Service Definition Examples

This section provides examples of service definition macro files. Commented text explains the parameterized values in the examples. Each example is followed by examples of RADIUS information and the CLI command that you might use to activate a subscriber service session.

Tiered Service Example

This example creates a tiered service. A tiered service typically provides set bandwidths for both inbound and outbound traffic for a subscriber. In this example, the bandwidth values are parameterized. Also, this example assumes that QoS profile triplePlayIP and QoS parameter maxSubscBW are configured.

!parameterizes input and output bandwidth
<# tiered(inputBW, outputBW) #>

<# uid := app.servicemanager.getUniqueId #>
<# name := "SM-tiered-" $ uid #>
<# oname := "SM-O-tiered-" $ uid #>
classifier-list matchAll ip any any
rate-limit-profile <# name #> one-rate
	 committed-rate <# inputBW; '\n' #>

policy-list <# name; '\n' #>
	 classifier-group matchAll precedence 10000
		 rate-limit-profile <# name; '\n' #>
		 traffic-class best-effort

policy-list <# oname; '\n' #>
	 classifier-group matchAll precedence 10000
		 traffic-class best-effort

profile <# name; '\n' #>
	 ip policy secondary-input <# name #> statistics enabled merge
	 ip policy output <# oname #> statistics enabled merge
	 qos-profile triplePlayIP
	 qos-parameter maxSubscBW <# outputBW; '\n' #>

<# env.setResult("activate-profile", name) #>
<# env.setResult("secondary-input-stat-clacl", "matchAll") #>
<# env.setResult("output-stat-clacl", "matchAll") #>

<# endtmpl #>

Sample RADIUS Attributes

Sample CLI Command

Video-on-Demand Service Definition Example

The following example shows a sample service definition macro file that creates a video-on-demand service—the service provides bandwidth that meets the needs of video streams. The definition creates the bandwidth towards the subscriber and parameterizes the source of the video feed.

The sample CLI command shows an example of the service-management owner-session command that you can use to activate the service session.

!parameterizes download bandwidth and server address
<# videoMin(downloadBW, serverAddress) #>

<# uid := app.servicemanager.getUniqueId #>
<# name := "SM-video-" $ uid #>

classifier-list <# name #> ip any <# serverAddress #> 0.0.0.0

policy-list <# name; '\n' #>
	  classifier-group <# name #> precedence 5000
		  traffic-class video

profile <# name; '\n' #>
	  ip policy output <# name #> statistics enabled merge
	  qos-parameter maxVideoBW add <# downloadBW; '\n' #>
	  exit

<# env.setResult("activate-profile", name) #>
<# env.setResult("output-stat-clacl", name) #>

<# endtmpl #>

Sample Owner ID

Sample CLI Command

Voice-over-IP Service Definition Example

This example provides a voice-over-IP service. The service is a session border controller (SBC) media gateway (MG)-based service that has upstream and downstream components.

The IP address and port for both the subscriber and the opposite end of the phone call were originally negotiated with the SBC. The VoIP service learns the IP addresses and ports for both ends of the call, and then specifies that any traffic to either end is put in the voice traffic class.

!parameterizes source address and port, destination address and port, and protocol type
<# mgFlow(upDA, upDPort, downDA, downDPort, protType) #>

<# uid := app.servicemanager.getUniqueId #>
<# name := "SM-mgFlow-" $ uid #>
<# oname := "SM-O-mgFlow-" $ uid #>

classifier-list <# name #> <# protType #> any <#upDA #> 0.0.0.0 eq <# upDPort; '\n' #>
policy-list <# name; '\n' #>
	  classifier-group <# name #> precedence 2000
		  traffic-class voice
		  forward

classifier-list <# oname #> <# protType #> any <#downDA #> 0.0.0.0 eq <# downDPort; '\n' #>
policy-list <# oname; '\n' #>
	  classifier-group <# oname #> precedence 2000
		  traffic-class voice
		  forward

profile <# name ; '\n' #>
	  ip policy input <# name #> statistics enabled merge
	  ip policy output <# oname #> statistics enabled merge

<# env.setResult("activate-profile", name) #>

<# endtmpl #>

Sample RADIUS Attributes

Sample CLI Command

Guided Entrance Service Example

The guided entrance service enables you to create a controlled Internet browsing environment. Guided entrance-based services, which are sometimes called walled gardens or captive portals, are becoming increasingly important offerings for service providers. When a subscriber logs in and opens a Web browser, the Service Manager guided entrance service transparently directs the subscriber to a specific Web site—at that Web site, the subscriber is presented with a selection of possible services to use. For example, a subscriber might be shown a Web site that offers services such as:

• Predefined services—A group of user-selectable services that meets a variety of needs of a single subscriber. The subscriber might select the high-priced highest access speed to perform critical financial transactions but select a lower speed (and lower cost) service for e-mail. For viewing a real-time sports event, the subscriber can select the video-on-demand service. The subscribers have control over the choice and cost of the services they need and use.
• Prepaid services—A group of specific services that have been prepaid by the subscriber. For example, a subscriber who has purchased the sports package service is presented with a Web page that lists the currently available sporting events. Or, a subscriber might prepay a VoIP service for a set amount of time.
• Controlled-service— An educational service that enables students at a school to access authorized research sites. Or, a limited service for young children that restricts access to safe, closely monitored, age-appropriate Web sites.

Figure 30 shows the sequence of actions that take place during a guided entrance service.

Figure 30: Guided Entrance

Service Manager requires additional configuration considerations for the guided entrance service.

• The <# redirectUrlName := "http://" $ serverIp $ ":" $ serverPort #> command in the service definition—Specifies the HTTP local service to which the subscriber is redirected after login. See Guided Entrance Service Definition Example for a sample guided entrance service definition.

  Note: You must also configure a policy that redirects packets. See Creating an Exception Rule within a Policy Classifier Group in JUNOSe Policy Management Configuration Guide for information on creating redirect policies.

• HTTP local server application—Used by the policy in the activated service to direct a subscriber to a specific Web site when the subscriber logs in. See Configuring the HTTP Local Server to Support Guided Entrance for information about the HTTP local server.
• RADIUS Dynamic Request Server and CoA messages—Enables RADIUS to dynamically activate the new service that the subscriber selects at the Web site. Can also optionally deactivate the original guided entrance service session that is used when the subscriber logs in. See Configuring RADIUS Dynamic-Request Server.

Guided Entrance Service Definition Example

This example shows a guided entrance service. Upon login, the subscriber is redirected to a specific uniform resource locator (URL) at which the subscriber can choose from a list of available services.

!parameterizes server address and port
<# http(serverIp, serverPort) #>

<# serviceTag := "http-" #>
<# uid := app.servicemanager.getUniqueId #>
<# genericName := "SM-X-" $ serviceTag $ uid #>
<# genericInputName := "SM-I-" $ serviceTag $ uid #>
<# genericOutputName := "SM-O-" $ serviceTag $ uid #>
<# claclName := genericName #>

<# profileName := genericName #>
<# inputPolicyName := genericInputName #>
<# inputRateLimitName := genericInputName #>
<# outputPolicyName := genericOutputName #>
<# outputRateLimitName := genericOutputName #>

<# exceptionClaclName := "exceptionClaclPort" $ serverPort #>
<# serverClaclName := "serverClaclIp" $ serverIp #>
<# redirectUrlName := "http://" $ serverIp $ ":" $ serverPort #>

configure terminal

classifier-list <# serverClaclName #> ip any host <# serverIp; '\n' #>

classifier-list <# exceptionClaclName #> tcp any any eq <# serverPort; '\n' #>

ip policy-list <# inputPolicyName; '\n' #>
classifier-group <# serverClaclName; '\n' #>
        forward
    classifier-group <# exceptionClaclName; '\n' #>
        exception http-redirect
    classifier-group *
        filter

profile <# profileName #>
    ip http redirectUrl <# redirectUrlName; '\n' #>
    ip policy input <# inputPolicyName #> statistics enabled merge

<# env.setResult("activate-profile", "" $ profileName) #>

<# endtmpl #>

Sample RADIUS Attributes

Sample CLI Command

Using CoA Messages with Guided Entrance Services

Typically, a guided entrance service directs a subscriber to a Web site, where the subscriber can select from a group of available services. When the subscriber selects a new service to use, Service Manager uses a RADIUS CoA message to activate the new service—you can also configure RADIUS to deactivate the original guided entrance service. To inform Service Manager to deactivate the original guided entry service, you must include the Deactivate-Service attribute in the RADIUS records of the services that can be selected from the Web site.

If you configure a guided entrance service, you must also ensure that the router’s RADIUS dynamic-request server is enabled and supports CoA messages. See Configuring RADIUS Dynamic-Request Server, for information about the RADIUS dynamic-request server and CoA messages.

Table 146 describes a partial RADIUS Access-Accept message for a guided entrance service and the CoA-Request message for the tiered service that the subscriber subsequently selects from the Web site. The CoA message for the tiered service includes the Deactivate-Service attribute that deactivates the guided entrance service.

Table 146: Deactivating a Guided Entrance Service

Tiered Service Selected at Web Site

Configuring the HTTP Local Server to Support Guided Entrance

JUNOSe software supports an embedded Web server, known as the HTTP local server, which is used to support the Service Manager application’s guided entrance service. With guided entrance, subscribers are directed to a specific Web site when they log in. At the Web site, the subscribers can then select the service they want to use.

You can configure one HTTP local server per virtual router. The HTTP local server is disabled by default. To configure the HTTP local server:

1. Access the virtual router context.

   host1(config)#virtual-router west400

   host1:west400(config)#

2. Create the HTTP local server.

   host1:west40(config)#ip http

3. (Optional) Specify a standard IP access list that defines which subscribers can connect to the HTTP local server.

   host1:west40(config)#ip http access-class chicagoList

4. (Optional) Specify the port on which the HTTP local server receives connection attempts.

   host1:west40(config)#ip http port 8080

5. (Optional) Specify the maximum number of connections that can exist between one IP address and the HTTP local server.

   host1:west40(config)#ip http same-host-limit 20

6. Specify the maximum time that HTTP local servers maintain connections.

   host1:west40(config)#ip http max-connection-time 1000

7. Enable the HTTP local server.

   host1:west40(config)#ip http server

8. Configure the HTTP redirect feature for the profile, interface, or subinterface that will be referenced in the guided entrance service definition.

   host1:west40(config)#profile guidEnt6

   host1:west40(config-profile)#ip http redirectUrl http://ispsite.redirect.com

This section describes the commands used to configure the HTTP local server application on the E-series router.

ip http

• Use to create the HTTP local server.
• Example

  host1(config)#ip http

• Use the no version to delete the HTTP local server.
• See ip http

ip http access-class

• Use to allow only subscribers on the specified standard IP access list to connect to the HTTP local server.
• Example

  host1(config)#ip http access-class chicagoList

• Use the no version to remove the association between the access list and the HTTP local server.
• See ip http access-class

ip http max-connection-time

• Use to specify the maximum time that the HTTP local server maintains an inactive connection.
• Specify a time in the range 3–7200 seconds, or 0. A value of 0 causes the server to maintain an inactive connection indefinitely.
• Example

  host1(config)#ip http max-connection-time 1000

• Use the no version to restore the default time, 30 seconds.
• See ip http max-connection-time

ip http port

• Use to specify the port on which the HTTP local server receives connection attempts.
• Specify a port number in the range 1–65535.
• Example

  host1(config)#ip http port 8080

• Use the no version to restore the default port number, 80.
• See ip http port

ip http redirectUrl

• Use to specify the URL to which a subscriber’s HTTP access session is redirected.
• The first access session is typically used by the Service Manager application to provide initial provisioning and service selection for the subscriber.
• HTTP redirect is per-interface; use the command in Profile Configuration mode for dynamic interfaces; use the command in Interface Configuration mode or Subinterface Configuration mode for static interfaces.
• The redirect URL can be a maximum of 64 characters.

  Note: The HTTP local server must be configured and enabled in the virtual router for the interface on which you use the ip http redirectUrl command. Otherwise, the URL redirect operation will fail.

• Example

  host1(config-if)#ip http redirectUrl http://ispsite.redirect.com

• Use the no version to restore the default, which disables the HTTP redirect feature.
• See ip http redirectUrl

ip http same-host-limit

• Use to specify the maximum number of connections that can exist between one IP address and the HTTP local server.
• Specify a number in the range 0–1000.
• Example

  host1(config)#ip http same-host-limit 20

• Use the no version to restore the default number of allowed connections, 3.
• See ip http same-host-limit

ip http server

• Use to enable the HTTP local server.
• Example

  host1(config)#ip http server

• Use the no version to disable the HTTP local server.
• See ip http server

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.