Merge branch 'master' of github.com:HON95/wiki

cloud/google-workspace.md

@@ -0,0 +1,42 @@
+---
+title: Google Workspace
+breadcrumbs:
+- title: Cloud
+---
+{% include header.md %}
+
+## Stuff to Remember
+
+Basic stuff to remember to set up for workspaces for personal accounts or tiny businesses.
+
+### Directory
+
+- Add groups for various mail lists:
+    - Special groups (for all domains): abuse@domain, postmaster@domain
+
+### Apps
+
+- Calendar:
+    - Adjust sharing settings, both under "sharing settings" and "general settings".
+- Drive and Docs:
+    - Adjust sharing settings.
+    - Disable Drive for Desktop?
+- Gmail:
+    - Setup a catch-all default routing rule: All recipients, add "X-GM" headers, "perform this action only on non-recognized addresses". Add a recipient with "change envelope recipient" to the address it should go to (e.g. "catch-all@example.net"), "suppress bounces from this recipient", add headers (again), prepend custom subject (e.g. "[Catch-All]"). Remember to add the recipient address as an alias to a user or group.
+    - Setup mail authentication (DKIM). Copy the record to DNS. (Make sure DMARC and SPF is configured too.)
+
+### Security
+
+- 2-step verification: Enable 2FA enforcement?
+- Account recovery: Enable account recovery for superadmin and non-admin user accounts?
+
+### Account
+
+- Admin roles
+    - Add extra admin users?
+- Domains:
+    - Add a primary domain and optional secondary domains.
+    - Configure DNS to both receive and send mail from all domains (as part of the wizard to add them).
+    - Add SPF and DKIM DNS records for the domains. Make sure the DMARC DNS record is set up properly too.
+- Branding:
+    - Add a personalization logo. PNG/GIF, 320x132, max 30kB.

computers/dell-poweredge.md

@@ -26,7 +26,7 @@ There are lots of ways to upgrade the firmware, but most are painful and typical
 1. Select local drive, select the USB drive and enter the filename on the drive.
 1. Success (maybe).
 
-### G12 and higher
+### G12 and Later
 
 Update through iDRAC 7 using HTTP site `downloads.dell.com`.
 
@@ -89,7 +89,7 @@ For max performance, use two dual-rank 1333MHz DIMMS in slots 1 and 2 for all ch
 
 - C-states and C1E: May significantly reduce power usage when idle.
 
-## Loudness
+## Fans
 
 Mostly based on empirical evidence.
 
@@ -97,9 +97,23 @@ Mostly based on empirical evidence.
 - The number of DIMMs doesn't seem to affect the fan speed.
 - For the R720, using 1600MHz DIMMs makes the server much louder than 1333MHz DIMMs.
 - For the R620 and R720, using a 10G SFP+ NIC module makes it louder than using a 1G copper module.
-- For the R320, using hard drives in the bays makes it much louder.
+- For the R320, using hard drives (non-Dell?) in the bays makes it much louder.
 
-## Theory
+### Disable 3rd-party Device Fan Response (G13 and later?)
+
+- This feature causes the fans to spin a bit faster when using 3rd-party PCIe devices, HDDs etc. It's annoying for homelabs. It can be disabled using IPMI.
+- Check status: `ipmitool -I lanplus -H <IPADDRESS> -U <USERNAME> -P <PASSWORD> raw 0x30 0xce 0x01 0x16 0x05 0x00 0x00 0x00` (`... 01 00 00` means disabled)
+- Enable fan response (default): `ipmitool -I lanplus -H <IPADDRESS> -U <USERNAME> -P <PASSWORD> raw 0x30 0xce 0x00 0x16 0x05 0x00 0x00 0x00 0x05 0x00 0x00 0x00 0x00`
+- Disable fan response (quiet): `ipmitool -I lanplus -H <IPADDRESS> -U <USERNAME> -P <PASSWORD> raw 0x30 0xce 0x00 0x16 0x05 0x00 0x00 0x00 0x05 0x00 0x01 0x00 0x00`
+
+## GPUs
+
+### GPGPUs in R730
+
+- Mounting GPUs requires GPU risers with power outlets (EPS-12V) and fan shroud with GPU airflow openings.
+- Certain GPGPUs like K80, M40, M60, P100, V100 uses EPS-12V inlets instead of PCIe inlets like normal GPUs. This requires a special EPS-12V GPU cable and not one that converts the pinout to PCIe. This cable also needs to be mounted the correct way to avoid short-circuiting and probably melting/burning the cable. If your cable has the black wires on the "clip side" of the connector, it's probably a PCIe pinout and won't work. The end with all-yellows on one side of the connector and all-blacks on the other side goes into the GPU, while the connector with one black on the yellow side goes into the riser.
+
+## Miscellanea
 
 ### Model Name Convention
 

index.md

@@ -22,6 +22,7 @@ Random collection of config notes and Miscellanea. _Technically not a wiki._
 - [AWS](/cloud/aws/)
 - [Azure](/cloud/azure/)
 - [Cloudflare](/cloud/cloudflare/)
+- [Google Workspace](/cloud/google-workspace/)
 
 ## Computers
 

linux-servers/debian.md

@@ -5,7 +5,7 @@ breadcrumbs:
 ---
 {% include header.md %}
 
-Using **Debian 11 (Bullseye)**.
+Using **Debian 12 (Bookworm)**.
 
 ## Basic Setup
 
@@ -14,8 +14,8 @@ Using **Debian 11 (Bullseye)**.
 - Always verify the downloaded installation image after downloading it.
 - If installing in a Proxmox VE VM, see [Proxmox VE: VMs: Initial Setup](/virt/proxmox-ve/#initial-setup).
 - Prefer UEFI if possible.
-- Use the non-graphical installer. It's basically the same as the graphical one.
-- If it asks to install non-free firmware, take note of the packages so they can be installed later.
+- Use the non-graphical installer. It's basically exactly the same as the graphical one.
+- If it mentions missing non-free firmware, take note of the packages so they can be installed later.
 - Localization:
     - For automation-managed systems: It doesn't matter.
     - Language: United States English.
@@ -34,27 +34,32 @@ Using **Debian 11 (Bullseye)**.
 - System disk partitioning:
     - Simple system: Guided, single partition, use all available space.
     - Advanced system: Manually partition, see [system storage](/linux-servers/storage/#system-storage).
-    - Swap can be set up later as a file or LVM volume.
+    - Swap can be set up later as a file or LVM volume. It isn't really that useful anymore.
     - When using LVM: Create the partition for the volume group, configure LVM (separate menu), configure the LVM volumes (filesystem and mount).
 - Package manager:
     - Just pick whatever it suggests.
 - Software selection:
-    - Select only "SSH server" and "standard system utilities".
-- GRUB bootloader:
+    - Just "SSH server", so e.g. Ansible can reach it.
+- GRUB bootloader (no longer asked):
     - Install to the suggested root disk (e.g. `/dev/sda`).
 
-### Prepare for Ansible Configuration
+### Prepare for Ansible Configuration (if Ansible)
 
 Do this if you're going to use Ansible to manage the system.
 This is mainly to make the system accessible by Ansible, which can then take over the configuration.
 If creating a template VM, run the first instructions before saving the template and then run the last instructions on cloned VMs.
 
 1. Upgrade all packages: `apt update && apt full-upgrade`
-1. If running in a QEMU VM (e.g. in Proxmox), install the agent: `apt install qemu-guest-agent`
-1. Setup sudo for the automation user: `apt install sudo && usermod -aG sudo ansible`
-1. (Optional) Convert the VM into a template and clone it into a new VM to be used hereafter.
-1. Update the IP addresses in `/etc/network/interfaces` (see the example below).
-1. Update the DNS server(s) in `/etc/resolv.conf`: `nameserver 1.1.1.1`
+    1. If anything significant was updated, restart the server.
+1. Install the required packages: `apt install openssh-server sudo python3 vim`
+    - If PVE/QEMU VM, install `qemu-guest-agent`.
+1. Setup sudo for Ansible: `usermod -aG sudo ansible`
+1. (Optional, for PVE VMs) Convert the VM into a template:
+    1. Shut down the VM.
+    1. Change to a template.
+    1. Clone it into a new VM to be used hereafter.
+    1. Boot the new VM and continue with the setup.
+1. (Optional, for non-cloud) Set static IP addresses in `/etc/network/interfaces` (see the example below).
 1. Reboot.
 
 Example `/etc/network/interfaces`:
@@ -75,7 +80,7 @@ iface ens18 inet6 static
     accept_ra 0
 ```
 
-### Manual Configuration
+### Manual Configuration (if not Ansible)
 
 The first steps (`(Skip)`) may be skipped if already configured during installation (i.e. not cloning a template VM).
 

networking/cisco-sda.md

@@ -19,6 +19,10 @@ breadcrumbs:
 
 ## Useful Commands
 
+### Multicast (Native Mode)
+
+- Show overlay to underlay group mapping: `show ip multicast overlay-mapping lisp <group> <?> interface LISP0.<IID>`
+
 ### Wireless
 
 - Show AP tunnels for edge: `show access-tunnel summary`
@@ -64,11 +68,12 @@ breadcrumbs:
 - Multicast:
     - For IPv4, it supports head-end replication and native multicast.
     - For IPv6, it only supports head-end replication. (TODO: Does enabling native multicast for a site kill IPv6 multicast or will it continue to use head-end replication?)
-    - *Head-end replication* runs completely in the overlay and makes edge devices duplicate multicast streams into unicast streams to each edge device with subscribers. This causes increased overhead.
-    - *Native multicast* tunnels multicast streams inside underlay multicast packets and avoids head-end replication.
+    - *Head-end replication* runs completely in the overlay and makes edge devices duplicate multicast streams into unicast streams to each edge device with subscribers. This causes increased overhead. It supports at most 1000 groups (configurable?). This mode is not recommended after native multicast became available.
+    - *Native multicast* tunnels multicast streams inside underlay multicast packets and avoids head-end replication. It maps overlay multicast groups into 1000 underlay SSS groups (configurable-ish).
     - Supports sources both inside and outside the fabric.
     - Protocol Independent Multicast (PIM) with both any-source multicast (ASM) and any-source multicast (ASM) is supported in both the underlay and overlay.
     - For details around rendezvous points (RPs) and stuff, see the design guide.
+    - Multicast over Pub/Sub SDA transit is supported starting with DNCA 2.3.5 and IOS XE 17.10 (LISP/BGP SDA transit is not supported).
 - Layer 2 flooding:
     - Traffic that is normally flooded in traditionally networks, like ARP, is often handled differently and more efficiently in overlay technologies like SDA.
     - Certain applications and protocols requires layer 2 flooding to work. To address this, *layer 2 flooding* may be enabled for a VN/site (if really needed).
@@ -78,7 +83,7 @@ breadcrumbs:
         - Certain building management systems.
         - ???
     - This will reduce scalability of the VN/site, so it should only be used for /24 subnets and smaller.
-    - The L2 flooding is mapped to a dedicated multicast group in the underlay, using PIM-ASM. All edge nodes active for the VN must listen to this group.
+    - The L2 flooding is mapped to a dedicated multicast group in the underlay (239.0.17.1), using PIM ASM. All edge nodes active for the VN must listen to this group.
 - ARP:
     - When a client sends an ARP request, the edge looks up the RLOC/address for the edge the target resides at and then the ARP is unicasted to that edge.
 - DHCP relays:
@@ -90,6 +95,20 @@ breadcrumbs:
     - **TODO**
     - https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/sd-access-wired-wireless-dg.html
     - https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-3-1-0/user_guide/cisco_dna_service_for_bonjour/b_cisco-dna-service-for-bonjour_user_guide_2-1-2/m_deploying-wide-area-bonjour-for-cisco-sd-access-network.html
+- VLAN ID numbering (*outdated*):
+    - VLAN 1024-: Client-facing VLANs with anycast SVIs
+    - 2045: AP
+    - 2046: Voice
+    - 2047: Critical
+    - 3001-3500: Border uplinks (transit/peer)
+- LISP instance ID numbering:
+    - 4000 series: VNs (L3)
+    - 8000 series: VLANs (L2)
+- Loopback numbering:
+    - 0: Underlay loopback
+    - 1000 series: Anycast gateway loopbacks (borders) (same numbers as VLANs/SVIs on edges)
+    - 4000 series: Multicast loopback by LISP-instance (if multicast enabled for VN) (all nodes)
+    - 60000: Anycast-RP loopback (used by L2-flooding) (on RPs only)
 
 ### Locator ID Separation Protocol (LISP)
 

networking/multicast.md

@@ -43,19 +43,25 @@ See the [IPv4](/networking/ipv4/) and [IPv6](/networking/ipv6/) pages.
 
 #### Operational Commands
 
-- Routing:
-    - Show mcast routing table: `show {ip|ipv6} mroute [group]`
+- "Routing" (mostly PIM):
+    - Show active groups: `show {ip|ipv6} [vrf <vrf>] mroute [group] [{verbose|count}]`
+    - Show RPF interface/destination: `show ip rpf [vrf <vrf>] <address>` (source or RP)
+- PIM:
+    - Show interfaces: `show ip pim interface brief`
+    - Show neighbors: `show ip pim neighbor`
 - IGMP (IPv4):
     - Show active groups: `show ip igmp groups`
     - Show routed interface info: `show ip igmp interface <interface>`
-- IGMP snooping (IPv4):
-    - Show basic info: `show ip igmp snooping`
-    - Show mrouter interfaces: `show ip igmp snooping mrouter`
-    - Show groups interfaces: `show ip igmp snooping groups`
 - MLD (IPv6):
     - Show routed interface info: `show ipv6 mld interface <interface>`
     - Show active groups (summary): `show ipv6 mld groups summary`
     - Show active groups (detail): `show ipv6 mld groups [group-address] [interface <interface>] [detail]`
+- IGMP snooping (IPv4):
+    - Show basic info: `show ip igmp snooping`
+    - Show mrouter interfaces: `show ip igmp snooping mrouter`
+    - Show groups interfaces: `show ip igmp snooping groups`
+- MLD snooping (IPv6):
+    - **TODO**
 
 #### Configuration
 

personal-devices/applications.md

@@ -438,14 +438,16 @@ Note: Since Steam requires 32-bit (i386) variants of certain NVIDIA packages, an
 
 ## ZSH (Linux)
 
-This is my ZSH setup preference, using Oh-My-ZSH with the Powerlevel10k theme and some recommended font.
+This is my ZSH setup preference, using Oh-My-ZSH (warning: bloat) with the Powerlevel10k theme and some recommended font.
 
 1. Install ZSH:
-    1. `apt install zsh`
+    - Ubuntu: `apt install zsh`
+    - Arch: `pacman -S zsh`
 1. Install Oh-My-ZSH:
     1. See [ohmyz.sh](https://ohmyz.sh/).
     1. When it asks, set it as your default shell. This won't take effect until the next login.
 1. Setup fonts:
+    1. (Arch) See the Arch setup notes instead.
     1. Download and install the suggested fonts (MesloLGS NF): [Fonts (powerlevel10k)](https://github.com/romkatv/powerlevel10k#fonts)
         - For manual installation, move the `.ttf` files to `/usr/share/fonts/TTF/`.
         - For KDE Plasma, download and open with the font installer.

personal-devices/arch-i3.md

@@ -171,6 +171,7 @@ Note: The use of `sudo` in the text below is a bit inconsistent, but you should
     - Using iwd (recommended):
         1. Install: `pacman -S iwd`
         1. Configure: See example config below for config `/etc/iwd/main.conf`.
+        1. Add your user to the network group: `sudo usermod -aG network <user>`
         1. Enable: `systemctl enable --now iwd.service`
             - If this fails, you may need to reboot.
         1. Setup the network config:
@@ -238,7 +239,8 @@ Note: The use of `sudo` in the text below is a bit inconsistent, but you should
     1. Recreate initramfs: `mkinitcpio -P`
     1. Add extra kernel parameters for the keyfile: In `/etc/default/grub`, in the `GRUB_CMDLINE_LINUX` variable, add `cryptkey=rootfs:/var/lib/keys/luks/crypt_root`.
     1. Update GRUB config: `grub-mkconfig -o /boot/grub/grub.cfg`
-    1. (Optional) Reboot to make sure it works. If not, it should fall back to the extra password prompt.
+    1. (Note) When rebooting, if it doesn't work it will/should/might fall back to the extra password prompt.
+1. (Optional) Reboot.
 1. Setup sudo:
     1. (Note) Both the `wheel` and `sudo` groups are commonly used for giving sudo access, but I personally prefer `sudo` since `wheel` _may_ also be used by polkit rules, su (`pam_wheel`), etc.
     1. Install: `pacman -S sudo`
@@ -246,10 +248,9 @@ Note: The use of `sudo` in the text below is a bit inconsistent, but you should
     1. Enter the config: `EDITOR=vim visudo`
     1. Add line to allow sudo group without password: `%sudo ALL=(ALL:ALL) NOPASSWD: ALL`
 1. Add a personal admin user:
-    1. Create the user and add it to relevant groups (remove missing groups): `useradd -m -G sudo,adm,sys,uucp,proc,systemd-journal,video,netdev <user>`
+    1. Create the user and add it to relevant groups (remove missing groups): `useradd -m -G sudo,adm,sys,uucp,proc,systemd-journal,video,netdev <user>` (remove any missing groups)
     1. Set its password: `passwd <user>`
     1. (Optional) Relog to test the user.
-1. (Optional) Reboot.
 1. Install yay to access the AUR (as non-root):
     1. (Note) This needs to be done as non-root.
     1. Install requirements: `sudo pacman -S --needed base-devel git`
@@ -286,14 +287,6 @@ Note: The use of `sudo` in the text below is a bit inconsistent, but you should
     1. Modify it.
         - It currently defaults to Debian-specific stuff, so remove those lines and uncomment the Arch-specific lines.
     1. Run it: `sudo /etc/iptables/config.sh`
-1. (Optional) Setup colored man pages:
-    1. (Note) Most breaks on wide displays (e.g. UHD), so don't use it if that may be a problem.
-    1. Install the most pager: `sudo pacman -S most`
-    1. Set it as the default pager: In `.bashrc` and/or `.zshrc`, set `export PAGER=most`
-1. Setup a BASH command completion dir (also used by ZSH for CLI apps that don't support ZSH):
-    1. Create dir `/etc/bash_completion.d`.
-    1. Setup `/etc/profile.d/completion.sh`, see the example below.
-1. (Optional) Reboot.
 
 ### Setup the Xorg Display Server
 
@@ -321,10 +314,9 @@ Note: Install _either_ the LightDM (X11 GUI) or Ly (TTY TUI) display manager, no
 #### Ly (Alternative 2)
 
 1. Setup Ly:
-    1. (Note) The config file is `/etc/ly/config.ini`.
     1. Install: `yay -S ly`
     1. Enable: `sudo systemctl enable ly`
-    1. Add fire background: In the config, set `animate = true` and `hide_borders = true`.
+    1. In `/etc/ly/config.ini`, set `animation = CMatrix`.
 1. Enable numlock on by default in X11:
     1. Install: `sudo pacman -S numlockx`
     1. Configure: Create `/etc/X11/xinit/xinitrc.d/90-numlock.sh`, containing `#!/bin/sh` and `numlockx &`. Make it executable.
@@ -546,6 +538,13 @@ See [PipeWire (Applications)](/personal-devices/applications/#pipewire) for more
 
 ### Setup Applications
 
+1. Setup a BASH command completion dir (also used by ZSH for CLI apps that don't support ZSH):
+    1. Create dir `/etc/bash_completion.d` (might already exist).
+    1. Setup `/etc/profile.d/completion.sh`, see the example below.
+1. (Optional) Setup colored man pages:
+    1. (Note) Most breaks on wide displays (e.g. UHD), so don't use it if that may be a problem.
+    1. Install the most pager: `sudo pacman -S most`
+    1. Set it as the default pager: In `.bashrc` and/or `.zshrc`, set `export PAGER=most`
 1. Setup terminal emulator:
     1. Already done.
 1. Setup the ZSH shell:
@@ -577,6 +576,8 @@ See [PipeWire (Applications)](/personal-devices/applications/#pipewire) for more
 1. Setup the 7-Zip CLI/GUI archiver:
     1. Install: `yay -S p7zip-gui`
     1. (Note) Don't use the `.7z` file format, it doesn't preserve owner info.
+1. Setup Remmina with RDP:
+    1. Install: `sudo pacman -S remmina freerdp`
 1. Setup network tools:
     1. Install: `sudo pacman -S nmap tcpdump wireshark-qt`
 1. Set default applications (after installation):
@@ -601,8 +602,9 @@ Name=en*
 [Network]
 DHCP=yes
 IPv6AcceptRA=yes
-IPv6PrivacyExtensions=yes
-#LLDP=yes
+IPv6PrivacyExtensions=no
+LLDP=yes
+EmitLLDP=no
 
 [DHCPv4]
 RouteMetric=1024
@@ -623,6 +625,7 @@ UseDomains=yes
 RouteMetric=1024
 UseDNS=yes
 UseDomains=yes
+Token=prefixstable
 ```
 
 ### iwd Config
@@ -879,4 +882,36 @@ bindsym $mod+Print exec maim -i $(xdotool getactivewindow) $HOME/Downloads/Scree
 bindsym $mod+Shift+Print exec maim $HOME/Downloads/Screenshot_$(date -Iseconds).png
 ```
 
+## Troubleshooting
+
+### Fix Boot
+
+1. Boot into live-OS.
+1. Find the disk: `lsblk`
+1. Decrypt it: `cryptsetup luksOpen /dev/<partition> crypt_root`
+1. Mount it: `mount /dev/mapper/crypt_root /mnt`
+1. Mount the EFI partition: `mount /dev/<partition-1> /mnt/boot/efi`
+1. Chroot into it: `arch-chroot /mnt`
+1. Fix GRUB: `grub-install --target=x86_64-efi --efi-directory=/boot/efi && grub-mkconfig -o /boot/grub/grub.cfg`
+1. Fix initramfs: `mkinitcpio -P`
+
+If the GRUB or initramfs commands didn't work (e.g. if it broke during an Pacman upgrade and lots of packages are corrupt):
+
+1. Exit the chroot (if inside it).
+1. Mount other stuff:
+    - `mount -t proc /proc /mnt/proc`
+    - `mount --rbind /sys /mnt/sys`
+    - `mount --rbind /dev /mnt/dev`
+1. (Maybe) Fix DNS: `rm /mnt/etc/resolv.conf; echo nameserver 1.1.1.1 > /mnt/etc/resolv.conf`
+1. (Maybe) Remove the Pacman DB lock: `rm /mnt/var/lib/pacman/db.lck`
+1. (Maybe) Overwrite the Pacman mirrorlist: `cp /etc/pacman.d/mirrorlist /mnt/etc/pacman.d/mirrorlist`
+1. Reinstall all packages:
+    1. Get packages: `pacman --sysroot /mnt -Qq >tmp.txt`
+    1. Remove non-Pacman packages (e.g. from yay) from the text file until the next command succeeds.
+    1. Reinstall: `pacman --sysroot /mnt -S --overwrite "*" - <tmp.txt`
+1. Fix boot dir perms: `chmod 700 /mnt/boot`
+1. Fix resolvconf: `ln -sf /run/systemd/resolve/stub-resolv.conf /mnt/etc/resolv.conf`
+1. Reboot into fixed OS.
+1. Fix AUR packages: `yay -Qqm | yay -S -`
+
 {% include footer.md %}

services/ptp.md

@@ -440,7 +440,23 @@ ptp priority1 255
         - Delay request interval: 1 (2s)
         - Announce timeout: 3s
     1. Go to the "Latency" tab and set "System Resolution" to 11.
-- Activate PTP on leaf ports:
+- Configure a PTP user profile (example):
+    1. Note: This depends on the requirements of the clients. As ACI leaf switches act as BCs, it can "convert" to multiple different types. A "standard" profile based on the PTPv2 default profile can be useful for clients without strict requirements, as shown in the next steps.
+    1. Go to "Fabric > Access Policies > Policies > Global > PTP User Profile" and click "create".
+    1. Name: default_ptp
+    1. Profile: Default
+    1. Announce interval (2^x s): 1 (2s)
+    1. Sync interval (2^x s): -1 (0.5s)
+    1. Delay request interval (2^x s): 0 (1s)
+    1. Announce timeout (s): 3
+- Activate PTP on EPG static ports:
+    1. Go to the static port in the EPG.
+    1. Configure:
+        - PTP state: Enable
+        - PTP mode: Multicast master (always master!)
+        - PTP source address: Same as the BD GW (IPv4)
+        - PTP user profile: Select an appropriate one, maybe create a new one.
+- Activate PTP on L3Out ports:
     1. **TODO**
 - Configure a latency measurement (when needed) (GUI):
     1. Go to "Tenants > the tenant > Policies > Troubleshooting > Atomic Counter and Latency".