authentication

Type

Note This option requires that content-based routing be enabled on the SR. See the

“Configuring Request Routing Settings” section on page 4-110

.

Enable Origin Server Redirect (which is the default) means the last-resort routing behavior does not change. When Enable Origin Server Redirect is disabled any client request for the Origin server (domain) is never redirected to the

Origin server and receives a 404 “not found” message instead.

For more information about last-resort routing, see the

“Last-Resort Routing” section on page 1-42 . To configure last-resort routing, see the

“Configuring

Last-Resort Routing” section on page 4-130

.

The type of client authentication that is required by the origin server. The options are as follows:

• None

Basic authentication

NTLM authentication

Digest

Negotiate

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-36

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-14

Field

HTTP

Authentication

Type

Comments

Content Origin Fields (continued)

Description

HTTP Authentication provides a way for the Origin server to authenticate HTTP requests by one of the following methods:

Basic Authentication

Challenged Authentication

Choose None to not configure HTTP Authentication. For more information, see the

“Custom HTTP Header Authentication for Origin Server” section on page 5-39 .

Information about the content origin.

Note The string “.se.” cannot be used in the SRFQDN and OFQDN.

Step 4 Click Submit to save the settings.

To delete a Content Origin, from the Content Origin Table page, click the Edit icon next to the Content

Origin that you want to delete, and click the Delete icon in the task bar.

Caution Do not delete a content origin that has a Delivery Service associated to it. First delete the Delivery

Service associated with the content origin, then delete the content origin.

Enabling OS Failover Support for Content Origin

Step 1

Step 2

Step 3

Choose Services > Service Definition > Content Origins . The Content Origin Table page is displayed

(

Figure 5-14 ).

Click the Edit icon next to the Content Origin name. The Content Origin Information page is displayed.

Click Failover Settings (

Figure 5-15

) .

Enter the settings as appropriate. See

Table 5-15 for a

description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-37

Configuring Delivery Services

Figure 5-15 Failover Settings Page

Chapter 5 Configuring Services

5-38

Table 5-15 Failover Settings Fields

Field

Failover Settings for Content Origin

Enable

Failure Alarm Duration

Recovery Alarm Duration

Description

Check the Enable check box to enable OS

Failover support for this content origin. OS

Failover Support is disabled by default.

Determines the duration (in minutes) to retain the failure alarm. The default value is 5 minutes. The range is from 0 to 525600 minutes.

Note When it is set to 0, it means this alarm will not be raised.

Determines the duration (in minutes) to retain the recovery alarm. The default value is 5 minutes.

The range is from 0 to 525600 minutes.

Note When it is set to 0, it means this alarm will not be raised.

Step 4 Click Submit to save the failover settings.

Origin Servers List for Content Origin

Origin Server

Timeout

Retry

FQDN or IPv6 or IPv4 address of the Origin

Server.

Connection timeout of the Origin Server.

The number of retry times when the connection to

Origin Server fails.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 5 Configuring Services

Configuring Delivery Services

Priority

Switch To

The order of Origin Server switching during failover.

Click Switch To to manually switch to the corresponding Origin Server.

Note The Switch To button is enabled only when OS Failover is enabled.

a.

To add a new Origin server for the content origin, click the Create New icon next to the Origin

Servers for the content origin.

b.

Enter the settings as appropriate. See

Table 5-16

for a description of the fields.

Table 5-16 New Origin Server List Fields

Field

Origin Server

Timeout

Retry

Priority

Description

FQDN or IPv6 or IPv4 address of Origin Server.

Connection timeout of the Origin Server. The default value is 5 seconds. The range is from 1 to

255 seconds.

The number of retry times when the connection to

Origin Server fails. The default value is 0. The range is from 0 to 255.

Note When it is set to 0, it means that there are no retries when the connection fails.

The order of Origin Server switching during failover. The default value is 500. The range is from 1 to 1000.

Note Value 1 indicates highest priority and value 1000 indicates lowest priority.

c.

Click Submit to save the settings for new Origin Server.

To edit the Origin Server for Content Origin, click the Edit icon next to the Origin Server Name in the

Failover Settings page and modify the settings.

To delete the Origin Server for Content Origin, click the Edit icon next to the Origin Server Name in the

Failover Settings page, the Origin Server Definition page is displayed. Click the Trash icon in the task bar.

Custom HTTP Header Authentication for Origin Server

Custom HTTP Headier Authentication provides a way for the Origin server to authenticate HTTP requests by the following methods:

Basic HTTP Header Authentication, page 5-40

Challenged HTTP Header Authentication, page 5-40

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-39

Chapter 5 Configuring Services

Configuring Delivery Services

Note If a Manifest file is located on an Origin server that requires custom HTTP header authentication, fetching the Manifest file by using the Specify external manifest file method fails. The Manifest file must be located on a server that does not require custom HTTP header authentication.

Note Custom HTTP Header authentication supports HTTP 302 redirection. But the authentication process could only be used for the first server. It is not supported for the redirected destination server.

5-40

Note If OS failover is enabled, custom HTTP header authentication is not supported for alternate OS.

Basic HTTP Header Authentication

The basic HTTP header authentication method uses a shared key between the Origin server and the

Content Acquirer of the Delivery Service. Each HTTP request to the Origin server includes the shared key in the HTTP header. If Basic Authentication is selected from the HTTP Authentication Type drop-down list, the following fields are displayed:

• HTTP Authentication Header —Name of the HTTP authentication header.

• HTTP Authentication Shared Key — S hared key. The shared key must be at least 16 characters and must be composed of TEXT characters defined in RFC 2616 HTTP/1.1. The range is from 16 to 128 characters.

Challenged HTTP Header Authentication

The challenged HTTP header authentication method uses a shared secret key between the Origin server and the Content Acquirer of the Delivery Service. The authentication message does not display the secret key. The shared secret key uses a random challenge string and cryptographic hash algorithm.

The random challenge string is composed of TEXT characters defined in RFC 2616 HTTP/1.1 and is the same length as the secret key. Following is the process that occurs for the challenged HTTP header authentication method:

1.

2.

3.

A binary XOR between the challenge string and the secret key is created.

The authentication value is created by using the cryptographic hash of the XOR value.

The following authentication headers are added to the HTTP request that is sent to the Origin server:

– Header with challenge string

4.

5.

– Header with authentication value

The hashing algorithm is implemented and the name of the hashing function is included in the HTTP header.

The prefix name (identified as HPFX in this scenario) of the authentication HTTP header is used to construct the following header names:

– Challenge string header—HPFX-CSTR

6.

Authentication value header—HPFX-AUTH

Hashing function header—HPFX-HASH

When the Origin server receives the request, it must follow these steps: a.

Compute a binary XOR between the HPFX-CSTR header value and the secret key configured in the VDS-IS.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 5 Configuring Services

Configuring Delivery Services c.

Grant access if the Origin server computed authentication value and the authentication value header (HPFX-AUTH) match (both are lowercase).

If Challenged Authentication is selected from the HTTP Authentication Type drop-down list, the following fields are displayed:

• b.

Compute the authentication value with the cryptographic hash in the HPFX-HASH header.

HTTP Authentication Header Prefix —Prefix of the HTTP authentication header.

HTTP Authentication Shared Secret Key — S hared secret key. The shared secret key must be at least 16 characters and must be composed of TEXT characters defined in RFC 2616 HTTP/1.1. The range is from 16 to 128 characters.

HTTP Authentication Hashing Function —Hashing algorithm for the shared secret key. Choose

MD5 .

Creating Multicast Clouds

A Multicast Cloud is created by specifying an IP multicast address for advertising the data being transferred, an IP multicast address range for transferring the data, a primary multicast sender SE and an optional backup sender, a set of receiver SEs, and a maximum rate at which to send the data.

Note The Multicast Cloud feature is supported in all releases starting with Release 3.1.1.

Note We highly recommend that you avoid using multicast addresses of the form x.0.0.y (for example,

238.0.0.1). These addresses hash to the same Ethernet address space as 224.0.0.x, which is used frequently by routers and switches for local multicasts. Additional traffic on these addresses adds to the workload of these network elements.

To create a Multicast Cloud, follow these steps:

Step 1

Step 2

Step 3

From the CDSM GUI, c hoose Services > Service Definition > Multicast Clouds . The Multicast Clouds

Table page is displayed.

Click the Create New icon in the task bar. The Multicast Cloud Definition page is displayed.

To edit a Multicast Cloud, click the Edit icon next to the Multicast Cloud name.

Enter the settings as appropriate. See

Table 5-17

for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-41

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-17 Multicast Cloud Fields

Field

Multicast Cloud Information

Description

Name Identifier for the Multicast Cloud. The name must be unique across the system.

Advertisement IP address Unique advertisement address provides all of the SEs in one cloud with the same advertisement address and allows them to communicate multicast session information. The advertisement IP address must conform to these guidelines:

It must be unique across the system.

It must be within the RFC multicast range (224.0.0.0–239.255.255.255).

Port

• It must not be within the start and end range specified by this cloud.

Port used for file addresses. The default port is 7777.

The allowed multicast port range is 1 through 65535. However, the multicast-enabled network may impose certain restrictions on your choice of port. Normally, port numbers below 1024 should be avoided, but the SE does not enforce any restrictions.

Multicast Address Settings

Start IP address The multicast address range is used to provide each Delivery Service associated with it a unique multicast address. When you assign a Multicast Cloud to a Delivery Service, an unused IP address is automatically selected from this range to ensure that the address is used by only one

Delivery Service and by only one Multicast Cloud.

The Start IP address is the start of the IP address range, which must be within the range

224.0.0.0 to 239.255.255.255.

The IP address range must conform to the following:

IP address range cannot overlap with program multicast addresses.

IP address range must contain all multicast addresses used by this cloud with its associated

Delivery Service.

End IP address

Default Multicast-out

Bandwidth

Synchronize Primary and

Backup SE Multicast-out

Bandwidth

Note The IP address range in one Multicast Cloud can overlap that of another Multicast Cloud.

A message alerts you if there is an overlap, but allows the operation. You must choose a multicast IP address that does not conflict internally within the same multicast-enabled network configuration. This multicast IP address is not related to the IP address of the

SE.

End of the IP address range, which must be higher than the start IP address. The end IP address must be within the range 224.0.0.0 to 239.255.255.255.

Maximum multicast rate in kilobits per second (Kbps). This value applies to the sender SE

24 hours a day, 7 days a week. The minimum rate is 10 Kbps.

To customize bandwidth rates for different days, use the Replication Scheduled Bandwidth page.

The settings on the Replication Scheduled Bandwidth page override the Default Multicast-out

Bandwidth field for the period specified in the Replication Scheduled Bandwidth page. For more information, see the “Replication” section of the “Configuring Devices” chapter in the

Cisco Videoscape Distribution Suite, Internet Streamer 4.2.1 Software Configuration Guide .

When checked, Default Multicast-out Bandwidth settings are used by both primary and backup senders, if a backup sender is configured.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-42

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-17 Multicast Cloud Fields (continued)

Field

Backup SE Default

Multicast-out Bandwidth

Default Delivery Service

Multicast-out Bandwidth

Maximum concurrent

Sessions

Advanced Settings

Multicast medium

# of Carousel passes

Description

Maximum multicast rate in kilobits per second (Kbps) for the backup sender. The minimum rate is 10 Kbps.

This value is used when, the bandwidth value is not provided while the Multicast Cloud is assigned to a Delivery Service.

Maximum number of jobs that are scheduled concurrently for the Multicast Cloud.

Means of transmitting the multicast, either Satellite or Terrestrial . The default is Satellite .

Maximum number of times that a multicast sender attempts to send missing content for on-demand carousels. The range is from 1 to 1000000000 (1 billion). The default is 5.

Note If the multicast sender finishes the last carousel on an object at time t and the multicast sender receives a NACK within t + carousel_delay , the multicast sender starts the next carousel of this object at time t + carousel_delay . That is, the multicast carousel is not triggered immediately upon receipt of a NACK if the carousel delay ( Delay between passes field) is greater than zero (0).

TTL

Delay between passes

FEC transmission group

For more information, see the

“Configuring Carousel Passes” section on page 5-44

.

Note If the number of carousel passes configured is used up, the syslog displays a warning message as an alert.

Number of hops (Time to Live [TTL]) a packet travels before it is discarded, regardless of whether or not the packet has reached its destination. The range is from 1 to 255. The default is

255.

Delay, in minutes, between file transmissions. The range is from 0 to 10080 (one week). The default is 0.

Size of the FEC (forward error correction) block in packets. (See RFC 3208 PGM Reliable

Transport Protocol Specification for more information.) The allowable inputs are 2, 4, 8, 16, 32,

64, and 128. The default is 16.

FEC data encoding protects transmissions against errors, without requiring retransmission. The

FEC number denotes the number of packets that is encoded into one FEC transmission group.

When the FEC number goes up, the transmission group becomes larger, so the multicast may be more error-resistant. However, there is more computational overhead and bandwidth usage on the multicast sender and receivers.

For more information, see the

“Multicast Forward Error Correction and Proactive Forward Error

Correction” section on page 2-15

.

FEC proactive parity size The value for the FEC proactive parity size field cannot be greater than the FEC Transmission

Group value. The default is 2.

FEC proactive parity delay The value is represented in milliseconds. The default is 1 millisecond.

PGM Router-assist

Primary-to-backup failover grace period

Specifies whether IP routers are to be used to assist in distribution of content. To enable the IP router alert option for Pragmatic Group Multicasting (PGM) packets, check the PGM

Router-assist check box.

Amount of time (in minutes) allotted for the backup sender to detect whether the primary sender is active. If the backup sender does not hear a heartbeat from the primary sender within this grace period, the backup sender assumes the active role. The range is from 5 to 7200. The default is 30.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-43

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-17

Comments

Multicast Cloud Fields (continued)

Field

Backup-to-primary fallback grace period

Description

Amount of time (in minutes) allotted for the primary sender to detect whether the backup is active. If the backup sender does not respond within this grace period, the primary sender assumes the active role. The range is 5–7200. The default is 30.

Comments about the Multicast Cloud.

Step 4 Click Submit to save the settings.

To delete a Multicast Cloud, click the Edit icon next to the Multicast Cloud that you want to delete, the

Multicast Cloud Definition page is displayed. Click the Trash icon in the task bar.

Configuring Carousel Passes

The number of carousel passes is the maximum number of times a multicast sender can retransmit the multicast for missing files. The primary sender sends the first carousel pass automatically. After the first round, multicast receiver SEs request missing content by sending a negative acknowledgment (NACK) to the sender that identifies the missing content. Late-joining receivers or receivers that missed some content send a NACK to the sender for any files that were not received. The multicast sender sends out the requested content when it receives the NACK from the receiver. After all receiver SEs have received all of the multicast content or the sender has reached the maximum number of carousel passes, whichever comes first, the sender stops transmitting content.

The multicast fixed-carousel enable command enables fixed-carousel sending. By default, the SE uses intelligent carousel sending, which means that the retransmission is guided by feedback from the multicast receivers in the form of NACKs. Fixed-carousel sending causes the content to be sent without depending on any receiver feedback. When this feature is enabled, the SE continuously retransmits the content after waiting the time specified by the sender-delay option. This configuration is allowed only for the primary sender and is not supported on the backup sender.

If the primary sender fails and the backup sender becomes active, the backup sender takes charge of

NACK processing. The backup sender’s carousel passes are always triggered by a NACK. When the maximum number of carousel passes is reached for a file on the current active sender, if the Delivery

Service is configured with the Multicast Unicast , file distribution falls back to unicast. See the

“Multicast Replication” section on page 2-13 .

The Delivery Service can be set to fall back to unicast (Multicast Unicast Option set to Multicast

Unicast ) after the maximum number of carousel passes has been reached. If the administrator wants the

SEs to fall back to unicast (for example, with a multi-tier unicast deployment using a terrestrial multicast medium), the Multicast Cloud should be configured for a low number of carousel passes (such as 1, 2, or 3).

If multicast replication is preferred (for example, with a hub and spoke or star topology deployment using a satellite multicast medium), use a high number of carousel passes, such as 10 or more.

To adjust the pacing of the multicast transmission, you can specify how much time must elapse before missing files are resent (the Delay between passes field on the Multicast Cloud Definition page.

Starting with Release 3.2.2, VDS-IS supports configuring carousel passes at Delivery Service level via

Services > Service Definition > Delivery Services > Assign Multicast Clouds to Delivery Service page in CDSM GUI. The carousel passes configured for each Delivery Service will override the carousel

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-44

Chapter 5 Configuring Services

Configuring Delivery Services passes configured at the global Multicast Cloud level. The number of carousel passes configured for each

Delivery Service level must be greater than 0 and less than or equal to the number of carousel passes configured at the global Multicast Cloud level.

The SE will fall back to unicast transmission if the number of carousel passes configured for a Delivery

Service gets exhausted. Delivery service carousel value will hold same value as global Multicast Cloud carousel value, if carousel value remains unchanged at Delivery Service multicast configuration.

Assigning SEs to a Multicast Cloud

To add SEs to a Multicast Cloud, follow these steps:

Step 1

Step 2

Step 3

Step 4

From the CDSM GUI, c hoose Services > Service Definition > Multicast Clouds . The Multicast Clouds page is displayed.

Click the Edit icon next to the name of the Multicast Cloud that you want to assign sender and receiver

SEs to. The Multicast Cloud Definition page is displayed.

From the left-panel menu, click Assign Service Engines . The Service Engine Assignment page is displayed.

Assign the SEs to the Multicast Cloud by selecting a role (receiver, primary sender, and backup sender)

for each SE. Table 5-18 describes the SE role assignments for a Multicast Cloud.

a.

From the Role drop-down list, choose Primary Sender , click the Assign icon (blue cross mark) next to the SE that is the primary sender for the Multicast Cloud, and click Submit .

b.

The SE states are described in

Figure 5-16

.

From the Role drop-down list, choose Backup Sender , click the Assign icon next to the SE that is the backup sender for the Multicast Cloud, and click Submit .

c.

From the Role drop-down list, choose Receiver , click the Assign icon next to the SE that is a receiver for the Multicast Cloud, and click Submit .

Alternatively, click the Assign all Service Engines icon in the task bar to assign all remaining SEs as multicast receivers to the Multicast Cloud and click Submit .

Note Everytime a primary/backup sender is assigned/deassigned to a cloud, the mcast_sender process restarts to process the new cloud details.

Note The CDSM GUI allows you to assign SEs that are not multicast enabled. However, you must ensure that any SE that you assign to a Multicast Cloud is multicast enabled. (See the

“Enabling

SEs for Multicasting” section on page 4-21 .)

Figure 5-16 SE Assignment State

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-45

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-18

Role Assignment

Primary sender

Backup sender

Receiver

SE Role Assignments for Multicast Clouds

Description

Primary SE that pushes content to a set of SE receivers using multicast. A

Primary sender cannot be the following:

• Backup sender or Receiver for the same cloud.

• Primary sender or Backup sender for a different cloud.

A sender SE cannot be deleted from the network. Before deleting a sender SE, you must choose another SE as the sender for the Multicast Cloud.

Backup sender SE that takes over in the event of failure of the Primary sender. A

Backup sender cannot be the following:

Primary sender or Receiver for the same cloud.

Primary sender or Backup sender for a different cloud.

The Primary and Backup senders of a Multicast Cloud should subscribe to the same set of multicast-enabled delivery services.

SEs that receive content from the Primary sender. Use the following guidelines when adding receiver SEs:

Multicast cloud must have at least one Receiver. To create a functional

Multicast Cloud, you must add at least one receiver SE.

Maximum number of receivers that can be added is the total number of SEs in the system (excluding the sender SE).

Receiver cannot be a receiver in another Multicast Cloud.

Receiver cannot be a sender in the same Multicast Cloud. Only SEs that are not assigned to another Multicast Cloud are displayed in the Service Engine

Assignment page.

Content Acquirer for the Delivery Service cannot be a receiver in the

Multicast Cloud.

Only a fully configured Multicast Cloud (with at least one receiver SE) can be assigned to a Delivery Service to enable multicast capability.

To remove an SE from the Multicast Cloud, click the Unassign icon next to the SE that you want to remove, and click Submit . Alternatively, to remove all receiver SEs, you can click the Remove all

Service Engines icon in the task bar and click Submit . After you click Submit , a blue cross mark appears next to the unassigned SE.

Configuring the Multicast Sender Delay Interval

The multicast sender delay interval is the amount of time before each multicast transmission begins. A period of delay before the actual multicast transmission begins is required to allow content metadata time to propagate to the receiver SEs. Metadata contains the content file and configuration information that is necessary for the successful transmission of content files. The default sender delay interval is 16 minutes. The multicast sender-delay command is used to configure the duration of the delay.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-46

Chapter 5 Configuring Services

Configuring Delivery Services

When configuring the sender delay interval, you must take into account that the content metadata must first be propagated to the receiver before the multicast transmission can commence. During a multicast session, a receiver SE sends out periodic requests for files that it has not yet received. The sender retransmits files only as requested by the receiver SE. A multicast receiver rejects a multicast sender’s advertisement of a file if the associated content metadata has not arrived yet. The sender delay option allows you to configure enough time for the metadata to propagate to the receiver and avoid having the receiver reject the multicast sender’s advertisement of a file.

Note The sender delay interval cannot be configured using the CDSM.

Assigning Multicast Clouds to Delivery Services

Before you can assign a Multicast Cloud to a Delivery Service, the Delivery Service must be multicast-enabled. One Multicast Cloud can be used in multiple Delivery Services, the IP address to use for this Delivery Service is just different for each Delivery Service.

Note When a Multicast Cloud is assigned to a Delivery Service, the SEs that are part of the Multicast Cloud must also be individually assigned to the Delivery Service for multicasting. Assign the Multicast Cloud to the Delivery Service first, then assign the individual SEs to the Delivery Service.

To enable a Delivery Service for multicast and assign a Multicast Cloud to the Delivery Service, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Step 8

Step 9

Choose Services > Service Definition > Delivery Services > Definition . The Delivery Service definition page is displayed.

Enable multicasting on the Delivery Service. From the Unicast Multicast Option field, click either

Multicast only radio button or Multicast Unicast radio button.

Click Submit .

From the left-panel menu, choose Assign Multicast Cloud . The Multicast Cloud table is displayed.

Click the Assign icon in the task bar. The Assign Multicast Cloud page is displayed.

Multicast clouds must first be defined before they can be added to a multicast-enabled Delivery Service.

See the

“Creating Multicast Clouds” section on page 5-41

for more information.

From the Multicast Cloud drop-down list, choose a Multicast Cloud. The page refreshes, showing the

IP address range for that Multicast Cloud and the automatically selected IP address for this Delivery

Service.

In the IP address to use for this Delivery Service field, if the automatically selected IP address is not acceptable, enter any available IP address from the IP multicast address range.

In the Carousel Pass for this Delivery Service field, enter a value greater than 0 and less than or equal to # of Carousel passes configured at

“Creating Multicast Clouds” section on page 5-41

.The default value is # of Carousel passes configured at the Global Multicast Cloud.

From the FEC Transmission Group drop-down list, set the value to the FEC Transmission Group configured at

“Creating Multicast Clouds” section on page 5-41

. The default value is FEC

Transmission Group configured at the Global Multicast Cloud.

Note We recommend that you use the default value for optimum performance.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-47

Chapter 5 Configuring Services

Configuring Delivery Services

Step 10

Step 11

Step 12

Step 13

Step 14

Step 15

In the Max Data Rate Bandwidth for this Delivery Service field, enter a value less than or equal to

Default Multicast-out Bandwidth configured at

“Creating Multicast Clouds” section on page 5-41

.

In the Max Concurrent Sessions for this Delivery Service field, set the value less than or equal to Max

Concurrent Sessions configured at

“Creating Multicast Clouds” section on page 5-41

.

Uncheck the Enable check point transfer for this Delivery Service check box, to configure the FEC proactive parity delay for this Delivery Service. The Enable check point transfer for this Delivery

Service check box is checked by default.

In the FEC proactive parity size for this Delivery Service field, enter a value lesser than the FEC

Transmission Group .

The FEC proactive parity delay for this Delivery Service field value is represented in milliseconds.

Click Submit to save the settings.

To remove a Multicast Cloud from a Delivery Service, click the Edit icon next to the Multicast Cloud that you want to remove. The assigned Multicast Cloud page is displayed. Click the Trash icon in the task bar.

Creating Storage Priority Classes

Assigning a cache storage priority to a Delivery Service enables the CDN operator with multiple tenants to provide preference settings for keeping cached content for a Delivery Service. By default, the Content

Manager deletes cached content based on popularity (an algorithm involving the number of cache hits, the size of the content object, and the decay of the content object). The cache storage priority setting assigned to a Delivery Service influences the content popularity and thereby the content that is evicted.

Each cache storage priority class is identified with a name and has a popularity multiplication factor. The popularity multiplication factor ranges from 0 to 100, where 0 is the lowest priority and 100 is the highest priority. If no cache storage priority classes are defined or assigned to a Delivery Service, the default multiplication factor of 50 is used.

Following are two examples of how the storage priority class is applied:

Content with a storage priority class of 100 that is accessed once has the same priority as content with a storage priority class of 50 that is accessed twice.

Content with a storage priority class of 0 is always the first to be evicted regardless of how many times the content is accessed.

The storage priority class must first be defined before it can be assigned to a Delivery Service. To define a storage priority class and assign it to a Delivery Service, follow these steps:

Step 1

Step 2

Step 3

Choose Services > Service Definition > Storage Priority Classes . The Storage Priority Classes Table is displayed.

In the task bar, click the Create New icon. The Storage Priority Class Definition page is displayed.

To edit a storage priority class, click the Edit icon next to the storage priority class name.

Enter the settings as appropriate. See Table 5-19 for descriptions of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-48

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-19 Storage Priority Class Definition Fields

Field

Class Name

Storage Popularity

Multiplication Factor

Comments

Description

Unique name for the storage priority class.

Factor used to multiply the popularity of the content by. The range is from 0 to 100, where 0 is the lowest priority and 100 is the highest priority. Content with a Storage Popularity Multiplication Factor of 0 is always evicted first, regardless of popularity calculated. The default is 50.

Information about the storage priority class.

Step 4 Click Submit to save the settings.

After creating a storage priority class, you can assign it to a Delivery Service. See the

“Service

Definition” section on page 5-2 .

If the multiplication factor of a priority class is modified, or the Delivery Service priority class assignment changed, the change is only applied to new accesses to the content, none of the existing popularity calculations are affected. The storage priority class multiplication factor corresponding to the content is used with each access from the protocol engine. Each access is multiplied with the multiplication factor when updating the popularity.

A priority class definition cannot be deleted if it is assigned to a Delivery Service. To delete a priority class, first unassign it from all delivery services by changing the setting of the Storage Priority Class , then delete the priority class.

Creating Delivery Service Group

A Delivery Service Group is created to allocate session and bandwidth for a Delivery Service Group. A

Delivery Service Group contains multiple Delivery Services.

Note One Delivery service cannot be assigned to multiple Delivery Service Groups.

A Delivery Service Group configuration consists of the following steps:

1.

Delivery Service Group Definition, page 5-49

2.

Assigning Delivery Service, page 5-50

Delivery Service Group Definition

To create a Delivery Service Group, follow these steps:

Step 1

Step 2

Step 3

From the CDSM GUI, choose Services > Service Definition > Delivery Service Groups . The Delivery

Service Groups Table page is displayed.

Click the Create New icon in the task bar. The Delivery Service Group Definition page is displayed.

To edit a Delivery Service Group, click the Edit icon next to the Delivery Service Group name.

Enter the settings as appropriate. See

Table 5-20

for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-49

Chapter 5 Configuring Services

Configuring Delivery Services

Table 5-20

Field

Name

Session Quota

Session Quota Augment

Buffer

Description

Delivery Service Groups Fields

Bandwidth Quota

Bandwidth Quota Augment

Buffer

Description

Identifier for the Delivery Service Group. The name must be unique across the system.

Maximum number of concurrent sessions allowed for this Delivery

Service Group. The default is zero, which means no session limits are set for this Delivery Service Group.

For more information, see the

“Wholesale CDN” section on page 2-30

.

Buffer, as a percentage, of the maximum number of concurrent sessions allowed over the Session Quota. If this threshold is exceeded, no new sessions are created until the number of concurrent sessions is below this threshold. The range is from 0 to 1000. The default is 10.

For more information, see the

“Wholesale CDN” section on page 2-30

.

Maximum bandwidth allowed for this Delivery Service Group. The default is zero, which means no bandwidth limits are set for this

Delivery Service Group.

For more information, see the

“Wholesale CDN” section on page 2-30

.

Buffer, as a percentage, of the maximum bandwidth allowed over the

Bandwidth Quota. If this threshold is exceeded, no new sessions are created until the bandwidth used is below this threshold. The range is from 0 to 1000. The default is 10.

For more information, see the

“Wholesale CDN” section on page 2-30

.

Information about the Delivery Service Group.

Step 4 Click Submit to save the settings.

To delete a Delivery Service Group, click the Edit icon next to the Delivery Service Group that you want to delete, the Delivery Service Group Definition page is displayed. Click the Trash icon in the task bar.

Assigning Delivery Service

Step 5

Step 6

To assign a Delivery Service to a Delivery Service Group, follow these steps:

Click the Assign icon (blue cross mark) next to each Delivery Service that you want to assign to the

Delivery Service Group. To remove the Delivery Service from the Delivery Service Group, click the

Assign icon again.

To assign all Delivery Services, click the Assign all Delivery Services icon in the task bar. To unassign all Delivery Services, click the Remove all Delivery Services icon in the task bar.

Click Submit to save the settings.

A green arrow wrapped around the blue cross mark indicates that a Delivery Service assignment is ready to be submitted. To unassign a Delivery Service, click this icon.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-50

Chapter 5 Configuring Services

Configuring Programs

Configuring Programs

A program in the VDS-IS is defined as a scheduled live or rebroadcast event that streams content to client devices. The VDS-IS streams live or rebroadcast content by using the Movie Streamer, Windows Media

Streaming, or Flash Media Streaming engine. For more information, see the

“Programs” section on page 2-20

.

To view existing programs, see the

“Viewing Programs” section on page 5-62

.

Each live program can have up to ten different playtimes scheduled. The program is broadcast from all

Service Engines simultaneously.

Flash Media Streaming uses Real Time Media Protocol (RTMP) to stream live content by dynamic proxy. Configuration of live or rebroadcast programs is not required. When the first client requests live streaming content, the stream is created. For more information, see the

“Live Streaming” section on page 1-31

.

Caution If you have configured delivery services for live programs, make sure there are no external proxy servers physically located between your receiver SEs and your Content Acquirer that require proxy authentication. Also, make sure that proxy authentication is not enabled on any receiver SEs that might be in the logical, hierarchical path between the Content Acquirer and the receiver SE that is going to serve the live stream to the requesting clients. If a live stream encounters any device that requires proxy authentication, the stream is dropped before it reaches its destination.

Note All SEs in a Windows Media live Delivery Service must have Real Time Streaming Protocol with TCP

(RTSPT) enabled, because SEs must use the RTSPT protocol to communicate with each other. RTSPT is enabled by default.

Tip For information about verifying a live or rebroadcast program, see

Appendix L, “Verifying the

Videoscape Distribution Suite, Internet Streamer.”

Note The following rules apply to live splitting for Movie Streamer:

1.

2.

For unicast streaming, the client request must be sent by RTSP.

For multicast streaming, the client request must be sent by HTTP.

Multicast Live Stream Interruptions

During a Windows Media live broadcast, any interruption of the live stream that lasts five minutes or longer causes the multicast broadcast to cease for the duration of the currently scheduled period. If the live stream is interrupted for less than five minutes, the broadcast resumes.

Live stream interruptions can be caused by unexpected encoder failures or by an operational restart. If the live stream stops for more than five minutes and resumes later while the program is still scheduled, you can modify the schedule or any other attribute of the program (such as the description) to trigger a restart of the multicast broadcast. Restarting might take up to five minutes under these circumstances.

This does not apply to unicast delivery of a Windows Media live event or to Movie Streamer live programs.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-51

Chapter 5 Configuring Services

Configuring Programs

Defining a Program

To define a live or rebroadcast program, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Step 8

Choose Services > Live Video > Live Programs . The Program Table page is displayed.

Click the Create New icon in the task bar. The Program Definition page is displayed.

To edit an existing program, click the Edit icon next to the program name.

In the Name field, enter a unique name for the program.

From the Type drop-down list, choose a program type.

Check the Auto Deletion check box if you want the program to be automatically deleted 24 hours after it has finished. This option only applies to live programs.

Check the Block per Schedule check box if you want the live program to stop all active streams when the scheduled playtime ends.

In the Description field, enter information about the program.

Click Submit to save the settings.

You have defined the type of program that you want to configure. Proceed to the appropriate section for configuring that type of program:

• To configure Movie Streamer live and Windows Media live programs, see

Configuring Live

Programs, page 5-52 .

• To configure Windows Media rebroadcast and Movie Streamer rebroadcast programs, see the

“Configuring a Rebroadcast” section on page 5-58 .

For information about copying a program, see the

“Copying a Program” section on page 5-64

.

Configuring Live Programs

Once you have defined the program type, you must select a live Delivery Service, configure the streaming, and create a schedule. This procedure takes you through these steps and assumes you have already defined the program (see the

“Defining a Program” section on page 5-52

).

To configure a Movie Streamer live or Windows Media live program, follow these steps:

Step 1

Step 2

After you have chosen a program from the Program Table page, click Select Live Delivery Service . The

Select Live Delivery Service page is displayed listing all of the live delivery services configured.

To set the QoS value for live programs, set the QoS value for the Delivery Service. See the “Service

Definition” section in the

“Creating Delivery Service” section on page 5-1

for more information.

Click the radio button next to the name of the live Delivery Service that you want to associate with the program and click Submit . Alternatively, click the Create New Live Delivery Service icon in the task bar.

If you are creating a new live Delivery Service, the New Live Delivery Service page is displayed.

a.

The Name field is automatically populated with a unique Delivery Service name. If you wish to change the name given by default, enter a unique name for the Delivery Service in this field.

b.

From the Content Origin drop-down list, choose a Content Origin.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-52

Chapter 5 Configuring Services

Configuring Programs

Step 3 c.

Click Submit to save the settings.

SE and Content Acquirer Assignment or Device Group and Content Acquirer Assignment

Step 3 through Step 7 use the Assign Service Engines option to describe the procedure of assigning the

Service Engines to the live program and selecting one of them as the Content Acquirer. If you have device groups defined, you can use the Assign Device Groups option instead. To assign device groups, follow

Step 3

through

Step 7 and substitute Device Groups for each instance of SE.

From the left-panel menu, choose Assign Service Engines . The Service Engine Assignment page is

displayed ( Figure 5-17

).

Figure 5-17 Service Engine Assignment Page

Step 4 Click the Assign icon (blue cross mark) next to the SE that you want to assign to this Delivery Service.

Or, in the task bar, click the Assign All Service Engines icon. The SE assignment states are described in

Figure 5-18

.

Figure 5-18 SE Assignment State

Step 5

Step 6

Step 7

A green arrow wrapped around the blue cross mark indicates an SE assignment is ready to be submitted.

To unassign an SE, click this icon.

From the Assign Content Acquirer drop-down list in the task bar, choose an SE to be the Content

Acquirer for this live Delivery Service.

The list contains all SEs currently assigned to the Delivery Service.

Check the Primed check box for each SE that you want to prime with the live stream. For more information about priming, see the

“Priming a Live Delivery Service” section on page 5-56

.

Click Submit to save the SE and Content Acquirer assignments.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-53

Chapter 5 Configuring Services

Configuring Programs

Step 8

Step 9

A green circle with a check mark indicates an SE is assigned to this Delivery Service. To unassign the

SE, click this icon, or click the Unassign All Service Engines icon in the task bar. Click Submit to save the changes.

From the left-panel menu, choose Live Streaming . The Live Stream Settings page is displayed.

The Live Stream Setting page differs depending on whether you are configuring a Movie Streamer live stream or a Windows Media live stream.

Enter the settings as appropriate. See Table 5-21 for a description of the Windows Media Live Stream

Settings fields, and

Table 5-21 for a description of the Movie Streamer Live Stream Settings fields.

Note The string “ipfwd” cannot be used as the program name or in the URL because ipfwd is a keyword used in the IP-forwarding feature.

Table 5-21 Movie Streamer Live Stream Settings Fields

Field Description

Origin Server SDP File URL The URL for the Session Description Protocol (SDP) file generated on the encoder. From the drop-down list, choose either rtsp or http , and enter the remainder of the URL in the field. The remainder of the URL format is host [:port]/[filename], where the port and filename are optional. For the Darwin Streaming Server encoder, you need to specify the SDP file. For the Digital Rapid encoder, you do not need to specify the SDP file.

Backup SDP URL

When you click Auto Populate , the Incoming Live Streams Settings fields (in the Live Streaming Settings page) are automatically populated based on the Origin Server SDP File URL.

The backup URL for the SDP file. This field is only for RTSP. Add a valid backup URL and click Auto Populate . The Incoming Live Streams

Settings backup fields (in the Live Streaming Settings page) are automatically populated based on the Backup SDP URL.

The Cisco VDS-IS only supports failover between a primary origin server and a backup origin server for a Movie Streamer live program when the backup origin server uses the same codec as the primary.

When you click Auto Populate , the Incoming Live Streams Settings fields (in the Live Streaming Settings page) are automatically populated based on the Backup SDP URL.

Incoming Live Streams Settings

Note Manually enter these fields, if Auto Populate cannot populate it based on the backup SDP URL.

Source Server

Backup Source Server

Receiving IP

The stream source IP address.

The backup stream source IP address.

For RTSP, the Primary Receiving IP is the IP address of the Content

Acquirer acting as the primary receiver. This is always unicast-in.

For HTTP, the Primary Receiving IP is the multicast-in IP address used to broadcast the live stream.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-54

Chapter 5 Configuring Services

Configuring Programs

Table 5-21 Movie Streamer Live Stream Settings Fields (continued)

Field

Backup Receiving IP

Receiving Ports

Description

For RTSP, the Backup Receiving IP is the IP address of the Content

Acquirer acting as the backup receiver. Both the primary and backup

Content Acquirer are located in the root location of the Delivery Service.

For HTTP, the Backup Receiving IP is the multicast-in IP address used to broadcast the live stream.

Receiving Ports are used to define each port related to audio and video streams.

Note When entering values manually ensure that the reserved port numbers are not used for Reserving Ports.

Backup Receiving Ports

Note We recommend to use the 0, 554, and 1935 ports as these are the only ports that enables connectivity to the wowza server that supports RTSP-based movie streamer.

Backup Receiving Ports are used to define each port related to audio and video streams.

Outgoing Live Streams Settings

Unicast URL Reference

Enable Multicast Delivery to

Client

If enabled, the program uses multicast transmission.

If you wish to enable support for Content Acquirer failover, you must check this check box. Content Acquirer failover for a live program works only when the incoming stream is a multicast stream.

Multicast URL Reference

This field is auto-populated with a list of suggested URLs by using the

Origin Server and the Service Routing Domain Name fields associated with the live Delivery Service. Choose one from the drop-down list.

This field is available if the Enable Multicast Delivery to Client check box is checked. The multicast URL reference (Announce URL) has the following format: http://sourceHost_or_FQDN/path/filename.sdp

Multicast TTL

Multicast Address

Multicast Port

This URL uses the Origin Server and the Service Routing Domain Name and points to a meta-file (SDP) that is generated and resides on an external server. Choose one from the drop-down list.

Specify the multicast Time to Live (number of hops). The default is 15 hops.

The multicast address to use for streaming this program using multicast.

The address range is 224.0.0.0 to 239.255.255.255. These values must be unique within the system.

The multicast port to use for streaming this program using multicast.The port number must be even and within the range of 1 to 65535. These values must be unique within the system.

Even numbered ports are for Real-Time Transport Protocol (RTP), and odd numbered ports are for Real-Time Transport Control Protocol

(RTCP).

Step 10 Click Submit to save the settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-55

Chapter 5 Configuring Services

Configuring Programs

Step 11

Step 12

Step 13

From the left-panel menu, choose Schedule . The Schedule page is displayed.

Click the Play Forever radio button to have the program play continuously.

Alternatively, click the Schedule Playtime radio button to schedule up to ten different playtimes. The

Playtime Editor is displayed in the page.

To edit an existing playtime, click the Edit icon next to the Initial Start Time.

To delete an existing playtime, click the Delete icon next to the Initial Start Time.

Enter the settings for the playtime as appropriate. See

Table 5-22

for a description of the fields.

Table 5-22 Playtime Fields

Field

Start Playback on

Description

Start date and time for the program.

UTC or SE (Local) Time Which clock the start time should use, UTC or SE local.

Duration Length of the program. From the drop-down list, choose minutes, hours, or days as the unit of time.

Repeat Frequency The repeat frequency has the following options:

Repeat Forever

Repeat Until

Do Not Repeat—Plays once.

Repeat Every—Repeats every so many days, hours, or minutes.

• Repeat Weekly—Repeats at the same hour on the days you choose.

These fields display when Repeat Every or Repeat Weekly are chosen for

Repeat Frequency.

Repeat Forever repeats the program forever using the repeat frequency set in the previous fields.

Repeat Until repeats the program based on the repeat frequency set in the previous fields and until the date and time specified in this field.

Step 14 Click Submit to save the settings.

Click Add Playtime to add additional playtimes to an existing schedule. The Playtime Editor is displayed in the page.

Priming a Live Delivery Service

The first client requesting a program often experiences the longest wait time for the program to begin playing. Users can experience long wait times because of the full RTSP negotiation that is required to pull the live stream from the source. Delays can also occur if the edge SE has not buffered enough stream data to fill the media player’s buffer at the time the program is requested. For Windows Media streaming, when the buffer is not filled, some data to the client might be sent at the suboptimal line rate instead of at the Fast Start rate.

Delivery services for unicast-managed live programs can be primed for faster start-up times. When a live

Delivery Service is primed, a unicast-out stream is pulled from the origin server to an SE before a client ever requests the stream. When the first request for the stream goes out, the stream is already in the

Delivery Service.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-56

Chapter 5 Configuring Services

Configuring Programs

Note It is not possible to monitor non-primed streams because they are played directly from the origin server.

Primed streams can be monitored because they are buffered on the SE.

Windows Media Streaming Live Streaming Encoder Failover

In normal situations, when a new client request is received (or priming live program is enabled) the

Content Acquirer ingests the content from first encoder in the configured list (for example, rtsp://Encoder_1:port/path/file; rtsp://Encoder_2:port/path/file).

If the first encoder is unreachable, the Content Acquirer considers it has failed and does not attempt to contact it until the timeout period of 300 seconds has expired. The Content Acquirer attempts a connection with the failed encoder every 300 seconds.

The Content Acquirer selects a source encoder in the following way:

1.

If there is an existing session that is using an encoder, then select it as the source; otherwise, select the first one in the configured list of encoders for the requested URL. If the first encoder does not have the requested URL, try the next one in the list, until an encoder with the requested URL is contacted. a.

If the first encoder is unreachable, try the next encoder in the list, and mark the first encoder as bad and start the timeout interval for it.

2.

b.

If the encoder is not marked as bad, then check to see if the encoder has the content with the requested URL.

c.

If the encoder is marked as bad and the timeout interval has been reached, try the encoder. If the timeout interval has not been reached, check the next encoder.

If all of the sources are marked bad and all timeout intervals have not been reached, try the encoder that is closest to reaching the timeout interval.

Note An alarm is raised when an encoder is requested but cannot be reached.

The Content Acquirer supports fail over for several encoders in the following ways:

• If failure occurs during streaming a session, the streaming stops and the Windows Media Player sends another request. The reachable-encoder selection process is started as described above. The streaming session recovers automatically. The user typically only experiences around a 60-second freeze for RTSP URL content.

• “The Content Acquirer continues to ingest from the reachable encoder, even if the failed encoder recovers, for the previous streaming sessions and new incoming client requests. This provides a better end-user experience.

Note Alarms from Content Acquirer are cleared when the specific encoder is reachable again, or when the alarm is manually cleared through the CLI or the CDSM GUI.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-57

Chapter 5 Configuring Services

Configuring Programs

Configuring a Rebroadcast

Once you have defined the program type for a rebroadcast program, you need to select media files, configure the streaming, and create a schedule. This procedure takes you through these steps and assumes you have already defined the program (see the

“Defining a Program” section on page 5-52 ).

Note For rebroadcast programs, media can only be selected from one Delivery Service. The SEs and device groups assigned to the Delivery Service are selected automatically when you choose the media files for the program.

To configure a Movie Streamer rebroadcast or Windows Media rebroadcast program, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

After you have chosen a program from the Program Table page, click Select Media . The Select Media page is displayed.

Choose a Delivery Service from the list by clicking the radio button next to the name of the Delivery

Service and click Show Media in Selected Delivery Service . The Media File Selection pane is displayed.

In the Criteria field, enter the search criteria for the media files that you want to add to the program and click Use Criteria . All the media files that match the search criteria are displayed.

Use an asterisk (*) to match any number of characters, or a question mark (?) to match exactly one character. For example, use “*.mpg” for all files with the suffix “mpg,” and “file?.mpg” to match file1.mpg, file2.mpg, and so on.

To start a new search, click Select Media .

To choose a new Delivery Service to choose files from, click All Delivery Services , choose a Delivery

Service, and click Show Media in Selected Delivery Service .

Check the Pick check box next to each file that you want to rebroadcast and click Add Media . The files are displayed in the Media Files in Program pane.

To select all files, click All . To deselect all files, click None . The file list can span several pages. To see the files from the other pages, click the page number, or from the Row drop-down list, select one of the options.

In the Media Files in Program pane, use the Up arrow and Down arrow next to each file to alter the order of the files. Files are played in the order in which they are listed.

Note The Up arrow and Down arrow are only displayed if the list of media files in the program is sorted by position. If you sort the media files by name or length, the arrows are not displayed.

Note Multiple media files can be selected for Movie Streamer rebroadcasts. Playlist content is seamlessly updated without impacting current rebroadcasting.

Step 6

To remove a media file from the list, check the Pick check box next to the file, and click Remove Media .

To select all files, click All . To deselect all files, click None .

Click Submit to save the settings.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-58

Chapter 5 Configuring Services

Configuring Programs

Note For rebroadcast programs, media can only be selected from one Delivery Service. The SEs assigned to that Delivery Service are selected automatically when you choose the media files for the program. If at a later time you add new SEs to the Delivery Service, you must manually add them to the program.

Step 7

SE Assignment or Device Group Assignment

Step 7 through Step 9 use the Assign Service Engines option to describe the procedure of assigning the

Service Engines to the rebroadcast program. If you have device groups defined, you can use the Assign

Device Groups option instead. To assign device groups, follow

Step 7 through Step 9

and substitute

Device Groups for each instance of SE.

To add new SEs to the rebroadcast program, from the left-panel menu, choose Assign Service Engines .

The Service Engine Assignment page is displayed.

Note SEs must have the same NTP time. Multiple SEs can be assigned for additional redundancy, but all SEs assigned must be in different multicast domains, because all assigned SEs send packets to the same specified multicast address.

Step 8 Click the Assign icon (blue cross mark) next to the SE you that want to assign to this Delivery Service.

Or, in the task bar, click the Assign All Service Engines icon. The SE assignment states are described in

Figure 5-19

.

Figure 5-19 SE Assignment State

Step 9

Step 10

Step 11

A green arrow wrapped around the blue cross mark indicates an SE assignment is ready to be submitted.

To unassign an SE, click this icon.

Click Submit to save the SE assignments.

A green circle with a check mark indicates an SE is assigned to this Delivery Service. To unassign the

SE, click this icon, or click the Unassign All Service Engines icon in the task bar. Click Submit to save the changes.

From the left-panel menu, choose Streaming . The Streaming Settings page is displayed.

Enter the settings as appropriate. See

Table 5-23

for a description of the Windows Media Rebroadcast

Stream Settings fields, and

Table 5-24 for a description of the Movie Streamer Rebroadcast Stream

Settings fields.

Table 5-23 Windows Media Rebroadcast Stream Settings Fields

Field Description

Multicast URL Reference The reference URL for multicast streaming has the following format: http:// SRDN / program-name .nsc.

NSC Reference for

Multicast

The URL for the NSC file used for a server-side playlist as the media source in a multicast program.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-59

Chapter 5 Configuring Services

Configuring Programs

Table 5-23 Windows Media Rebroadcast Stream Settings Fields (continued)

Field Description

Multicast Address and Port The multicast address and port to use for streaming this program using multicast. The address range is 224.0.0.0 to 239.255.255.255.

Multicast TTL

The port number must be even and within the range of 1 to 65535. These values must be unique within the system.

Even numbered ports are for Real-Time Transport Protocol (RTP), and odd numbered ports are for Real-Time Transport Control Protocol

(RTCP).

Specify the multicast Time to Live (number of hops). The default is 15 hops.

Table 5-24 Movie Streamer Rebroadcast Stream Settings Fields

Field Description

Multicast URL Reference

Multicast TTL

The reference URL for multicast streaming has the following format: http:// SRDN / programID .sdp.

Specify the multicast Time to Live (number of hops). The default is 15 hops.

Multicast Address and Port The multicast address and port to use for streaming this program using multicast. The address range is 224.0.0.0 to 239.255.255.255.

The port number must be even and within the range of 1 to 65535. These values must be unique within the system.

Even numbered ports are for Real-Time Transport Protocol (RTP), and odd numbered ports are for Real-Time Transport Control Protocol

(RTCP).

Note Because Movie Streamer rebroadcast files can contain multiple tracks (1 to 3), you can define up to three multicast addresses and ports for each track in the file. Click Add Multicast

Address/Port to add another multicast address.

Step 12

Step 13

Step 14

Step 15

Click Submit to save the settings.

From the left-panel menu, choose Schedule . The Schedule page is displayed.

Click the Loop Back Continuously radio button to have the program play continuously.

Alternatively, click the Schedule Playback radio button to schedule up to ten different playback times.

The Playtime Editor is displayed in the page.

To edit an existing playtime, click the Edit icon next to the Initial Start Time.

To delete an existing playtime, click the Delete icon next to the Initial Start Time.

Enter the settings for the playtime as appropriate. See

Table 5-25

for a description of the fields.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-60

Chapter 5 Configuring Services

Configuring Programs

Table 5-25 Playtime Fields

Field

Start Playback on

Description

The start date and time for the program.

UTC or SE (Local) Time Which clock the start time should use, UTC or SE local.

Duration The length of the program. In the drop-down list, choose minutes, hours, or days as the unit of time.

Playback Options The playback options are the following:

Repeat Frequency

Playback Once and Stop

Loop for number of minutes, hours, or days

The repeat frequency has the following options:

• Do Not Repeat—Plays once.

Repeat Forever

Repeat Until

Repeat Every—Repeats every so many days, hours, or minutes.

Repeat Weekly—Repeats at the same hour on the days you choose.

These fields display when Repeat Every or Repeat Weekly are chosen for

Repeat Frequency.

Repeat Forever repeats the program forever using the repeat frequency set in the previous fields.

Repeat Until repeats the program based on the repeat frequency set in the previous fields and until the date and time specified in this field.

Step 16 Click Submit to save the settings.

Click Add Playtime to add additional playtimes to an existing schedule. The Playtime Editor is displayed in the page.

Viewing the Multicast Addresses

The multicast delivery feature is enabled by setting up a multicast address for a live or rebroadcast program to which different client devices, configured to receive content from the same program, can subscribe. The delivering device sends content to the multicast address set up at the Delivery Service, from which it becomes available to all subscribed receiving devices.

A set of multicast addresses can be specified either in the Program API or by using the CDSM. When a program requires a multicast address, you can specify the multicast address within the stream settings of the program. Addresses are allocated for the life of a program.

To view the multicast addresses used by live programs and rebroadcasts, choose Services > Live Video

> Multicast Addresses . The Multicast Addresses page is displayed.

The list of multicast addresses that have been currently configured for specific programs is displayed in the Multicast Addresses table.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-61

Chapter 5 Configuring Services

Viewing Programs

Viewing Programs

The Programs Table page lists all of the programs defined in your VDS-IS network. Programs can be defined through the CDSM or through an API. For information on adding or editing a program definition, see the

“Defining a Program” section on page 5-52

.

The Programs Table page allows you to view scheduled programs by day, week, month, or year. You can sort and filter programs by name, type, or schedule. You can also preview live programs while they are

playing. See the “Previewing a Program” section on page 5-64

for more information.

Table 5-26 describes the icons for the Programs Table page.

Table 5-26 Programs Table Icons

Icon Function

Creates a new program. See the

“Defining a Program” section on page 5-52

for more information.

Creates a filtered table. Filter the table based on the field values.

Views all table entries. Click this icon to view all entries after you have created a filtered table.

Refreshes the table.

Prints the current page.

Edits a program. See the

“Defining a Program” section on page 5-52

for more information.

Previews a program.

To view all of the programs defined in your VDS-IS network, follow these steps:

Step 1

Step 2

Step 3

Choose Services > Live Video > Live Programs . The Programs Table page displays with a list of all of the programs that have been defined through either the CDSM or the Program API.

Click the Day , Week , Month , or Year tab to view the playback schedules. Scheduled programs are listed by start time (initial start time plus any repeat intervals). Times begin with the current device time

(current system time plus device time zone offset).

The Unscheduled tab displays all unscheduled programs defined in your VDS-IS network. The All tab displays all of the programs defined in your VDS-IS network. The Programs Table page opens to the All view by default.

Sort columns by clicking the column heading. You can also combine filtering conditions. For example, you can filter only Windows Media live programs and then choose the Week tab to view the week of

November 23 to November 29, 2007.

Table 5-27 describes the information that is displayed in this page.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-62

Chapter 5 Configuring Services

Viewing Programs

Table 5-27 Programs Table Page Information

Description Item

Tabs

Day/Week/Month/Year

Unscheduled

All

Program Listing Table

Program

Type

Lists programs based on their schedule.

The current day, week, month, or year is displayed by default. You can navigate to the next or previous day, week, month, or year by clicking the back or forward arrows on either side of the date.

Lists only programs with no schedule defined.

Lists all programs. This is the default view.

Schedule

Program name, which must be unique to the CDSM.

Program type. Program types are:

• Movie Streamer live

Movie Streamer rebroadcast

Windows Media live

• Windows Media rebroadcast

Describes the schedule. Options are:

• None (the program has no schedule)

Loop continuously

Number of playtimes (the number of times that the program is scheduled to be shown)

Start Time—Program start time in a scheduled view (Day, Week,

Month, or Year tab). Lists up to three start times if repeat broadcasts are configured.

Duration—Duration of the program or the looping time in a scheduled view (Day, Week, Month, or Year tab).

Viewing and Modifying API Programs

Programs created through APIs are based on a program file. A program file contains the elements that define the schedule, content, and presentation parameters. It is a text file written in XML format, similar to the Manifest file. The program file contains most of the program settings and resides on an external server. The CDSM gets the program file, parses it, and saves the program file to the database. The program is automatically updated at intervals by the CDSM refetching the program file and re-parsing it. The program file supports RTSP.

In contrast, programs defined using the CDSM are not based on a program file; instead, the settings entered in the CDSM are saved directly to the database.

Programs created using an API can be viewed in the CDSM as read-only, and modifications to API programs can be done through the API. You can also edit the API program using the CDSM; however, if you choose this option, the information about the API program file is deleted and the program can no

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-63

Copying a Program

Chapter 5 Configuring Services longer be modified through the API. A third option is to copy the API program using the CDSM Copy

Program feature. The new copy does not contain the program file information and is treated as a

CDSM-generated program for the purposes of editing. (See the

“Copying a Program” section on page 5-64 .)

You can delete any program from the list (whether created through the CDSM or through an API) in the

Programs Table page.

Previewing a Program

You can preview live programs by live split or by joining a multicast broadcast. Live programs can only be viewed during the scheduled playtime. You can preview a rebroadcast program by joining the multicast broadcast during the scheduled playtime.

To preview a live Movie Streamer or Windows Media program or scheduled rebroadcast, follow these steps:

Step 1

Step 2

Step 3

Choose Services > Live Video > Live Programs . The Programs Table page is displayed.

Click the Day , Week , Month , or Year tab.

Click the Play icon next to the name of a program. A program preview window pops up, displaying the program information with links to view the program.

Note The Play icon only appears while the live program is playing. If a program is not currently playing, you cannot view it.

Step 4 Click the URL reference link for the program. You have the option to choose a multicast or unicast URL reference, if such are defined for the program. A new window with the URL reference opens.

To successfully view the program, you must meet these conditions:

• You must be able to access the client network.

You must have a Windows Media plug-in installed to view Windows Media live programs.

You must have a QuickTime plug-in installed to view Movie Streamer live programs.

Copying a Program

The copy program feature allows you to create a copy of an existing program and then modify a subset of attributes, which eliminates the need to re-enter all of the program settings each time you create programs with similar characteristics.

When you copy a program, a duplicate of the program is created and saved to the database. Any changes that you make to the new copy of the program do not affect the original program and vice versa. Note, however, that if multicast is configured, the multicast address and port cannot be copied. These parameters must be unique across the system. If a program address pool is configured, these parameters can be automatically selected by the system.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-64

Chapter 5 Configuring Services

Copying a Program

To create a copy of an existing program, follow these steps:

Step 1

Step 2

Step 3

Step 4

Choose Services > Live Video > Live Programs . The Programs Table page is displayed.

Click the Edit icon next to the name of the program that you want to copy. The Program Definition page is displayed.

Click the Copy Program icon in the task bar. You are prompted to confirm your decision. Click OK .

The window refreshes, displaying ProgramName_dup in the Name field.

Edit any program information that you want to change. (See the

“Defining a Program” section on page 5-52

.)

Note You cannot change the program type.

Step 5

Step 6

Click Submit to save the settings.

Edit any of the other program properties found in the left-panel menu, such as the program schedule, program, or device assignments.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

5-65

Copying a Program

Chapter 5 Configuring Services

5-66

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Configuring the System

C H A P T E R

6

This chapter provides information on configuring the system parameters of the Cisco Videoscape

Distribution Suite, Internet Streamer (VDS-IS).

Configuring AAA, page 6-1

Changing a Password, page 6-7

Configuring System Settings, page 6-8

Viewing or Downloading XML Schema Files, page 6-26

For information on logs, see the “System Audit Logs” section on page 8-9 . For information on upgrading

the VDS-IS software, see the

“Software Upgrade” section on page 9-1

. For information on the ports used by the VDS-IS, see the

“System Port Numbers” section on page 8-10

.

Configuring AAA

Authentication determines who the user is and whether that user should be allowed access to the network or a particular device. It allows network administrators to bar intruders from their networks. It may use a simple database of users and passwords. It can also use one-time passwords.

Authorization determines what the user is allowed to do. It allows network managers to limit which network services are available to different users.

Accounting tracks what users did and when they did it. It can be used for an audit trail or for billing for connection time or resources used (bytes transferred).

Collectively, authentication, authorization, and accounting are sometimes referred to as AAA. Central management of AAA, that means the information is in a single, centralized, secure database, which is much easier to administer than information distributed across numerous devices.

In the VDS-IS network, login authentication and authorization are used to control user access and configuration rights to the CDSM, SEs, and SRs. There are two levels of login authentication and authorization:

Device

CDSM

In a VDS-IS network, user accounts can be created for access to the CDSM, and independently, for access to the SEs and SRs that are registered to the CDSM.

This section describes login authentication and authorization for the CDSM. For information about

device login authentication and authorization, see the “Login Access Control” section on page 4-55

and the

“Authentication” section on page 4-62 .

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

6-1

Configuring AAA

Chapter 6 Configuring the System

Login authentication is the process by which CDSM verifies whether the person who is attempting to log in has a valid username and password. The person logging in must have a user account registered with the device. User account information serves to authorize the user for login and configuration privileges. The user account information is stored in the AAA database. When the user attempts to log in, the CDSM compares the person’s username, password, and privilege level to the user account information that is stored in the database.

Each user account can be assigned to a role and a domain. A role defines which CDSM configuration pages the user can access and which services the user has authority to configure or modify. A domain defines which entities in the network the user can access and configure or modify. You can assign a user account to zero or more roles, and to zero or more domains.

Creating, Editing, and Deleting Users

Note This section addresses users with administrator-level privileges (admin users) only.

Two default user accounts are preconfigured in the CDSM. The first account, called admin , is assigned the administrator role that allows access to all services and access to all entities in the system. This account cannot be deleted from the system, but it can be modified. Only the username and the role for this account are unchangeable. To change the password for this account, use the username admin password < password > command through the CLI.

The second preconfigured user account is called default . Any user account that is authenticated but has not been registered in the CDSM gets the access rights (role and domains) assigned to the default account. This account is configurable, but it cannot be deleted nor can its username be changed.

When you create a new user account in the CDSM, you have the option to create the user account in the

CLI for the CDSM device at the same time. Using this option to create the new account in the CLI provides the following benefits:

• Users can change their passwords, and the password changes are propagated to a standby CDSM.

If you choose to create the user account from the CDSM without creating the user account in the CDSM

CLI at the same time, the following results apply:

The user account is created in the primary and standby CDSM management databases and in the

CDSM CLI from one central point.

The user account is created in the primary and standby CDSM management databases.

No user account is created in the CDSM CLI, and the user cannot log in to the CDSM until an account is created from the CLI.

Local users cannot change their passwords using the CDSM.

Local users can change their passwords using the CLI; however, the password changes are not propagated from the CLI to the CDSM databases when the CLI user option is enabled in the CDSM.

If a user account has been created from the CLI only, when you log in to the CDSM for the first time, the Centralized Management System (CMS) database automatically creates a user account (with the same username as configured in the CLI) with default authorization and access control. However, to change the password in this scenario, the user account must be explicitly configured from the CDSM with the CLI user option enabled.

6-2

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 6 Configuring the System

To create or edit a user account, follow these steps:

Step 1 Choose System > AAA > Users . The User Table page is displayed.

Table 6-1

describes the icons for the User Table page.

Table 6-1 User Table Icons

Icon Function

Creates a new entry.

Edits an entry.

Creates a filtered table. Filter the table based on the field values.

Configuring AAA

Views all table entries. Click this icon to view all entries after you have created a filtered table.

Refreshes the table.

Prints the current page.

Step 2 Click the Create New icon in the task bar. The User Account page is displayed.

To edit an account, click the Edit icon next to the username.

Note The User Account page can only be accessed by users with administrator-level privileges.

Step 3

Step 4

Step 5

Step 6

In the Username field, enter the user account name. The username must be between 4 and 32 characters in length, and begin with a letter.

The following characters are not permitted in a username: ? . / ; [ ] { } " @ = |.

If you want to create a local user account with a password and privilege level from the CDSM, check the

Create CLI User check box. The user account is created automatically in the CLI. To prevent the creation of a CLI user account from the GUI, leave the check box unchecked.

In the Password field, enter a password for the CLI user account, and re-enter the same password in the

Confirm Password field.

The password strength must be a combination of alphabetic character, at least one number, at least one special character, and at least one uppercase character.

The following characters are not allowed: ?./;[]{}"@=|

From the Privilege Level drop-down list, choose a privilege level for the CLI user account. The choices are 0 (zero) (normal user) or 15 (superuser). The default value is 0.

Note A superuser can use privileged-level EXEC commands, whereas a normal user can use only user-level EXEC commands.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

6-3

Chapter 6 Configuring the System

Configuring AAA

Step 7

Step 8

Step 9

Step 10

In the Username Information area, enter the following information about the user: First Name, Last

Name, Phone Number, Email Address, Job Title, and Department.

In the Comments field, enter any additional information about this account.

Click Submit to save the settings.

From the left-panel menu, choose Role Management . The Role Management Table page is displayed.

Table 6-1 describes the icons for the Role Management page.

Table 6-2 Role Management Icons

Icon Function

Creates a new entry.

Edits an entry.

Creates a filtered table. Filter the table based on the field values.

Views all table entries. Click this icon to view all entries after you have created a filtered table.

Refreshes the table.

Assigns all roles.

Removes all roles.

Views read-only items.

Indicates that the current transaction was successfully completed.

Step 11

Step 12

Step 13

To add roles, see the

“Creating, Editing, and Deleting Roles” section on page 6-5 .

To view the setting for the role, click the View (eyeglasses) icon next to the role.

Click the Assign icon (blue cross mark) next to each role name that you want to assign to the user account. To remove the role from the user account, click the Assign icon again.

To assign all roles, click the Assign all Roles icon in the task bar. To unassign all roles, click the Remove all Roles icon in the task bar.

Click Submit to save the settings.

A green arrow wrapped around the blue cross mark indicates an SE assignment is ready to be submitted.

To unassign an SE, click this icon.

From the left-panel menu, choose Domain Management . The Domain Management Table page is displayed.

To add domains, see the “Creating, Editing, and Deleting Domains” section on page 6-6 .

6-4

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 6 Configuring the System

Configuring AAA

Step 14

Step 15

To view the setting for the domain, click the View (eyeglasses) icon next to the domain.

Click the Assign icon next to each domain name that you want to assign to the user account.

To remove the domain from the user account, click the Assign icon again.

To assign all domains, click the Assign All icon in the task bar. To unassign all domains, click the

Remove All icon in the task bar.

Click Submit to save the settings.

To delete a user, in the User Table page, click the Edit icon next to the username, and from the User

Account page, click the Delete icon in the task bar.

Note Deleting a user account from the CLI does not delete the corresponding account in the CDSM database.

User accounts created in the CDSM should always be deleted from within the CDSM.

Creating, Editing, and Deleting Roles

Although the CDSM provides many types of services, not all users have access to all services. Users are assigned a role, which indicates the services to which they have access. A role is a set of enabled services.

Each user account can be assigned zero or more roles. Roles are not inherited or embedded. The CDSM provides one predefined role, known as the admin role . The admin role has access to all services and all

VDS-IS network entities.

Note The admin user account, by default, is assigned to the role that allows access to all domains and all entities in the system. It is not possible to change the role for this user account.

To create or edit a role, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Choose System > AAA > Roles . The Roles Table page is displayed.

Click the Create New icon in the task bar. The Role page is displayed.

To edit a role, click the Edit icon next to the role name.

In the Name field, enter the name of the role.

To enable read-only access for this role, check the Read-Only check box. Users assigned to this role are only be able to view the CDSM pages. They are not able to make any changes.

To expand a listing of services under a category, click the folder, and then check the check box next to the service or services that you want to enable for this role. To choose all of the services under one category simultaneously, check the check box for the top-level folder.

In the Comments field, enter any comments about this role.

Click Submit to save the settings.

To delete a role, in the Roles Table page, click the Edit icon next to the role name. Once the Role page is displayed, click the Delete icon in the task bar.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

6-5

Chapter 6 Configuring the System

Configuring AAA

Creating, Editing, and Deleting Domains

A domain is a set of VDS-IS network entities or objects that make up the VDS-IS network. Whereas a role defines which services a user can perform in the VDS-IS network, a domain defines the entities to which the user has access. An entity can be a Service Engine, a device group, or a Delivery Service.

These predefined entities are treated like services and can be enabled or disabled when you set up user roles.

When you configure a domain, you can choose to include Service Engines, device groups, or delivery services in the domain.

To create or edit a domain, follow these steps:

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

Step 8

Step 9

Choose System > AAA > Domains . The Domains Table page is displayed.

Click the Create New icon in the task bar. The Domain page is displayed.

To edit a domain, click the Edit icon next to the domain name.

In the Name field, enter the name of the domain.

From the Entity Type drop-down list, choose Service Engines, Device Groups, or Delivery Services.

In the Comments field, enter any comments about this domain.

Click Submit to save the settings. If the entity type you chose has not already been assigned to the domain, then a message is displayed indicating that the entity type has not been assigned.

From the left-panel menu, choose Entity Management . The Entity Management page is displayed.

Click the Assign icon (blue cross mark) next to each entity name that you want to include. A green arrow wrapped around the blue cross mark indicates an entity is assigned.

To assign all entities in the domain, click the Assign All icon in the task bar.

To remove an entity from the domain, click the Assign icon again.

To remove all entities from the domain, click the Remove All icon in the task bar.

Click Submit to save the settings.

To delete a domain, in the Domain Table page click the Edit icon next to the domain name. Once the

Domain page is displayed, click the Delete icon in the task bar.

Creating a Domain Example

The following is an example of the tasks used to create a domain for a non-administrator user to be able to see a playlist view and have rights access to the SE, Delivery Service, and device group assigned to the playlist:

1.

Choose System > AAA > Domains , and create a domain for entity type Delivery Services. Make sure that the Delivery Service the playlist uses is assigned to this domain.

2.

3.

Choose System > AAA > Domains , and create a domain for entity type Service Engine. Make sure that the SE the playlist uses is assigned to this domain.

Choose System > AAA > Domains , and create a domain for entity type Device Group. Make sure that the Device Group the playlist uses is assigned to this domain.

4.

Choose System > Users . Select a user and assign the domains only configured to this user.

The non-administrator user should be able to see the playlist.

6-6

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 6 Configuring the System

Changing a Password

Viewing Locked Users

If you log in as an administrator, you can see a list of locked users along with the type of user and the time. The administrator can also unlock a user account.

To view or unlock a user account, follow these steps:

Step 1

Step 2

Choose System > AAA > Locked users . The Locked Users page is displayed.

Click Unlock hyperlink, to unlock a user account.

Changing a Password

If you log in as a user, you can change your own CDSM and CLI user password if you meet the following requirements:

• Your CLI user account and password were created in the CDSM and not in the CLI.

• You are authorized to access the Password page.

Note If you log in to the CDSM with the built-in username( admin ) and the initial password ( default ), you cannot change the password in the CDSM. However, you can change the password using the

CLI. The password expiry enhancement is not available for users logged in through the built-in username and password.

Caution We do not recommend that you change the CLI user password from the CLI. Any changes to CLI user passwords from the CLI are not updated in the management database and are not propagated to the standby CDSM. Therefore, passwords in the management database do not match a new password configured in the CLI.

The advantage of initially setting passwords from the CDSM is that both the primary and the standby

CDSMs are synchronized, and CDSM users do not have to access the CLI to change their passwords.

To change the CDSM and CLI user password for the user account that is currently logged in to the

CDSM, follow these steps:

Step 1

Step 2

Step 3

Step 4

Choose System > Password . The Password page is displayed.

In the New Password field, enter the changed password.

The following characters are not allowed: ?./;[]{}"@=|

In the Confirm New Password field, re-enter the password for confirmation.

Click Submit to save the settings.

Starting with Release 4.0, the CDSM includes the following enhancements:

• If you log in as a user, the system home page will display the password expiration details.

• The CDSM prompts the user to change the password, if the password expires.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

6-7

Chapter 6 Configuring the System

Configuring System Settings

The following fields must be filled when the CDSM prompts you to change the password:

Username—Name of the user.

Password—User password.

– Confirm Password—Re-enter the user password.

Configuring System Settings

System Properties, page 6-8

Configuring Device Offline Detection, page 6-10

Configuring Distribution QoS, page 6-11

Configuring Service Routing, page 6-12

Authorization File Registration, page 6-15

NAS File Registration, page 6-16

CDN Host File Registration, page 6-17

HTTPS Settings, page 6-18

Configuring the CDSM to Communicate with an External System, page 6-24

System Properties

To modify the system properties, follow these steps:

Step 1

Step 2

Step 3

Choose System > Configuration > System Properties . The System Properties page is displayed.

Click the Edit icon next to the system property that you want to change. The Modify Config Property page is displayed.

For true or false values, choose a setting from the Value drop-down list. For other values, enter a new value. The range is displayed for each numeric value.

Table 6-3 describes the system properties.

Table 6-3 System Properties Fields

Field cdsm.gui.rowCount

cdsm.password.expiry.days

Description

Row count for all pages containing table. The default is 10.

The number of days for password expiry. The default is 0. The range is from 0 to 365.

Note The password will not expire if the value is set to 0.

cdsm.password.warning.days

The number of days for password expiry warning. The default is 30.

The range is from 0 to 100.

Note The password warning message is not displayed if the value is set to 0.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

6-8

Chapter 6 Configuring the System

Configuring System Settings

Table 6-3 System Properties Fields (continued)

Field cdsm.login.attempts.limit

System.repstatus.updateSync

Enabled

Description

The number of failed login attempts allowed. The default is 0. The range is from 0 to 6. cdsm.session.timeout

DeviceGroup.overlap

System.CmsUnsProgram

Sync.Interval

System.datafeed.pollRate

Note The login attempts will not be checked if the value is set to 0.

Length of a Content Distribution Manager session (in minutes). The default is 10. The range is from 5 to 120.

SE feature overlapping (enable or disable).

Interval by which CMS synchronizes program import UNS objects (in minutes). The default is 1440 minutes. The range is from 1 to 43200.

Poll rate between the SE or the SR and the CDSM (in seconds). The default is 300. The range is from 30 to 1800.

System.device.recovery.key

Device identity recovery key. This property enables a device to be replaced by another node in the VDS network.

System.healthmonitor.collect

Rate

Sets the collect and send rate in seconds for the CMS device health (or status) monitor. The default is 120. The range is from 5 to 3600.

System.Icm.enable

System.monitoring.collect

Rate

Local and CDSM feature (enable or disable). This property allows settings that are configured using the local device CLI or the CDSM to be stored as part of the VDS-IS network configuration data.

Rate at which the SE collects and sends the monitoring report to the

CDSM (in seconds). The default is 300 seconds. The range is from 30 to 1800.

System.monitoring.daily

ConsolidationHour

System.monitoring.enable

System.monitoring.monthly

ConsolidationFrequency

System.monitoring.record

LimitDays

Hour at which the CDSM consolidates hourly and daily monitoring records. The default is 1. The range is from 0 to 23.

SE statistics monitoring (enable or disable).

Frequency (in days) with which the CDSM consolidates daily monitoring records into monthly records. The default is 14. The range is from 1 to 30.

Maximum number of days of monitoring data to maintain in the system.

The default is 1825. The range is from 0 to 7300.

System.repstatus.update

Enabled

Replication status periodic calculations on an SE (enable or disable).

System.repstatus.updateRate

Rate of replication status periodic updates calculated on an SE (in minutes). The default is 10. The range is from 5 to 1440.

System.repstatus.updateRate

Sec

Rate of replication status periodic updates calculated on an SE (in seconds). The default is 600 seconds. Setting this rate overrides the update rate set in minutes. The ranges is from 30 to 86400.

Note The rep_status_failed alarm gets triggered if the replication misses three times in a row. You can configure a lower value for the System.repstatus.updateRateSec to have the alarm trigger sooner.

Sending summary replication status with requested detailed status

(enable or disable).

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

6-9

Chapter 6 Configuring the System

Configuring System Settings

Table 6-3 System Properties Fields (continued)

Field

System.security.minPassword

Length

System.security.minUser

NameLength

Description

Minimum number of characters required for a user password. The default is 6. The range is from 6 to 31.

Minimum number of characters required for a user name. The default is 4. The range is from 1 to 32.

Step 4 Click Submit to save the settings.

Configuring Device Offline Detection

Communication between all devices and the CDSM use User Datagram Protocol (UDP), which allows for fast detection of devices that have gone offline. UDP heartbeat packets are sent at a specified interval from each SE to the primary CDSM in a VDS-IS network. The primary CDSM tracks the last time it received a UDP heartbeat packet from each SE. If the CDSM has not received the specified number of

UDP packets, it displays the status of the non-responsive SEs as offline.

Note In VDS-IS networks with heavy traffic, dropped UDP packets can cause the CDSM to incorrectly report the status of SEs as offline. To avoid this problem, configure a higher value for dropped UDP heartbeat packets.

To configure Device Offline Detection, follow these steps:

Step 1 Choose System > Configuration > Device Offline Detection . The Configure Device Offline Detection page is displayed.

Note The Device Offline Detection feature is in effect only when the CDSM receives the first UDP heartbeat packet from an SE. UDP port of the heartbeat on the CDSM must be reachable for all devices; otherwise, the device shows as offline.

Step 2

Step 3

In the Heartbeat Rate field, specify how often, in seconds, the SEs should transmit a UDP heartbeat packet to the CDSM. The default is 10. The range is from 5 to 3600.

In the Heartbeat Fail Count field, specify the number of UDP heartbeat packets that can be dropped during transmission from SEs to the CDSM before an SE is declared offline. The default is 3. The range is from 1 to 100.

Note Decreasing the heartbeat interval (Heartbeat Rate * Heartbeat Fail Count) may take twice the original configured time to take effect. During this time, the online device status is not changed to “Offline” or “Online [Waiting for data feed].”

Step 4 In the Heartbeat UDP Port field, specify the CDSM port number that the SEs use to send UDP heartbeat packets. The default is 2000. The range is from 1000 to 10000.

6-10

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 6 Configuring the System

Configuring System Settings

Step 5

The Maximum Offline Detection Time field displays the product of the failed heartbeat count and heartbeat rate, where:

Maximum Offline Detection Time =Heartbeat Rate * Heartbeat Fail Count

Click Submit to save the settings.

Configuring Distribution QoS

The Distribution QoS settings allow you to configure system-wide QoS priorities for Delivery Service distribution and metadata replication. The Delivery Service distribution priority (low, medium, or high) is set on the definition page for each Delivery Service.

Note When a single URL is associated with more than one Delivery Service, the content is distributed only one time to all of the Service Engines subscribed to each Delivery Service. When different QoS settings are configured for different delivery services that contain the same content, the Delivery Service priority setting determines which QoS settings are applied to the content distribution. The Delivery Service with the higher priority dictates which QoS settings are used.

To configure system-wide QoS settings, follow these steps:

Step 1

Step 2

Step 3

Choose System > Configuration > Distribution QoS . The Distribution QoS page is displayed.

Check the Set QoS for Unicast Data check box to enable system-wide QoS settings for unicast data.

The unicast data refers to the ingest and distribution traffic among SEs.

To set the QoS value for a Delivery Service with low priority, choose a Differentiated Service Code Point

(SCDP) value from the QoS value with low priority drop-down list. Alternatively, enter a decimal value in the corresponding field.

Note See the

“Setting DSCP Values for QoS Packets” section on page 6-12 for more information. You

can override the system-wide settings for unicast data by configuring QoS settings on a per-Delivery Service basis. See the

“Creating Delivery Service” section on page 5-1

for more information.

Step 4

Step 5

Step 6

Step 7

Step 8

To set the QoS value for a Delivery Service with medium priority, choose a DSCP value from the QoS value with medium priority drop-down list. Alternatively, enter a decimal value in the corresponding field.

To set the QoS value for a Delivery Service with high priority, choose a DSCP value from the Q oS value with high priority drop-down list. Alternatively, enter a decimal value in the corresponding field.

Set the QoS value for each priority (low, medium, and high) for a Delivery Service by choosing the

Differentiated Service Code Point (DSCP) value from the QoS value drop-down list or by entering a decimal value in the corresponding field.

Check the Set QoS for metadata check box to enable QoS settings for metadata replication.

Metadata is created based on the Manifest file and is part of the ingest and distribution traffic.

Set the Qo S value for metadata replication by choosing the DSCP value from the QoS value drop-down list or by entering a decimal value in the corresponding field.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

6-11

Chapter 6 Configuring the System

Configuring System Settings

Step 9 Click Submit to save the settings.

Setting DSCP Values for QoS Packets

The VDS-IS allows you to set Differentiated Services Code Point (DSCP) values for Unicast QoS packets. DSCP values define relative priority levels for the packets. You can either choose a DSCP keyword from the drop-down list or enter a value in the corresponding field. (See

Table 6-4 .)

af31 af32 af33 af41 af42 af43 cs1 cs2 af12 af13 af21 af22 af23 cs3 cs4 cs5 cs6 cs7 default ef

Note DSCP marking for Flash Media streaming is configured differently by Service Rule file.

Table 6-4

Keyword af11

DSCP Values

Description and Value

Sets packets with AF11 DSCP (001010).

Note The number in parentheses denotes the DSCP value for each per-hop behavior keyword.

Sets packets with AF12 DSCP (001100).

Sets packets with AF13 DSCP (001110).

Sets packets with AF21 DSCP (010010).

Sets packets with AF22 DSCP (010100).

Sets packets with AF23 DSCP (010110).

Sets packets with AF31 DSCP (011010).

Sets packets with AF32 DSCP (011100).

Sets packets with AF33 DSCP (011110).

Sets packets with AF41 DSCP (100010).

Sets packets with AF42 DSCP (100100).

Sets packets with AF43 DSCP (100110).

Sets packets with CS1 (precedence 1) DSCP (001000).

Sets packets with CS2 (precedence 2) DSCP (010000).

Sets packets with CS3 (precedence 3) DSCP (011000).

Sets packets with CS4 (precedence 4) DSCP (100000).

Sets packets with CS5 (precedence 5) DSCP (101000).

Sets packets with CS6 (precedence 6) DSCP (110000).

Sets packets with CS7 (precedence 7) DSCP (111000).

Sets packets with the default DSCP (000000).

Sets packets with EF DSCP (101110).

Configuring Service Routing

The Service Routing menu options consist of the following:

6-12

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 6 Configuring the System

Configuring System Settings

Coverage Zone File Registration, page 6-13

Configuring Global Routing, page 6-14

Coverage Zone File Registration

A coverage zone can be associated with one or more SEs: each SE can have its own unique coverage zone, or SEs can be associated with more than one coverage zone and have overlapping coverage zones.

For more information about coverage zones, see the

“Coverage Zone File” section on page 1-38

.

See Appendix C, “Creating Coverage Zone Files,”

for information about creating a Coverage Zone file.

The system administrator places a Coverage Zone file where the CDSM or individual devices can access the URL. The administrator then registers the Coverage Zone file URL in the CDSM. Coverage Zone files can be applied globally to the entire VDS-IS network, or locally to a specific SR. If a Coverage

Zone file is made global, then it is read and parsed by each SR that does not have a Coverage Zone file assigned. If the coverage zone is specified in an individual SR configuration, it is only applied to that particular SR.

You have the choice of using two types of coverage zones:

• Default coverage zones

• User-defined coverage zones

A default coverage zone consists of all of the SEs that reside in the same local network segment, or subnet. The CDSM provides a check box to specify whether the default coverage zone is to be used.

A user-defined coverage zone consists of all of the SEs that are specified in a Coverage Zone file. This file defines the network segments to be covered in the routing process. The Coverage Zone file is registered with the CDSM and then applied to an SR for routing definitions.

To apply a custom coverage zone to an SR, you first need to register a Coverage Zone file URL in the

CDSM. After you have registered the Coverage Zone file URL with the CDSM, you can apply the

Coverage Zone file in one of two ways:

Globally—Deploy the Coverage Zone file across the entire VDS-IS network

Locally—Deploy the Coverage Zone file on a specific SR

Note If you apply a Coverage Zone file locally for a device, this file overwrites the global Coverage Zone file for that device.

To register a Coverage Zone file, follow these steps:

Step 1

Step 2

Step 3

C hoose System > Configuration > Service Routing > Coverage Zone File Registration . The

Coverage Zone File Table page is displayed.

Click the Create New icon in the task bar. The Registering Coverage Zone File page is displayed.

To edit a Coverage Zone file registration, click the Edit icon next to the registration that you want to edit.

Choose a file import method from the File Import Method drop-down list:

• Upload —The upload method allows you to upload a Coverage Zone file from any location that is accessible from your PC by using the browse feature.

• Import —The import method allows you to import the Coverage Zone file from an external HTTP,

HTTPS, or FTP server.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

6-13

Chapter 6 Configuring the System

Configuring System Settings

Step 4

When you choose a method, the page refreshes and displays the configuration fields that are associated with the method that you chose.

Enter the fields as appropriate.

Table 6-5 describes the upload method fields. Table 6-6

describes the import method fields.

Table 6-5 Upload Method for Coverage Zone Files

Property

Coverage Zone File Upload

Destination Filename

Description

Local directory path to the Coverage Zone file. To locate the file, click Browse . Click Validate to validate the Coverage

Zone file.

Name of the Coverage Zone file. This field is filled in automatically with the filename from the local directory path.

Table 6-6

Destination File Name

Update Interval (minutes)

Username

Password

Import Method for Coverage Zone Files

Property

Coverage Zone File URL

Description

The URL where the Coverage Zone file is located, including path and filename. Click Validate to validate the Coverage

Zone file.

Name of the Coverage Zone file.

Frequency with which the CDSM looks for changes to the

Coverage Zone file. The default value is 10 minutes.

Name of the user to be authenticated when fetching the

Coverage Zone file.

User password for fetching the Coverage Zone file.

Step 5 To save the settings, click Submit .

Configuring Global Routing

After you have registered the Coverage Zone file, you can use this file as your global routing configuration.

To set a global Coverage Zone file, follow these steps:

Step 1

Step 2

Step 3

Step 4

Choose System > Configuration > Service Routing > Global Routing Config . The Set Global

Coverage Zone File page is displayed.

From the Coverage Zone File drop-down list, choose a Coverage Zone file.

In the DNS TTL field, configure the time period (in seconds) for caching DNS replies. Enter a number from 0 to 300. The default is 60 seconds.

Click Submit to save settings.

6-14

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 6 Configuring the System

Configuring System Settings

To apply a Coverage Zone file to an individual SR for local coverage zone configuration, see the

“Configuring the Service Router” section on page 4-106 .

Authorization File Registration

The Authorization File Registration page is used to register a Service Rule file to the VDS-IS. A Service

Rule file is associated with one or more delivery services. Each Delivery Service can have its own unique

Service Rule file or multiple delivery services can have the same Service Rule file.

A Service Rule must be selected for a Delivery Service. For more information about Service Rule files, see

Appendix E, “Creating Service Rule Files.”

To select a Service Rule file for a Delivery Service, you first need to register the Service Rule file in the CDSM.

To register a Service Rule file, follow these steps:

Step 1

Step 2

Step 3

Step 4

Choose System > Configuration > Authorization File Registration . The Authorization Plugin Files

Table page is displayed.

Click the Create New icon in the task bar. The Registering Service Rule File page is displayed.

To edit a Service Rule file registration, click the Edit icon next to the registration that you want to edit.

Choose a file import method from the File Import Method drop-down list:

Import —The import method allows you to import an XML file from an external HTTP, HTTPS, or

FTP server.

Upload —The upload method allows you to upload an XML file from any location that is accessible from your PC by using the browse feature.

When you choose a method, the page refreshes and displays the configuration fields that are associated with the method that you chose.

Enter the fields as appropriate.

Table 6-5

describes the upload method fields.

Table 6-6 describes the

import method fields.

Table 6-7 Upload Method for XML Files

Property

File Type

Source File Upload

Destination Filename

Description

From the File Type drop-down list, choose Rule File .

Local directory path to the file. To locate the file, click Browse .

Click Validate to validate the XML file.

Name of the file. This field is filled in automatically with the filename from the local directory path.

Table 6-8

Property

File Type

File URL

Import Method for XML Files

Destination File Name

Description

From the File Type drop-down list, choose Rule File .

The URL where the file is located, including path and filename.

Click Validate to validate the XML file.

Name of the file.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

6-15

Chapter 6 Configuring the System

Configuring System Settings

Table 6-8

Username

Password

Import Method for XML Files

Property

Update Interval (minutes)

Description

Frequency with which the CDSM looks for changes to the file.

The default value is 10 minutes.

Name of the user to be authenticated when fetching the file.

User password for fetching the file.

Step 5 To save the settings, click Submit .

NAS File Registration

A NAS file is associated with the SEs in the root location of a Delivery Service. One SE in the root location of a Delivery Service acts as the Content Acquirer. The NAS file is associated with the Delivery

Service by assigning the file to the content origin. Each content origin can have its own unique NAS file or multiple content origins can have the same NAS file.

Note NAS is only supported in lab integrations as proof of concept.

For information about assigning a NAS file to a content origin, see the

“Content Origins” section on page 5-34 . For information about creating a NAS file, see

Appendix H, “Creating NAS Files.”

To assign a NAS file to a content origin, you first need to register the file in the CDSM.

To register a NAS file, follow these steps:

Step 1

Step 2

Step 3

Choose System > Configuration > NAS File Registration . The NAS File Table page is displayed.

Click the Create New icon in the task bar. The File Registration page is displayed.

To edit a NAS file registration, click the Edit icon next to the registration that you want to edit.

Choose a file import method from the File Import Method drop-down list:

• Upload —The upload method allows you to upload a NAS file from any location that is accessible from your PC by using the browse feature.

• Import —The import method allows you to import a NAS file from an external HTTP, HTTPS, or

FTP server.

When you choose a method, the page refreshes and displays the configuration fields that are associated with the method that you chose.

6-16

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 6 Configuring the System

Configuring System Settings

Step 4 Enter the fields as appropriate.

Table 6-5

describes the upload method fields.

Table 6-6 describes the

import method fields.

Table 6-9 Upload Method for XML Files

Property

Source File Upload

Destination Filename

Description

Local directory path to the file. To locate the file, click Browse .

Click Validate to validate the XML file.

Name of the file. This field is filled in automatically with the filename from the local directory path.

Table 6-10

Property

File URL

Username

Password

Import Method for XML Files

Destination File Name

Update Interval (minutes)

Description

The URL where the file is located, including path and filename.

Click Validate to validate the XML file.

Name of the file.

Frequency with which the CDSM looks for changes to the file.

The default value is 10 minutes.

Name of the user to be authenticated when fetching the file.

User password for fetching the file.

Step 5 To save the settings, click Submit .

CDN Host File Registration

CDN Host file is introduced to support the usage of Single Origin Server across delivery services without contacting the external DNS Server.

For information about creating a CDN Host file, see

Appendix I, “Creating CDN Host Files.”

To register a CDN Host file, follow these steps:

Step 1

Step 2

Choose System > Configuration > CDN Host File Registration . The CDN Host File Table page is displayed.

Click the Create New icon in the task bar. The File Registration page appears.

To edit a CDN Host file registration, click the Edit icon or click create New icon .

Note A registered CDN host file is globally attached to all the Service Engines that are registered in the CDN.

Step 3 Choose a file import method from the File Import Method drop-down list:

• Upload —The upload method allows you to upload a CDN Host file from any location that is accessible from your PC by using the browse feature.

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

6-17

Chapter 6 Configuring the System

Configuring System Settings

Step 4

• Import —The import method allows you to import a CDN Host file from an external HTTP, HTTPS, or FTP server.

When you choose a method, the page refreshes and displays the configuration fields that are associated with the method that you chose.

Enter the fields as appropriate.

Table 6-11

describes the upload method fields.

Table 6-12

describes the import method fields.

Table 6-11 Upload Method for Txt Files

Property

Source File Upload

Destination Filename

Description

Local directory path to the file. To locate the file, click Browse .

Click Validate to validate the Txt file.

Name of the file. This field is filled in automatically with the filename from the local directory path.

Table 6-12

Property

File URL

Import Method for Txt Files

Destination File Name

Description

The URL where the file is located, including path and filename.

Click Validate to validate the Txt file.

Name of the file.This field is filled in automatically with the filename from the local directory path.

Step 5 To save the settings, click Submit .

HTTPS Settings

Certificate Authority’s (CA’s) root certificates are expected to be available to all clients initiating HTTPS communication; most browsers are installed with well-known CA root certificates. Trusted CA certificates are expected to be provided for the purpose of Origin server and Client certification validation.

Note A single subject alternative name (SAN) certificate is installed for all delivery services in the VDS-IS.

For more information about HTTPS Settings and how to configure it, see the

“HTTPS Settings” section on page 2-25

.

Uploading certificate and key files consists of the following pages:

Root CA File Registration —Upload or import the certificates for the Origin servers participating in HTTPS

CRL File Registration —Upload the CRL certificates for the Service Engine participating in

HTTPS

• CRL File Scheduling —Schedule CRL file notification to the Web Engine on each SE that is participating in an HTTPS Delivery Service

6-18

Cisco Videoscape Distribution Suite, Internet Streamer 4.4.1 Software Configuration Guide

Chapter 6 Configuring the System

Configuring System Settings

• HTTPS Certification Files Registration —Upload client certificate and key file for all SEs

• HTTPS Certification File Scheduling —Schedule client certificate and key file notification to the

Web Engine on each SE that is participating in an HTTPS Delivery Service

The procedures involved in uploading certificate and key files consist of the following:

Configuring HTTPS General Settings

Uploading or Importing a Root CA FileUploading a CRL FileScheduling a CRL File

Uploading Certificate and Key Files

Scheduling Web Engine Notification of Certificate and Key Files

Configuring HTTPS General Settings

Starting with Release 3.3, The CDSM GUI offers the ability to enable HTTPS or HTTP for streaming to clients as well as ingesting from the Origin server for each Delivery Service.

To configure the HTTPS settings, follow these steps:

Step 1

Step 2

Choose System > Configuration > HTTPS Settings > General Settings . The HTTPS General Settings is page displayed.

Enter the settings as appropriate. See

Table 6-13

for a description of the fields.

Table 6-13 General Setting Fields

Field

Delivery Streaming Mutual Authentication

Delivery Streaming Supported Cipher List

Description

Check the Delivery Streaming Mutual

Authentication check box to enable delivery streaming mutual authentication for the individual

Delivery Service. The default is unchecked.

Input the Cipher list. The default is empty.

When the Web Engine is acting as an HTTPS server, the Delivery Streaming Supported

Cipher List is used to negotiate and accept

HTTPS connections from the client player.

Note When it is empty, the backend will use the default string.

Step 3

Step 4

Click Validate , to verify if the cipher list is valid.

Click Submit to save the settings.

Cisco Videoscape Distribution Suite