Example: Parameter Value Substitution

Parameters provide general definitions for configuration properties. You can use parameters in the configuration for policies, services, and subscriptions. Users can define the value for a parameter through an enterprise service portal or a residential portal.

Note: The SRC sample data includes the configuration used in this example.

This example shows how to use parameters and substitutions in the SRC software.

Requirements

This example uses the following hardware and software components:

Overview

This configuration has the following characteristics:

Figure 19 shows the network in the example.

Figure 19: Network Used in Parameter Substitution Example

Network Used in Parameter Substitution Example

From the service provider’s perspective, the service provider’s network is on the inside, and the enterprise network is on the outside. Ingress traffic flows from the enterprise network to the service provider’s network. Egress traffic flows from the service provider’s network to the enterprise network. The engineering department subnet in the enterprise network is the subnet that we will subscribe to the gold-level service and track.

Types of Parameters

The example uses two types of parameters:

Parameter Configuration

The parameters appear in the configuration for:

Parameter Values After Value Acquisition

After the SRC software has gone through the parameter value acquisition process, the three original parameters in the tierpolicy policy group have the following values:

Figure 20 shows the values of the ingress and egress policies that are applied to the router in our sample network.

Figure 20: Policies Applied to the Sample Network

Policies Applied to the Sample Network

Configuration

Configure a policy, service, subscriber, and subscription to use parameter value acquisition:

Configuring the Default Value for a Global Parameter

Configure the global parameter any which is used in the policy configuration.

CLI Quick Configuration

To quickly configure the global parameter any, copy the following commands into a text editor, and modify them as needed; then load the configuration from the file.

[edit] set policies global-parameters any default-value 0.0.0.0/0 set policies global-parameters any type network

Step-by-Step Procedure

To configure the global parameter any:

  1. From configuration mode, enter the global parameter configuration for the any parameter.
    [edit]user@host# edit policies global-parameters any
  2. (Optional) Configure a default value that the policy engine uses if no other values are provided during the parameter value acquisition process.

    See Parameter Types for valid values of each parameter type.

    [edit policies global-parameters any]user@host# set default-value 0.0.0.0/0
  3. (Optional) Type of attribute for which you can use the parameter.
    [edit policies global-parameters any]user@host# set type network

Configuring a Policy Group

Configure the policy group tierpolicy to specify bandwidth for incoming and outgoing traffic.

CLI Quick Configuration

To quickly configure the global parameter any, copy the following commands into a text editor, and modify them as needed; then load the configuration from the file.

[edit] set policies folder ent group tierpolicy set policies folder ent group tierpolicy local-parameters qos set policies folder ent group tierpolicy local-parameters qos type rate set policies folder ent group tierpolicy local-parameters outside set policies folder ent group tierpolicy local-parameters outside type network set policies folder ent group tierpolicy local-parameters outside default-value any set policies folder ent group tierpolicy local-parameters inside set policies folder ent group tierpolicy local-parameters inside type network set policies folder ent group tierpolicy local-parameters inside default-value any set policies folder ent group tierpolicy list egrules set policies folder ent group tierpolicy list egrules role junose-ipv4 set policies folder ent group tierpolicy list egrules applicability output set policies folder ent group tierpolicy list ingrules set policies folder ent group tierpolicy list ingrules role junose-ipv4 set policies folder ent group tierpolicy list ingrules applicability input set policies folder ent group tierpolicy list egrules rule eglimit set policies folder ent group tierpolicy list egrules rule eglimit type junose-ipv4 set policies folder ent group tierpolicy list egrules rule eglimit precedence 1000 set policies folder ent group tierpolicy list egrules rule eglimit accounting set policies folder ent group tierpolicy list egrules rule eglimit traffic-condition cond set policies folder ent group tierpolicy list egrules rule eglimit traffic-condition cond source-network group-network network-specifier inside set policies folder ent group tierpolicy list egrules rule eglimit traffic-condition cond destination-network group-network network-specifier outside set policies folder ent group tierpolicy rate-limit ratelimit set policies folder ent group tierpolicy type two-rate set policies folder ent group tierpolicy list egrules rule eglimit rate-limit ratelimit committed-rate qos set policies folder ent group tierpolicy list egrules rule eglimit rate-limit ratelimit committed-burst "max(qos*0.1, 16384)" set policies folder ent group tierpolicy rate-limit ratelimit committed-action forward set policies folder ent group tierpolicy rate-limit ratelimit exceed-action filter set policies folder ent group tierpolicy rate-limit ratelimit conformed-action filter set policies folder ent group tierpolicy rate-limit ratelimit exceed-action filter set policies folder ent group tierpolicy list ingrules rule inglimit set policies folder ent group tierpolicy list ingrules rule inglimit type junose-ipv4 set policies folder ent group tierpolicy list ingrules rule inglimit precedence 1000 set policies folder ent group tierpolicy list ingrules rule inglimit accounting set policies folder ent group tierpolicy list ingrules rule inglimit traffic-condition ent set policies folder ent group tierpolicy list ingrules rule inglimit traffic-condition ent source-network group-network network-specifier outside set policies folder ent group tierpolicy list ingrules rule inglimit traffic-condition ent destination-network group-network network-specifier inside set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit type two-rate set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit committed-rate qos set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit committed-burst "max(qos*0.1, 16384)" set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit peak-rate qos*1.5 set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit committed-action mark mark-info value 1 set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit conformed-action mark mark-info value 2 set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit exceed-action filter set policies folder ent group tierpolicy list ingrules rule inglimit rate-limit rateLimit peak-burst "max(qos*1.5*0.1, 16384)"

Step-by-Step Procedure

To create and configure a policy group named tierpolicy:

  1. Create the tiergroup policy.
    [edit]user@host# edit policies folder ent group tierpolicy
  2. Create local parameters, which are parameters that will be used only with tierpolicy.
  3. qos—Rate parameter
    [edit policies folder ent group tierpolicy]user@host# edit local-parameters qos [edit policies folder ent group tierpolicy local-parameters qos]user@host# set type rate

Configuration Results

[edit policies folder ent group tierpolicy]
user@host# show 
description "This is a service policy for services that rate limit and account 
for traffic to and from the service provider's network.  It is parameterized on 
the subnets inside and outside the service provider's network between which the 
traffic flows.  It is also parameterized on a number which is used to scale 
ingress and egress rate limit rules.  ";
local-parameters { 
  qos {
    description " Scaling factor to apply to the rate limits on the traffic 
between inside and outside";
    type rate;
  }
  outside {
    description "the subnet outside the service provider's network";
    default-value any;
    type network;
  }
  inside {
    description "the subnet inside the service provider's network";
    default-value any;
    type network;
  }
}
list egrules {
  role junose-ipv4;
  applicability output;
  rule eglimit {
    type junose-ipv4;
    precedence 1000;
    accounting;
    rate-limit ratelimit {
      committed-action { 
        forward { 
        }
      }
      conformed-action { 
        filter { 
        }
      }
      exceed-action { 
        filter { 
        }
      }
      type two_rate;
      committed-rate qos;
      committed-burst "max(qos*0.1, 16384)";
      peak-rate qos*1.5;
      peak-burst 16384;
      description "committed rate is \"qos\" parameter, burst is 800ms burst at 
committed rate (*0.1 remember rates are bits per second, bursts are bytes)
drop all uncommitted traffic.  Max with 16384 to make sure burst is not too 
small for slow interfaces.  ";
    }
    traffic-condition cond {
      source-network { 
        group-network { 
          network-specifier inside;
        }
      }
      destination-network { 
        group-network { 
          network-specifier outside;
        }
      }
    }
    description "rule to limit egress traffic";
  }
}
list ingrules {
  role junose-ipv4;
  applicability input;
  rule inglimit {
    type junose-ipv4;
    precedence 1000;
    accounting;
    rate-limit rateLimit {
      committed-action { 
        mark { 
          mark-info { 
            value 1;
          }
        }
      }
      conformed-action { 
        mark { 
          mark-info { 
            value 2;
          }
        }
      }
      exceed-action { 
        filter { 
        }
      }
      type two_rate;
      committed-rate qos;
      committed-burst "max(qos*0.1, 16384)";
      peak-rate qos*1.5;
      peak-burst "max(qos*1.5*0.1, 16384)";
      description "committed rate is \"qos\" parameter, burst is 800ms burst at 
committed rate (*0.1 remember rates are bits per second, bursts are bytes).  Max 
with 16384 to make sure burst is not too small for slow interfaces.peak rate 
and burst are scaled by 1.5. mark committed and conformed traffic with 
different marks, drop all excess traffic";
    }
    traffic-condition ent {
      source-network { 
        group-network { 
          network-specifier outside;
        }
      }
      destination-network { 
        group-network { 
          network-specifier inside;
        }
      }
    }
    description "rule to limit ingress traffic";
  }
}
Configuring a Service
Configure a service that provides a gold-level
quality of service to subscribers.
CLI Quick Configuration
To quickly configure a service copy the following commands into
a text editor, and modify them as needed; then load the configuration
from the file. 
[edit] set services   set services scope EntJunose  set services scope EntJunose service GoldMetered  set services scope EntJunose service GoldMetered
type normal  set services scope EntJunose service GoldMetered
category "Quality of Service"  set services scope EntJunose service GoldMetered
policy-group /ent/tierpolicy  set services scope EntJunose service GoldMetered
radius-class GoldMetered  set services scope EntJunose service GoldMetered
parameter substitution 
 [ "dept:network//the subnet of the department to apply the service
to"  "!inside:network = any//always apply
to any subnet inside the service provider"  "!outside:network = dept//rename outside policy parameter to dept"
"!qos =  interface_speed*0.5//gold qos
is 50% of interface speed" ] 
Step-by-Step Procedure
To configure a service that uses the policy tierpolicy:
  1. Create a service called GoldMetered, and assign tierpolicy
as the policy group.
    [edit]user@host# edit services [edit services]user@host# edit scope EntJunose [edit services scope EntJunose]user@host# edit service GoldMetered [edit services scope EntJunose service GoldMetered]user@host# set type normal [edit services scope EntJunose service GoldMetered]user@host# set category "Quality of Service" [edit services scope EntJunose service GoldMetered]user@host# set policy-group /ent/tierpolicy [edit services scope EntJunose service GoldMetered]user@host# set radius-class GoldMetered 
  2. Edit the parameter for the GoldMetered service, and add
the following substitutions: 
Configuration Results
[edit services scope EntJunose service GoldMetered]
user@host# show 
description "Provides gold level quality of service to given enterprise
 department subnet charged on volume";
type normal;
category "Quality of Service";
policy-group /ent/tierpolicy;
radius-class GoldMetered;
status active;
parameter { 
  substitution [ "dept:network//the subnet of the department to apply the 
service to" "!inside:network = any//always apply to any subnet inside the
 service provider" "!outside:network = dept//rename outside policy parameter 
to dept" "!qos = interface_speed*0.5//gold qos is 50% of interface speed" ];
}
Creating an Enterprise Subscriber
Create the eng parameter for use in parameter substitution.
this parameter represents an enterprise subscriber. You can configure
the substitution in the SRC CLI, the sample enterprise service portal,
or the C-Web interface. 
CLI Quick Configuration
To quickly configure the global parameter any, copy the following
commands into a text editor, and modify them as needed; then load
the configuration from the file. 
[edit] set subscribers retailer default subscriber-folder
local enterprise ABCInc  substitution [
" acct : network = 208.93.36.80 / 28" "eng
: network =  208.93.36.6 4 / 28" ]  set subscribers retailer default subscriber-folder
local enterprise ABCInc  substitution [
"acct : network = 208.93.36.80 / 28" "eng : network =  208.93.36.64 / 28"  ] 
Step-by-Step Procedure
To create a parameter called eng in an existing enterprise: 
  1. Create the eng parameter with parameter type (role) network,
and set the value of eng to 192.0.2.22/28.
    [edit subscribers retailer default subscriber-folder local
enterprise ABCInc]user@host# set substitution [ "acct : network
= 208.93.36.80 / 28" "eng :  network =
208.93.36.6 4 / 28" ] 
  2. Create the eng parameter as part of the subscriber definition.
    • To create the eng parameter with the SRC CLI: 
      [edit subscribers retailer default subscriber-folder local
enterprise ABCInc]user@host# set substitution [ "acct : network
= 208.93.36.80 / 28" "eng :  network =
208.93.36.64 / 28" ] 
    • To create the eng parameter in the sample enterprise service
portal, select the Departments tab, add
eng to the department field, and enter 192.0.2.22/28 as the network
address of the department. 
Configuration Results
[edit subscribers retailer default subscriber-folder local enterprise ABCInc]
user@host# show 
...
substitution [ "acct : network = 208.93.36.80 / 28" "eng : network = 208.93.36.6
4 / 28" ];
...
subscription GoldSecured {
    status active;
    activation manual;
    substitution "!dept : network = eng";
  }
Subscribing ABCInc to the GoldMetered Service
Subscribe to the GoldMetered service.
Step-by-Step Procedure
To subscribe the ABCInc subscriber to the GoldMetered service
through the sample enterprise service portal. 
  1. Select ABCInc. in the navigation
pane. 
  2. Select the Services tab. 
    The Services pane appears. 
  3. Click Subscribe in the GoldMetered
service row. 
  4. Select the Subscriptions tab. 
    The Subscriptions pane appears. 
  5. In the dept= field of the Service Parameters box, set
the value of the dept parameter to eng. 
Related Documentation

						Copyright© 1999-2014 Juniper Networks, Inc. 
							All rights reserved.