BQN Documentation
BQN Documentation

Overview

Installation Problems

Check the following:

  • The ISO should have been copied to a USB drive with MBR partitions and DD mode.
  • The server BIOS should have its factory default boot mode (for example, DUAL).
  • If there is a RAID controller, a logical drive must be configured and marked as bootable.
  • Check if server used in the installation meet BQN hardware requirements.
  • Check that the installation was done in the hard disk and not overwrote the USB drive.

No Access to the Management IP Address

The BQN uses a dedicated network interface for management.The management interface supports both the SSH and WEB (HTTPs) services. Incase of problems accessing the configured management IP check the following:

  • Ensure that the management network interfaceport is connected to the appropriate network.
  • Verify that the link state of the managementnetwork interface is up. If the management interface is connected to a networkswitch, verify that the port in the switch is up and its attributes match the properties shown by the show interface command.
  • If accessing the management IP address from a different network, make sure that static routing is configured to the access network, as explained in the Network Interface section in the User Guide.
  • If there are firewalls in the management network, allow access to TCP port 22 for the SSH service and TCP port 443 for the WEB service.
  • Verify using the system console that the management IP address and network prefix are correct. Connect a monitor and a keyboard to the server and login as root:

 
bqn0:˜# bqnsh
root@bqn0# show interface management detail
Interface: en0o1
IP address: 192.168.0.121/24 
Default gateway: 192.168.0.1
Nameserver: n/a


  • If you suspect the OAM IP settings are incorrect or unknown, connect a monitor and a keyboard to the server and login as root to change it using the bta wizard in interactive mode. For example, to change the management interface to en0o1 with IP address 10.10.10.12/24 (press enter to accept suggested response):
 
bqn0:˜# bqnsh
root@bqn0# wizard bta interactive
Available network interfaces:
  en0o1
  en0p0s0
  en0p0s1
Enter management interface [en0p0s0]: en0o1
Enable VLAN on management interface? (yes/no) [no]:
Enter management IP address and prefix [192.168.0.120/24]: 10.10.10.12/24
Enter default gateway IP address [192.168.0.1]: 10.10.10.1
Configure a nameserver? (yes/no) [no]:

Available network interfaces:
  en0p0s0
  en0p0s1
Select access-side interface for wire:  en0p0s0
Select internet-side interface for wire: en0p0s1
Enable SDR generation? (yes/no) [yes]:
Enter random optimization percentage [99]:
Enter random udr generation percentage [2]:
System vendor: Dell
System name: bqn
System serial: 0
System supported: yes
CPU model: 12th Gen Intel(R) Core(TM) i7-12700H
CPU cores: 4

Management interface:  en0o1
Management IP:         10.10.10.12/24
Management gateway:    10.10.10.1

Wire 1: en0p0s0(access)-en0p0s1(internet)

SDR generation: enabled

BTA random optimization: 99%
UDR random generation:   2%

If the proposed configuration is not valid execute the command
     wizard bta interactive
to manually enter the configuration.

Proceed with configuration? (yes/no) [yes]: yes


root@bqn0# show interface management detail
Interface: en0o1
IP address: 10.10.10.12/24
Default gateway: 10.10.10.1
Nameserver: n/a

root@bqn0# show interface management detail
Interface: en0o1
IP address: 10.10.10.12/24
Default gateway: 10.10.10.1
Nameserver: n/a

If the interface is not available at the time of the change (for example, participated in a wire), a message will request a reboot. After the reboot, the BQN should have the new IP and management network interface.

 
Management interface en0o1 seems not to be set. A process reboot may fix the problem. 
Proceeed with the process reboot? (yes/now) [yes]: yes

  • The BQN management interface may be protected by its own firewall. The problem could be that your source IP address is notincluded in that firewall white list. This could happen even for addresses from the same subnet of the BQN management IP if the subnet is not part of the firewall rules. You can disable the firewall temporarily until the connection to the management port is restored. Connect a monitor and a keyboard to the server and login as root:

bqn0:˜# bqnsh
root@bqn0# show interface firewall 
IFACE CHAIN RANGE
en0o1 input 10.0.0.0/8
en0o1 input 172.16.0.0/12
en0o1 input 192.168.0.0/16 
root@bqn0# clear interface en0o1 firewall input 
root@bqn0# show interface firewall 
IFACE CHAIN RANGE 
root@bqn0#


Once the management IP is reachable, you can define the new white list of allowed source IP ranges.


Web not Accessible

  • Check that the management IP address is accessible using SSH,
  • Check that you are using HTTPS in the access (HTTP is not supported). Example of URL: https://192.168.0.121
  • Check that you are using bqnadm user (root cannot be used in GUI access).
  • When installing from scratch, make sure the command wizard bta was run (otherwise, the GUI web service will not be active a no bqnadm user created).
  • Verify that the SSH port of the BQN server has not been modified. To access the BQN using a port other than 22, you can define port forwarding rules in router on the access path, but the BQN SSH port cannot be changed. Logging to the server as root, you can verify that the SSH port is 22 as follows:


bqn:~ # rep Port/etc/ssh/sshd_config
#Port 22
#GatewayPorts no

If needed, comment the line that specifies a port other than 22.

  • Check that your browser is supported (Edge, Firefox, Chrome). MS Explorer, for example, is not supported.

Network Interface Down


If the Network Interfaces icon in the Dashboard is not in green.

Go to Configuration->Interfaces->Data Wires

In Red (Critical)

  • If there is no wire configured, create one.
  • If there are wires configured but their interfaces are not in UP state, this most likely indicates that the interfaces are not Intel compatible: remove the wire and create a new one with both interfaces in pcap mode. This should place the interfaces in UP state, but with much lower throughput capacity (less than 1Gbps).
  • If there are wires configured, with interfaces in UP state but with the LINK down, there is a problem in the connection with the other equipment. Connect both interface ports to one another in a loop using a suitable cable/fiber.  
  • If both interfaces are in up, then the problem is on the other equipment.
  • If the link is still down and optic ports are used, verify that the transceivers:
  • are Intel-compatible
  • are supported (see SupportedNetwork Cards for a list).
  • of the type required by the installation (e.g.,SFP+-LR in an installation with monomode fiber and SFP+-LR on the other side).

In Yellow (Notice)

  • If the wires that appear as down are supposed tobe with traffic, follow the steps of the previous section (Critical)
  • If the wires that appear as down are not in use and you want to remove the notice signal, you can delete the unused wires. Consider that changes in the wire configuration will stop the traffic for some seconds.

Inverted Traffic

If the Inverted Traffic icon in the Dashboard is in orange (Warning), it is indication that traffic throughput in the uplink direction is bigger than in the downlink direction. This can be normal in small deployments(less than a hundred subscribers, like in a BQN in a lab) but in a network deployment most likely indicates that some of the wires have been connected incorrectly, with the access port connected to the Internet side and vice versa.

To verify that this is the case, go to Statistics->Throughput->Interfacesand select the wire interface configured in the access side. If it shows more received throughput that sent throughput, it is indication that the wire is inverted. This can be confirm selecting the throughput of the Internet-side interface to see that its sent traffic is bigger than its received traffic.

To fix the issue, go to Configuration->Interfaces->Data Wires and, in the inverted wire, press the Swap interfaces icon.

Low Traffic

If the Low Traffic icon in the Dashboard is not in green.

In Yellow (Notice)

Hover the mouse over the icon to confirm that Traffic-low notice is shown. It indicates that there are very little traffic going through the BQN server. This is normal if the system is still waiting for traffic being routed through it. However, in a system in production can be an indication that some failure elsewhere in the network is preventing the traffic to reach the BQN server.

In Orange (Warning)

Hover the mouse over the icon. Either Traffic-uplink or Traffic-downlink should be in warning. This is because there is no traffic going through the BQN in that direction and therefore the traffic is asymmetric. You should go to Configuration->TCPO/ACM Settings and set the Overall TCP Optimization to Off while the issue is being delt with.

Fix the traffic routing so the BQN sees both directions (uplink and downlink). When done and after the icon returns to green, go to Configuration->TCPO/ACM Settings to enable the overall TCP optimization.

License Manager


If the icon License Manager in the dashboard is in Yellow, this is because the BQN server cannot reach the license manager. The license manager is responsible of validating BQN SW licenses and also helps Bequant to provide a more proactive support by reporting server problems.

Make sure the BQN server can initiate outgoing connections to the License Manager IP (contact Bequant support for details).

To verify that an outgoing connection is possible, log as root and a telnet to the provided IP and port should work:


bqn0:˜# telnet ip port
Trying ip...
Connected to ip.
Escape character is '^]'.

License not OK

If the License icon in the Dashboard is Red, there is no valid license. This could be due to several reasons:

  • There is no license defined in the node
  • The license is not valid
  • The license is no longer valid (its final date has expired).

Contact your distributor for a valid license.

You can check the license state in Administration->License.

When there is no valid license, the BQN will forward all traffic transparently: the service will not be affected, but none of the BQN advanced processing will be applied to the traffic.

License Limit Exceeded


If the License Limit Exceeded icon in the Dashboard is Orange, the maximum capacity of the license is being exceeded (the traffic throughout in the BQN server is above the license limit).

Contact your distributor for a license upgrade.

You can check the license capacity in Administration->License.

In Statistics->Throughput->Overview, a red line will show the license limit along with recent throughput levels.

While the traffic throughput is exceeding the license capacity, the BQN behavior is as follows:

  • No packet is dropped, alltraffic is forwarded.
  • TCPO: new flows are not optimized.
  • Metrics: no latency/retransmission nor DPI records are generated for new flows.
  • Policy flow shaping: new flows are not shaped.
  • Policy rate limiting: activesubscribers, with more than 5 new flows under no-license conditions, no longer get rate limitation.

The result is that more and more traffic no longer gets QoE functionality, and, conversely, the amount of traffic getting QoE functionality gets lower, and soon below the license limitation. At that point, new flows will get TCPO optimization and subscribers that got their rate limitation de-activated will get it activated again. So, with these oscillations, we'll keep providing QoE functionality to an amount of traffic equivalent to the license limit. License exceeded events are meant to be temporal, while the license is upgraded to the right capacity.

High CPU Load

If the CPU icon in the Dashboard is not in green, some CPUs are running at abnormally high levels. This is normally due to unbalanced traffic (concentrated in a few subscriber IPs) or to too much traffic being proceeded by the BQN server.

The BQN has internal mechanisms to mitigate this situation, trying to prevent traffic losses by reducing the amount of optimized traffic.

The throughput level can be verified in Statistics->Throughput->Overview and the CPU levels in Statistics->System->CPU.

There are two alarm types, depending on the CPU load levels:

  • Orange if some CPU cores are at high load (above 80% usage).  
  • Red if some CPU cores are at very high load(above 90% usage).  

Follow these steps:

  • If you are using NAT between the BQN and the end subscribers, increment the number of IPs used by the NAT, so the BQN can distribute the traffic among more addresses. You can see how traffic is distributed among IPs in Statistics->Subscribers->Top By Time.
  • Enable the bypass path, or, if not possible, reduce the amount of traffic being routed through the BQN
  • Disable TCP optimization in Configuration->TCPO/ACM Settings.
  • A hardware upgrade may be needed. Contact Bequant support.

High Memory Load

If the Memory icon in the Dashboard is not in green, some processes are running out of memory. This is normally due to unbalanced traffic (traffic concentrated in a few subscriber IPs) or to too much traffic being processed by the BQN server.

The BQN has internal mechanisms to mitigate this situation, trying to prevent traffic losses by reducing the amount of optimized traffic.

The throughput level can be verified in Statistics->Throughput->Overview and the Memory levels in Statistics->System->Memory.

There are two alarm types, depending on the memory load levels:

  • Orange if some processes reach high usage (above 90% usage).  
  • Red if some processes reach very high usage(above 95% usage).  

Follow these steps:

  • If you are using NAT between the BQN and the end subscribers, increment the number of IPs used by the NAT, so the BQN can distribute the traffic among more addresses. You can see how traffic is distributed among IPs in Statistics->Subscribers->Top By Time.
  • Enable the bypass path, or, if not possible, reduce the amount of traffic being routed through the BQN.
  • Disable TCP optimization in Configuration->TCPO/ACM Settings.
  • A hardware upgrade may be needed. Contact Bequant support.


No RADIUS messages are received


If no RADIUS information is shown in the BQN GUI, to check if RADIUS messages are incoming, log in to BQN shell and run the following command:


$ ssh bqnadm@192.168.0.121
bqnadm@bqn# system interface en0o1 capture filter 'udp and port 1813'
listening on eno1, link-type EN10MB (Ethernet), capture size 65535 bytes


In this example, the management interface is eno1. Check the one of your BQN server in Configuration->Interfaces->Management (the 0 added by BQN configuration must be removed, for example, en0s1f0in BQN GUI is ens1f0 in Linux).

If the BQN firewall is configured (Configuration->Interfaces->Management Firewall), all RADIUS client IPs must be added (in this example,10.10.10.10 y 10.10.10.11).

And now the RADIUS messages are received:


bqnadm@bqn# system interface en0o1 capture filter 'udp and port 1813'
listening on eno1, link-type EN10MB (Ethernet), capture size 65535 bytes
14:21:20.177347 IP 10.10.10.10.60072 > 192.168.0.121.radius-acct: RADIUS, Accounting Request (4), id: 0xf0 length: 222
14:21:20.177424 IP 192.168.0.121.radius-acct > 10.10.10.10.60072: RADIUS, Accounting Response (5), id: 0xf0 length: 20
. . .

If RADIUS messages are still no received, the rest of the traffic jumps need verification. In our example, RADIUS clients are in subnet10.10.10.0/24 and BQN in subnet 192.168.0.0/24. It has to be verified if there are valid routes between the two subnets and that no intermediate firewall is blocking UDP port 1813 (RADIUS Accounting). You can start the verification at the RADIUS client; for example, if it is a Mikrotik, use Tools->Tourch with port radius-acct.

No REST messages are received


If the REST information is not shown in the GUI, the reception of REST messages can be checked in the BQN logging to the BQN shell and executing the following command:


$ ssh bqnadm@192.168.0.121
bqnadm@bqn# system interface en0o1 capture filter ‘tcp and port 3443’
listening on eno1, link-type EN10MB (Ethernet), capture size 65535 bytes


In this example, eno1 is the management interface.

Check the one in your server going to Configuration->Interfaces->Management(remove the 0 added by BQN configuration, e.g., en0s1f0in the BQN GUI is ens1f0 in UNIX).

If the BQN firewall is configured (Configuration->Interfaces->Management Firewall), the IPs of all the REST clients must be added (in our example, 10.10.10.10 y10.10.10.11).

And now the messages are received:

bqnadm@bqn# system interface en0o1 capture filter ‘tcp and port 3443’
listening on eno1, link-type EN10MB (Ethernet), capture size 65535 bytes
17:30:30.767149 IP 192.168.88.12.48316 > 192.168.88.13.ov-nnm-websrv: Flags [S], seq 639501187, win 64240, options [mss 1460,sackOK,TS val 3813494325 ecr 0,nop,wscale 7], length 0
17:30:30.767163 IP 192.168.88.13.ov-nnm-websrv > 192.168.88.12.48316: Flags [S.], seq 2135448282, ack 639501188, win 28960, options [mss 1460,sackOK,TS val 607264358 ecr 3813494325,nop,wscale 5], length 0
17:30:30.767260 IP 192.168.88.12.48316 > 192.168.88.13.ov-nnm-websrv: Flags [.], ack 1, win 502, options [nop,nop,TS val 3813494325 ecr 607264358], length 0
. . .

If the REST messages are not yet received, check the rest of traffic steps. In this example, the REST clients are in 10.10.10.0/24 and the BQN in 192.168.0.0/24. Check that there are valid routes between both subnets and that no intermediate firewall is blocking the TCP port 3443.

No NTP Servers Synchronized


To keep the server clock with an accurate time, the BQN needs the NTP service. A few public NTP servers are configured by default. You can check the list of configured NTP servers in Administration->System Date->NTP Servers.

At least one NTP server should be synchronized. In the example above, the NTP server 145.238.203.14 has been chosen for clock synchronization (indicated by the * next to the server IP address) and has been contacted 36 seconds ago (column WHEN).

If no NTP server is available, the BQN will show the warning message NTP not synchronized, as in the window below:

To solve the issue, if you have a local NTP server, add it to the list clicking the <i class="fa-solid fa-ellipsis-vertical"></i> menu icon and selecting Add Server…

If you have no local NTP servers, make sure the UDP port 123 is open from the BQN management IP to the Internet, including in the BQN firewall, if activated.

Also, take into account that if the NTP server offset is biggerthan 0.5 seconds, a NTP not-synchronized message will be shown, though the system date will be updated to this level of accuracy.

previous
NEXT