Using the Packet Header to Track Subscribers on the Mediation Device
When the router sends mirrored traffic to the mediation device, it encapsulates it in a packet header. Figure 1 is the mirrored packet header and payload that the router sends to the mediation device.
Table 1 describes the fields in the packet header of mirrored packets.
Table 1: Mirrored Packet Header and Payload Field Descriptions For the Mediation Device
Type of Service
Time to Live
IP address of the router interface that sends mirrored traffic to the mediation device
IP address of the mediation device to which mirrored traffic is forwarded (VSA 26-60)
UDP port number on the router from which mirrored traffic is sent to the mediation device
UDP port on the mediation device to which mirrored traffic is forwarded (VSA 26-61)
V (mirror header value)
Format of the Mirror Header Values Used to Track Subscribers and Subscriber Sessions
The packet header includes mirror header attributes that the mediation device can use to track subscribers and subscriber sessions. The router creates values for these attributes based on information that it receives from RADIUS. There are three mirror header attributes in the packet header:
V (mirror header value)—Used by the router to specify how the values of the Session ID and Intercept ID are determined. The value received from RADIUS can be a 0 or a 1. However, the value is always 0 in the packet header sent to the mediation device.
Session ID—Used by the mediation device to identify the session of the mirrored subscriber. The value is assigned to a subscriber session by the Junos OS. The Session ID changes with each new session for a subscriber.
Intercept ID—Used along with the Session ID by the mediation device to track a subscriber across multiple login and logout events. The value is assigned to a subscriber whose traffic is being intercepted. The Intercept ID is constant; it does not change as a subscriber logs in and logs out of sessions.
The values of the Intercept ID and the Session ID are determined by the value that the router receives in VSA 26-59. VSA 26-59 is declared as a hexadecimal string that can be either 4 bytes or 8 bytes long. The mirror header value specifies whether a 4-byte value or an 8-byte value is used to form the Intercept ID and the Session ID.
The 4-byte format allows you to manually specify the Intercept ID. The Session ID value is automatically created based on the least significant 32 bits of the Acct-Session-ID (RADIUS attribute 44).
To use the 4-byte format of VSA 26-59, you configure the first two most significant bits of the VSA to a value of 1, which indicates a single word in the VSA. The remaining 30 bits of the word form the Intercept ID value.
For example, a value of 40000010 for VSA 26-59 configures the following fields in the mirror header, as shown in Figure 2:
V = 1
Intercept ID = 0x10
The 8-byte format of VSA 26-59 enables you to manually specify the both the Session-ID value and the Intercept ID value.
To use the 8-byte format, you configure the first two most significant bits of the first word of the VSA to a value of 0, which indicates two words in the VSA. The remaining 30 bits of the first word form the Intercept ID value, and the second word is the Session-ID field. You cannot change the order of these two words.
For example, a value of 0000030000000090 in VSA 26-59 configures the following fields in the mirror header, as shown in Figure 3:
V = 0
Intercept-ID = 0x300
Session-ID = 0x90