<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Lucida Grande";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EstiloCorreo19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="ES-AR" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Can you take packet captures from both sides (affected cluster and PLM) at the same time?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">That would make clear if packets are modified along the way.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">I would check the firewall first, if it is dropping packets failing inspection, for example. Had a similar problem a couple of Weeks ago. A PaloAlto firewall dropping UDP traffic.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US">Ariel.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="ES">De:</span></b><span lang="ES"> cisco-voip <cisco-voip-bounces@puck.nether.net>
<b>En nombre de </b>Ryan Ratliff (rratliff) via cisco-voip<br>
<b>Enviado el:</b> viernes, 21 de diciembre de 2018 16:00<br>
<b>Para:</b> Brian Meade <bmeade90@vt.edu><br>
<b>CC:</b> cisco-voip (cisco-voip@puck.nether.net) <cisco-voip@puck.nether.net><br>
<b>Asunto:</b> Re: [cisco-voip] CallManager and PLM 11.5.1 ports (firewall issues)<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’d second the MTU problem, especially if frame 13 in the capture (the 1514 one) has DF set.
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Assuming this was taken at the remote CUCM, the retransmitted packets at the bottom are all 1514 bytes, so it’s very likely whatever frame 13 was never received by PLM. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Lucida Grande",serif;color:black"> - Ryan Ratliff<o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">On Dec 21, 2018, at 1:51 PM, Brian Meade <<a href="mailto:bmeade90@vt.edu">bmeade90@vt.edu</a>> wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">One thing to start looking at would be why the TLS Client Hello from PLM is showing as malformed. There's some large packets in there as well (1482 and 1514). I'd bet you've got an MTU issue somewhere on the path.
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Was the capture taken from the CUCM side? I would bet it does since it's sending 1514 byte packets and those are the ones you're not getting Acks from PLM on.<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Fri, Dec 21, 2018 at 12:17 PM Anthony Holloway <<a href="mailto:avholloway%2Bcisco-voip@gmail.com">avholloway+cisco-voip@gmail.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal">To echo what Brian is saying with his question: 443 is a server listening port (HTTPS), and therefore, the port on PLM talking to it, is an ephemeral client port, or random port, and wouldn't be documented anywhere.
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">This is similar to the whole UAS/UAC discussion with SIP and 5060.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Take this Outbound call for example, where my CUBE (UAS) is talking SIP with CUCM (UAC) (10.10.10.10) on CUCM's port 50124<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">PeerAddress=+16125551212</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">PeerId=2100</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New";background:#FFF2CC">RemoteSignallingIPAddress=10.10.10.10</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New";background:#FFF2CC">RemoteSignallingPort=50124</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">RemoteMediaIPAddress=10.20.20.20</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">RemoteMediaPort=28326</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">tx_DtmfRelay=rtp-nte</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">VAD = disabled</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">CoderTypeRate=g711ulaw</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">And then this Inbound call example, where my CUBE (UAC) is talking SIP with CUCM (UAS) (10.10.10.10) on CUCM's port 5060<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">PeerAddress=+16215551212</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">PeerId=2200</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New";background:#FFF2CC">RemoteSignallingIPAddress=10.10.10.10</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New";background:#FFF2CC">RemoteSignallingPort=5060</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">RemoteMediaIPAddress=10.20.20.20</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">RemoteMediaPort=28524</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">tx_DtmfRelay=rtp-nte</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">VAD = disabled</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">CoderTypeRate=g711ulaw</span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><i>PS I get that output from the following command on CUBE: show call active voice | in PeerAddr|PeerId|RemoteS|RemoteM|Dtmf|Coder|VAD</i><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Put that in an alias command, and you're a few short keystrokes away from some sexy data.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Now, back to the TCP re-transmissions, this is most likely a lower layer issue, and not a problem with PLM/CUCM.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">A quick google search resulted in this article, which I found well written, but does go deep, with links to other articles which take you even deeper:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><a href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.netcraftsmen.com%2Fapplication-analysis-using-tcp-retransmissions-part-1%2F&data=02%7C01%7Cariel.roza%40la.logicalis.com%7Cdded756273f244d66fbb08d66776cc2d%7C2e3290cb8d404058abe502c4f58b87e3%7C0%7C0%7C636810157277759903&sdata=Gt%2FS3mwNmmn5wmVwXpnZOBW6OHAGwmlOymnBCTBlTyA%3D&reserved=0" target="_blank">https://www.netcraftsmen.com/application-analysis-using-tcp-retransmissions-part-1/</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Since you have the same PLM talking to multiple CUCM clusters, and only a problem with one cluster (or so it sounded like), I'd wager this problem is not with the PLM side, but is probably on the network path where it begins to be unique
for this CUCM cluster in question, to include the CUCM cluster (or more specifically, the Publisher) itself.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">As for logs, I'd imagine it wont show you anything more valuable than your packet capture; that's probably pretty telling.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Good luck. I'm curious to see how this turns out.<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Fri, Dec 21, 2018 at 10:08 AM Brian Meade <<a href="mailto:bmeade90@vt.edu" target="_blank">bmeade90@vt.edu</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<p class="MsoNormal">Are you sure the destination port is 56648 and it's not the source port in that handshake?<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Fri, Dec 21, 2018 at 10:51 AM Jason Aarons (Americas) <<a href="mailto:jason.aarons@dimensiondata.com" target="_blank">jason.aarons@dimensiondata.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Have a centralized Prime License Manager (PLM) for several clusters. One cluster the Product Instance shows “Unknown error”. We have firewalls between PLM
and clusters.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">I hit Test Connection in PLM and see traffic from source PLM coming in to remote cluster on TCP/443 and then I see traffic back source TCP/443 to destination
TCP/56648 and then lots of TCP retransmissions. The GUI in PLM says “Test Connection Failed.The cause of the error is unknown. Check the Cisco Prime License Manager log for details.”<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">I can’t find in the Port Usage guide where TCP/56648 is documented? What log file do I look at via RTMT on PLM?<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"><image001.png><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Jason Aarons, CCIEx2 No. 38564<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Advanced Technology Consultant<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Dimension Data<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">904-338-3245<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US"> <o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US"><br>
<br>
This email and all contents are subject to the following disclaimer:<br>
<a href="https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.dimensiondata.com%2FGlobal%2FPolicies%2FPages%2FEmail-Disclaimer.aspx&data=02%7C01%7Cariel.roza%40la.logicalis.com%7Cdded756273f244d66fbb08d66776cc2d%7C2e3290cb8d404058abe502c4f58b87e3%7C0%7C0%7C636810157277759903&sdata=j80J8GkFmUwt0D16%2BnZkR2AjjY9WnFUrdJNrpYlIQ2Y%3D&reserved=0" target="_blank">"http://www.dimensiondata.com/emaildisclaimer"</a>
<o:p></o:p></span></p>
</div>
<p class="MsoNormal">_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7Cariel.roza%40la.logicalis.com%7Cdded756273f244d66fbb08d66776cc2d%7C2e3290cb8d404058abe502c4f58b87e3%7C0%7C0%7C636810157277759903&sdata=mhruNoTPuFpzegHNHbqbxG9FxGKZSfwvjNtY5l4%2BUGo%3D&reserved=0" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></p>
</blockquote>
</div>
<p class="MsoNormal">_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7Cariel.roza%40la.logicalis.com%7Cdded756273f244d66fbb08d66776cc2d%7C2e3290cb8d404058abe502c4f58b87e3%7C0%7C0%7C636810157277759903&sdata=mhruNoTPuFpzegHNHbqbxG9FxGKZSfwvjNtY5l4%2BUGo%3D&reserved=0" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></p>
</blockquote>
</div>
</blockquote>
</div>
<p class="MsoNormal">_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>