Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Logging In Subscribers and Creating Sessions

You can use two mechanisms to obtain subscriber address requests and other information and to set up a pseudointerface on the network device. (You must choose one mechanism; you cannot mix them.)

  1. Assigned IP subscriber. The SAE learns about a subscriber through subscriber-initiated activities, such as activating a service through the portal or through the SRC Web Services Gateway).

    With this method, you use the assigned IP subscriber login type along with the network interface collector (NIC) to map IP addresses to the SAE.

  2. Event notification from an IP address manager. The SAE learns about subscribers through notifications from an external IP address manager, such as a DHCP server or a RADIUS server.

    With this method, you use the event notification application programming interface (API). The API provides an interface to the IP address manager, and lets the IP address manager notify the SAE of events such as IP address assignments.

Assigned IP Subscribers

With the assigned IP subscriber method of logging in subscribers and creating sessions, the SRC module uses IP address pools along with network information collector (NIC) resolvers to provide mapping of IP addresses to SAEs. You configure the static address pools or dynamically discovered address pools in the virtual router configuration for a network device. These pools are published in the NIC. The NIC maps subscriber IP addresses in requests received through the portal or SRC Web Services Gateway to the SAE that currently manages that network device.

Login Interactions with Assigned IP Subscribers

This section describes login interactions for assigned IP subscribers. In the example shown in Figure 12, the subscriber activates a service through a portal. You could also have the subscriber activate a service through the SRC Web Services Gateway.

Figure 12: Login Interactions with Assigned IP Subscribers

Login Interactions with Assigned IP Subscribers

The sequence of events for logging in and creating sessions for assigned IP subscribers is:

  1. The subscriber logs in to the portal.
  2. The portal sends the subscriber’s IP address to the NIC.
  3. Based on the IP address, the NIC looks up the subscriber’s SAE, network device, and interface name, and returns this information to the portal.
  4. The portal sends a get Subscriber message to the SAE. The message includes the subscriber’s IP address, network device, and interface name.
  5. The SAE creates an assigned IP subscriber and performs a subscriber login. Specifically, it:
    1. Runs the subscriber classification script with the IP address of the subscriber. (Use the ASSIGNEDIP login type in subscriber classification scripts.)
    2. Loads the subscriber profile.
    3. Runs the subscriber authorization plug-ins.
    4. Runs the subscriber tracking plug-ins.
    5. Creates a subscriber session and stores the session data in the session store file.
  6. The SAE pushes service policies for the subscriber session to the network device.

Because the SAE is not notified when the subscriber logs out, the assigned IP idle timer begins when no service is active. The SAE removes the interface subscriber session when the timeout period ends.

Event Notification from an IP Address Manager

With the event notification method of logging in subscribers and creating subscriber sessions, the subscriber logs in to the network device and obtains an IP address through an address server, usually a DHCP server. The SAE receives notifications about the subscriber, such as the subscriber’s IP address, from an event notification application that is installed on the DHCP server.

To use this method of logging in subscribers, you can use the event notification API to create the application that notifies the SAE when events occur between the DHCP server and the network device. You can also use Monitoring Agent, a sample application that was created with the event notification API and that monitors DHCP or RADIUS messages for DHCP or RADIUS servers. See the SRC PE Sample Applications Guide.

Login with Event Notification

This section describes login interactions by means of event notifications.

Figure 13: Login Interactions with Event Notification Application

Login Interactions with Event Notification
Application

The sequence of events for logging in subscribers and creating sessions is:

  1. The DHCP client in the subscriber’s computer sends a DHCP discover request to the DHCP server.
  2. The DHCP server sends a DHCP offer to the subscriber’s DHCP client.
  3. The DHCP client sends a DHCP request to the DHCP server.
  4. The DHCP server acknowledges the request by sending a DHCP Ack message to the DHCP client.
  5. The event notification application that is running on the DHCP server intercepts the DHCP Ack message.
  6. The event notification application sends an ipUp message to the SAE that notifies the SAE that an IP address is up.
  7. The SAE performs a subscriber login. Specifically, it:
    1. Runs the subscriber classification script.
    2. Loads the subscriber profile.
    3. Runs the subscriber authorization plug-ins.
    4. Runs the subscriber tracking plug-ins.
    5. Creates a subscriber session and stores the session in the session store file.
  8. The SAE can start script services.

The ipUp event should be sent with a timeout set to the DHCP lease time. The event notification application or the Monitoring Agent that monitors DHCP traffic sends an ipUp event for each Ack message sent from the DHCP server to the client. The SAE restarts the timeout each time it receives an ipUp event.

If the client explicitly releases the DHCP address (that is, it sends a DHCP release event), the event notification application or the Monitoring Agent that monitors DHCP traffic sends an ipDown event. If the client does not renew the address, the lease expires on the DHCP server and the timeout expires on the SAE.

Note: To prefer the second user session for an existing address upon receiving an ipUp event if the first and second sessions have different session IDs, set the prefer-second-user-session option under the [edit shared sae configuration driver third-party] hierarchy.

Related Documentation

Modified: 2017-08-03