ms-x/y/0.101 data interfaces in a round-robin fashion.
Traffic received on
ms-x/y/0.100 should be from end users and be destined to miscellaneous places; on
ms-x/y/0.101, there should only be traffic to the PFD's address from the CPD.
All packets received should be coming from the service routes installed by the PED. The PFD creates the data interfaces by creating FIFO channels and registering them to receive packets from these installed service routes.
The PFD forwards packets destined for port 80 originating from an unauthorized subscriber to the CPD through header rewrite (a form of network address translation [NAT]) and reinserts them into the Packet Forwarding Engine (PFE). A packet originating from an authorized user is forwarded out of the router normally.
NAT is done on unauthorized traffic coming in on
ms-x/y/0.100 to re-source the traffic from the IP of the PFD's data interface and to set the destination to the CPD. When the CPD replies to the PFD (to the other data interface), the PFD undoes the NAT to reset the destination to the original source and reset the source to the original destination.
This PFD's data interface is IFL 101. The application pushes reply traffic from the CPD to this IFL using a specific service route with the configured PFD address.
The one exception to performing NAT on unauthorized traffic is when the traffic is destined to the CPD's HTTP server. In that case, the PFD forwards the traffic as it normally would.
Captive Portal Daemon Workflow