Policy Filtering Daemon Workflow

The PFD receives packets on its ms-x/y/0.100 and ms-x/y/0.101 data interfaces in a round-robin fashion.

Traffic received on ms-x/y/0.100 should be from end users and be destined to miscellaneous places; on ms-x/y/0.101, there should only be traffic to the PFD's address from the CPD.

All packets received should be coming from the service routes installed by the PED. The PFD creates the data interfaces by creating FIFO channels and registering them to receive packets from these installed service routes.

The PFD forwards packets destined for port 80 originating from an unauthorized subscriber to the CPD through header rewrite (a form of network address translation [NAT]) and reinserts them into the Packet Forwarding Engine (PFE). A packet originating from an authorized user is forwarded out of the router normally.

NAT is done on unauthorized traffic coming in on ms-x/y/0.100 to re-source the traffic from the IP of the PFD's data interface and to set the destination to the CPD. When the CPD replies to the PFD (to the other data interface), the PFD undoes the NAT to reset the destination to the original source and reset the source to the original destination.

This PFD's data interface is IFL 101. The application pushes reply traffic from the CPD to this IFL using a specific service route with the configured PFD address.

The one exception to performing NAT on unauthorized traffic is when the traffic is destined to the CPD's HTTP server. In that case, the PFD forwards the traffic as it normally would.

Captive Portal Daemon Workflow


2007-2009 Juniper Networks, Inc. All rights reserved. The information contained herein is confidential information of Juniper Networks, Inc., and may not be used, disclosed, distributed, modified, or copied without the prior written consent of Juniper Networks, Inc. in an express license. This information is subject to change by Juniper Networks, Inc. Juniper Networks, the Juniper Networks logo, and JUNOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Generated on Sun May 30 20:26:47 2010 for Juniper Networks Partner Solution Development Platform JUNOS SDK 10.2R1 by Doxygen 1.4.5