Network Utilities
This section provides information about how to use the network utility tools:
-
Ping: allows you to check that a particular host system is contactable from the Expressway and that your network is correctly configured to reach it.
-
Traceroute: allows you to discover the details of the route taken by a network packet sent from the Expressway to a particular destination host system.
-
Tracepath: allows you to discover the path taken by a network packet sent from the Expressway to a particular destination host system.
-
DNS lookup: allows you to check which domain name server (DNS server) is responding to a request for a particular hostname.
-
SRV connectivity test: allows you to check DNS for specific service records, and verify connectivity to the returned hosts.
Ping
The Ping tool ( ) can be used to assist in troubleshooting system issues.
It allows you to check that a particular host system is contactable and that your network is correctly configured to reach it. It reports details of the time taken for a message to be sent from the Expressway to the destination host system.
To use this tool:
-
In the Host field, enter the IP address or hostname of the host system you want to try to contact.
-
Click Ping.
A new section will appear showing the results of the contact attempt. If successful, it will display the following information:
Host |
The hostname and IP address returned by the host system that was queried. |
Response time (ms) |
The time taken (in ms) for the request to be sent from the Expressway to the host system and back again. |
Traceroute
The Traceroute tool ( ) can be used to assist in troubleshooting system issues.
It allows you to discover the route taken by a network packet sent from the Expressway to a particular destination host system. It reports the details of each node along the path, and the time taken for each node to respond to the request.
To use this tool:
-
In the Host field, enter the IP address or hostname of the host system to which you want to trace the path.
-
Click Traceroute.
A new section will appear with a banner stating the results of the trace, and showing the following information for each node in the path:
TTL |
(Time to Live). This is the hop count of the request, showing the sequential number of the node. |
Response |
This shows the IP address of the node, and the time taken (in ms) to respond to each packet received from the Expressway. *** indicates that the node did not respond to the request. |
The route taken between the Expressway and a particular host may vary for each traceroute request.
Tracepath
The Tracepath tool ( ) can be used to assist in troubleshooting system issues.
It allows you to discover the route taken by a network packet sent from the Expressway to a particular destination host system.
To use this tool:
-
In the Host field, enter the IP address or hostname of the host system to which you want to trace the route.
-
Click Tracepath.
A new section will appear with a banner stating the results of the trace, and showing the details of each node along the path, the time taken for each node to respond to the request, and the maximum transmission units (MTU).
The route taken between the Expressway and a particular host may vary for each tracepath request.
DNS Lookup
The DNS lookup tool ( ) can be used to assist in troubleshooting system issues.
It allows you to query DNS for a supplied hostname and display the results of the query if the lookup was successful.
To use this tool:
-
In the Host field, enter either:
-
the name of the host you want to query, or
-
an IPv4 or IPv6 address if you want to perform a reverse DNS lookup
-
-
In the Query type field, select the type of record you want to search for:
(for reverse lookups the Query type is ignored - the search automatically looks for PTR records)
Note
To facilitate proper reverse lookup, give the domain in the form of 152.50.10.in-addr.arpa (the subnet of addresses would be 10.50.152.0/24) and the target DNS server in the address. This sends all requests in the subnet to the target DNS server instead of the default server.
Option
Searches for...
All
any type of record
A (IPv4 address)
a record that maps the hostname to the host's IPv4 address
AAAA (IPv6 address)
a record that maps the hostname to the host's IPv6 address
SRV (services)
SRV records (which includes those specific to H.323, SIP, Unified Communications and TURN services, see below)
NAPTR (Name authority pointer)
a record that rewrites a domain name (into a URI or other domain name for example)
-
By default the system will submit the query to all of the system's default DNS servers (
). To query specific servers only, set Check against the following DNS servers to Custom and then select the DNS servers you want to use. -
Click Lookup.
A separate DNS query is performed for each selected Query type. The domain that is included within the query sent to DNS depends upon whether the supplied Host is fully qualified or not (a fully qualified host name contains at least one "dot"):
-
If the supplied Host is fully qualified:
-
DNS is queried first for Host
-
If the lookup for Host fails, then an additional query for Host.<system_domain> is performed (where <system_domain> is the Domain name as configured on the DNS page)
-
-
If the supplied Host is not fully qualified:
-
DNS is queried first for Host.<system_domain>
-
If the lookup for Host.<system_domain> fails, then an additional query for Host is performed
-
For SRV record type lookups, multiple DNS queries are performed. An SRV query is made for each of the following _service._protocol combinations:
-
_h323ls._udp.<domain>
-
_h323rs._udp.<domain>
-
_h323cs._tcp.<domain>
-
_sips._tcp.<domain>
-
_sip._tcp.<domain>
-
_sip._udp.<domain>
-
_collab-edge._tls
-
_cisco-uds._tcp
-
_turn._udp.<domain>
-
_turn._tcp.<domain>
In each case, as for all other query types, either one or two queries may be performed for a <domain> of either Host and/or Host.<system_domain>.
Results
A new section will appear showing the results of all of the queries. If successful, it will display the following information:
Query type |
The type of query that was sent by the Expressway. |
Name |
The hostname contained in the response to the query. |
TTL |
The length of time (in seconds) that the results of this query will be cached by the Expressway. |
Class |
|
Type |
The record type contained in the response to the query. |
Response |
The content of the record received in response to the query for this Name and Type. |
Transport protocols
The Expressway uses UDP and TCP to do DNS resolution, and DNS servers usually send both UDP and TCP responses. If the UDP response exceeds the UDP message size limit of 512 bytes, then the Expressway cannot process the UDP response. This is not usually a problem, because the Expressway can process the TCP response instead.
However, if you block TCP inbound on port 53, and if the UDP response is greater than 512 bytes, then the Expressway cannot process the response from the DNS. In this case you won't see the results using the DNS lookup tool, and any operations that need the requested addresses will fail.
However, if you block TCP inbound on port 53, and if the UDP response is greater than 512 bytes, then the Expressway cannot process the response from the DNS. In this case you won't see the results using the DNS lookup tool, and any operations that need the requested addresses will fail.
SRV Connectivity Tester
The SRV connectivity tester is a network utility that tests whether the Expressway can connect to particular services on a given domain. You can use this tool to proactively test your connectivity while configuring Expressway-based solutions such as Cisco Webex Hybrid Call Service or business-to-business video calling.
You specify the DNS Service Record Domain and the Service Record Protocols you want to query for that domain. The Expressway does a DNS SRV query for each specified protocol, and then attempts TCP connections to the hosts returned by the DNS. If you specify TLS, the Expressway only attempts a TLS connection after the TCP succeeds.
The Expressway connectivity test page shows the DNS response and the connection attempts. For any connection failures, the reason is provided along with advice to help with resolving specific issues.
To troubleshoot connectivity, you can download the TCP data from your test in .pcap format. You can selectively download a dump of the DNS query, or a specific connection attempt, or you can get a single .pcap file showing the whole test.
To use this tool:
-
Go to
-
Enter a Service Record Domain you want to query, for example,
callservice.webex.com
. -
Enter the Service Record Protocols you want to test, for example,
_sips._tcp
.Use commas to delimit multiple protocols, for example,
_sip._tcp,_sips._tcp
. -
Click Run
The Expressway queries DNS for SRV records comprised of the service, protocol and domain combinations, for example: _sip._tcp.callservice.webex.com
and _sips._tcp.callservice.webex.com
.
By default the system will submit the query to all of the system's default DNS servers (
).Service Record Options
Here are some of the _service._protocol combinations you might need to test in your deployments:
-
_h323ls._udp.<domain>
-
_h323rs._udp.<domain>
-
_h323cs._tcp.<domain>
-
_sips._tcp.<domain>
-
_sip._tcp.<domain>
-
_sip._udp.<domain>
-
_collab-edge._tls
-
_cisco-uds._tcp
-
_turn._udp.<domain>
-
_turn._tcp.<domain>
-
_cms-web._tls.<domain>
-
_sipfederationtls._tcp.<domain>
Test Results
A section at the bottom of the page shows the query results and the connectivity test results. Test results will have some or all of the following information:
Result field |
Description |
---|---|
Stage |
The stage of the test; there is one stage for each response to your query and another one for the overall query result. |
Service Record |
The SRV records that were found, from the set that you queried. |
Result |
The hosts mapped by the DNS SRV record, if the test succeeded. Also shows the priority, weight, and port of each entry, if they are defined in the DNS record. |
Hint |
This field holds no value in this table of results. |
TCP Dump |
For the overall result, you can download a .pcap file that contains the TCP record of the SRV query. |
Result |
Description |
---|---|
Stage |
The stage of the test; there is one test for each host that was returned for the queried service on TCP protocol. There is also a collective result of all tests. |
Target |
The hostname returned by DNS SRV query. |
Result |
Shows that the test completed successfully, or gives the reason for failure, if known. |
Hint |
A pointer that might help you troubleshoot unsuccessful tests. |
TCP Dump |
You can download a .pcap file that contains the TCP record of the specific connection attempt. |
Result field |
Description |
||
---|---|---|---|
Stage |
The stage of the test. For each host, one to three tests are returned for the queried service on TLS protocol. The test is performed using each TLS version that is supported by the host, in the following order:
For example, if the host supports all three versions and the connection is successful using the TLS 1.1 version then the check returns two tests. There is also a collective result of all tests.
|
||
Target |
The hostname returned by DNS SRV query. |
||
Result |
Shows that the test completed successfully, or gives the reason for failure, if known. |
||
Hint |
A pointer that might help you troubleshoot unsuccessful tests. |
||
TCP Dump |
You can download a .pcap file that contains the TCP record of the specific connection attempt. |