IPsec parameters
Digi TransPort User Guide 415
Use IPSec Egroups with an SQL database
When IPSec Egroups are used with a SQL database for dynamic Eroute configuration, there are
CLI commands that will help with configuration and troubleshooting on the router.
Local Database commands
As well as using an external SQL database, the router can cache the SQL table entries it learns
from the SQL server in RAM so if the SQL server goes offline for any reason, the database entries
are still available to renew existing IPSec SAs.
To configure the caching options the command used is
sql 0 <parameter> <value>.
The following parameters are available to configure the caching of database entries:
dbsrvmem <n>
This parameter is used to specify the amount of memory (RAM) the MySQL server cache
should use. Where <n> is specified in multiples of 1k, such as 10Mb=10240
To calculate the amount of memory to specify in this parameter:
• Note the size of the database file (.csv) that will be loaded into the router memory.
• Double this value and add 100Kb, for example, if the csv file is 200Kb, this would
make a value of 500Kb for the memory allocation. Use the command sql 0
dbsrvmem 500.
• Load the database file into memory and check the memory allocated and free using the
smem command. This will show the memory allocated and left available. Increase the
memory in the dbsrvmem command if required.
dbfile <name>
This is the name of the .csv file that the router will use to store the table definitions (1st line)
and data records. This file is stored in flash and is used to populate the database stored in
RAM on power up or when a new file matching this name has just been stored. The dbfile can
be populated with records or be empty except for the definitions line. The dbfile stored in RAM
will be populated from both the dbfile stored in flash and (if configured) via caching items
learned from the main SQL server. The dbfile in flash can then be updated from the dbfile in
RAM and saved.
dbname <name>
This is the name of the backup database in case the main database goes offline. This name
needs to match the database name in use on the SQL server.
learn <off|on>
When enabled, the router will cache entries learned via the main SQL database in a file stored
in RAM. This can be used as a backup in the event of the main SQL database going offline. To
use learning mode, at least one column in the .csv dbfile must be marked as a unique key,
with the U prefix.
For example, remip is marked as the unique key:
peerip[IP],bakpeerid[IP],peerid[K20],password[20],ourid[20],remip[UKIP],remmsk[IP]
To Next Page
Loading...
