Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Redirecting HTTP Requests Overview

    HTTP request traffic from subscribers is aggregated from access networks onto a Broadband Remote Access Server (B-RAS) router, where HTTP traffic can be intercepted and redirected to a captive portal. A captive portal provides authentication and authorization services for redirected subscribers before granting access to protected servers outside of a walled garden. A walled garden defines a group of servers where access is provided to subscribers without reauthorization through a captive portal. You can use a captive portal page as the initial page a subscriber sees after logging in to a subscriber session and as a page used to receive and manage HTTP requests to unauthorized Web resources.

    The HTTP redirect service implements a data handler and a control handler and registers them with service rules applicable to the HTTP applications. These rules are parsed by the captive-portal-content-delivery process on the routing engine. The data handler applies the rules to HTTP data flows and handles rewriting the IP destination address or sending an HTTP 302 response with a preconfigured redirect URL. In addition, the control handler maintains a connection with the captive-portal-content-delivery process on the routing engine to learn configuration changes, such as the redirect URL and the rewrite IP destination and port pair. To achieve faster performance, the control handler maintains a cache of relevant configured entities, such as URLs on Multiservices DPC.

    Packet flow differs depending on the following configurations:

    • Walled garden as a service filter–HTTP traffic destined to servers within the walled garden does not flow to Multiservices DPC. However, any HTTP traffic destined outside of the walled garden flows to the Multiservices DPC.
    • Walled garden as an HTTP policy term–All HTTP traffic flows to the Multiservices DPC. The HTTP service handler determines whether traffic is allowed to go to a walled garden.
    • HTTP request packet–If the flow is destined to servers within the walled garden, no action is taken.

    An HTTP redirect service can be attached to either a static or dynamic interface. For dynamic subscriber management, HTTP services can be attached dynamically at subscriber login or by using a change of authorization (CoA).

    Redundant multiservice PIC and DPC support for HTTP redirect distributes captive portal content delivery rules to both PICs to leverage all framework support (for IPv4 only). Data traffic is sent only to the active PIC and rule processing is performed on the active PIC.

    Previous Page Next Page