Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Using the Packet Header to Track Subscribers on the Mediation Device

 

When the router sends mirrored traffic to the mediation device, it encapsulates it in a packet header. Figure 1 is the mirrored packet header and payload that the router sends to the mediation device.

Figure 1: Mirrored Packet Header and Payload
Mirrored Packet Header
and Payload

Table 1 describes the fields in the packet header of mirrored packets.

Table 1: Mirrored Packet Header and Payload Field Descriptions For the Mediation Device

Field

Value

Length (Bits)

IP Header

Version

4

4

IHL

5

4

Type of Service

0

8

Total Length

Dynamically computed

16

Identification

Dynamically computed

16

Flags

Dynamically computed

3

Fragment Offset

Dynamically computed

13

Time to Live

255

8

Protocol

17

8

Header Checksum

Dynamically computed

16

Source Address

IP address of the router interface that sends mirrored traffic to the mediation device

32

Destination Address

IP address of the mediation device to which mirrored traffic is forwarded (VSA 26-60)

32

UDP Header

Source Port

UDP port number on the router from which mirrored traffic is sent to the mediation device

16

Destination Port

UDP port on the mediation device to which mirrored traffic is forwarded (VSA 26-61)

16

Length

Dynamically computed

16

Checksum

0

16

Mirror Header

V (mirror header value)

0

2

Intercept ID

See Format of the Mirror Header Values Used to Track Subscribers and Subscriber Sessions for details

30

Session-ID

See Format of the Mirror Header Values Used to Track Subscribers and Subscriber Sessions for details

32

Format of the Mirror Header Values Used to Track Subscribers and Subscriber Sessions

The packet header includes mirror header attributes that the mediation device can use to track subscribers and subscriber sessions. The router creates values for these attributes based on information that it receives from RADIUS. There are three mirror header attributes in the packet header:

  • V (mirror header value)—Used by the router to specify how the values of the Session ID and Intercept ID are determined. The value received from RADIUS can be a 0 or a 1. However, the value is always 0 in the packet header sent to the mediation device.

  • Session ID—Used by the mediation device to identify the session of the mirrored subscriber. The value is assigned to a subscriber session by the Junos OS. The Session ID changes with each new session for a subscriber.

  • Intercept ID—Used along with the Session ID by the mediation device to track a subscriber across multiple login and logout events. The value is assigned to a subscriber whose traffic is being intercepted. The Intercept ID is constant; it does not change as a subscriber logs in and logs out of sessions.

The values of the Intercept ID and the Session ID are determined by the value that the router receives in VSA 26-59. VSA 26-59 is declared as a hexadecimal string that can be either 4 bytes or 8 bytes long. The mirror header value specifies whether a 4-byte value or an 8-byte value is used to form the Intercept ID and the Session ID.

4-Byte Format

The 4-byte format allows you to manually specify the Intercept ID. The Session ID value is automatically created based on the least significant 32 bits of the Acct-Session-ID (RADIUS attribute 44).

To use the 4-byte format of VSA 26-59, you configure the first two most significant bits of the VSA to a value of 1, which indicates a single word in the VSA. The remaining 30 bits of the word form the Intercept ID value.

For example, a value of 40000010 for VSA 26-59 configures the following fields in the mirror header, as shown in Figure 2:

  • V = 1

  • Intercept ID = 0x10

    Figure 2: 4-Byte Format of VSA 26-59
    4-Byte Format of VSA
26-59

8-Byte Format

The 8-byte format of VSA 26-59 enables you to manually specify the both the Session-ID value and the Intercept ID value.

To use the 8-byte format, you configure the first two most significant bits of the first word of the VSA to a value of 0, which indicates two words in the VSA. The remaining 30 bits of the first word form the Intercept ID value, and the second word is the Session-ID field. You cannot change the order of these two words.

For example, a value of 0000030000000090 in VSA 26-59 configures the following fields in the mirror header, as shown in Figure 3:

  • V = 0

  • Intercept-ID = 0x300

  • Session-ID = 0x90

    Figure 3: 8-Byte Format of VSA 26-59
    8-Byte Format of VSA
26-59