Service Definition Examples
This section provides examples of service definition macro files. Commented text explains the parameterized values in the examples. Each example is followed by examples of RADIUS information and the CLI command that you might use to activate a subscriber service session.
Tiered Service Example
This example creates a tiered service. A tiered service typically provides set bandwidths for both inbound and outbound traffic for a subscriber. In this example, the bandwidth values are parameterized. Also, this example assumes that QoS profile triplePlayIP and QoS parameter maxSubscBW are configured.
!parameterizes input and output bandwidth
<# tiered(inputBW, outputBW) #>
<# uid := app.servicemanager.getUniqueId #>
<# name := "SM-tiered-" $ uid #>
<# oname := "SM-O-tiered-" $ uid #>
classifier-list matchAll ip any any
rate-limit-profile <# name #> one-rate
committed-rate <# inputBW; '\n' #>
policy-list <# name; '\n' #>
classifier-group matchAll precedence 10000
rate-limit-profile <# name; '\n' #>
traffic-class best-effort
policy-list <# oname; '\n' #>
classifier-group matchAll precedence 10000
traffic-class best-effort
profile <# name; '\n' #>
ip policy secondary-input <# name #> statistics enabled merge
ip policy output <# oname #> statistics enabled merge
qos-profile triplePlayIP
qos-parameter maxSubscBW <# outputBW; '\n' #>
<# env.setResult("activate-profile", name) #>
<# env.setResult("secondary-input-stat-clacl", "matchAll") #>
<# env.setResult("output-stat-clacl", "matchAll") #>
<# endtmpl #>
Sample RADIUS Attributes
Sample CLI Command
host1(config)#service-management subscriber-session client1@isp1.com interface atm 4/0.1 service-session "tiered(1280000, 5120000)"
Video-on-Demand Service Definition Example
The following example shows a sample service definition macro file that creates a video-on-demand service—the service provides bandwidth that meets the needs of video streams. The definition creates the bandwidth towards the subscriber and parameterizes the source of the video feed.
The sample CLI command shows an example of the service-management owner-session command that you can use to activate the service session.
!parameterizes download bandwidth and server address
<# videoMin(downloadBW, serverAddress) #>
<# uid := app.servicemanager.getUniqueId #>
<# name := "SM-video-" $ uid #>
classifier-list <# name #> ip any <# serverAddress #> 0.0.0.0
policy-list <# name; '\n' #>
classifier-group <# name #> precedence 5000
traffic-class video
profile <# name; '\n' #>
ip policy output <# name #> statistics enabled merge
qos-parameter maxVideoBW add <# downloadBW; '\n' #>
exit
<# env.setResult("activate-profile", name) #>
<# env.setResult("output-stat-clacl", name) #>
<# endtmpl #>
Sample Owner ID
Sample CLI Command
host1(config)#service-management owner-session aaa 573498 service-session "videoMin(4500000, 192.168.23.58)"
Voice-over-IP Service Definition Example
This example provides a voice-over-IP service. The service is a session border controller (SBC) media gateway (MG)-based service that has upstream and downstream components.
The IP address and port for both the subscriber and the opposite end of the phone call were originally negotiated with the SBC. The VoIP service learns the IP addresses and ports for both ends of the call, and then specifies that any traffic to either end is put in the voice traffic class.
!parameterizes source address and port, destination address and port, and protocol type
<# mgFlow(upDA, upDPort, downDA, downDPort, protType) #>
<# uid := app.servicemanager.getUniqueId #>
<# name := "SM-mgFlow-" $ uid #>
<# oname := "SM-O-mgFlow-" $ uid #>
classifier-list <# name #> <# protType #> any <#upDA #> 0.0.0.0 eq <# upDPort; '\n' #>
policy-list <# name; '\n' #>
classifier-group <# name #> precedence 2000
traffic-class voice
forward
classifier-list <# oname #> <# protType #> any <#downDA #> 0.0.0.0 eq <# downDPort; '\n' #>
policy-list <# oname; '\n' #>
classifier-group <# oname #> precedence 2000
traffic-class voice
forward
profile <# name; '\n' #>
ip policy input <# name #> statistics enabled merge
ip policy output <# oname #> statistics enabled merge
<# env.setResult("activate-profile", name) #>
<# endtmpl #>
Sample RADIUS Attributes
Sample CLI Command
host1(config)#service-management subscriber-session client1@isp1.com interface atm 4/0.1 service-session "mgFlow(10.10.10.10, 1234, 192.168.45.54, 1234, udp)"
Guided Entrance Service Example
The guided entrance service enables you to create a controlled Internet browsing environment. Guided entrance-based services, which are sometimes called walled gardens or captive portals, are becoming increasingly important offerings for service providers. When a subscriber logs in and opens a Web browser, the Service Manager guided entrance service transparently directs the subscriber to a specific Web site—at that Web site, the subscriber is presented with a selection of possible services to use. For example, a subscriber might be shown a Web site that offers services such as:
- Predefined services—A group of user-selectable services that meets a variety of needs of a single subscriber. The subscriber might select the high-priced highest access speed to perform critical financial transactions but select a lower speed (and lower cost) service for e-mail. For viewing a real-time sports event, the subscriber can select the video-on-demand service. The subscribers have control over the choice and cost of the services they need and use.
- Prepaid services—A group of specific services that have been prepaid by the subscriber. For example, a subscriber who has purchased the sports package service is presented with a Web page that lists the currently available sporting events. Or, a subscriber might prepay a VoIP service for a set amount of time.
- Controlled-service— An educational service that enables students at a school to access authorized research sites. Or, a limited service for young children that restricts access to safe, closely monitored, age-appropriate Web sites.
Figure 30 shows the sequence of actions that take place during a guided entrance service.
Service Manager requires additional configuration considerations for the guided entrance service.
- The <# redirectUrlName := "http://" $ serverIp $ ":" $ serverPort #> command in the service definition—Specifies the HTTP local service to which the subscriber is redirected after login. See Guided Entrance Service Definition Example for a sample guided entrance service definition.
- HTTP local server application—Used by the policy in the activated service to direct a subscriber to a specific Web site when the subscriber logs in. See Configuring the HTTP Local Server to Support Guided Entrance for information about the HTTP local server.
- RADIUS Dynamic Request Server and CoA messages—Enables RADIUS to dynamically activate the new service that the subscriber selects at the Web site. Can also optionally deactivate the original guided entrance service session that is used when the subscriber logs in. See Chapter 4, Configuring RADIUS Dynamic-Request Server.
Guided Entrance Service Definition Example
This example shows a guided entrance service. Upon login, the subscriber is redirected to a specific uniform resource locator (URL) at which the subscriber can choose from a list of available services.
!parameterizes server address and port
<# http(serverIp, serverPort) #>
<# serviceTag := "http-" #>
<# uid := app.servicemanager.getUniqueId #>
<# genericName := "SM-X-" $ serviceTag $ uid #>
<# genericInputName := "SM-I-" $ serviceTag $ uid #>
<# genericOutputName := "SM-O-" $ serviceTag $ uid #>
<# claclName := genericName #>
<# profileName := genericName #>
<# inputPolicyName := genericInputName #>
<# inputRateLimitName := genericInputName #>
<# outputPolicyName := genericOutputName #>
<# outputRateLimitName := genericOutputName #>
<# exceptionClaclName := "exceptionClaclPort" $ serverPort #>
<# serverClaclName := "serverClaclIp" $ serverIp #>
<# redirectUrlName := "http://" $ serverIp $ ":" $ serverPort #>
configure terminal
classifier-list <# serverClaclName #> ip any host <# serverIp; '\n' #>
classifier-list <# exceptionClaclName #> tcp any any eq <# serverPort; '\n' #>
ip policy-list <# inputPolicyName; '\n' #>
classifier-group <# serverClaclName; '\n' #>
forward
classifier-group <# exceptionClaclName; '\n' #>
exception http-redirect
classifier-group *
filter
profile <# profileName #>
ip http redirectUrl <# redirectUrlName; '\n' #>
ip policy input <# inputPolicyName #> statistics enabled merge
<# env.setResult("activate-profile", "" $ profileName) #>
<# endtmpl #>
Sample RADIUS Attributes
Sample CLI Command
host1(config)#service-management subscriber-session client5@isp1.com interface atm 5/0.1 service-session "http(192.168.25.2, 80)"
Using CoA Messages with Guided Entrance Services
Typically, a guided entrance service directs a subscriber to a Web site, where the subscriber can select from a group of available services. When the subscriber selects a new service to use, Service Manager uses a RADIUS CoA message to activate the new service—you can also configure RADIUS to deactivate the original guided entrance service. To inform Service Manager to deactivate the original guided entry service, you must include the Deactivate-Service attribute in the RADIUS records of the services that can be selected from the Web site.
If you configure a guided entrance service, you must also ensure that the router's RADIUS dynamic-request server is enabled and supports CoA messages. See Chapter 4, Configuring RADIUS Dynamic-Request Server, for information about the RADIUS dynamic-request server and CoA messages.
Table 143 describes a partial RADIUS Access-Accept message for a guided entrance service and the CoA-Request message for the tiered service that the subscriber subsequently selects from the Web site. The CoA message for the tiered service includes the Deactivate-Service attribute that deactivates the guided entrance service.
Configuring the HTTP Local Server to Support Guided Entrance
JUNOSe software supports an embedded Web server, known as the HTTP local server, which is used to support the Service Manager application's guided entrance service. With guided entrance, subscribers are directed to a specific Web site when they log in. At the Web site, the subscribers can then select the service they want to use.
You can configure one HTTP local server per virtual router. The HTTP local server is disabled by default. To configure the HTTP local server:
- Access the virtual router context.
- Create the HTTP local server.
- (Optional) Specify a standard IP access list that defines which subscribers can connect to the HTTP local server.
- (Optional) Specify the port on which the HTTP local server receives connection attempts.
- (Optional) Specify the maximum number of connections that can exist between one IP address and the HTTP local server.
- Specify the maximum time that HTTP local servers maintain connections.
- Enable the HTTP local server.
- Configure the HTTP redirect feature for the profile, interface, or subinterface that will be referenced in the guided entrance service definition.
host1(config)#virtual-router west400
host1:west400(config)#
host1:west40(config)#ip http
host1:west40(config)#ip http access-class chicagoList
host1:west40(config)#ip http port 8080
host1:west40(config)#ip http same-host-limit 20
host1:west40(config)#ip http max-connection-time 1000
host1:west40(config)#ip http server
host1:west40(config)#profile guidEnt6
host1:west40(config-profile)#ip http redirectUrl http://ispsite.redirect.com
HTTP Local Server Commands
This section describes the commands used to configure the HTTP local server application on the E-series router.
ip http
host1(config)#ip http
ip http access-class
- Use to allow only subscribers on the specified standard IP access list to connect to the HTTP local server.
- Example
host1(config)#ip http access-class chicagoList
ip http max-connection-time
- Use to specify the maximum time that the HTTP local server maintains an inactive connection.
- Specify a time in the range 3–7200 seconds, or 0. A value of 0 causes the server to maintain an inactive connection indefinitely.
- Example
host1(config)#ip http max-connection-time 1000
ip http port
- Use to specify the port on which the HTTP local server receives connection attempts.
- Specify a port number in the range 1–65535.
- Example
host1(config)#ip http port 8080
ip http redirectUrl
- Use to specify the URL to which a subscriber's HTTP access session is redirected.
- The first access session is typically used by the Service Manager application to provide initial provisioning and service selection for the subscriber.
- HTTP redirect is per-interface; use the command in Profile Configuration mode for dynamic interfaces; use the command in Interface Configuration mode or Subinterface Configuration mode for static interfaces.
- The redirect URL can be a maximum of 64 characters.
NOTE: The HTTP local server must be configured and enabled in the virtual router for the interface on which you use the ip http redirectUrl command. Otherwise, the URL redirect operation will fail.
- Example
host1(config-if)#ip http redirectUrl http://ispsite.redirect.com
ip http same-host-limit
- Use to specify the maximum number of connections that can exist between one IP address and the HTTP local server.
- Specify a number in the range 0–1000.
- Example
host1(config)#ip http same-host-limit 20
ip http server
host1(config)#ip http server