Figure 10 illustrates the services in the sample data that policy-route incoming and outgoing subscriber traffic to an IDP sensor. In this example this DN for subscriber profiles is routerName=default@JunoseA, <DN of Router Profiles>.
Figure 10: Services to Policy-Route Traffic to an IDP Sensor
The Surveillance Director provides the following information to the services:
The aggregate service passes the value of the subrSubnet parameter to each CoreIntFragment service, and uses the value of the subrIps parameter when the SubrIntFragment services are created. A SubrIntFragment service is created for each IP address (which is specified as the subscriber ID). A CoreIntFragment service is created for the subscriber ID or IDs specified in the configuration for the aggregate service (idp@idp in the sample data).
For example, in Figure 11 the Surveillance Director passes the value 111.2.1.6/31 for the CIDR subnet, and the list of addresses 111.2.1.6 and 111.2.1.7 to the aggregate service. The aggregate service passes the value for the CIDR subnet to the CoreIntFragment service, and activates a SubrIntFragment service for each address in the list—in this case for IP addresses 111.2.1.6 and 111.2.1.7.
Figure 11: Sample Values for SubrSubnet and SubrIps Parameters in Services for Policy-Based Routing of Traffic
To set up policy-based routing to direct subscriber traffic from a JUNOSe router to IDP:
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |