Content Service Steering


Content Service Steering
 
 
This chapter provides information on configuring an enhanced, or extended, service. The product administration guides provide examples and procedures for configuration of basic services on the system. It is recommended that you select the configuration example that best meets your service model, and configure the required elements for that model as described in the respective product administration guide, before using the procedures in this chapter.
Important: Internal CSS is a generic feature, if an ECSv2 license is installed on your system, internal CSS can be enabled. A separate license is not required to enable internal CSS.
This chapter contains the following topics:
 
 
Overview
Content Service Steering (CSS) directs selective subscriber traffic to In-line services internal to the system based on the content of the data presented by mobile subscribers. CSS is a broad term that includes features such as NAT, HTTP redirection, and DNS redirection.
CSS uses Access Control Lists (ACLs) to redirect selective subscriber traffic flows. ACLs control the flow of packets into and out of the system. ACLs consist of “rules” (ACL rules) or filters that control the action taken on packets matching the filter criteria.
ACLs are configurable on a per-context basis and applies to a subscriber through either a subscriber profile (for PDSN) or an APN profile (for GGSN) in the destination context.
 
Configuring Internal Content Service Steering
To configure and activate a single CSS service for redirecting all of a subscriber’s IP traffic to an internal in-line service:
Step 1
Step 2
Step 3
Step 4
Step 5
Save your configuration as described in the Verifying and Saving Your Configuration chapter.
Important: Commands used in the configuration examples in this section provide base functionality to the extent that the most common or likely commands and/or keyword options are presented. In many cases, other optional commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete information regarding all commands. Not all commands or keywords/variables may be supported or available. This depends on the platform type and installed license(s).
 
Defining IP Access Lists for Internal CSS
IP ACLs specify what type of subscriber traffic and which direction (uplink, downlink, or both) traffic is redirected. The IP ACL must be specified in the context in which subscriber authentication is performed.
Caution: To minimize the risk of data loss, do not make configuration changes to ACLs while the system is facilitating subscriber sessions.
Use the following configuration example to define an IP ACL for internal CSS:
configure
  context <context_name>
     ip access-list <acl_name>
        redirect css service <service_name> <keywords> <options>
         end
Notes:
 
<service_name> must be an ACS service name.
For information on the keywords and options available with the redirect css service command, see the ACL Configuration Mode Commands chapter of the Command Line Interface Reference.
For IPv6 ACLs, the same configurations must be done in the IPv6 ACL Configuration Mode. See the IPv6 ACL Configuration Mode Commands chapter of the Command Line Interface Reference.
 
Applying an ACL to an Individual Subscriber (Optional)
For information on how to apply an ACL to an individual subscriber, refer to the Applying an ACL to an Individual Subscriber section of the IP Access Control Lists chapter.
 
Applying an ACL to Multiple Subscribers (Optional)
IP ACLs are applied to subscribers via attributes in their profiles. The subscriber profile can be configured locally on the system or remotely on a RADIUS server.
 
The system provides for the configuration of subscriber functions that serve as default values when specific attributes are not contained in the individual subscriber’s profile. When configured properly, the functions can be used to apply an ACL to:
 
 
Applying an ACL to the Subscriber Named default (Optional)
 
For information on how to apply an ACL to the default subscriber, refer to the Applying an ACL to the Subscriber Named default section of the IP Access Control Lists chapter.
 
Applying an ACL to Service-specified Default Subscribers (Optional)
 
For information on how to apply an ACL to the subscriber to be used as the “default” profile by various system services, refer to the Applying an ACL to Service-specified Default Subscribers section of the IP Access Control Lists chapter.
 
Applying an ACL to Multiple Subscribers via APNs (Optional)
This configuration is only applicable to GGSN.
IP ACLs are applied to subscribers via attributes in their profiles. The subscriber profile can be configured locally on the system or remotely on a RADIUS server.
To reduce configuration time, ACLs can alternatively be applied to APN templates. When configured, any subscriber packets facilitated by the APN template would then have the associated ACL applied.
For information on how to apply an ACL to multiple subscribers via APNs, refer to the Applying a Single ACL to Multiple Subscribers via APNs section the IP Access Control Lists chapter.
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883