Symbols
A
- access privilege levels
- accounting
- applications
- description
- TACACS+, configuring
- admin permission
- admin-control permission
- all permission
- announcements at system login
- APIs (application programming interfaces)
- CORBA plug-in SPI
- CORBA remote API
- description
- SAE core API 1, 2
- application programming interfaces. See APIs
- architecture
- authentication 1, See also user accounts
- configuration example
- multiple methods
- RADIUS
- shared user accounts 1, 2
- TACACS+
- TACACS+, configuring
- TACACS+, configuring with C-Web interface
- TACACS+, configuring with SRC CLI
- template accounts
- authentication order
- configuring with C-Web interface
- configuring with SRC CLI 1, 2
- overview 1, 2
- removing authentication method
- removing authentication method with SRC CLI
B
C
- C Series Controller
- C Series Controllers
- C-Web interface
- committing a configuration
- configuration options
- configuring
- HTTP access 1, 2
- HTTPS access 1, 2
- logging properties
- copying an object
- deleting an object
- editing level
- elements
- getting Help
- icons
- layout
- loading configuration values
- logging out
- moving an object
- navigating
- overview 1, 2
- password, changing
- Policies, Services, and Subscribers
- renaming an object
- reverting a configuration
- starting
- updating configuration data
- username, changing
- C2000 Controller
- C3000 Controller
- C4000 Controller
- C5000 Controller
- clear permission
- cli
- client mode, NTP
- commands
- configuration statements
- configure permission
- control permission
- conventions
- customer support 1
- cweb-password
D
- date on system
- deployment scenarios
- DES (directory eventing system)
- differentiated QoS
- digital certificates. See security
- directory
- directory connection properties
- directory eventing system
- directory server
- documentation
- draft RFCs
- dynamic webpages
E
F
G
- Gigabit Ethernet interfaces, configuring IPv4
- Gigabit Ethernet interfaces, configuring IPv6
- GRE tunnel interfaces
- group interfaces, configuring 1
H
I
J
- Java Naming and Directory Interface. See JNDI
- java-heap-size, configuring
- JNDI (Java Naming and Directory Interface)
- Juniper Networks database
- adding Juniper Networks database to community
- changing modes
- community mode
- community mode configuration
- configuration example
- configuration statements
- configuring
- data recovery
- high availability
- loading sample data
- neighbors 1, 2
- overview 1, 2
- redundancy
- roles
- changing secondary to primary, SRC CLI
- overview 1, 2
- standalone mode
- verifying configuration
- Juniper-Allow-Commands attribute (RADIUS)
- Juniper-Allow-Configuration attribute (RADIUS)
- Juniper-Deny-Commands attribute (RADIUS)
- Juniper-Deny-Configuration attribute (RADIUS)
- Juniper-Local-User-Name attribute (RADIUS)
L
- LDAP (Lightweight Directory Access Protocol). See directory; directory server
- LDAP directory. See directory
- leases for licenses. See license server
- license
- license manager
- configuration statements
- configuring
- license server
- license usage
- Lightweight Directory Access Protocol. See LDAP
- load balancing
- local password authentication
- local properties
- logging, See also system log server
- login announcements, system
- login classes
- configuration
- configuration examples
- configuration prerequisites
- configuration statements
- configuration verification
- default classes
- idle timeout values
- options
- overview
- predefined
- privilege level options
- privilege levels
M
- maintenance permission
- manuals
- messages
- MII monitor
- configuring
- Monitoring Agent
- multicast
N
- NAS ID, configuring for SAE
- network
- network information collector. See NIC
- NIC (network information collector)
- notice icons
- NTP (Network Time Protocol)
- NTP,
O
- on-demand services 1, 2
- open interfaces
- operator login class
- operators, regular expression
- OSS integration
P
- passwords
- permissions
- policies
- Policies, Services, and Subscribers CLI. See SRC CLI
- Policies, Services, and Subscribers tasks. See C-Web interface
- policy management
- ports
- predefined login classes
- primary directory
- privilege levels 1
- product features 1, 2
R
- RADIUS
- RADIUS authentication. See authentication
- RADIUS authorization. See authentication
- read-only login class
- redundancy
- references
- regular expressions
- request license import file-name command
- reset permission
- residential portal
- resolving hostnames
- retrieving directory changes
- RFCs 1, 2, 3
- root account 1
- router running Junos OS
- router running JunosE Software
- routing permission
- routing-control permission
S
- SAE (service activation engine)
- configuring groups
- deleting default configurations
- SRC CLI 1, 2
- description 1, 2
- initial properties, overview
- starting
- stopping
- verifying status
- SAE (service activation engine), configuring initial properties
- SAE (service activation engine), configuring NAS ID
- SAE (service activation engine), configuring RADIUS address
- sample data
- secondary directory
- secret permission
- secret-control permission
- security
- digital certificates 1
- clearing certificates 1, 2
- clearing requests
- prerequisites
- requesting certificates 1, 2
- requesting certificates through SCEP
- viewing certificates
- security permission
- security-control permission
- server license. See license
- service activation engine. See SAE
- service permission
- service-control permission
- services
- shared user accounts
- shell permission
- SNMP agent
- access control, configuring on C Series Controllers
- community strings 1, 2
- named views
- SNMP groups
- VACM
- configuration statements 1, 2
- configuring
- description
- directory connection parameters, configuring
- Java Runtime Environment, configuring
- local properties, configuring
- logging, configuring
- monitoring
- named views, defining
- notification targets, configuring
- starting
- stopping
- system information, configuring
- trap history, configuring
- SNMP Agent
- snmp control permission
- snmp permission
- SNMP traps
- notification targets, configuring
- snmp-named-views-cli
- snmp-security-names-cli
- snmp-statements
- software standards
- SRC ACP (SRC Admission Control Plug-In)
- SRC CLI 1
- directory connections
- overview
- Policies, Services, and Subscribers CLI
- starting
- SRC components
- SRC software
- configuration prerequisites
- configuring
- creating, virtualized instance 1
- description
- features and benefits 1, 2
- financial advantages
- OSS integration
- recovering
- services
- snapshot on C Series Controller
- upgrading
- USB Storage Device
- virtualization
- virtualization, requirement
- SSH (secure shell)
- standards 1
- static host mapping
- static routes, configuring
- Steel-Belted Radius/SPE server 1, 2
- subscriber
- subscriber permission
- subscriber-control permission
- superuser login class
- support, technical See technical support
- symmetric active mode, NTP
- system authentication. See authentication
- system log server
- configuration prerequisites
- configuration statements
- message groups
- message severity levels
- messages
- messages, file
- messages, server
- messages, user notification
- overview
- system login
- system permission
- system-control permission
T
- TACACS+ authentication. See authentication
- tariff models
- technical support
- Telnet connection to remote host
- template authentication accounts
- text conventions defined
- third-party URLs
- tunnel interfaces
- tunnel interfaces, configuring
U
- UIDs
- unauthorized login class
- unresponsive directories
- usage data
- user accounts 1, See also login classes
- authentication
- configuring passwords
- configuring SSH authentication
- root password 1, 2
- authentication method and password
- configuration
- configuration verification 1, 2
- example
- overview 1, 2, 3
- shared
- user notification messages
V
W
- Web application server
- application deployment 1, 2
- channel stack
- configuration statements
- configuring the Web application server
- installing Web applications inside
- local properties
- multicast-address
- node-id
- overview
- removing Web applications from
- restarting
- shared cluster name
- shared cluster nodes
- shared cluster properties
- starting
- stopping
- viewing cluster history
- viewing cluster status
- viewing statistics
- Web Services Gateway
Download This Guide
Related Documentation
SRC Server Components
The SRC server components are:
- Service Activation Engine
- Subscriber Information Collector
- Volume Tracking Application
- 3GPP Gateway
- 3GPP Gy
- Web Application Server
- Web Services Gateway
- Juniper Policy Server
- Network Information Collector
- Redirect Server
Service Activation Engine
The Service Activation Engine (SAE) is the core manager of an SRC network. It interacts with other systems, such as Juniper Networks routers, CMTS devices, directories, Web application servers, and RADIUS servers to retrieve and disseminate data in the SRC environment. The SAE authorizes, activates and deactivates, and tracks sessions during which a subscriber is logged in to the network and during which a service is active. The SAE can track more than one service session for a subscriber at a time.
Policy and Service Management
The SAE makes decisions about the deployment of policies on routers running JunosE or Junos OS. When a subscriber’s IP interface comes up on the router, the SAE determines whether it manages the interface. If the interface is managed—or controlled by—the SAE, the SAE sends the subscriber’s default policy configuration to the router. These default policies define the subscriber’s initial network access. When the subscriber activates an SAE service (a service that supplements a subscriber's standard services), the SAE translates the service into lists of policies and sends them to the router. This process lets subscribers manage their own subscriptions, typically through a webpage.
Accounting Support
The SAE also collects usage information about subscribers and services and passes the information to the appropriate rating and billing system. The SRC software allows a variety of accounting deployments, and provides a standard deployment that incorporates a RADIUS server. You can also create deployments that do not require a RADIUS server.
SAE Extensions
The SAE provides plug-ins and APIs that extend the capabilities of the SRC software. Plug-ins are software programs that augment existing programs and make them more flexible. SRC plug-ins provide authentication, authorization, and tracking capabilities. The SAE APIs let you create customized programs to integrate with the SAE.
Subscriber Information Collector
The subscriber information collector (SIC) is used in conjunction with the MX Series Ethernet Services Router running the packet-triggered subscribers and policy control (PTSP) solution. The SIC listens for RADIUS accounting events from IP edge devices (accounting clients), and filters undesired events based on attachment session attributes, providing the SRC software with increased subscriber awareness.
The major components of the SIC are:
- Accounting listeners, which are configured with port numbers and parameters controlling receipt of UDP packets.
- A collection of RADIUS dictionaries.
- A collection of network access server (NAS) clients.
- A collection of RADIUS accounting targets.
- A collection of routing rules.
- A collection of RADIUS network elements. A RADIUS network element contains an ordered list of RADIUS accounting clients, targets or both, along with a failover policy for targets.
- A collection of accounting methods including storing accounting events in the session state registrar (SSR) database or forwarding them to a downstream AAA server (network element).
- Components supporting SNMP, statistics, and event logging.
Volume Tracking Application
The SRC Volume Tracking Application (SRC VTA) allows service providers to track and control the network usage of subscribers and services. You can control volume and time usage on a per-subscriber or per-service basis. This level of control means that service providers can offer tiered services that use volume as a metric, while also controlling abusive subscribers and applications.
When a subscriber or service exceeds bandwidth limits (or quotas), the SRC VTA can take actions including imposing rate limits on traffic, sending an e-mail notification, or charging extra for additional bandwidth consumed.
3GPP Gateway
The SRC Third-Generation Partnership Project (3GPP) gateway is a Diameter-based component in the SRC software, which provides integration with 3GPP Policy and Charging Control environments, to provide fixed-mobile convergence (FMC). The SRC 3GPP gateway provides Gx-based integration with the Policy and Charging Rules Function (PCRF). The SRC 3GPP gateway uses the Gx interface to mediate between the PCRF and Juniper Networks routers like the E Series Broadband Services routers and MX Series routers. The Gx interface on the SRC 3GPP gateway communicates with the PCRF using the Diameter protocol.
3GPP Gy
The SRC 3GPP Gy is a Diameter-based component in the SRC software, which provides Gy-based integration with the OCS, to provide FMC. The SRC 3GPP Gy uses the northbound Gy interface to handle charging-related information between the OCS and Juniper Networks routers like the E Series Broadband Services routers and MX Series routers. The northbound Gy interface communicates with the OCS using the Diameter protocol.
Web Application Server
The SRC software on a C Series Controller includes a Web application server that hosts the Dynamic Service Activator and the Volume Tracking Application (SRC VTA). In production environments, this application server is designed to host only these applications. However, you can load your own applications into this server for testing or demonstration purposes. You can control access to applications deployed in the Web application server by configuring virtual hosts. A virtual host contains aliases and lists of the clients that are allowed to access the virtual host.
Web Services Gateway
The Web Services Gateway allows a gateway client—an application that is not part of the SRC network—to interact with SRC components through a SOAP interface. This feature is useful for business-to-business situations, such as a wholesaler-retailer environment. Typically, the wholesaler owns and administers the SRC components, and the retailer maintains a database of subscribers. Retailers purchase services from one or more wholesalers and sell the services to their subscribers. Using information provided by the wholesaler, the retailer creates a gateway client to communicate with the components in the SRC software.
The Web Services Gateway provides the Dynamic Service Activator, which allows a gateway client to dynamically activate and deactivate SRC services for subscribers and to run scripts that manage the SAE.
Juniper Policy Server
The Juniper policy Server (JPS) is a PCMM-compliant policy server. In a PCMM environment, the policy server acts as a policy decision point (PDP) and policy enforcement point (PEP) that manages the relationships between application managers and cable management termination system (CMTS) devices.
Network Information Collector
The Network Information Collector (NIC) is the component that locates which SAE manages a subscriber or an interface. The NIC uses information that identifies the subscriber or the interface to identify the managing SAE. The NIC collects information about the state of the network and can provide mappings from a given type of network data, known as a key, to another type of network data, known as a value.
For services to be activated for a subscriber session, applications such as the SRC VTA, Dynamic Service Activator, Enterprise Manager Portal, or a residential portal need to locate the SAE that manages the subscriber. An application such as the SRC TMP needs to locate the SAE that manages interfaces through which traffic destined for a specified IP address enters the network. The NIC component includes a Web administration application to monitor and inspect the state of NIC servers. Other SRC components such as an enterprise service portal and the sample residential portal use NIC.
Table 5 shows the NIC resolutions that the standard SRC software can perform. For customized NIC implementations that provide other resolutions, contact Juniper Networks Professional Services.
Table 5: Available NIC Resolutions
Key | Value |
|---|---|
Accounting ID of a subscriber | SAE reference |
Enterprise’s distinguished name (DN) | SAE reference |
Subscriber’s IP address | Subscriber’s login name |
Subscriber’s IP address | Accounting ID |
Subscriber’s IP address for situations in which the SAE manages the subscriber | SAE reference |
Subscriber’s IP address for situations in which the SAE manages the interface that the subscriber uses, but not the subscriber | SAE reference |
Subscriber’s login name | SAE reference |
Subscriber’s primary username | SAE reference |
The NIC comprises a set of software components that work together to collect, process, and provide data.
Redirect Server
The redirect server redirects filtered HTTP requests to a captive portal page. The redirect server examines requested paths and detects proxy HTTP requests. If the requested URL is served by the captive portal server, the redirect server opens a TCP connection to the captive portal and directs traffic to the captive portal rather than to the requested URL.
